diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2007-06-07 12:19:32 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2007-10-21 02:37:18 -0400 |
commit | 5a190ae69766da9a34bf31200c5cea4c0667cf94 (patch) | |
tree | 340c500fe42518abe6d1159a00619b1bd02f07fc | |
parent | cfa76f024f7c9e65169425804e5b32e71f66d0ee (diff) |
[PATCH] pass dentry to audit_inode()/audit_inode_child()
makes caller simpler *and* allows to scan ancestors
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | fs/debugfs/inode.c | 2 | ||||
-rw-r--r-- | fs/namei.c | 10 | ||||
-rw-r--r-- | fs/open.c | 4 | ||||
-rw-r--r-- | fs/xattr.c | 8 | ||||
-rw-r--r-- | include/linux/audit.h | 16 | ||||
-rw-r--r-- | include/linux/fsnotify.h | 9 | ||||
-rw-r--r-- | ipc/mqueue.c | 8 | ||||
-rw-r--r-- | kernel/auditsc.c | 6 |
8 files changed, 33 insertions, 30 deletions
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c index 11be8a325e26..6a713b33992f 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c | |||
@@ -413,7 +413,7 @@ struct dentry *debugfs_rename(struct dentry *old_dir, struct dentry *old_dentry, | |||
413 | d_move(old_dentry, dentry); | 413 | d_move(old_dentry, dentry); |
414 | fsnotify_move(old_dir->d_inode, new_dir->d_inode, old_name, | 414 | fsnotify_move(old_dir->d_inode, new_dir->d_inode, old_name, |
415 | old_dentry->d_name.name, S_ISDIR(old_dentry->d_inode->i_mode), | 415 | old_dentry->d_name.name, S_ISDIR(old_dentry->d_inode->i_mode), |
416 | NULL, old_dentry->d_inode); | 416 | NULL, old_dentry); |
417 | fsnotify_oldname_free(old_name); | 417 | fsnotify_oldname_free(old_name); |
418 | unlock_rename(new_dir, old_dir); | 418 | unlock_rename(new_dir, old_dir); |
419 | dput(dentry); | 419 | dput(dentry); |
diff --git a/fs/namei.c b/fs/namei.c index 1e5c71669164..3b993db26cee 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -1174,7 +1174,7 @@ static int fastcall do_path_lookup(int dfd, const char *name, | |||
1174 | out: | 1174 | out: |
1175 | if (unlikely(!retval && !audit_dummy_context() && nd->dentry && | 1175 | if (unlikely(!retval && !audit_dummy_context() && nd->dentry && |
1176 | nd->dentry->d_inode)) | 1176 | nd->dentry->d_inode)) |
1177 | audit_inode(name, nd->dentry->d_inode); | 1177 | audit_inode(name, nd->dentry); |
1178 | out_fail: | 1178 | out_fail: |
1179 | return retval; | 1179 | return retval; |
1180 | 1180 | ||
@@ -1214,7 +1214,7 @@ int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt, | |||
1214 | retval = path_walk(name, nd); | 1214 | retval = path_walk(name, nd); |
1215 | if (unlikely(!retval && !audit_dummy_context() && nd->dentry && | 1215 | if (unlikely(!retval && !audit_dummy_context() && nd->dentry && |
1216 | nd->dentry->d_inode)) | 1216 | nd->dentry->d_inode)) |
1217 | audit_inode(name, nd->dentry->d_inode); | 1217 | audit_inode(name, nd->dentry); |
1218 | 1218 | ||
1219 | return retval; | 1219 | return retval; |
1220 | 1220 | ||
@@ -1469,7 +1469,7 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir) | |||
1469 | return -ENOENT; | 1469 | return -ENOENT; |
1470 | 1470 | ||
1471 | BUG_ON(victim->d_parent->d_inode != dir); | 1471 | BUG_ON(victim->d_parent->d_inode != dir); |
1472 | audit_inode_child(victim->d_name.name, victim->d_inode, dir); | 1472 | audit_inode_child(victim->d_name.name, victim, dir); |
1473 | 1473 | ||
1474 | error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); | 1474 | error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); |
1475 | if (error) | 1475 | if (error) |
