Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5712e88f authored by Amy Griffis's avatar Amy Griffis Committed by Al Viro
Browse files

[PATCH] match audit name data 



Make more effort to detect previously collected names, so we don't log
multiple PATH records for a single filesystem object. Add
audit_inc_name_count() to reduce duplicate code.

Signed-off-by: default avatarAmy Griffis <amy.griffis@hp.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 4fc03b9b

kernel/auditsc.c

+84 −58
Original line number Diff line number Diff line
@@ -78,11 +78,6 @@ extern int audit_enabled; 
 * for saving names from getname(). */

#define AUDIT_NAMES    20



/* AUDIT_NAMES_RESERVED is the number of slots we reserve in the

 * audit_context from being used for nameless inodes from

 * path_lookup. */

#define AUDIT_NAMES_RESERVED 7



/* Indicates that audit should log the full pathname. */

#define AUDIT_NAME_FULL -1
@@ -1343,6 +1338,28 @@ void audit_putname(const char *name) 
#endif

}



static int audit_inc_name_count(struct audit_context *context,

				const struct inode *inode)

{

	if (context->name_count >= AUDIT_NAMES) {

		if (inode)

			printk(KERN_DEBUG "name_count maxed, losing inode data: "

			       "dev=%02x:%02x, inode=%lu",

			       MAJOR(inode->i_sb->s_dev),

			       MINOR(inode->i_sb->s_dev),

			       inode->i_ino);



		else

			printk(KERN_DEBUG "name_count maxed, losing inode data");

		return 1;

	}

	context->name_count++;

#if AUDIT_DEBUG

	context->ino_count++;

#endif

	return 0;

}



/* Copy inode data into an audit_names. */

static void audit_copy_inode(struct audit_names *name, const struct inode *inode)

{
@@ -1380,13 +1397,10 @@ void __audit_inode(const char *name, const struct inode *inode) 
	else {

		/* FIXME: how much do we care about inodes that have no

		 * associated name? */

		if (context->name_count >= AUDIT_NAMES - AUDIT_NAMES_RESERVED)

		if (audit_inc_name_count(context, inode))

			return;

		idx = context->name_count++;

		idx = context->name_count - 1;

		context->names[idx].name = NULL;

#if AUDIT_DEBUG

		++context->ino_count;

#endif

	}

	audit_copy_inode(&context->names[idx], inode);

}
@@ -1410,7 +1424,7 @@ void __audit_inode_child(const char *dname, const struct inode *inode, 
{

	int idx;

	struct audit_context *context = current->audit_context;

	const char *found_name = NULL;

	const char *found_parent = NULL, *found_child = NULL;

	int dirlen = 0;



	if (!context->in_syscall)
@@ -1418,61 +1432,73 @@ void __audit_inode_child(const char *dname, const struct inode *inode, 


	/* determine matching parent */

	if (!dname)

		goto update_context;

	for (idx = 0; idx < context->name_count; idx++)

		if (context->names[idx].ino == parent->i_ino) {

			const char *name = context->names[idx].name;

		goto add_names;



	/* parent is more likely, look for it first */

	for (idx = 0; idx < context->name_count; idx++) {

		struct audit_names *n = &context->names[idx];



			if (!name)

		if (!n->name)

			continue;



			if (audit_compare_dname_path(dname, name, &dirlen) == 0) {

				context->names[idx].name_len = dirlen;

				found_name = name;

				break;

		if (n->ino == parent->i_ino &&

		    !audit_compare_dname_path(dname, n->name, &dirlen)) {

			n->name_len = dirlen; /* update parent data in place */

			found_parent = n->name;

			goto add_names;

		}

	}



update_context:

	idx = context->name_count;

	if (context->name_count == AUDIT_NAMES) {

		printk(KERN_DEBUG "name_count maxed and losing %s\n",

			found_name ?: "(null)");

		return;

	}

	context->name_count++;

#if AUDIT_DEBUG

	context->ino_count++;

#endif

	/* Re-use the name belonging to the slot for a matching parent directory.

	 * All names for this context are relinquished in audit_free_names() */

	context->names[idx].name = found_name;

	context->names[idx].name_len = AUDIT_NAME_FULL;

	context->names[idx].name_put = 0;	/* don't call __putname() */

	/* no matching parent, look for matching child */

	for (idx = 0; idx < context->name_count; idx++) {

		struct audit_names *n = &context->names[idx];



	if (!inode)

		context->names[idx].ino = (unsigned long)-1;

		if (!n->name)

			continue;



		/* strcmp() is the more likely scenario */

		if (!strcmp(dname, n->name) ||

		     !audit_compare_dname_path(dname, n->name, &dirlen)) {

			if (inode)

				audit_copy_inode(n, inode);

			else

		audit_copy_inode(&context->names[idx], inode);

				n->ino = (unsigned long)-1;

			found_child = n->name;

			goto add_names;

		}

	}



	/* A parent was not found in audit_names, so copy the inode data for the

	 * provided parent. */

	if (!found_name) {

		idx = context->name_count;

		if (context->name_count == AUDIT_NAMES) {

			printk(KERN_DEBUG

				"name_count maxed and losing parent inode data: dev=%02x:%02x, inode=%lu",

				MAJOR(parent->i_sb->s_dev),

				MINOR(parent->i_sb->s_dev),

				parent->i_ino);

add_names:

	if (!found_parent) {

		if (audit_inc_name_count(context, parent))

			return;

		}

		context->name_count++;

#if AUDIT_DEBUG

		context->ino_count++;

#endif

		idx = context->name_count - 1;

		context->names[idx].name = NULL;

		audit_copy_inode(&context->names[idx], parent);

	}



	if (!found_child) {

		if (audit_inc_name_count(context, inode))

			return;

		idx = context->name_count - 1;



		/* Re-use the name belonging to the slot for a matching parent

		 * directory. All names for this context are relinquished in

		 * audit_free_names() */

		if (found_parent) {

			context->names[idx].name = found_parent;

			context->names[idx].name_len = AUDIT_NAME_FULL;

			/* don't call __putname() */

			context->names[idx].name_put = 0;

		} else {

			context->names[idx].name = NULL;

		}



		if (inode)

			audit_copy_inode(&context->names[idx], inode);

		else

			context->names[idx].ino = (unsigned long)-1;

	}

}



/**