2 files changed, 22 insertions, 1 deletions

diff --git a/include/linux/audit.h b/include/linux/audit.h
index fd65078e794a..739b954cb242 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -260,7 +260,20 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
 extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
 extern void audit_getname(const char *name);
 extern void audit_putname(const char *name);
-extern void audit_inode(const char *name, const struct inode *inode, unsigned flags);
+extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags);
+extern void __audit_inode_child(const char *dname, const struct inode *inode,
+                                unsigned long pino);
+static inline void audit_inode(const char *name, const struct inode *inode,
+                               unsigned flags) {
+        if (unlikely(current->audit_context))
+                __audit_inode(name, inode, flags);
+}
+static inline void audit_inode_child(const char *dname, 
+                                     const struct inode *inode, 
+                                     unsigned long pino) {
+        if (unlikely(current->audit_context))
+                __audit_inode_child(dname, inode, pino);
+}
 
                                 /* Private API (for audit.c only) */
 extern int  audit_receive_filter(int type, int pid, int uid, int seq,
@@ -283,7 +296,10 @@ extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
 #define audit_syscall_exit(t,f,r) do { ; } while (0)
 #define audit_getname(n) do { ; } while (0)
 #define audit_putname(n) do { ; } while (0)
+#define __audit_inode(n,i,f) do { ; } while (0)
+#define __audit_inode_child(d,i,p) do { ; } while (0)
 #define audit_inode(n,i,f) do { ; } while (0)
+#define audit_inode_child(d,i,p) do { ; } while (0)
 #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
 #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
 #define audit_get_loginuid(c) ({ -1; })
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index b5ff64d2f092..94919c376a72 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -15,6 +15,7 @@
 
 #include <linux/dnotify.h>
 #include <linux/inotify.h>
+#include <linux/audit.h>
 
 /*
  * fsnotify_move - file old_name at old_dir was moved to new_name at new_dir
@@ -45,6 +46,8 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir,
         if (source) {
                 inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL);
         }
+        audit_inode_child(old_name, source, old_dir->i_ino);
+        audit_inode_child(new_name, target, new_dir->i_ino);
 }
 
 /*
@@ -74,6 +77,7 @@ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry)
 {
         inode_dir_notify(inode, DN_CREATE);
         inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name);
+        audit_inode_child(dentry->d_name.name, dentry->d_inode, inode->i_ino);
 }
 
 /*
@@ -84,6 +88,7 @@ static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry)
         inode_dir_notify(inode, DN_CREATE);
         inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0, 
                                   dentry->d_name.name);
+        audit_inode_child(dentry->d_name.name, dentry->d_inode, inode->i_ino);
 }
 
 /*