1 files changed, 58 insertions, 4 deletions
diff --git a/kernel/audit.h b/kernel/audit.h
index 6f733920fd32..6aa33b848cf2 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -19,9 +19,9 @@
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
-#include <linux/mutex.h>
 #include <linux/fs.h>
 #include <linux/audit.h>
+#include <linux/skbuff.h>
 /* 0 = no checking
   1 = put_count checking
@@ -53,6 +53,18 @@ enum audit_state {
 };
 /* Rule lists */
+struct audit_parent;
+struct audit_watch {
+        atomic_t                count;  /* reference count */
+        char                    *path;  /* insertion path */
+        dev_t                   dev;    /* associated superblock device */
+        unsigned long           ino;    /* associated inode number */
+        struct audit_parent     *parent; /* associated parent */
+        struct list_head        wlist;  /* entry in parent->watches list */
+        struct list_head        rules;  /* associated rules */
+};
 struct audit_field {
        u32                             type;
        u32                             val;
@@ -69,7 +81,11 @@ struct audit_krule {
        u32                     mask[AUDIT_BITMASK_SIZE];
        u32                     buflen; /* for data alloc on list rules */
        u32                     field_count;
+        char                    *filterkey; /* ties events to rules */
        struct audit_field      *fields;
+        struct audit_field      *inode_f; /* quick access to an inode field */
+        struct audit_watch      *watch; /* associated watch */
+        struct list_head        rlist;  /* entry in audit_watch.rules list */
 };
 struct audit_entry {
@@ -78,15 +94,53 @@ struct audit_entry {
        struct audit_krule      rule;
 };
 extern int audit_pid;
-extern int audit_comparator(const u32 left, const u32 op, const u32 right);
+#define AUDIT_INODE_BUCKETS     32
+extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
+static inline int audit_hash_ino(u32 ino)
+{
+        return (ino & (AUDIT_INODE_BUCKETS-1));
+}
+extern int audit_comparator(const u32 left, const u32 op, const u32 right);
+extern int audit_compare_dname_path(const char *dname, const char *path,
+                                    int *dirlen);
+extern struct sk_buff *     audit_make_reply(int pid, int seq, int type,
+                                             int done, int multi,
+                                             void *payload, int size);
 extern void                 audit_send_reply(int pid, int seq, int type,
                                             int done, int multi,
                                             void *payload, int size);
 extern void                 audit_log_lost(const char *message);
 extern void                 audit_panic(const char *message);
-extern struct mutex audit_netlink_mutex;
+struct audit_netlink_list {
+        int pid;
+        struct sk_buff_head q;
+};
+int audit_send_list(void *);
+struct inotify_watch;
+extern void audit_free_parent(struct inotify_watch *);
+extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32,
+                                const char *, struct inode *);
 extern int selinux_audit_rule_update(void);
+#ifdef CONFIG_AUDITSYSCALL
+extern void __audit_signal_info(int sig, struct task_struct *t);
+static inline void audit_signal_info(int sig, struct task_struct *t)
+{
+        if (unlikely(audit_pid && t->tgid == audit_pid))
+                __audit_signal_info(sig, t);
+}
+extern enum audit_state audit_filter_inodes(struct task_struct *,
+                                            struct audit_context *);
+extern void audit_set_auditable(struct audit_context *);
+#else
+#define audit_signal_info(s,t)
+#define audit_filter_inodes(t,c) AUDIT_DISABLED
+#define audit_set_auditable(c)
+#endif

diff --git a/kernel/audit.h b/kernel/audit.h index 6f733920fd32..6aa33b848cf2 100644 --- a/kernel/audit.h +++ b/kernel/audit.h
@@ -19,9 +19,9 @@
