audit: overhaul __audit_inode_child to accomodate retrying

In order to accomodate retrying path-based syscalls, we need to add a new "type" argument to audit_inode_child. This will tell us whether we're looking for a child entry that represents a create or a delete. If we find a parent, don't automatically assume that we need to create a new entry. Instead, use the information we have to try to find an existing entry first. Update it if one is found and create a new one if not. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Jeff Layton <jlayton@redhat.com> 2012-10-10 15:25:25 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12 00:32:03 -0400
commit: 4fa6b5ecbf092c6ee752ece8a55d71f663d23254 (patch)
tree: 6143912dc73b457a3be72faf31d46d855d3f87c3 /include/linux/audit.h
parent: e3d6b07b8ba161f638b026feba0c3c97875d7f1c (diff)
1 files changed, 11 insertions, 5 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index b11f517dce04..3df643d1ac5b 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -457,6 +457,8 @@ extern int audit_classify_arch(int arch);
 #define AUDIT_TYPE_UNKNOWN      0       /* we don't know yet */
 #define AUDIT_TYPE_NORMAL       1       /* a "normal" audit record */
 #define AUDIT_TYPE_PARENT       2       /* a parent audit record */
+#define AUDIT_TYPE_CHILD_DELETE 3       /* a child being deleted */
+#define AUDIT_TYPE_CHILD_CREATE 4       /* a child being created */
 #ifdef CONFIG_AUDITSYSCALL
 /* These are defined in auditsc.c */
@@ -472,7 +474,8 @@ extern void audit_putname(const char *name);
 extern void __audit_inode(const char *name, const struct dentry *dentry,
                                unsigned int parent);
 extern void __audit_inode_child(const struct inode *parent,
-                                const struct dentry *dentry);
+                                const struct dentry *dentry,
+                                const unsigned char type);
 extern void __audit_seccomp(unsigned long syscall, long signr, int code);
 extern void __audit_ptrace(struct task_struct *t);
@@ -513,9 +516,10 @@ static inline void audit_inode(const char *name, const struct dentry *dentry,
                __audit_inode(name, dentry, parent);
 }
 static inline void audit_inode_child(const struct inode *parent,
-                                     const struct dentry *dentry) {
+                                     const struct dentry *dentry,
+                                     const unsigned char type) {
        if (unlikely(!audit_dummy_context()))
-                __audit_inode_child(parent, dentry);
+                __audit_inode_child(parent, dentry, type);
 }
 void audit_core_dumps(long signr);
@@ -667,13 +671,15 @@ static inline void __audit_inode(const char *name, const struct dentry *dentry,
                                        unsigned int parent)
 { }
 static inline void __audit_inode_child(const struct inode *parent,
-                                        const struct dentry *dentry)
+                                        const struct dentry *dentry,
+                                        const unsigned char type)
 { }
 static inline void audit_inode(const char *name, const struct dentry *dentry,
                                unsigned int parent)
 { }
 static inline void audit_inode_child(const struct inode *parent,
-                                     const struct dentry *dentry)
+                                     const struct dentry *dentry,
+                                     const unsigned char type)
 { }
 static inline void audit_core_dumps(long signr)
 { }
author	Jeff Layton <jlayton@redhat.com>	2012-10-10 15:25:25 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2012-10-12 00:32:03 -0400
commit	4fa6b5ecbf092c6ee752ece8a55d71f663d23254 (patch)
tree	6143912dc73b457a3be72faf31d46d855d3f87c3 /include/linux/audit.h
parent	e3d6b07b8ba161f638b026feba0c3c97875d7f1c (diff)