aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorAmy Griffis <amy.griffis@hp.com>2005-11-03 11:00:25 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-03-20 14:08:53 -0500
commit73241ccca0f7786933f1d31b3d86f2456549953a (patch)
treedaa7efabfb7aa2f511a467606786820949e8763e /include
parentf38aa94224c5517a40ba56d453779f70d3229803 (diff)
[PATCH] Collect more inode information during syscall processing.
This patch augments the collection of inode info during syscall processing. It represents part of the functionality that was provided by the auditfs patch included in RHEL4. Specifically, it: - Collects information for target inodes created or removed during syscalls. Previous code only collects information for the target inode's parent. - Adds the audit_inode() hook to syscalls that operate on a file descriptor (e.g. fchown), enabling audit to do inode filtering for these calls. - Modifies filtering code to check audit context for either an inode # or a parent inode # matching a given rule. - Modifies logging to provide inode # for both parent and child. - Protect debug info from NULL audit_names.name. [AV: folded a later typo fix from the same author] Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include')
-rw-r--r--include/linux/audit.h18
-rw-r--r--include/linux/fsnotify.h5
2 files changed, 22 insertions, 1 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index fd65078e794a..739b954cb242 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -260,7 +260,20 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
260extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); 260extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
261extern void audit_getname(const char *name); 261extern void audit_getname(const char *name);
262extern void audit_putname(const char *name); 262extern void audit_putname(const char *name);
263extern void audit_inode(const char *name, const struct inode *inode, unsigned flags); 263extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags);
264extern void __audit_inode_child(const char *dname, const struct inode *inode,
265 unsigned long pino);
266static inline void audit_inode(const char *name, const struct inode *inode,
267 unsigned flags) {
268 if (unlikely(current->audit_context))
269 __audit_inode(name, inode, flags);
270}
271static inline void audit_inode_child(const char *dname,
272 const struct inode *inode,
273 unsigned long pino) {
274 if (unlikely(current->audit_context))
275 __audit_inode_child(dname, inode, pino);
276}
264 277
265 /* Private API (for audit.c only) */ 278 /* Private API (for audit.c only) */
266extern int audit_receive_filter(int type, int pid, int uid, int seq, 279extern int audit_receive_filter(int type, int pid, int uid, int seq,
@@ -283,7 +296,10 @@ extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
283#define audit_syscall_exit(t,f,r) do { ; } while (0) 296#define audit_syscall_exit(t,f,r) do { ; } while (0)
284#define audit_getname(n) do { ; } while (0) 297#define audit_getname(n) do { ; } while (0)
285#define audit_putname(n) do { ; } while (0) 298#define audit_putname(n) do { ; } while (0)
299#define __audit_inode(n,i,f) do { ; } while (0)
300#define __audit_inode_child(d,i,p) do { ; } while (0)
286#define audit_inode(n,i,f) do { ; } while (0) 301#define audit_inode(n,i,f) do { ; } while (0)
302#define audit_inode_child(d,i,p) do { ; } while (0)
287#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) 303#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
288#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) 304#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
289#define audit_get_loginuid(c) ({ -1; }) 305#define audit_get_loginuid(c) ({ -1; })
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index b5ff64d2f092..94919c376a72 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -15,6 +15,7 @@
15 15
16#include <linux/dnotify.h> 16#include <linux/dnotify.h>
17#include <linux/inotify.h> 17#include <linux/inotify.h>
18#include <linux/audit.h>
18 19
19/* 20/*
20 * fsnotify_move - file old_name at old_dir was moved to new_name at new_dir 21 * fsnotify_move - file old_name at old_dir was moved to new_name at new_dir
@@ -45,6 +46,8 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir,
45 if (source) { 46 if (source) {
46 inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL); 47 inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL);
47 } 48 }
49 audit_inode_child(old_name, source, old_dir->i_ino);
50 audit_inode_child(new_name, target, new_dir->i_ino);
48} 51}
49 52
50/* 53/*
@@ -74,6 +77,7 @@ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry)
74{ 77{
75 inode_dir_notify(inode, DN_CREATE); 78 inode_dir_notify(inode, DN_CREATE);
76 inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name); 79 inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name);
80 audit_inode_child(dentry->d_name.name, dentry->d_inode, inode->i_ino);
77} 81}
78 82
79/* 83/*
@@ -84,6 +88,7 @@ static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry)
84 inode_dir_notify(inode, DN_CREATE); 88 inode_dir_notify(inode, DN_CREATE);
85 inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0, 89 inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0,
86 dentry->d_name.name); 90 dentry->d_name.name);
91 audit_inode_child(dentry->d_name.name, dentry->d_inode, inode->i_ino);
87} 92}
88 93
89/* 94/*