diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2007-06-07 12:19:32 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2007-10-21 02:37:18 -0400 |
| commit | 5a190ae69766da9a34bf31200c5cea4c0667cf94 (patch) | |
| tree | 340c500fe42518abe6d1159a00619b1bd02f07fc | |
| parent | cfa76f024f7c9e65169425804e5b32e71f66d0ee (diff) | |
[PATCH] pass dentry to audit_inode()/audit_inode_child()
makes caller simpler *and* allows to scan ancestors
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | fs/debugfs/inode.c | 2 | ||||
| -rw-r--r-- | fs/namei.c | 10 | ||||
| -rw-r--r-- | fs/open.c | 4 | ||||
| -rw-r--r-- | fs/xattr.c | 8 | ||||
| -rw-r--r-- | include/linux/audit.h | 16 | ||||
| -rw-r--r-- | include/linux/fsnotify.h | 9 | ||||
| -rw-r--r-- | ipc/mqueue.c | 8 | ||||
| -rw-r--r-- | kernel/auditsc.c | 6 |
8 files changed, 33 insertions, 30 deletions
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c index 11be8a325e26..6a713b33992f 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c | |||
| @@ -413,7 +413,7 @@ struct dentry *debugfs_rename(struct dentry *old_dir, struct dentry *old_dentry, | |||
| 413 | d_move(old_dentry, dentry); | 413 | d_move(old_dentry, dentry); |
| 414 | fsnotify_move(old_dir->d_inode, new_dir->d_inode, old_name, | 414 | fsnotify_move(old_dir->d_inode, new_dir->d_inode, old_name, |
| 415 | old_dentry->d_name.name, S_ISDIR(old_dentry->d_inode->i_mode), | 415 | old_dentry->d_name.name, S_ISDIR(old_dentry->d_inode->i_mode), |
| 416 | NULL, old_dentry->d_inode); | 416 | NULL, old_dentry); |
| 417 | fsnotify_oldname_free(old_name); | 417 | fsnotify_oldname_free(old_name); |
| 418 | unlock_rename(new_dir, old_dir); | 418 | unlock_rename(new_dir, old_dir); |
| 419 | dput(dentry); | 419 | dput(dentry); |
diff --git a/fs/namei.c b/fs/namei.c index 1e5c71669164..3b993db26cee 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -1174,7 +1174,7 @@ static int fastcall do_path_lookup(int dfd, const char *name, | |||
| 1174 | out: | 1174 | out: |
| 1175 | if (unlikely(!retval && !audit_dummy_context() && nd->dentry && | 1175 | if (unlikely(!retval && !audit_dummy_context() && nd->dentry && |
| 1176 | nd->dentry->d_inode)) | 1176 | nd->dentry->d_inode)) |
| 1177 | audit_inode(name, nd->dentry->d_inode); | 1177 | audit_inode(name, nd->dentry); |
| 1178 | out_fail: | 1178 | out_fail: |
| 1179 | return retval; | 1179 | return retval; |
| 1180 | 1180 | ||
| @@ -1214,7 +1214,7 @@ int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt, | |||
| 1214 | retval = path_walk(name, nd); | 1214 | retval = path_walk(name, nd); |
| 1215 | if (unlikely(!retval && !audit_dummy_context() && nd->dentry && | 1215 | if (unlikely(!retval && !audit_dummy_context() && nd->dentry && |
| 1216 | nd->dentry->d_inode)) | 1216 | nd->dentry->d_inode)) |
| 1217 | audit_inode(name, nd->dentry->d_inode); | 1217 | audit_inode(name, nd->dentry); |
| 1218 | 1218 | ||
| 1219 | return retval; | 1219 | return retval; |
| 1220 | 1220 | ||
| @@ -1469,7 +1469,7 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir) | |||
| 1469 | return -ENOENT; | 1469 | return -ENOENT; |
| 1470 | 1470 | ||
| 1471 | BUG_ON(victim->d_parent->d_inode != dir); | 1471 | BUG_ON(victim->d_parent->d_inode != dir); |
| 1472 | audit_inode_child(victim->d_name.name, victim->d_inode, dir); | 1472 | audit_inode_child(victim->d_name.name, victim, dir); |
| 1473 | 1473 | ||
| 1474 | error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); | 1474 | error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); |
| 1475 | if (error) | 1475 | if (error) |
