1 files changed, 33 insertions, 21 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 5d96f2cc7be8..6f19fd477aac 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -95,6 +95,8 @@ extern struct inotify_handle *audit_ih;
 /* Inotify events we care about. */
 #define AUDIT_IN_WATCH IN_MOVE|IN_CREATE|IN_DELETE|IN_DELETE_SELF|IN_MOVE_SELF
+extern int audit_enabled;
 void audit_free_parent(struct inotify_watch *i_watch)
 {
        struct audit_parent *parent;
@@ -974,7 +976,6 @@ static void audit_update_watch(struct audit_parent *parent,
        struct audit_watch *owatch, *nwatch, *nextw;
        struct audit_krule *r, *nextr;
        struct audit_entry *oentry, *nentry;
-        struct audit_buffer *ab;
        mutex_lock(&audit_filter_mutex);
        list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) {
@@ -1014,13 +1015,18 @@ static void audit_update_watch(struct audit_parent *parent,
                        call_rcu(&oentry->rcu, audit_free_rule_rcu);
                }
-                ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
+                if (audit_enabled) {
-                audit_log_format(ab, "op=updated rules specifying path=");
+                        struct audit_buffer *ab;
-                audit_log_untrustedstring(ab, owatch->path);
+                        ab = audit_log_start(NULL, GFP_KERNEL,
-                audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino);
+                                AUDIT_CONFIG_CHANGE);
-                audit_log_format(ab, " list=%d res=1", r->listnr);
+                        audit_log_format(ab,
-                audit_log_end(ab);
+                                "op=updated rules specifying path=");
+                        audit_log_untrustedstring(ab, owatch->path);
+                        audit_log_format(ab, " with dev=%u ino=%lu\n",
+                                 dev, ino);
+                        audit_log_format(ab, " list=%d res=1", r->listnr);
+                        audit_log_end(ab);
+                }
                audit_remove_watch(owatch);
                goto add_watch_to_parent; /* event applies to a single watch */
        }
@@ -1039,25 +1045,28 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
        struct audit_watch *w, *nextw;
        struct audit_krule *r, *nextr;
        struct audit_entry *e;
-        struct audit_buffer *ab;
        mutex_lock(&audit_filter_mutex);
        parent->flags |= AUDIT_PARENT_INVALID;
        list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {
                list_for_each_entry_safe(r, nextr, &w->rules, rlist) {
                        e = container_of(r, struct audit_entry, rule);
+                        if (audit_enabled) {
-                        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
+                                struct audit_buffer *ab;
-                        audit_log_format(ab, "op=remove rule path=");
+                                ab = audit_log_start(NULL, GFP_KERNEL,
-                        audit_log_untrustedstring(ab, w->path);
+                                        AUDIT_CONFIG_CHANGE);
-                        if (r->filterkey) {
+                                audit_log_format(ab, "op=remove rule path=");
-                                audit_log_format(ab, " key=");
+                                audit_log_untrustedstring(ab, w->path);
-                                audit_log_untrustedstring(ab, r->filterkey);
+                                if (r->filterkey) {
-                        } else
+                                        audit_log_format(ab, " key=");
-                                audit_log_format(ab, " key=(null)");
+                                        audit_log_untrustedstring(ab,
-                        audit_log_format(ab, " list=%d res=1", r->listnr);
+                                                        r->filterkey);
-                        audit_log_end(ab);
+                                } else
+                                        audit_log_format(ab, " key=(null)");
+                                audit_log_format(ab, " list=%d res=1",
+                                        r->listnr);
+                                audit_log_end(ab);
+                        }
                        list_del(&r->rlist);
                        list_del_rcu(&e->list);
                        call_rcu(&e->rcu, audit_free_rule_rcu);
@@ -1495,6 +1504,9 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
 {
        struct audit_buffer *ab;
+        if (!audit_enabled)
+                return;
        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
        if (!ab)
                return;