@@ -1783,7 +1783,7 @@ do_last: | |||
1783 | * It already exists. | 1783 | * It already exists. |
1784 | */ | 1784 | */ |
1785 | mutex_unlock(&dir->d_inode->i_mutex); | 1785 | mutex_unlock(&dir->d_inode->i_mutex); |
1786 | audit_inode(pathname, path.dentry->d_inode); | 1786 | audit_inode(pathname, path.dentry); |
1787 | 1787 | ||
1788 | error = -EEXIST; | 1788 | error = -EEXIST; |
1789 | if (flag & O_EXCL) | 1789 | if (flag & O_EXCL) |
@@ -2562,7 +2562,7 @@ int vfs_rename(struct inode *old_dir, struct dentry *old_dentry, | |||
2562 | if (!error) { | 2562 | if (!error) { |
2563 | const char *new_name = old_dentry->d_name.name; | 2563 | const char *new_name = old_dentry->d_name.name; |
2564 | fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir, | 2564 | fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir, |
2565 | new_dentry->d_inode, old_dentry->d_inode); | 2565 | new_dentry->d_inode, old_dentry); |
2566 | } | 2566 | } |
2567 | fsnotify_oldname_free(old_name); | 2567 | fsnotify_oldname_free(old_name); |
2568 | 2568 | ||
@@ -569,7 +569,7 @@ asmlinkage long sys_fchmod(unsigned int fd, mode_t mode) | |||
569 | dentry = file->f_path.dentry; | 569 | dentry = file->f_path.dentry; |
570 | inode = dentry->d_inode; | 570 | inode = dentry->d_inode; |
571 | 571 | ||
572 | audit_inode(NULL, inode); | 572 | audit_inode(NULL, dentry); |
573 | 573 | ||
574 | err = -EROFS; | 574 | err = -EROFS; |
575 | if (IS_RDONLY(inode)) | 575 | if (IS_RDONLY(inode)) |
@@ -727,7 +727,7 @@ asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group) | |||
727 | goto out; | 727 | goto out; |
728 | 728 | ||
729 | dentry = file->f_path.dentry; | 729 | dentry = file->f_path.dentry; |
730 | audit_inode(NULL, dentry->d_inode); | 730 | audit_inode(NULL, dentry); |
731 | error = chown_common(dentry, user, group); | 731 | error = chown_common(dentry, user, group); |
732 | fput(file); | 732 | fput(file); |
733 | out: | 733 | out: |
diff --git a/fs/xattr.c b/fs/xattr.c index a44fd92caca3..6645b7313b33 100644 --- a/fs/xattr.c +++ b/fs/xattr.c | |||
@@ -267,7 +267,7 @@ sys_fsetxattr(int fd, char __user *name, void __user *value, | |||
267 | if (!f) | 267 | if (!f) |
268 | return error; | 268 | return error; |
269 | dentry = f->f_path.dentry; | 269 | dentry = f->f_path.dentry; |
270 | audit_inode(NULL, dentry->d_inode); | 270 | audit_inode(NULL, dentry); |
271 | error = setxattr(dentry, name, value, size, flags); | 271 | error = setxattr(dentry, name, value, size, flags); |
272 | fput(f); | 272 | fput(f); |
273 | return error; | 273 | return error; |
@@ -349,7 +349,7 @@ sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size) | |||
349 | f = fget(fd); | 349 | f = fget(fd); |
350 | if (!f) | 350 | if (!f) |
351 | return error; | 351 | return error; |
352 | audit_inode(NULL, f->f_path.dentry->d_inode); | 352 | audit_inode(NULL, f->f_path.dentry); |
353 | error = getxattr(f->f_path.dentry, name, value, size); | 353 | error = getxattr(f->f_path.dentry, name, value, size); |
354 | fput(f); | 354 | fput(f); |
355 | return error; | 355 | return error; |
@@ -422,7 +422,7 @@ sys_flistxattr(int fd, char __user *list, size_t size) | |||
422 | f = fget(fd); | 422 | f = fget(fd); |
423 | if (!f) | 423 | if (!f) |
424 | return error; | 424 | return error; |
425 | audit_inode(NULL, f->f_path.dentry->d_inode); | 425 | audit_inode(NULL, f->f_path.dentry); |
426 | error = listxattr(f->f_path.dentry, list, size); | 426 | error = listxattr(f->f_path.dentry, list, size); |
