aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/audit.h2
-rw-r--r--kernel/auditfilter.c24
-rw-r--r--kernel/auditsc.c3
3 files changed, 29 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index bf196c05826c..f1bfcff497bf 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -410,6 +410,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
410 return __audit_mq_getsetattr(mqdes, mqstat); 410 return __audit_mq_getsetattr(mqdes, mqstat);
411 return 0; 411 return 0;
412} 412}
413extern int audit_n_rules;
413#else 414#else
414#define audit_alloc(t) ({ 0; }) 415#define audit_alloc(t) ({ 0; })
415#define audit_free(t) do { ; } while (0) 416#define audit_free(t) do { ; } while (0)
@@ -437,6 +438,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
437#define audit_mq_timedreceive(d,l,p,t) ({ 0; }) 438#define audit_mq_timedreceive(d,l,p,t) ({ 0; })
438#define audit_mq_notify(d,n) ({ 0; }) 439#define audit_mq_notify(d,n) ({ 0; })
439#define audit_mq_getsetattr(d,s) ({ 0; }) 440#define audit_mq_getsetattr(d,s) ({ 0; })
441#define audit_n_rules 0
440#endif 442#endif
441 443
442#ifdef CONFIG_AUDIT 444#ifdef CONFIG_AUDIT
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 32420f914028..6a9a5c5a4e7d 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1136,6 +1136,14 @@ static inline int audit_add_rule(struct audit_entry *entry,
1136 struct audit_watch *watch = entry->rule.watch; 1136 struct audit_watch *watch = entry->rule.watch;
1137 struct nameidata *ndp, *ndw; 1137 struct nameidata *ndp, *ndw;
1138 int h, err, putnd_needed = 0; 1138 int h, err, putnd_needed = 0;
1139#ifdef CONFIG_AUDITSYSCALL
1140 int dont_count = 0;
1141
1142 /* If either of these, don't count towards total */
1143 if (entry->rule.listnr == AUDIT_FILTER_USER ||
1144 entry->rule.listnr == AUDIT_FILTER_TYPE)
1145 dont_count = 1;
1146#endif
1139 1147
1140 if (inode_f) { 1148 if (inode_f) {
1141 h = audit_hash_ino(inode_f->val); 1149 h = audit_hash_ino(inode_f->val);
@@ -1176,6 +1184,10 @@ static inline int audit_add_rule(struct audit_entry *entry,
1176 } else { 1184 } else {
1177 list_add_tail_rcu(&entry->list, list); 1185 list_add_tail_rcu(&entry->list, list);
1178 } 1186 }
1187#ifdef CONFIG_AUDITSYSCALL
1188 if (!dont_count)
1189 audit_n_rules++;
1190#endif
1179 mutex_unlock(&audit_filter_mutex); 1191 mutex_unlock(&audit_filter_mutex);
1180 1192
1181 if (putnd_needed) 1193 if (putnd_needed)
@@ -1200,6 +1212,14 @@ static inline int audit_del_rule(struct audit_entry *entry,
1200 struct audit_watch *watch, *tmp_watch = entry->rule.watch; 1212 struct audit_watch *watch, *tmp_watch = entry->rule.watch;
1201 LIST_HEAD(inotify_list); 1213 LIST_HEAD(inotify_list);
1202 int h, ret = 0; 1214 int h, ret = 0;
1215#ifdef CONFIG_AUDITSYSCALL
1216 int dont_count = 0;
1217
1218 /* If either of these, don't count towards total */
1219 if (entry->rule.listnr == AUDIT_FILTER_USER ||
1220 entry->rule.listnr == AUDIT_FILTER_TYPE)
1221 dont_count = 1;
1222#endif
1203 1223
1204 if (inode_f) { 1224 if (inode_f) {
1205 h = audit_hash_ino(inode_f->val); 1225 h = audit_hash_ino(inode_f->val);
@@ -1237,6 +1257,10 @@ static inline int audit_del_rule(struct audit_entry *entry,
1237 list_del_rcu(&e->list); 1257 list_del_rcu(&e->list);
1238 call_rcu(&e->rcu, audit_free_rule_rcu); 1258 call_rcu(&e->rcu, audit_free_rule_rcu);
1239 1259
1260#ifdef CONFIG_AUDITSYSCALL
1261 if (!dont_count)
1262 audit_n_rules--;
1263#endif
1240 mutex_unlock(&audit_filter_mutex); 1264 mutex_unlock(&audit_filter_mutex);
1241 1265
1242 if (!list_empty(&inotify_list)) 1266 if (!list_empty(&inotify_list))
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b1356fc63b26..3ea836d3d941 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -85,6 +85,9 @@ extern int audit_enabled;
85/* Indicates that audit should log the full pathname. */ 85/* Indicates that audit should log the full pathname. */
86#define AUDIT_NAME_FULL -1 86#define AUDIT_NAME_FULL -1
87 87
88/* number of audit rules */
89int audit_n_rules;
90
88/* When fs/namei.c:getname() is called, we store the pointer in name and 91/* When fs/namei.c:getname() is called, we store the pointer in name and
89 * we don't let putname() free it (instead we free all of the saved 92 * we don't let putname() free it (instead we free all of the saved
90 * pointers at syscall exit time). 93 * pointers at syscall exit time).