| @@ -1783,7 +1783,7 @@ do_last: | |||
| 1783 | * It already exists. | 1783 | * It already exists. |
| 1784 | */ | 1784 | */ |
| 1785 | mutex_unlock(&dir->d_inode->i_mutex); | 1785 | mutex_unlock(&dir->d_inode->i_mutex); |
| 1786 | audit_inode(pathname, path.dentry->d_inode); | 1786 | audit_inode(pathname, path.dentry); |
| 1787 | 1787 | ||
| 1788 | error = -EEXIST; | 1788 | error = -EEXIST; |
| 1789 | if (flag & O_EXCL) | 1789 | if (flag & O_EXCL) |
| @@ -2562,7 +2562,7 @@ int vfs_rename(struct inode *old_dir, struct dentry *old_dentry, | |||
| 2562 | if (!error) { | 2562 | if (!error) { |
| 2563 | const char *new_name = old_dentry->d_name.name; | 2563 | const char *new_name = old_dentry->d_name.name; |
| 2564 | fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir, | 2564 | fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir, |
| 2565 | new_dentry->d_inode, old_dentry->d_inode); | 2565 | new_dentry->d_inode, old_dentry); |
| 2566 | } | 2566 | } |
| 2567 | fsnotify_oldname_free(old_name); | 2567 | fsnotify_oldname_free(old_name); |
| 2568 | 2568 | ||
| @@ -569,7 +569,7 @@ asmlinkage long sys_fchmod(unsigned int fd, mode_t mode) | |||
| 569 | dentry = file->f_path.dentry; | 569 | dentry = file->f_path.dentry; |
| 570 | inode = dentry->d_inode; | 570 | inode = dentry->d_inode; |
| 571 | 571 | ||
| 572 | audit_inode(NULL, inode); | 572 | audit_inode(NULL, dentry); |
| 573 | 573 | ||
| 574 | err = -EROFS; | 574 | err = -EROFS; |
| 575 | if (IS_RDONLY(inode)) | 575 | if (IS_RDONLY(inode)) |
| @@ -727,7 +727,7 @@ asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group) | |||
| 727 | goto out; | 727 | goto out; |
| 728 | 728 | ||
| 729 | dentry = file->f_path.dentry; | 729 | dentry = file->f_path.dentry; |
| 730 | audit_inode(NULL, dentry->d_inode); | 730 | audit_inode(NULL, dentry); |
| 731 | error = chown_common(dentry, user, group); | 731 | error = chown_common(dentry, user, group); |
| 732 | fput(file); | 732 | fput(file); |
| 733 | out: | 733 | out: |
diff --git a/fs/xattr.c b/fs/xattr.c index a44fd92caca3..6645b7313b33 100644 --- a/fs/xattr.c +++ b/fs/xattr.c | |||
| @@ -267,7 +267,7 @@ sys_fsetxattr(int fd, char __user *name, void __user *value, | |||
| 267 | if (!f) | 267 | if (!f) |
| 268 | return error; | 268 | return error; |
| 269 | dentry = f->f_path.dentry; | 269 | dentry = f->f_path.dentry; |
| 270 | audit_inode(NULL, dentry->d_inode); | 270 | audit_inode(NULL, dentry); |
| 271 | error = setxattr(dentry, name, value, size, flags); | 271 | error = setxattr(dentry, name, value, size, flags); |
| 272 | fput(f); | 272 | fput(f); |
| 273 | return error; | 273 | return error; |
| @@ -349,7 +349,7 @@ sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size) | |||
| 349 | f = fget(fd); | 349 | f = fget(fd); |
| 350 | if (!f) | 350 | if (!f) |
| 351 | return error; | 351 | return error; |
| 352 | audit_inode(NULL, f->f_path.dentry->d_inode); | 352 | audit_inode(NULL, f->f_path.dentry); |
| 353 | error = getxattr(f->f_path.dentry, name, value, size); | 353 | error = getxattr(f->f_path.dentry, name, value, size); |
| 354 | fput(f); | 354 | fput(f); |
| 355 | return error; | 355 | return error; |
| @@ -422,7 +422,7 @@ sys_flistxattr(int fd, char __user *list, size_t size) | |||
| 422 | f = fget(fd); | 422 | f = fget(fd); |
| 423 | if (!f) | 423 | if (!f) |
| 424 | return error; | 424 | return error; |
| 425 | audit_inode(NULL, f->f_path.dentry->d_inode); | 425 | audit_inode(NULL, f->f_path.dentry); |
| 426 | error = listxattr(f->f_path.dentry, list, size); | 426 | error = listxattr(f->f_path.dentry, list, size); |
