aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2008-12-16 03:51:22 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2009-01-04 15:14:42 -0500
commite048e02c89db7bd49d1a5fac77a11c8fb3603087 (patch)
tree6141e7646cd7c5b1b1334f0f86fbad6ef1bcc6d8 /kernel/auditsc.c
parente45aa212ea81d39b38ba158df344dc3a500153e5 (diff)
make sure that filterkey of task,always rules is reported
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 19d2c2747c8d..8cbddff6c283 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -652,7 +652,7 @@ static int audit_filter_rules(struct task_struct *tsk,
652 * completely disabled for this task. Since we only have the task 652 * completely disabled for this task. Since we only have the task
653 * structure at this point, we can only check uid and gid. 653 * structure at this point, we can only check uid and gid.
654 */ 654 */
655static enum audit_state audit_filter_task(struct task_struct *tsk) 655static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)
656{ 656{
657 struct audit_entry *e; 657 struct audit_entry *e;
658 enum audit_state state; 658 enum audit_state state;
@@ -660,6 +660,8 @@ static enum audit_state audit_filter_task(struct task_struct *tsk)
660 rcu_read_lock(); 660 rcu_read_lock();
661 list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { 661 list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) {
662 if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) { 662 if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) {
663 if (state == AUDIT_RECORD_CONTEXT)
664 *key = kstrdup(e->rule.filterkey, GFP_ATOMIC);
663 rcu_read_unlock(); 665 rcu_read_unlock();
664 return state; 666 return state;
665 } 667 }
@@ -866,18 +868,21 @@ int audit_alloc(struct task_struct *tsk)
866{ 868{
867 struct audit_context *context; 869 struct audit_context *context;
868 enum audit_state state; 870 enum audit_state state;
871 char *key = NULL;
869 872
870 if (likely(!audit_ever_enabled)) 873 if (likely(!audit_ever_enabled))
871 return 0; /* Return if not auditing. */ 874 return 0; /* Return if not auditing. */
872 875
873 state = audit_filter_task(tsk); 876 state = audit_filter_task(tsk, &key);
874 if (likely(state == AUDIT_DISABLED)) 877 if (likely(state == AUDIT_DISABLED))
875 return 0; 878 return 0;
876 879
877 if (!(context = audit_alloc_context(state))) { 880 if (!(context = audit_alloc_context(state))) {
881 kfree(key);
878 audit_log_lost("out of memory in audit_alloc"); 882 audit_log_lost("out of memory in audit_alloc");
879 return -ENOMEM; 883 return -ENOMEM;
880 } 884 }
885 context->filterkey = key;
881 886
882 tsk->audit_context = context; 887 tsk->audit_context = context;
883 set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); 888 set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
@@ -1703,8 +1708,10 @@ void audit_syscall_exit(int valid, long return_code)
1703 context->sockaddr_len = 0; 1708 context->sockaddr_len = 0;
1704 context->type = 0; 1709 context->type = 0;
1705 context->fds[0] = -1; 1710 context->fds[0] = -1;
1706 kfree(context->filterkey); 1711 if (context->state != AUDIT_RECORD_CONTEXT) {
1707 context->filterkey = NULL; 1712 kfree(context->filterkey);
1713 context->filterkey = NULL;
1714 }
1708 tsk->audit_context = context; 1715 tsk->audit_context = context;
1709 } 1716 }
1710} 1717}