diff options
| author | Eric Paris <eparis@redhat.com> | 2011-04-25 12:54:27 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2011-04-25 18:13:15 -0400 |
| commit | f48b7399840b453e7282b523f535561fe9638a2d (patch) | |
| tree | 29eed009469d35473367708ea60b9c5b01fc0c5f /security/lsm_audit.c | |
| parent | 0dc1ba24f7fff659725eecbba2c9ad679a0954cd (diff) | |
LSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE
The lsm common audit code has wacky contortions making sure which pieces
of information are set based on if it was given a path, dentry, or
inode. Split this into path and inode to get rid of some of the code
complexity.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/lsm_audit.c')
| -rw-r--r-- | security/lsm_audit.c | 50 |
1 files changed, 28 insertions, 22 deletions
diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 908aa712816a..2e846052cbf4 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c | |||
| @@ -210,7 +210,6 @@ static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr, | |||
| 210 | static void dump_common_audit_data(struct audit_buffer *ab, | 210 | static void dump_common_audit_data(struct audit_buffer *ab, |
| 211 | struct common_audit_data *a) | 211 | struct common_audit_data *a) |
| 212 | { | 212 | { |
| 213 | struct inode *inode = NULL; | ||
| 214 | struct task_struct *tsk = current; | 213 | struct task_struct *tsk = current; |
| 215 | 214 | ||
| 216 | if (a->tsk) | 215 | if (a->tsk) |
| @@ -229,33 +228,40 @@ static void dump_common_audit_data(struct audit_buffer *ab, | |||
| 229 | case LSM_AUDIT_DATA_CAP: | 228 | case LSM_AUDIT_DATA_CAP: |
| 230 | audit_log_format(ab, " capability=%d ", a->u.cap); | 229 | audit_log_format(ab, " capability=%d ", a->u.cap); |
| 231 | break; | 230 | break; |
| 232 | case LSM_AUDIT_DATA_FS: | 231 | case LSM_AUDIT_DATA_PATH: { |
| 233 | if (a->u.fs.path.dentry) { | 232 | struct dentry *dentry = a->u.path.dentry; |
| 234 | struct dentry *dentry = a->u.fs.path.dentry; | 233 | struct inode *inode; |
| 235 | if (a->u.fs.path.mnt) { | 234 | |
| 236 | audit_log_d_path(ab, "path=", &a->u.fs.path); | 235 | if (a->u.path.mnt) { |
| 237 | } else { | 236 | audit_log_d_path(ab, "path=", &a->u.path); |
| 238 | audit_log_format(ab, " name="); | 237 | } else { |
| 239 | audit_log_untrustedstring(ab, | 238 | audit_log_format(ab, " name="); |
| 240 | dentry->d_name.name); | 239 | audit_log_untrustedstring(ab, |
| 241 | } | 240 | dentry->d_name.name); |
| 242 | inode = dentry->d_inode; | ||
| 243 | } else if (a->u.fs.inode) { | ||
| 244 | struct dentry *dentry; | ||
| 245 | inode = a->u.fs.inode; | ||
| 246 | dentry = d_find_alias(inode); | ||
| 247 | if (dentry) { | ||
| 248 | audit_log_format(ab, " name="); | ||
| 249 | audit_log_untrustedstring(ab, | ||
| 250 | dentry->d_name.name); | ||
| 251 | dput(dentry); | ||
| 252 | } | ||
| 253 | } | 241 | } |
| 242 | inode = dentry->d_inode; | ||
| 254 | if (inode) | 243 | if (inode) |
| 255 | audit_log_format(ab, " dev=%s ino=%lu", | 244 | audit_log_format(ab, " dev=%s ino=%lu", |
| 256 | inode->i_sb->s_id, | 245 | inode->i_sb->s_id, |
| 257 | inode->i_ino); | 246 | inode->i_ino); |
| 258 | break; | 247 | break; |
| 248 | } | ||
| 249 | case LSM_AUDIT_DATA_INODE: { | ||
| 250 | struct dentry *dentry; | ||
| 251 | struct inode *inode; | ||
| 252 | |||
| 253 | inode = a->u.inode; | ||
| 254 | dentry = d_find_alias(inode); | ||
| 255 | if (dentry) { | ||
| 256 | audit_log_format(ab, " name="); | ||
| 257 | audit_log_untrustedstring(ab, | ||
| 258 | dentry->d_name.name); | ||
| 259 | dput(dentry); | ||
| 260 | } | ||
| 261 | audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id, | ||
| 262 | inode->i_ino); | ||
| 263 | break; | ||
| 264 | } | ||
| 259 | case LSM_AUDIT_DATA_TASK: | 265 | case LSM_AUDIT_DATA_TASK: |
| 260 | tsk = a->u.tsk; | 266 | tsk = a->u.tsk; |
| 261 | if (tsk && tsk->pid) { | 267 | if (tsk && tsk->pid) { |