| 427 | fput(f); | 427 | fput(f); |
| 428 | return error; | 428 | return error; |
| @@ -485,7 +485,7 @@ sys_fremovexattr(int fd, char __user *name) | |||
| 485 | if (!f) | 485 | if (!f) |
| 486 | return error; | 486 | return error; |
| 487 | dentry = f->f_path.dentry; | 487 | dentry = f->f_path.dentry; |
| 488 | audit_inode(NULL, dentry->d_inode); | 488 | audit_inode(NULL, dentry); |
| 489 | error = removexattr(dentry, name); | 489 | error = removexattr(dentry, name); |
| 490 | fput(f); | 490 | fput(f); |
| 491 | return error; | 491 | return error; |
diff --git a/include/linux/audit.h b/include/linux/audit.h index 9ae740936a65..133b81be60a3 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -366,8 +366,8 @@ extern void audit_syscall_entry(int arch, | |||
| 366 | extern void audit_syscall_exit(int failed, long return_code); | 366 | extern void audit_syscall_exit(int failed, long return_code); |
| 367 | extern void __audit_getname(const char *name); | 367 | extern void __audit_getname(const char *name); |
| 368 | extern void audit_putname(const char *name); | 368 | extern void audit_putname(const char *name); |
| 369 | extern void __audit_inode(const char *name, const struct inode *inode); | 369 | extern void __audit_inode(const char *name, const struct dentry *dentry); |
| 370 | extern void __audit_inode_child(const char *dname, const struct inode *inode, | 370 | extern void __audit_inode_child(const char *dname, const struct dentry *dentry, |
| 371 | const struct inode *parent); | 371 | const struct inode *parent); |
| 372 | extern void __audit_ptrace(struct task_struct *t); | 372 | extern void __audit_ptrace(struct task_struct *t); |
| 373 | 373 | ||
| @@ -381,15 +381,15 @@ static inline void audit_getname(const char *name) | |||
| 381 | if (unlikely(!audit_dummy_context())) | 381 | if (unlikely(!audit_dummy_context())) |
| 382 | __audit_getname(name); | 382 | __audit_getname(name); |
| 383 | } | 383 | } |
| 384 | static inline void audit_inode(const char *name, const struct inode *inode) { | 384 | static inline void audit_inode(const char *name, const struct dentry *dentry) { |
| 385 | if (unlikely(!audit_dummy_context())) | 385 | if (unlikely(!audit_dummy_context())) |
| 386 | __audit_inode(name, inode); | 386 | __audit_inode(name, dentry); |
| 387 | } | 387 | } |
| 388 | static inline void audit_inode_child(const char *dname, | 388 | static inline void audit_inode_child(const char *dname, |
| 389 | const struct inode *inode, | 389 | const struct dentry *dentry, |
| 390 | const struct inode *parent) { | 390 | const struct inode *parent) { |
| 391 | if (unlikely(!audit_dummy_context())) | 391 | if (unlikely(!audit_dummy_context())) |
| 392 | __audit_inode_child(dname, inode, parent); | 392 | __audit_inode_child(dname, dentry, parent); |
| 393 | } | 393 | } |
| 394 | void audit_core_dumps(long signr); | 394 | void audit_core_dumps(long signr); |
| 395 | 395 | ||
| @@ -477,9 +477,9 @@ extern int audit_signals; | |||
| 477 | #define audit_dummy_context() 1 | 477 | #define audit_dummy_context() 1 |
| 478 | #define audit_getname(n) do { ; } while (0) | 478 | #define audit_getname(n) do { ; } while (0) |
| 479 | #define audit_putname(n) do { ; } while (0) | 479 | #define audit_putname(n) do { ; } while (0) |
| 480 | #define __audit_inode(n,i) do { ; } while (0) | 480 | #define __audit_inode(n,d) do { ; } while (0) |
| 481 | #define __audit_inode_child(d,i,p) do { ; } while (0) | 481 | #define __audit_inode_child(d,i,p) do { ; } while (0) |
| 482 | #define audit_inode(n,i) do { ; } while (0) | 482 | #define audit_inode(n,d) do { ; } while (0) |