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 5d96f2cc7be8..6f19fd477aac 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c
@@ -95,6 +95,8 @@ extern struct inotify_handle *audit_ih;
95	/* Inotify events we care about. */	95	/* Inotify events we care about. */
96	#define AUDIT_IN_WATCH IN_MOVE\|IN_CREATE\|IN_DELETE\|IN_DELETE_SELF\|IN_MOVE_SELF	96	#define AUDIT_IN_WATCH IN_MOVE\|IN_CREATE\|IN_DELETE\|IN_DELETE_SELF\|IN_MOVE_SELF
97		97
		98	extern int audit_enabled;
		99
98	void audit_free_parent(struct inotify_watch *i_watch)	100	void audit_free_parent(struct inotify_watch *i_watch)
99	{	101	{
100	struct audit_parent *parent;	102	struct audit_parent *parent;
@@ -974,7 +976,6 @@ static void audit_update_watch(struct audit_parent *parent,
974	struct audit_watch owatch, nwatch, *nextw;	976	struct audit_watch owatch, nwatch, *nextw;
975	struct audit_krule r, nextr;	977	struct audit_krule r, nextr;
976	struct audit_entry oentry, nentry;	978	struct audit_entry oentry, nentry;
977	struct audit_buffer *ab;
978		979
979	mutex_lock(&audit_filter_mutex);	980	mutex_lock(&audit_filter_mutex);
980	list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) {	981	list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) {
@@ -1014,13 +1015,18 @@ static void audit_update_watch(struct audit_parent *parent,
1014	call_rcu(&oentry->rcu, audit_free_rule_rcu);	1015	call_rcu(&oentry->rcu, audit_free_rule_rcu);
1015	}	1016	}
1016		1017
1017	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);	1018	if (audit_enabled) {
1018	audit_log_format(ab, "op=updated rules specifying path=");	1019	struct audit_buffer *ab;
1019	audit_log_untrustedstring(ab, owatch->path);	1020	ab = audit_log_start(NULL, GFP_KERNEL,
1020	audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino);	1021	AUDIT_CONFIG_CHANGE);
1021	audit_log_format(ab, " list=%d res=1", r->listnr);	1022	audit_log_format(ab,
1022	audit_log_end(ab);	1023	"op=updated rules specifying path=");
1023		1024	audit_log_untrustedstring(ab, owatch->path);
		1025	audit_log_format(ab, " with dev=%u ino=%lu\n",
		1026	dev, ino);
		1027	audit_log_format(ab, " list=%d res=1", r->listnr);
		1028	audit_log_end(ab);
		1029	}
1024	audit_remove_watch(owatch);	1030	audit_remove_watch(owatch);
1025	goto add_watch_to_parent; /* event applies to a single watch */	1031	goto add_watch_to_parent; /* event applies to a single watch */
1026	}	1032	}
@@ -1039,25 +1045,28 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
1039	struct audit_watch w, nextw;	1045	struct audit_watch w, nextw;
1040	struct audit_krule r, nextr;	1046	struct audit_krule r, nextr;
1041	struct audit_entry *e;	1047	struct audit_entry *e;
1042	struct audit_buffer *ab;
1043		1048
1044	mutex_lock(&audit_filter_mutex);	1049	mutex_lock(&audit_filter_mutex);
1045	parent->flags \|= AUDIT_PARENT_INVALID;	1050	parent->flags \|= AUDIT_PARENT_INVALID;
1046	list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {	1051	list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {
1047	list_for_each_entry_safe(r, nextr, &w->rules, rlist) {	1052	list_for_each_entry_safe(r, nextr, &w->rules, rlist) {
1048	e = container_of(r, struct audit_entry, rule);	1053	e = container_of(r, struct audit_entry, rule);
1049		1054	if (audit_enabled) {
1050	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);	1055	struct audit_buffer *ab;
1051	audit_log_format(ab, "op=remove rule path=");	1056	ab = audit_log_start(NULL, GFP_KERNEL,
1052	audit_log_untrustedstring(ab, w->path);	1057	AUDIT_CONFIG_CHANGE);
1053	if (r->filterkey) {	1058	audit_log_format(ab, "op=remove rule path=");
1054	audit_log_format(ab, " key=");	1059	audit_log_untrustedstring(ab, w->path);
1055	audit_log_untrustedstring(ab, r->filterkey);	1060	if (r->filterkey) {
1056	} else	1061	audit_log_format(ab, " key=");
1057	audit_log_format(ab, " key=(null)");	1062	audit_log_untrustedstring(ab,
1058	audit_log_format(ab, " list=%d res=1", r->listnr);	1063	r->filterkey);
1059	audit_log_end(ab);	1064	} else
1060		1065	audit_log_format(ab, " key=(null)");
		1066	audit_log_format(ab, " list=%d res=1",
		1067	r->listnr);
		1068	audit_log_end(ab);
		1069	}
1061	list_del(&r->rlist);	1070	list_del(&r->rlist);
1062	list_del_rcu(&e->list);	1071	list_del_rcu(&e->list);
1063	call_rcu(&e->rcu, audit_free_rule_rcu);	1072	call_rcu(&e->rcu, audit_free_rule_rcu);
@@ -1495,6 +1504,9 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
1495	{	1504	{
1496	struct audit_buffer *ab;	1505	struct audit_buffer *ab;
1497		1506
		1507	if (!audit_enabled)
		1508	return;
		1509
1498	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);	1510	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
1499	if (!ab)	1511	if (!ab)
1500	return;	1512	return;