diff options
| author | Eric Paris <eparis@redhat.com> | 2009-06-11 14:31:36 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-06-23 23:51:05 -0400 |
| commit | 35fe4d0b1b12286a81938e9c5fdfaf639ac0ce5b (patch) | |
| tree | c520706593fd33748944315bb87d789a7f31960e /kernel/auditfilter.c | |
| parent | cfcad62c74abfef83762dc05a556d21bdf3980a2 (diff) | |
Audit: move audit_get_nd completely into audit_watch
audit_get_nd() is only used by audit_watch and could be more cleanly
implemented by having the audit watch functions call it when needed rather
than making the generic audit rule parsing code deal with those objects.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/auditfilter.c')
| -rw-r--r-- | kernel/auditfilter.c | 15 |
1 files changed, 2 insertions, 13 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 9d4c93437de6..21b623595aad 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -864,7 +864,6 @@ static inline int audit_add_rule(struct audit_entry *entry) | |||
| 864 | struct audit_entry *e; | 864 | struct audit_entry *e; |
| 865 | struct audit_watch *watch = entry->rule.watch; | 865 | struct audit_watch *watch = entry->rule.watch; |
| 866 | struct audit_tree *tree = entry->rule.tree; | 866 | struct audit_tree *tree = entry->rule.tree; |
| 867 | struct nameidata *ndp = NULL, *ndw = NULL; | ||
| 868 | struct list_head *list; | 867 | struct list_head *list; |
| 869 | int h, err; | 868 | int h, err; |
| 870 | #ifdef CONFIG_AUDITSYSCALL | 869 | #ifdef CONFIG_AUDITSYSCALL |
| @@ -878,8 +877,8 @@ static inline int audit_add_rule(struct audit_entry *entry) | |||
| 878 | 877 | ||
| 879 | mutex_lock(&audit_filter_mutex); | 878 | mutex_lock(&audit_filter_mutex); |
| 880 | e = audit_find_rule(entry, &list); | 879 | e = audit_find_rule(entry, &list); |
| 881 | mutex_unlock(&audit_filter_mutex); | ||
| 882 | if (e) { | 880 | if (e) { |
| 881 | mutex_unlock(&audit_filter_mutex); | ||
| 883 | err = -EEXIST; | 882 | err = -EEXIST; |
| 884 | /* normally audit_add_tree_rule() will free it on failure */ | 883 | /* normally audit_add_tree_rule() will free it on failure */ |
| 885 | if (tree) | 884 | if (tree) |
| @@ -887,17 +886,9 @@ static inline int audit_add_rule(struct audit_entry *entry) | |||
| 887 | goto error; | 886 | goto error; |
| 888 | } | 887 | } |
| 889 | 888 | ||
| 890 | /* Avoid calling path_lookup under audit_filter_mutex. */ | ||
| 891 | if (watch) { | ||
| 892 | err = audit_get_nd(audit_watch_path(watch), &ndp, &ndw); | ||
| 893 | if (err) | ||
| 894 | goto error; | ||
| 895 | } | ||
| 896 | |||
| 897 | mutex_lock(&audit_filter_mutex); | ||
| 898 | if (watch) { | 889 | if (watch) { |
| 899 | /* audit_filter_mutex is dropped and re-taken during this call */ | 890 | /* audit_filter_mutex is dropped and re-taken during this call */ |
| 900 | err = audit_add_watch(&entry->rule, ndp, ndw); | 891 | err = audit_add_watch(&entry->rule); |
| 901 | if (err) { | 892 | if (err) { |
| 902 | mutex_unlock(&audit_filter_mutex); | 893 | mutex_unlock(&audit_filter_mutex); |
| 903 | goto error; | 894 | goto error; |
| @@ -942,11 +933,9 @@ static inline int audit_add_rule(struct audit_entry *entry) | |||
| 942 | #endif | 933 | #endif |
| 943 | mutex_unlock(&audit_filter_mutex); | 934 | mutex_unlock(&audit_filter_mutex); |
| 944 | 935 | ||
| 945 | audit_put_nd(ndp, ndw); /* NULL args OK */ | ||
| 946 | return 0; | 936 | return 0; |
| 947 | 937 | ||
| 948 | error: | 938 | error: |
| 949 | audit_put_nd(ndp, ndw); /* NULL args OK */ | ||
| 950 | if (watch) | 939 | if (watch) |
| 951 | audit_put_watch(watch); /* tmp watch, matches initial get */ | 940 | audit_put_watch(watch); /* tmp watch, matches initial get */ |
| 952 | return err; | 941 | return err; |