mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-06-22 06:32:08 +00:00
new helper: audit_file()
... for situations when we don't have any candidate in pathnames - basically, in descriptor-based syscalls. [Folded the build fix for !CONFIG_AUDITSYSCALL configs from Chen Gang] Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro
parent
6f4e0d5aaa
commit
9f45f5bf30
5 changed files with 24 additions and 14 deletions
|
|
@ -516,7 +516,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode)
|
||||||
int err = -EBADF;
|
int err = -EBADF;
|
||||||
|
|
||||||
if (f.file) {
|
if (f.file) {
|
||||||
audit_inode(NULL, f.file->f_path.dentry, 0);
|
audit_file(f.file);
|
||||||
err = chmod_common(&f.file->f_path, mode);
|
err = chmod_common(&f.file->f_path, mode);
|
||||||
fdput(f);
|
fdput(f);
|
||||||
}
|
}
|
||||||
|
|
@ -642,7 +642,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group)
|
||||||
error = mnt_want_write_file(f.file);
|
error = mnt_want_write_file(f.file);
|
||||||
if (error)
|
if (error)
|
||||||
goto out_fput;
|
goto out_fput;
|
||||||
audit_inode(NULL, f.file->f_path.dentry, 0);
|
audit_file(f.file);
|
||||||
error = chown_common(&f.file->f_path, user, group);
|
error = chown_common(&f.file->f_path, user, group);
|
||||||
mnt_drop_write_file(f.file);
|
mnt_drop_write_file(f.file);
|
||||||
out_fput:
|
out_fput:
|
||||||
|
|
|
||||||
16
fs/xattr.c
16
fs/xattr.c
|
|
@ -405,16 +405,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
|
||||||
const void __user *,value, size_t, size, int, flags)
|
const void __user *,value, size_t, size, int, flags)
|
||||||
{
|
{
|
||||||
struct fd f = fdget(fd);
|
struct fd f = fdget(fd);
|
||||||
struct dentry *dentry;
|
|
||||||
int error = -EBADF;
|
int error = -EBADF;
|
||||||
|
|
||||||
if (!f.file)
|
if (!f.file)
|
||||||
return error;
|
return error;
|
||||||
dentry = f.file->f_path.dentry;
|
audit_file(f.file);
|
||||||
audit_inode(NULL, dentry, 0);
|
|
||||||
error = mnt_want_write_file(f.file);
|
error = mnt_want_write_file(f.file);
|
||||||
if (!error) {
|
if (!error) {
|
||||||
error = setxattr(dentry, name, value, size, flags);
|
error = setxattr(f.file->f_path.dentry, name, value, size, flags);
|
||||||
mnt_drop_write_file(f.file);
|
mnt_drop_write_file(f.file);
|
||||||
}
|
}
|
||||||
fdput(f);
|
fdput(f);
|
||||||
|
|
@ -509,7 +507,7 @@ SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
|
||||||
|
|
||||||
if (!f.file)
|
if (!f.file)
|
||||||
return error;
|
return error;
|
||||||
audit_inode(NULL, f.file->f_path.dentry, 0);
|
audit_file(f.file);
|
||||||
error = getxattr(f.file->f_path.dentry, name, value, size);
|
error = getxattr(f.file->f_path.dentry, name, value, size);
|
||||||
fdput(f);
|
fdput(f);
|
||||||
return error;
|
return error;
|
||||||
|
|
@ -590,7 +588,7 @@ SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
|
||||||
|
|
||||||
if (!f.file)
|
if (!f.file)
|
||||||
return error;
|
return error;
|
||||||
audit_inode(NULL, f.file->f_path.dentry, 0);
|
audit_file(f.file);
|
||||||
error = listxattr(f.file->f_path.dentry, list, size);
|
error = listxattr(f.file->f_path.dentry, list, size);
|
||||||
fdput(f);
|
fdput(f);
|
||||||
return error;
|
return error;
|
||||||
|
|
@ -651,16 +649,14 @@ SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
|
||||||
SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
|
SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
|
||||||
{
|
{
|
||||||
struct fd f = fdget(fd);
|
struct fd f = fdget(fd);
|
||||||
struct dentry *dentry;
|
|
||||||
int error = -EBADF;
|
int error = -EBADF;
|
||||||
|
|
||||||
if (!f.file)
|
if (!f.file)
|
||||||
return error;
|
return error;
|
||||||
dentry = f.file->f_path.dentry;
|
audit_file(f.file);
|
||||||
audit_inode(NULL, dentry, 0);