427 | fput(f); | 427 | fput(f); |
428 | return error; | 428 | return error; |
@@ -485,7 +485,7 @@ sys_fremovexattr(int fd, char __user *name) | |||
485 | if (!f) | 485 | if (!f) |
486 | return error; | 486 | return error; |
487 | dentry = f->f_path.dentry; | 487 | dentry = f->f_path.dentry; |
488 | audit_inode(NULL, dentry->d_inode); | 488 | audit_inode(NULL, dentry); |
489 | error = removexattr(dentry, name); | 489 | error = removexattr(dentry, name); |
490 | fput(f); | 490 | fput(f); |
491 | return error; | 491 | return error; |
diff --git a/include/linux/audit.h b/include/linux/audit.h index 9ae740936a65..133b81be60a3 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -366,8 +366,8 @@ extern void audit_syscall_entry(int arch, | |||
366 | extern void audit_syscall_exit(int failed, long return_code); | 366 | extern void audit_syscall_exit(int failed, long return_code); |
367 | extern void __audit_getname(const char *name); | 367 | extern void __audit_getname(const char *name); |
368 | extern void audit_putname(const char *name); | 368 | extern void audit_putname(const char *name); |
369 | extern void __audit_inode(const char *name, const struct inode *inode); | 369 | extern void __audit_inode(const char *name, const struct dentry *dentry); |
370 | extern void __audit_inode_child(const char *dname, const struct inode *inode, | 370 | extern void __audit_inode_child(const char *dname, const struct dentry *dentry, |
371 | const struct inode *parent); | 371 | const struct inode *parent); |
372 | extern void __audit_ptrace(struct task_struct *t); | 372 | extern void __audit_ptrace(struct task_struct *t); |
373 | 373 | ||
@@ -381,15 +381,15 @@ static inline void audit_getname(const char *name) | |||
381 | if (unlikely(!audit_dummy_context())) | 381 | if (unlikely(!audit_dummy_context())) |
382 | __audit_getname(name); | 382 | __audit_getname(name); |
383 | } | 383 | } |
384 | static inline void audit_inode(const char *name, const struct inode *inode) { | 384 | static inline void audit_inode(const char *name, const struct dentry *dentry) { |
385 | if (unlikely(!audit_dummy_context())) | 385 | if (unlikely(!audit_dummy_context())) |
386 | __audit_inode(name, inode); | 386 | __audit_inode(name, dentry); |
387 | } | 387 | } |
388 | static inline void audit_inode_child(const char *dname, | 388 | static inline void audit_inode_child(const char *dname, |
389 | const struct inode *inode, | 389 | const struct dentry *dentry, |
390 | const struct inode *parent) { | 390 | const struct inode *parent) { |
391 | if (unlikely(!audit_dummy_context())) | 391 | if (unlikely(!audit_dummy_context())) |
392 | __audit_inode_child(dname, inode, parent); | 392 | __audit_inode_child(dname, dentry, parent); |
393 | } | 393 | } |
394 | void audit_core_dumps(long signr); | 394 | void audit_core_dumps(long signr); |
395 | 395 | ||
@@ -477,9 +477,9 @@ extern int audit_signals; | |||
477 | #define audit_dummy_context() 1 | 477 | #define audit_dummy_context() 1 |
478 | #define audit_getname(n) do { ; } while (0) | 478 | #define audit_getname(n) do { ; } while (0) |
479 | #define audit_putname(n) do { ; } while (0) | 479 | #define audit_putname(n) do { ; } while (0) |
480 | #define __audit_inode(n,i) do { ; } while (0) | 480 | #define __audit_inode(n,d) do { ; } while (0) |
481 | #define __audit_inode_child(d,i,p) do { ; } while (0) | 481 | #define __audit_inode_child(d,i,p) do { ; } while (0) |
482 | #define audit_inode(n,i) do { ; } while (0) | 482 | #define audit_inode(n,d) do { ; } while (0) |
