diff options
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 19d2c2747c8d..8cbddff6c283 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -652,7 +652,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 652 | * completely disabled for this task. Since we only have the task | 652 | * completely disabled for this task. Since we only have the task |
| 653 | * structure at this point, we can only check uid and gid. | 653 | * structure at this point, we can only check uid and gid. |
| 654 | */ | 654 | */ |
| 655 | static enum audit_state audit_filter_task(struct task_struct *tsk) | 655 | static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) |
| 656 | { | 656 | { |
| 657 | struct audit_entry *e; | 657 | struct audit_entry *e; |
| 658 | enum audit_state state; | 658 | enum audit_state state; |
| @@ -660,6 +660,8 @@ static enum audit_state audit_filter_task(struct task_struct *tsk) | |||
| 660 | rcu_read_lock(); | 660 | rcu_read_lock(); |
| 661 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { | 661 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { |
| 662 | if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) { | 662 | if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) { |
| 663 | if (state == AUDIT_RECORD_CONTEXT) | ||
| 664 | *key = kstrdup(e->rule.filterkey, GFP_ATOMIC); | ||
| 663 | rcu_read_unlock(); | 665 | rcu_read_unlock(); |
| 664 | return state; | 666 | return state; |
| 665 | } | 667 | } |
| @@ -866,18 +868,21 @@ int audit_alloc(struct task_struct *tsk) | |||
| 866 | { | 868 | { |
| 867 | struct audit_context *context; | 869 | struct audit_context *context; |
| 868 | enum audit_state state; | 870 | enum audit_state state; |
| 871 | char *key = NULL; | ||
| 869 | 872 | ||
| 870 | if (likely(!audit_ever_enabled)) | 873 | if (likely(!audit_ever_enabled)) |
| 871 | return 0; /* Return if not auditing. */ | 874 | return 0; /* Return if not auditing. */ |
| 872 | 875 | ||
| 873 | state = audit_filter_task(tsk); | 876 | state = audit_filter_task(tsk, &key); |
| 874 | if (likely(state == AUDIT_DISABLED)) | 877 | if (likely(state == AUDIT_DISABLED)) |
| 875 | return 0; | 878 | return 0; |
| 876 | 879 | ||
| 877 | if (!(context = audit_alloc_context(state))) { | 880 | if (!(context = audit_alloc_context(state))) { |
| 881 | kfree(key); | ||
| 878 | audit_log_lost("out of memory in audit_alloc"); | 882 | audit_log_lost("out of memory in audit_alloc"); |
| 879 | return -ENOMEM; | 883 | return -ENOMEM; |
| 880 | } | 884 | } |
| 885 | context->filterkey = key; | ||
| 881 | 886 | ||
| 882 | tsk->audit_context = context; | 887 | tsk->audit_context = context; |
| 883 | set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); | 888 | set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); |
| @@ -1703,8 +1708,10 @@ void audit_syscall_exit(int valid, long return_code) | |||
| 1703 | context->sockaddr_len = 0; | 1708 | context->sockaddr_len = 0; |
| 1704 | context->type = 0; | 1709 | context->type = 0; |
| 1705 | context->fds[0] = -1; | 1710 | context->fds[0] = -1; |
| 1706 | kfree(context->filterkey); | 1711 | if (context->state != AUDIT_RECORD_CONTEXT) { |
| 1707 | context->filterkey = NULL; | 1712 | kfree(context->filterkey); |
| 1713 | context->filterkey = NULL; | ||
| 1714 | } | ||
| 1708 | tsk->audit_context = context; | 1715 | tsk->audit_context = context; |
| 1709 | } | 1716 | } |
| 1710 | } | 1717 | } |