audit: add a new "type" field to audit_names struct

For now, we just have two possibilities: UNKNOWN: for a new audit_names record that we don't know anything about yet NORMAL: for everything else In later patches, we'll add other types so we can distinguish and update records created under different circumstances. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Jeff Layton <jlayton@redhat.com> 2012-10-10 15:25:22 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12 00:32:00 -0400
commit: 78e2e802a8519031e5858595070b39713e26340d (patch)
tree: 92f79d2039f4119a127ab59e31a2d1c9dfb892fe /kernel
parent: c43a25abba97c7d87131e71db6be24b24d7791a5 (diff)
1 files changed, 10 insertions, 5 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 40743af02d8..19b232f86d7 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -120,6 +120,7 @@ struct audit_names {
        struct audit_cap_data fcap;
        unsigned int    fcap_ver;
        int             name_len;       /* number of name's characters to log */
+        unsigned char   type;           /* record type */
        bool            name_put;       /* call __putname() for this name */
        /*
         * This was an allocated audit_names and not from the array of
@@ -1995,7 +1996,8 @@ retry:
 #endif
 }
-static struct audit_names *audit_alloc_name(struct audit_context *context)
+static struct audit_names *audit_alloc_name(struct audit_context *context,
+                                                unsigned char type)
 {
        struct audit_names *aname;
@@ -2010,6 +2012,7 @@ static struct audit_names *audit_alloc_name(struct audit_context *context)
        }
        aname->ino = (unsigned long)-1;
+        aname->type = type;
        list_add_tail(&aname->list, &context->names_list);
        context->name_count++;
@@ -2040,7 +2043,7 @@ void __audit_getname(const char *name)
                return;
        }
-        n = audit_alloc_name(context);
+        n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN);
        if (!n)
                return;
@@ -2157,12 +2160,13 @@ void __audit_inode(const char *name, const struct dentry *dentry)
 out_alloc:
        /* unable to find the name from a previous getname() */
-        n = audit_alloc_name(context);
+        n = audit_alloc_name(context, AUDIT_TYPE_NORMAL);
        if (!n)
                return;
 out:
        handle_path(dentry);
        audit_copy_inode(n, dentry, inode);
+        n->type = AUDIT_TYPE_NORMAL;
 }
 /**
@@ -2219,6 +2223,7 @@ void __audit_inode_child(const struct inode *parent,
                                audit_copy_inode(n, dentry, inode);
                        else
                                n->ino = (unsigned long)-1;
+                        n->type = AUDIT_TYPE_NORMAL;
                        found_child = n->name;
                        goto add_names;
                }
@@ -2226,14 +2231,14 @@ void __audit_inode_child(const struct inode *parent,
 add_names:
        if (!found_parent) {
-                n = audit_alloc_name(context);
+                n = audit_alloc_name(context, AUDIT_TYPE_NORMAL);
                if (!n)
                        return;
                audit_copy_inode(n, NULL, parent);
        }
        if (!found_child) {
-                n = audit_alloc_name(context);
+                n = audit_alloc_name(context, AUDIT_TYPE_NORMAL);
                if (!n)
                        return;
author	Jeff Layton <jlayton@redhat.com>	2012-10-10 15:25:22 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2012-10-12 00:32:00 -0400
commit	78e2e802a8519031e5858595070b39713e26340d (patch)
tree	92f79d2039f4119a127ab59e31a2d1c9dfb892fe /kernel
parent	c43a25abba97c7d87131e71db6be24b24d7791a5 (diff)