| 483 | #define audit_inode_child(d,i,p) do { ; } while (0) | 483 | #define audit_inode_child(d,i,p) do { ; } while (0) |
| 484 | #define audit_core_dumps(i) do { ; } while (0) | 484 | #define audit_core_dumps(i) do { ; } while (0) |
| 485 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 485 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index dfc4e4f68da4..2bd31fa623b6 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h | |||
| @@ -41,8 +41,9 @@ static inline void fsnotify_d_move(struct dentry *entry) | |||
| 41 | */ | 41 | */ |
| 42 | static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, | 42 | static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, |
| 43 | const char *old_name, const char *new_name, | 43 | const char *old_name, const char *new_name, |
| 44 | int isdir, struct inode *target, struct inode *source) | 44 | int isdir, struct inode *target, struct dentry *moved) |
| 45 | { | 45 | { |
| 46 | struct inode *source = moved->d_inode; | ||
| 46 | u32 cookie = inotify_get_cookie(); | 47 | u32 cookie = inotify_get_cookie(); |
| 47 | 48 | ||
| 48 | if (old_dir == new_dir) | 49 | if (old_dir == new_dir) |
| @@ -67,7 +68,7 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, | |||
| 67 | if (source) { | 68 | if (source) { |
| 68 | inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL); | 69 | inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL); |
| 69 | } | 70 | } |
| 70 | audit_inode_child(new_name, source, new_dir); | 71 | audit_inode_child(new_name, moved, new_dir); |
| 71 | } | 72 | } |
| 72 | 73 | ||
| 73 | /* | 74 | /* |
| @@ -98,7 +99,7 @@ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry) | |||
| 98 | inode_dir_notify(inode, DN_CREATE); | 99 | inode_dir_notify(inode, DN_CREATE); |
| 99 | inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name, | 100 | inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name, |
| 100 | dentry->d_inode); | 101 | dentry->d_inode); |
| 101 | audit_inode_child(dentry->d_name.name, dentry->d_inode, inode); | 102 | audit_inode_child(dentry->d_name.name, dentry, inode); |
| 102 | } | 103 | } |
| 103 | 104 | ||
| 104 | /* | 105 | /* |
| @@ -109,7 +110,7 @@ static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry) | |||
| 109 | inode_dir_notify(inode, DN_CREATE); | 110 | inode_dir_notify(inode, DN_CREATE); |
| 110 | inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0, | 111 | inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0, |
| 111 | dentry->d_name.name, dentry->d_inode); | 112 | dentry->d_name.name, dentry->d_inode); |
| 112 | audit_inode_child(dentry->d_name.name, dentry->d_inode, inode); | 113 | audit_inode_child(dentry->d_name.name, dentry, inode); |
| 113 | } | 114 | } |
| 114 | 115 | ||
| 115 | /* | 116 | /* |
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index c0b26dc4617b..bfa274ba9ed4 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c | |||
| @@ -676,7 +676,7 @@ asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, | |||
| 676 | 676 | ||
| 677 | if (oflag & O_CREAT) { | 677 | if (oflag & O_CREAT) { |
| 678 | if (dentry->d_inode) { /* entry already exists */ | 678 | if (dentry->d_inode) { /* entry already exists */ |
| 679 | audit_inode(name, dentry->d_inode); | 679 | audit_inode(name, dentry); |
| 680 | error = -EEXIST; | 680 | error = -EEXIST; |
| 681 | if (oflag & O_EXCL) | 681 | if (oflag & O_EXCL) |
| 682 | goto out; | 682 | goto out; |
| @@ -689,7 +689,7 @@ asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, | |||