483 | #define audit_inode_child(d,i,p) do { ; } while (0) | 483 | #define audit_inode_child(d,i,p) do { ; } while (0) |
484 | #define audit_core_dumps(i) do { ; } while (0) | 484 | #define audit_core_dumps(i) do { ; } while (0) |
485 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 485 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index dfc4e4f68da4..2bd31fa623b6 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h | |||
@@ -41,8 +41,9 @@ static inline void fsnotify_d_move(struct dentry *entry) | |||
41 | */ | 41 | */ |
42 | static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, | 42 | static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, |
43 | const char *old_name, const char *new_name, | 43 | const char *old_name, const char *new_name, |
44 | int isdir, struct inode *target, struct inode *source) | 44 | int isdir, struct inode *target, struct dentry *moved) |
45 | { | 45 | { |
46 | struct inode *source = moved->d_inode; | ||
46 | u32 cookie = inotify_get_cookie(); | 47 | u32 cookie = inotify_get_cookie(); |
47 | 48 | ||
48 | if (old_dir == new_dir) | 49 | if (old_dir == new_dir) |
@@ -67,7 +68,7 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, | |||
67 | if (source) { | 68 | if (source) { |
68 | inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL); | 69 | inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL); |
69 | } | 70 | } |
70 | audit_inode_child(new_name, source, new_dir); | 71 | audit_inode_child(new_name, moved, new_dir); |
71 | } | 72 | } |
72 | 73 | ||
73 | /* | 74 | /* |
@@ -98,7 +99,7 @@ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry) | |||
98 | inode_dir_notify(inode, DN_CREATE); | 99 | inode_dir_notify(inode, DN_CREATE); |
99 | inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name, | 100 | inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name, |
100 | dentry->d_inode); | 101 | dentry->d_inode); |
101 | audit_inode_child(dentry->d_name.name, dentry->d_inode, inode); | 102 | audit_inode_child(dentry->d_name.name, dentry, inode); |
102 | } | 103 | } |
103 | 104 | ||
104 | /* | 105 | /* |
@@ -109,7 +110,7 @@ static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry) | |||
109 | inode_dir_notify(inode, DN_CREATE); | 110 | inode_dir_notify(inode, DN_CREATE); |
110 | inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0, | 111 | inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0, |
111 | dentry->d_name.name, dentry->d_inode); | 112 | dentry->d_name.name, dentry->d_inode); |
112 | audit_inode_child(dentry->d_name.name, dentry->d_inode, inode); | 113 | audit_inode_child(dentry->d_name.name, dentry, inode); |
113 | } | 114 | } |
114 | 115 | ||
115 | /* | 116 | /* |
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index c0b26dc4617b..bfa274ba9ed4 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c | |||
@@ -676,7 +676,7 @@ asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, | |||
676 | 676 | ||
677 | if (oflag & O_CREAT) { | 677 | if (oflag & O_CREAT) { |
678 | if (dentry->d_inode) { /* entry already exists */ | 678 | if (dentry->d_inode) { /* entry already exists */ |
679 | audit_inode(name, dentry->d_inode); | 679 | audit_inode(name, dentry); |
680 | error = -EEXIST; | 680 | error = -EEXIST; |
681 | if (oflag & O_EXCL) | 681 | if (oflag & O_EXCL) |
682 | goto out; | 682 | goto out; |
@@ -689,7 +689,7 @@ asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, | |||