19	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA	19	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20	*/	20	*/
21		21
22	#include <linux/mutex.h>
23	#include <linux/fs.h>	22	#include <linux/fs.h>
24	#include <linux/audit.h>	23	#include <linux/audit.h>
		24	#include <linux/skbuff.h>
25		25
26	/* 0 = no checking	26	/* 0 = no checking
27	1 = put_count checking	27	1 = put_count checking
@@ -53,6 +53,18 @@ enum audit_state {
53	};	53	};
54		54
55	/* Rule lists */	55	/* Rule lists */
		56	struct audit_parent;
		57
		58	struct audit_watch {
		59	atomic_t count; /* reference count */
		60	char path; / insertion path */
		61	dev_t dev; /* associated superblock device */
		62	unsigned long ino; /* associated inode number */
		63	struct audit_parent parent; / associated parent */
		64	struct list_head wlist; /* entry in parent->watches list */
		65	struct list_head rules; /* associated rules */
		66	};
		67
56	struct audit_field {	68	struct audit_field {
57	u32 type;	69	u32 type;
58	u32 val;	70	u32 val;
@@ -69,7 +81,11 @@ struct audit_krule {
69	u32 mask[AUDIT_BITMASK_SIZE];	81	u32 mask[AUDIT_BITMASK_SIZE];
70	u32 buflen; /* for data alloc on list rules */	82	u32 buflen; /* for data alloc on list rules */
71	u32 field_count;	83	u32 field_count;
		84	char filterkey; / ties events to rules */
72	struct audit_field *fields;	85	struct audit_field *fields;
		86	struct audit_field inode_f; / quick access to an inode field */
		87	struct audit_watch watch; / associated watch */
		88	struct list_head rlist; /* entry in audit_watch.rules list */
73	};	89	};
74		90
75	struct audit_entry {	91	struct audit_entry {
@@ -78,15 +94,53 @@ struct audit_entry {
78	struct audit_krule rule;	94	struct audit_krule rule;
79	};	95	};
80		96
81
82	extern int audit_pid;	97	extern int audit_pid;
83	extern int audit_comparator(const u32 left, const u32 op, const u32 right);
84		98
		99	#define AUDIT_INODE_BUCKETS 32
		100	extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
		101
		102	static inline int audit_hash_ino(u32 ino)
		103	{
		104	return (ino & (AUDIT_INODE_BUCKETS-1));
		105	}
		106
		107	extern int audit_comparator(const u32 left, const u32 op, const u32 right);
		108	extern int audit_compare_dname_path(const char dname, const char path,
		109	int *dirlen);
		110	extern struct sk_buff * audit_make_reply(int pid, int seq, int type,
		111	int done, int multi,
		112	void *payload, int size);
85	extern void audit_send_reply(int pid, int seq, int type,	113	extern void audit_send_reply(int pid, int seq, int type,
86	int done, int multi,	114	int done, int multi,
87	void *payload, int size);	115	void *payload, int size);
88	extern void audit_log_lost(const char *message);	116	extern void audit_log_lost(const char *message);
89	extern void audit_panic(const char *message);	117	extern void audit_panic(const char *message);
90	extern struct mutex audit_netlink_mutex;
91		118
		119	struct audit_netlink_list {
		120	int pid;
		121	struct sk_buff_head q;
		122	};
		123
		124	int audit_send_list(void *);
		125
		126	struct inotify_watch;
		127	extern void audit_free_parent(struct inotify_watch *);
		128	extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32,
		129	const char , struct inode );
92	extern int selinux_audit_rule_update(void);	130	extern int selinux_audit_rule_update(void);
		131
		132	#ifdef CONFIG_AUDITSYSCALL
		133	extern void __audit_signal_info(int sig, struct task_struct *t);
		134	static inline void audit_signal_info(int sig, struct task_struct *t)
		135	{
		136	if (unlikely(audit_pid && t->tgid == audit_pid))
		137	__audit_signal_info(sig, t);
		138	}
		139	extern enum audit_state audit_filter_inodes(struct task_struct *,
		140	struct audit_context *);
		141	extern void audit_set_auditable(struct audit_context *);
		142	#else
		143	#define audit_signal_info(s,t)
		144	#define audit_filter_inodes(t,c) AUDIT_DISABLED
		145	#define audit_set_auditable(c)
		146	#endif