diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-12-16 03:51:22 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-01-04 15:14:42 -0500 |
commit | e048e02c89db7bd49d1a5fac77a11c8fb3603087 (patch) | |
tree | 6141e7646cd7c5b1b1334f0f86fbad6ef1bcc6d8 | |
parent | e45aa212ea81d39b38ba158df344dc3a500153e5 (diff) |
make sure that filterkey of task,always rules is reported
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | kernel/auditsc.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 19d2c2747c8d..8cbddff6c283 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -652,7 +652,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
652 | * completely disabled for this task. Since we only have the task | 652 | * completely disabled for this task. Since we only have the task |
653 | * structure at this point, we can only check uid and gid. | 653 | * structure at this point, we can only check uid and gid. |
654 | */ | 654 | */ |
655 | static enum audit_state audit_filter_task(struct task_struct *tsk) | 655 | static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) |
656 | { | 656 | { |
657 | struct audit_entry *e; | 657 | struct audit_entry *e; |
658 | enum audit_state state; | 658 | enum audit_state state; |
@@ -660,6 +660,8 @@ static enum audit_state audit_filter_task(struct task_struct *tsk) | |||
660 | rcu_read_lock(); | 660 | rcu_read_lock(); |
661 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { | 661 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { |
662 | if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) { | 662 | if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) { |
663 | if (state == AUDIT_RECORD_CONTEXT) | ||
664 | *key = kstrdup(e->rule.filterkey, GFP_ATOMIC); | ||
663 | rcu_read_unlock(); | 665 | rcu_read_unlock(); |
664 | return state; | 666 | return state; |
665 | } | 667 | } |
@@ -866,18 +868,21 @@ int audit_alloc(struct task_struct *tsk) | |||
866 | { | 868 | { |
867 | struct audit_context *context; | 869 | struct audit_context *context; |
868 | enum audit_state state; | 870 | enum audit_state state; |
871 | char *key = NULL; | ||
869 | 872 | ||
870 | if (likely(!audit_ever_enabled)) | 873 | if (likely(!audit_ever_enabled)) |
871 | return 0; /* Return if not auditing. */ | 874 | return 0; /* Return if not auditing. */ |
872 | 875 | ||
873 | state = audit_filter_task(tsk); | 876 | state = audit_filter_task(tsk, &key); |
874 | if (likely(state == AUDIT_DISABLED)) | 877 | if (likely(state == AUDIT_DISABLED)) |
875 | return 0; | 878 | return 0; |
876 | 879 | ||
877 | if (!(context = audit_alloc_context(state))) { | 880 | if (!(context = audit_alloc_context(state))) { |
881 | kfree(key); | ||
878 | audit_log_lost("out of memory in audit_alloc"); | 882 | audit_log_lost("out of memory in audit_alloc"); |
879 | return -ENOMEM; | 883 | return -ENOMEM; |
880 | } | 884 | } |
885 | context->filterkey = key; | ||
881 | 886 | ||
882 | tsk->audit_context = context; | 887 | tsk->audit_context = context; |
883 | set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); | 888 | set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); |
@@ -1703,8 +1708,10 @@ void audit_syscall_exit(int valid, long return_code) | |||
1703 | context->sockaddr_len = 0; | 1708 | context->sockaddr_len = 0; |
1704 | context->type = 0; | 1709 | context->type = 0; |
1705 | context->fds[0] = -1; | 1710 | context->fds[0] = -1; |
1706 | kfree(context->filterkey); | 1711 | if (context->state != AUDIT_RECORD_CONTEXT) { |
1707 | context->filterkey = NULL; | 1712 | kfree(context->filterkey); |
1713 | context->filterkey = NULL; | ||
1714 | } | ||
1708 | tsk->audit_context = context; | 1715 | tsk->audit_context = context; |
1709 | } | 1716 | } |
1710 | } | 1717 | } |