diff options
-rw-r--r-- | include/linux/audit.h | 2 | ||||
-rw-r--r-- | kernel/auditfilter.c | 24 | ||||
-rw-r--r-- | kernel/auditsc.c | 3 |
3 files changed, 29 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index bf196c05826c..f1bfcff497bf 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -410,6 +410,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | |||
410 | return __audit_mq_getsetattr(mqdes, mqstat); | 410 | return __audit_mq_getsetattr(mqdes, mqstat); |
411 | return 0; | 411 | return 0; |
412 | } | 412 | } |
413 | extern int audit_n_rules; | ||
413 | #else | 414 | #else |
414 | #define audit_alloc(t) ({ 0; }) | 415 | #define audit_alloc(t) ({ 0; }) |
415 | #define audit_free(t) do { ; } while (0) | 416 | #define audit_free(t) do { ; } while (0) |
@@ -437,6 +438,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | |||
437 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) | 438 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) |
438 | #define audit_mq_notify(d,n) ({ 0; }) | 439 | #define audit_mq_notify(d,n) ({ 0; }) |
439 | #define audit_mq_getsetattr(d,s) ({ 0; }) | 440 | #define audit_mq_getsetattr(d,s) ({ 0; }) |
441 | #define audit_n_rules 0 | ||
440 | #endif | 442 | #endif |
441 | 443 | ||
442 | #ifdef CONFIG_AUDIT | 444 | #ifdef CONFIG_AUDIT |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 32420f914028..6a9a5c5a4e7d 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -1136,6 +1136,14 @@ static inline int audit_add_rule(struct audit_entry *entry, | |||
1136 | struct audit_watch *watch = entry->rule.watch; | 1136 | struct audit_watch *watch = entry->rule.watch; |
1137 | struct nameidata *ndp, *ndw; | 1137 | struct nameidata *ndp, *ndw; |
1138 | int h, err, putnd_needed = 0; | 1138 | int h, err, putnd_needed = 0; |
1139 | #ifdef CONFIG_AUDITSYSCALL | ||
1140 | int dont_count = 0; | ||
1141 | |||
1142 | /* If either of these, don't count towards total */ | ||
1143 | if (entry->rule.listnr == AUDIT_FILTER_USER || | ||
1144 | entry->rule.listnr == AUDIT_FILTER_TYPE) | ||
1145 | dont_count = 1; | ||
1146 | #endif | ||
1139 | 1147 | ||
1140 | if (inode_f) { | 1148 | if (inode_f) { |
1141 | h = audit_hash_ino(inode_f->val); | 1149 | h = audit_hash_ino(inode_f->val); |
@@ -1176,6 +1184,10 @@ static inline int audit_add_rule(struct audit_entry *entry, | |||
1176 | } else { | 1184 | } else { |
1177 | list_add_tail_rcu(&entry->list, list); | 1185 | list_add_tail_rcu(&entry->list, list); |
1178 | } | 1186 | } |
1187 | #ifdef CONFIG_AUDITSYSCALL | ||
1188 | if (!dont_count) | ||
1189 | audit_n_rules++; | ||
1190 | #endif | ||
1179 | mutex_unlock(&audit_filter_mutex); | 1191 | mutex_unlock(&audit_filter_mutex); |
1180 | 1192 | ||
1181 | if (putnd_needed) | 1193 | if (putnd_needed) |
@@ -1200,6 +1212,14 @@ static inline int audit_del_rule(struct audit_entry *entry, | |||
1200 | struct audit_watch *watch, *tmp_watch = entry->rule.watch; | 1212 | struct audit_watch *watch, *tmp_watch = entry->rule.watch; |
1201 | LIST_HEAD(inotify_list); | 1213 | LIST_HEAD(inotify_list); |
1202 | int h, ret = 0; | 1214 | int h, ret = 0; |
1215 | #ifdef CONFIG_AUDITSYSCALL | ||
1216 | int dont_count = 0; | ||
1217 | |||
1218 | /* If either of these, don't count towards total */ | ||
1219 | if (entry->rule.listnr == AUDIT_FILTER_USER || | ||
1220 | entry->rule.listnr == AUDIT_FILTER_TYPE) | ||
1221 | dont_count = 1; | ||
1222 | #endif | ||
1203 | 1223 | ||
1204 | if (inode_f) { | 1224 | if (inode_f) { |
1205 | h = audit_hash_ino(inode_f->val); | 1225 | h = audit_hash_ino(inode_f->val); |
@@ -1237,6 +1257,10 @@ static inline int audit_del_rule(struct audit_entry *entry, | |||
1237 | list_del_rcu(&e->list); | 1257 | list_del_rcu(&e->list); |
1238 | call_rcu(&e->rcu, audit_free_rule_rcu); | 1258 | call_rcu(&e->rcu, audit_free_rule_rcu); |
1239 | 1259 | ||
1260 | #ifdef CONFIG_AUDITSYSCALL | ||
1261 | if (!dont_count) | ||
1262 | audit_n_rules--; | ||
1263 | #endif | ||
1240 | mutex_unlock(&audit_filter_mutex); | 1264 | mutex_unlock(&audit_filter_mutex); |
1241 | 1265 | ||
1242 | if (!list_empty(&inotify_list)) | 1266 | if (!list_empty(&inotify_list)) |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b1356fc63b26..3ea836d3d941 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -85,6 +85,9 @@ extern int audit_enabled; | |||
85 | /* Indicates that audit should log the full pathname. */ | 85 | /* Indicates that audit should log the full pathname. */ |
86 | #define AUDIT_NAME_FULL -1 | 86 | #define AUDIT_NAME_FULL -1 |
87 | 87 | ||
88 | /* number of audit rules */ | ||
89 | int audit_n_rules; | ||
90 | |||
88 | /* When fs/namei.c:getname() is called, we store the pointer in name and | 91 | /* When fs/namei.c:getname() is called, we store the pointer in name and |
89 | * we don't let putname() free it (instead we free all of the saved | 92 | * we don't let putname() free it (instead we free all of the saved |
90 | * pointers at syscall exit time). | 93 | * pointers at syscall exit time). |