|
|
||||||
error = mnt_want_write_file(f.file);
|
error = mnt_want_write_file(f.file);
|
||||||
if (!error) {
|
if (!error) {
|
||||||
error = removexattr(dentry, name);
|
error = removexattr(f.file->f_path.dentry, name);
|
||||||
mnt_drop_write_file(f.file);
|
mnt_drop_write_file(f.file);
|
||||||
}
|
}
|
||||||
fdput(f);
|
fdput(f);
|
||||||
|
|
|
||||||
|
|
@ -130,6 +130,7 @@ extern void audit_putname(struct filename *name);
|
||||||
#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
|
#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
|
||||||
extern void __audit_inode(struct filename *name, const struct dentry *dentry,
|
extern void __audit_inode(struct filename *name, const struct dentry *dentry,
|
||||||
unsigned int flags);
|
unsigned int flags);
|
||||||
|
extern void __audit_file(const struct file *);
|
||||||
extern void __audit_inode_child(const struct inode *parent,
|
extern void __audit_inode_child(const struct inode *parent,
|
||||||
const struct dentry *dentry,
|
const struct dentry *dentry,
|
||||||
const unsigned char type);
|
const unsigned char type);
|
||||||
|
|
@ -183,6 +184,11 @@ static inline void audit_inode(struct filename *name,
|
||||||
__audit_inode(name, dentry, flags);
|
__audit_inode(name, dentry, flags);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
static inline void audit_file(struct file *file)
|
||||||
|
{
|
||||||
|
if (unlikely(!audit_dummy_context()))
|
||||||
|
__audit_file(file);
|
||||||
|
}
|
||||||
static inline void audit_inode_parent_hidden(struct filename *name,
|
static inline void audit_inode_parent_hidden(struct filename *name,
|
||||||
const struct dentry *dentry)
|
const struct dentry *dentry)
|
||||||
{
|
{
|
||||||
|
|
@ -357,6 +363,9 @@ static inline void audit_inode(struct filename *name,
|
||||||
const struct dentry *dentry,
|
const struct dentry *dentry,
|
||||||
unsigned int parent)
|
unsigned int parent)
|
||||||
{ }
|
{ }
|
||||||
|
static inline void audit_file(struct file *file)
|
||||||
|
{
|
||||||
|
}
|
||||||
static inline void audit_inode_parent_hidden(struct filename *name,
|
static inline void audit_inode_parent_hidden(struct filename *name,
|
||||||
const struct dentry *dentry)
|
const struct dentry *dentry)
|
||||||
{ }
|
{ }
|
||||||
|
|
|
||||||
|
|
@ -990,7 +990,7 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr,
|
||||||
goto out_fput;
|
goto out_fput;
|
||||||
}
|
}
|
||||||
info = MQUEUE_I(inode);
|
info = MQUEUE_I(inode);
|
||||||
audit_inode(NULL, f.file->f_path.dentry, 0);
|
audit_file(f.file);
|
||||||
|
|
||||||
if (unlikely(!(f.file->f_mode & FMODE_WRITE))) {
|
if (unlikely(!(f.file->f_mode & FMODE_WRITE))) {
|
||||||
ret = -EBADF;
|
ret = -EBADF;
|
||||||
|
|
@ -1106,7 +1106,7 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr,
|
||||||
goto out_fput;
|
goto out_fput;
|
||||||
}
|
}
|
||||||
info = MQUEUE_I(inode);
|
info = MQUEUE_I(inode);
|
||||||
audit_inode(NULL, f.file->f_path.dentry, 0);
|
audit_file(f.file);
|
||||||
|
|
||||||
if (unlikely(!(f.file->f_mode & FMODE_READ))) {
|
if (unlikely(!(f.file->f_mode & FMODE_READ))) {
|
||||||
ret = -EBADF;
|
ret = -EBADF;
|
||||||
|
|
|
||||||
|
|
@ -1897,6 +1897,11 @@ out:
|
||||||
audit_copy_inode(n, dentry, inode);
|
audit_copy_inode(n, dentry, inode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void __audit_file(const struct file *file)
|
||||||
|
{
|
||||||
|
__audit_inode(NULL, file->f_path.dentry, 0);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* __audit_inode_child - collect inode info for created/removed objects
|
* __audit_inode_child - collect inode info for created/removed objects
|
||||||
* @parent: inode of dentry parent
|
* @parent: inode of dentry parent
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue