1 files changed, 40 insertions, 14 deletions

diff --git a/include/linux/audit.h b/include/linux/audit.h
index b27d7debc5a1..40a6c26294ae 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -132,6 +132,10 @@
 #define AUDIT_CLASS_DIR_WRITE_32 1
 #define AUDIT_CLASS_CHATTR 2
 #define AUDIT_CLASS_CHATTR_32 3
+#define AUDIT_CLASS_READ 4
+#define AUDIT_CLASS_READ_32 5
+#define AUDIT_CLASS_WRITE 6
+#define AUDIT_CLASS_WRITE_32 7
 
 /* This bitmask is used to validate user input.  It represents all bits that
  * are currently used in an audit field constant understood by the kernel.
@@ -177,6 +181,7 @@
 #define AUDIT_EXIT      103
 #define AUDIT_SUCCESS   104     /* exit >= 0; value ignored */
 #define AUDIT_WATCH     105
+#define AUDIT_PERM      106
 
 #define AUDIT_ARG0      200
 #define AUDIT_ARG1      (AUDIT_ARG0+1)
@@ -252,6 +257,11 @@
 #define AUDIT_ARCH_V850         (EM_V850|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_X86_64       (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 
+#define AUDIT_PERM_EXEC         1
+#define AUDIT_PERM_WRITE        2
+#define AUDIT_PERM_READ         4
+#define AUDIT_PERM_ATTR         8
+
 struct audit_status {
         __u32           mask;           /* Bit mask for valid entries */
         __u32           enabled;        /* 1 = enabled, 0 = disabled */
@@ -314,6 +324,7 @@ struct mqstat;
 #define AUDITSC_FAILURE 2
 #define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )
 extern int __init audit_register_class(int class, unsigned *list);
+extern int audit_classify_syscall(int abi, unsigned syscall);
 #ifdef CONFIG_AUDITSYSCALL
 /* These are defined in auditsc.c */
                                 /* Public API */
@@ -327,21 +338,31 @@ extern void __audit_getname(const char *name);
 extern void audit_putname(const char *name);
 extern void __audit_inode(const char *name, const struct inode *inode);
 extern void __audit_inode_child(const char *dname, const struct inode *inode,
-                                unsigned long pino);
+                                const struct inode *parent);
+extern void __audit_inode_update(const struct inode *inode);
+static inline int audit_dummy_context(void)
+{
+        void *p = current->audit_context;
+        return !p || *(int *)p;
+}
 static inline void audit_getname(const char *name)
 {
-        if (unlikely(current->audit_context))
+        if (unlikely(!audit_dummy_context()))
                 __audit_getname(name);
 }
 static inline void audit_inode(const char *name, const struct inode *inode) {
-        if (unlikely(current->audit_context))
+        if (unlikely(!audit_dummy_context()))
                 __audit_inode(name, inode);
 }
 static inline void audit_inode_child(const char *dname, 
-                                     const struct inode *inode, 
-                                     unsigned long pino) {
-        if (unlikely(current->audit_context))
-                __audit_inode_child(dname, inode, pino);
+                                     const struct inode *inode,
+                                     const struct inode *parent) {
+        if (unlikely(!audit_dummy_context()))
+                __audit_inode_child(dname, inode, parent);
+}
+static inline void audit_inode_update(const struct inode *inode) {
+        if (unlikely(!audit_dummy_context()))
+                __audit_inode_update(inode);
 }
 
                                 /* Private API (for audit.c only) */
@@ -365,57 +386,61 @@ extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
 
 static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp)
 {
-        if (unlikely(current->audit_context))
+        if (unlikely(!audit_dummy_context()))
                 return __audit_ipc_obj(ipcp);
         return 0;
 }
 static inline int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
 {
-        if (unlikely(current->audit_context))
+        if (unlikely(!audit_dummy_context()))
                 return __audit_ipc_set_perm(qbytes, uid, gid, mode);
         return 0;
 }
 static inline int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr)
 {
-        if (unlikely(current->audit_context))
+        if (unlikely(!audit_dummy_context()))
                 return __audit_mq_open(oflag, mode, u_attr);
         return 0;
 }
 static inline int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout)
 {
-        if (unlikely(current->audit_context))
+        if (unlikely(!audit_dummy_context()))
                 return __audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout);
         return 0;
 }
 static inline int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout)
 {
-        if (unlikely(current->audit_context))
+        if (unlikely(!audit_dummy_context()))
                 return __audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout);
         return 0;
 }
 static inline int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification)
 {
-        if (unlikely(current->audit_context))
+        if (unlikely(!audit_dummy_context()))
                 return __audit_mq_notify(mqdes, u_notification);
         return 0;
 }
 static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
 {
-        if (unlikely(current->audit_context))
+        if (unlikely(!audit_dummy_context()))
                 return __audit_mq_getsetattr(mqdes, mqstat);
         return 0;
 }
+extern int audit_n_rules;
 #else
 #define audit_alloc(t) ({ 0; })
 #define audit_free(t) do { ; } while (0)
 #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
 #define audit_syscall_exit(f,r) do { ; } while (0)
+#define audit_dummy_context() 1
 #define audit_getname(n) do { ; } while (0)
 #define audit_putname(n) do { ; } while (0)
 #define __audit_inode(n,i) do { ; } while (0)
 #define __audit_inode_child(d,i,p) do { ; } while (0)
+#define __audit_inode_update(i) do { ; } while (0)
 #define audit_inode(n,i) do { ; } while (0)
 #define audit_inode_child(d,i,p) do { ; } while (0)
+#define audit_inode_update(i) do { ; } while (0)
 #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
 #define audit_get_loginuid(c) ({ -1; })
 #define audit_ipc_obj(i) ({ 0; })
@@ -430,6 +455,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
 #define audit_mq_timedreceive(d,l,p,t) ({ 0; })
 #define audit_mq_notify(d,n) ({ 0; })
 #define audit_mq_getsetattr(d,s) ({ 0; })
+#define audit_n_rules 0
 #endif
 
 #ifdef CONFIG_AUDIT