1 files changed, 57 insertions, 4 deletions
diff --git a/kernel/audit.h b/kernel/audit.h
index 6f733920fd32..8323e4132a33 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -19,9 +19,9 @@
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
-#include <linux/mutex.h>
 #include <linux/fs.h>
 #include <linux/audit.h>
+#include <linux/skbuff.h>
 /* 0 = no checking
   1 = put_count checking
@@ -53,6 +53,18 @@ enum audit_state {
 };
 /* Rule lists */
+struct audit_parent;
+struct audit_watch {
+        atomic_t                count;  /* reference count */
+        char                    *path;  /* insertion path */
+        dev_t                   dev;    /* associated superblock device */
+        unsigned long           ino;    /* associated inode number */
+        struct audit_parent     *parent; /* associated parent */
+        struct list_head        wlist;  /* entry in parent->watches list */
+        struct list_head        rules;  /* associated rules */
+};
 struct audit_field {
        u32                             type;
        u32                             val;
@@ -70,6 +82,9 @@ struct audit_krule {
        u32                     buflen; /* for data alloc on list rules */
        u32                     field_count;
        struct audit_field      *fields;
+        struct audit_field      *inode_f; /* quick access to an inode field */
+        struct audit_watch      *watch; /* associated watch */
+        struct list_head        rlist;  /* entry in audit_watch.rules list */
 };
 struct audit_entry {
@@ -78,15 +93,53 @@ struct audit_entry {
        struct audit_krule      rule;
 };
 extern int audit_pid;
-extern int audit_comparator(const u32 left, const u32 op, const u32 right);
+#define AUDIT_INODE_BUCKETS     32
+extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
+static inline int audit_hash_ino(u32 ino)
+{
+        return (ino & (AUDIT_INODE_BUCKETS-1));
+}
+extern int audit_comparator(const u32 left, const u32 op, const u32 right);
+extern int audit_compare_dname_path(const char *dname, const char *path,
+                                    int *dirlen);
+extern struct sk_buff *     audit_make_reply(int pid, int seq, int type,
+                                             int done, int multi,
+                                             void *payload, int size);
 extern void                 audit_send_reply(int pid, int seq, int type,
                                             int done, int multi,
                                             void *payload, int size);
 extern void                 audit_log_lost(const char *message);
 extern void                 audit_panic(const char *message);
-extern struct mutex audit_netlink_mutex;
+struct audit_netlink_list {
+        int pid;
+        struct sk_buff_head q;
+};
+int audit_send_list(void *);
+struct inotify_watch;
+extern void audit_free_parent(struct inotify_watch *);
+extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32,
+                                const char *, struct inode *);
 extern int selinux_audit_rule_update(void);
+#ifdef CONFIG_AUDITSYSCALL
+extern void __audit_signal_info(int sig, struct task_struct *t);
+static inline void audit_signal_info(int sig, struct task_struct *t)
+{
+        if (unlikely(audit_pid && t->tgid == audit_pid))
+                __audit_signal_info(sig, t);
+}
+extern enum audit_state audit_filter_inodes(struct task_struct *,
+                                            struct audit_context *);
+extern void audit_set_auditable(struct audit_context *);
+#else
+#define audit_signal_info(s,t)
+#define audit_filter_inodes(t,c) AUDIT_DISABLED
+#define audit_set_auditable(c)
+#endif

diff --git a/kernel/audit.h b/kernel/audit.h index 6f733920fd32..8323e4132a33 100644 --- a/kernel/audit.h +++ b/kernel/audit.h
@@ -19,9 +19,9 @@
19	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA	19	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20	*/	20	*/
21		21
22	#include <linux/mutex.h>
23	#include <linux/fs.h>	22	#include <linux/fs.h>
24	#include <linux/audit.h>	23	#include <linux/audit.h>
		24	#include <linux/skbuff.h>
25		25
26	/* 0 = no checking	26	/* 0 = no checking
27	1 = put_count checking	27	1 = put_count checking
@@ -53,6 +53,18 @@ enum audit_state {
53	};	53	};
54		54
55	/* Rule lists */	55	/* Rule lists */
		56	struct audit_parent;
		57
		58	struct audit_watch {
		59	atomic_t count; /* reference count */
		60	char path; / insertion path */
		61	dev_t dev; /* associated superblock device */
		62	unsigned long ino; /* associated inode number */
		63	struct audit_parent parent; / associated parent */
		64	struct list_head wlist; /* entry in parent->watches list */
		65	struct list_head rules; /* associated rules */
		66	};
		67
56	struct audit_field {	68	struct audit_field {
57	u32 type;	69	u32 type;
58	u32 val;	70	u32 val;
@@ -70,6 +82,9 @@ struct audit_krule {
70	u32 buflen; /* for data alloc on list rules */	82	u32 buflen; /* for data alloc on list rules */
71	u32 field_count;	83	u32 field_count;
72	struct audit_field *fields;	84	struct audit_field *fields;
		85	struct audit_field inode_f; / quick access to an inode field */
		86	struct audit_watch watch; / associated watch */
		87	struct list_head rlist; /* entry in audit_watch.rules list */
73	};	88	};
74		89
75	struct audit_entry {	90	struct audit_entry {
@@ -78,15 +93,53 @@ struct audit_entry {
78	struct audit_krule rule;	93	struct audit_krule rule;
79	};	94	};
80		95
81
82	extern int audit_pid;	96	extern int audit_pid;
83	extern int audit_comparator(const u32 left, const u32 op, const u32 right);
84		97
		98	#define AUDIT_INODE_BUCKETS 32
		99	extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
		100
		101	static inline int audit_hash_ino(u32 ino)
		102	{
		103	return (ino & (AUDIT_INODE_BUCKETS-1));
		104	}
		105
		106	extern int audit_comparator(const u32 left, const u32 op, const u32 right);
		107	extern int audit_compare_dname_path(const char dname, const char path,
		108	int *dirlen);
		109	extern struct sk_buff * audit_make_reply(int pid, int seq, int type,
		110	int done, int multi,
		111	void *payload, int size);
85	extern void audit_send_reply(int pid, int seq, int type,	112	extern void audit_send_reply(int pid, int seq, int type,
86	int done, int multi,	113	int done, int multi,
87	void *payload, int size);	114	void *payload, int size);
88	extern void audit_log_lost(const char *message);	115	extern void audit_log_lost(const char *message);
89	extern void audit_panic(const char *message);	116	extern void audit_panic(const char *message);
90	extern struct mutex audit_netlink_mutex;
91		117
		118	struct audit_netlink_list {
		119	int pid;
		120	struct sk_buff_head q;
		121	};
		122
		123	int audit_send_list(void *);
		124
		125	struct inotify_watch;
		126	extern void audit_free_parent(struct inotify_watch *);
		127	extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32,
		128	const char , struct inode );
92	extern int selinux_audit_rule_update(void);	129	extern int selinux_audit_rule_update(void);
		130
		131	#ifdef CONFIG_AUDITSYSCALL
		132	extern void __audit_signal_info(int sig, struct task_struct *t);
		133	static inline void audit_signal_info(int sig, struct task_struct *t)
		134	{
		135	if (unlikely(audit_pid && t->tgid == audit_pid))
		136	__audit_signal_info(sig, t);
		137	}
		138	extern enum audit_state audit_filter_inodes(struct task_struct *,
		139	struct audit_context *);
		140	extern void audit_set_auditable(struct audit_context *);
		141	#else
		142	#define audit_signal_info(s,t)
		143	#define audit_filter_inodes(t,c) AUDIT_DISABLED
		144	#define audit_set_auditable(c)
		145	#endif