| 689 | error = -ENOENT; | 689 | error = -ENOENT; |
| 690 | if (!dentry->d_inode) | 690 | if (!dentry->d_inode) |
| 691 | goto out; | 691 | goto out; |
| 692 | audit_inode(name, dentry->d_inode); | 692 | audit_inode(name, dentry); |
| 693 | filp = do_open(dentry, oflag); | 693 | filp = do_open(dentry, oflag); |
| 694 | } | 694 | } |
| 695 | 695 | ||
| @@ -837,7 +837,7 @@ asmlinkage long sys_mq_timedsend(mqd_t mqdes, const char __user *u_msg_ptr, | |||
| 837 | if (unlikely(filp->f_op != &mqueue_file_operations)) | 837 | if (unlikely(filp->f_op != &mqueue_file_operations)) |
| 838 | goto out_fput; | 838 | goto out_fput; |
| 839 | info = MQUEUE_I(inode); | 839 | info = MQUEUE_I(inode); |
| 840 | audit_inode(NULL, inode); | 840 | audit_inode(NULL, filp->f_path.dentry); |
| 841 | 841 | ||
| 842 | if (unlikely(!(filp->f_mode & FMODE_WRITE))) | 842 | if (unlikely(!(filp->f_mode & FMODE_WRITE))) |
| 843 | goto out_fput; | 843 | goto out_fput; |
| @@ -921,7 +921,7 @@ asmlinkage ssize_t sys_mq_timedreceive(mqd_t mqdes, char __user *u_msg_ptr, | |||
| 921 | if (unlikely(filp->f_op != &mqueue_file_operations)) | 921 | if (unlikely(filp->f_op != &mqueue_file_operations)) |
| 922 | goto out_fput; | 922 | goto out_fput; |
| 923 | info = MQUEUE_I(inode); | 923 | info = MQUEUE_I(inode); |
| 924 | audit_inode(NULL, inode); | 924 | audit_inode(NULL, filp->f_path.dentry); |
| 925 | 925 | ||
| 926 | if (unlikely(!(filp->f_mode & FMODE_READ))) | 926 | if (unlikely(!(filp->f_mode & FMODE_READ))) |
| 927 | goto out_fput; | 927 | goto out_fput; |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e19b5a33aede..8a85c203be12 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -1403,10 +1403,11 @@ static void audit_copy_inode(struct audit_names *name, const struct inode *inode | |||
| 1403 | * | 1403 | * |
| 1404 | * Called from fs/namei.c:path_lookup(). | 1404 | * Called from fs/namei.c:path_lookup(). |
| 1405 | */ | 1405 | */ |
| 1406 | void __audit_inode(const char *name, const struct inode *inode) | 1406 | void __audit_inode(const char *name, const struct dentry *dentry) |
| 1407 | { | 1407 | { |
| 1408 | int idx; | 1408 | int idx; |
| 1409 | struct audit_context *context = current->audit_context; | 1409 | struct audit_context *context = current->audit_context; |
| 1410 | const struct inode *inode = inode = dentry->d_inode; | ||
| 1410 | 1411 | ||
| 1411 | if (!context->in_syscall) | 1412 | if (!context->in_syscall) |
| 1412 | return; | 1413 | return; |
| @@ -1443,12 +1444,13 @@ void __audit_inode(const char *name, const struct inode *inode) | |||
| 1443 | * must be hooked prior, in order to capture the target inode during | 1444 | * must be hooked prior, in order to capture the target inode during |
| 1444 | * unsuccessful attempts. | 1445 | * unsuccessful attempts. |
| 1445 | */ | 1446 | */ |
| 1446 | void __audit_inode_child(const char *dname, const struct inode *inode, | 1447 | void __audit_inode_child(const char *dname, const struct dentry *dentry, |
| 1447 | const struct inode *parent) | 1448 | const struct inode *parent) |
| 1448 | { | 1449 | { |
| 1449 | int idx; | 1450 | int idx; |
| 1450 | struct audit_context *context = current->audit_context; | 1451 | struct audit_context *context = current->audit_context; |
| 1451 | const char *found_parent = NULL, *found_child = NULL; | 1452 | const char *found_parent = NULL, *found_child = NULL; |
| 1453 | const struct inode *inode = dentry->d_inode; | ||
| 1452 | int dirlen = 0; | 1454 | int dirlen = 0; |
| 1453 | 1455 | ||
| 1454 | if (!context->in_syscall) | 1456 | if (!context->in_syscall) |