689 | error = -ENOENT; | 689 | error = -ENOENT; |
690 | if (!dentry->d_inode) | 690 | if (!dentry->d_inode) |
691 | goto out; | 691 | goto out; |
692 | audit_inode(name, dentry->d_inode); | 692 | audit_inode(name, dentry); |
693 | filp = do_open(dentry, oflag); | 693 | filp = do_open(dentry, oflag); |
694 | } | 694 | } |
695 | 695 | ||
@@ -837,7 +837,7 @@ asmlinkage long sys_mq_timedsend(mqd_t mqdes, const char __user *u_msg_ptr, | |||
837 | if (unlikely(filp->f_op != &mqueue_file_operations)) | 837 | if (unlikely(filp->f_op != &mqueue_file_operations)) |
838 | goto out_fput; | 838 | goto out_fput; |
839 | info = MQUEUE_I(inode); | 839 | info = MQUEUE_I(inode); |
840 | audit_inode(NULL, inode); | 840 | audit_inode(NULL, filp->f_path.dentry); |
841 | 841 | ||
842 | if (unlikely(!(filp->f_mode & FMODE_WRITE))) | 842 | if (unlikely(!(filp->f_mode & FMODE_WRITE))) |
843 | goto out_fput; | 843 | goto out_fput; |
@@ -921,7 +921,7 @@ asmlinkage ssize_t sys_mq_timedreceive(mqd_t mqdes, char __user *u_msg_ptr, | |||
921 | if (unlikely(filp->f_op != &mqueue_file_operations)) | 921 | if (unlikely(filp->f_op != &mqueue_file_operations)) |
922 | goto out_fput; | 922 | goto out_fput; |
923 | info = MQUEUE_I(inode); | 923 | info = MQUEUE_I(inode); |
924 | audit_inode(NULL, inode); | 924 | audit_inode(NULL, filp->f_path.dentry); |
925 | 925 | ||
926 | if (unlikely(!(filp->f_mode & FMODE_READ))) | 926 | if (unlikely(!(filp->f_mode & FMODE_READ))) |
927 | goto out_fput; | 927 | goto out_fput; |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e19b5a33aede..8a85c203be12 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -1403,10 +1403,11 @@ static void audit_copy_inode(struct audit_names *name, const struct inode *inode | |||
1403 | * | 1403 | * |
1404 | * Called from fs/namei.c:path_lookup(). | 1404 | * Called from fs/namei.c:path_lookup(). |
1405 | */ | 1405 | */ |
1406 | void __audit_inode(const char *name, const struct inode *inode) | 1406 | void __audit_inode(const char *name, const struct dentry *dentry) |
1407 | { | 1407 | { |
1408 | int idx; | 1408 | int idx; |
1409 | struct audit_context *context = current->audit_context; | 1409 | struct audit_context *context = current->audit_context; |
1410 | const struct inode *inode = inode = dentry->d_inode; | ||
1410 | 1411 | ||
1411 | if (!context->in_syscall) | 1412 | if (!context->in_syscall) |
1412 | return; | 1413 | return; |
@@ -1443,12 +1444,13 @@ void __audit_inode(const char *name, const struct inode *inode) | |||
1443 | * must be hooked prior, in order to capture the target inode during | 1444 | * must be hooked prior, in order to capture the target inode during |
1444 | * unsuccessful attempts. | 1445 | * unsuccessful attempts. |
1445 | */ | 1446 | */ |
1446 | void __audit_inode_child(const char *dname, const struct inode *inode, | 1447 | void __audit_inode_child(const char *dname, const struct dentry *dentry, |
1447 | const struct inode *parent) | 1448 | const struct inode *parent) |
1448 | { | 1449 | { |
1449 | int idx; | 1450 | int idx; |
1450 | struct audit_context *context = current->audit_context; | 1451 | struct audit_context *context = current->audit_context; |
1451 | const char *found_parent = NULL, *found_child = NULL; | 1452 | const char *found_parent = NULL, *found_child = NULL; |
1453 | const struct inode *inode = dentry->d_inode; | ||
1452 | int dirlen = 0; | 1454 | int dirlen = 0; |
1453 | 1455 | ||
1454 | if (!context->in_syscall) | 1456 | if (!context->in_syscall) |