diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2007-06-07 12:19:32 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2007-10-21 02:37:18 -0400 |
commit | 5a190ae69766da9a34bf31200c5cea4c0667cf94 (patch) | |
tree | 340c500fe42518abe6d1159a00619b1bd02f07fc | |
parent | cfa76f024f7c9e65169425804e5b32e71f66d0ee (diff) | |
download | op-kernel-dev-5a190ae69766da9a34bf31200c5cea4c0667cf94.zip op-kernel-dev-5a190ae69766da9a34bf31200c5cea4c0667cf94.tar.gz |
[PATCH] pass dentry to audit_inode()/audit_inode_child()
makes caller simpler *and* allows to scan ancestors
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | fs/debugfs/inode.c | 2 | ||||
-rw-r--r-- | fs/namei.c | 10 | ||||
-rw-r--r-- | fs/open.c | 4 | ||||
-rw-r--r-- | fs/xattr.c | 8 | ||||
-rw-r--r-- | include/linux/audit.h | 16 | ||||
-rw-r--r-- | include/linux/fsnotify.h | 9 | ||||
-rw-r--r-- | ipc/mqueue.c | 8 | ||||
-rw-r--r-- | kernel/auditsc.c | 6 |
8 files changed, 33 insertions, 30 deletions
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c index 11be8a3..6a713b3 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -413,7 +413,7 @@ struct dentry *debugfs_rename(struct dentry *old_dir, struct dentry *old_dentry, d_move(old_dentry, dentry); fsnotify_move(old_dir->d_inode, new_dir->d_inode, old_name, old_dentry->d_name.name, S_ISDIR(old_dentry->d_inode->i_mode), - NULL, old_dentry->d_inode); + NULL, old_dentry); fsnotify_oldname_free(old_name); unlock_rename(new_dir, old_dir); dput(dentry); @@ -1174,7 +1174,7 @@ static int fastcall do_path_lookup(int dfd, const char *name, out: if (unlikely(!retval && !audit_dummy_context() && nd->dentry && nd->dentry->d_inode)) - audit_inode(name, nd->dentry->d_inode); + audit_inode(name, nd->dentry); out_fail: return retval; @@ -1214,7 +1214,7 @@ int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt, retval = path_walk(name, nd); if (unlikely(!retval && !audit_dummy_context() && nd->dentry && nd->dentry->d_inode)) - audit_inode(name, nd->dentry->d_inode); + audit_inode(name, nd->dentry); return retval; @@ -1469,7 +1469,7 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir) return -ENOENT; BUG_ON(victim->d_parent->d_inode != dir); - audit_inode_child(victim->d_name.name, victim->d_inode, dir); + audit_inode_child(victim->d_name.name, victim, dir); error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); if (error) @@ -1783,7 +1783,7 @@ do_last: * It already exists. */ mutex_unlock(&dir->d_inode->i_mutex); - audit_inode(pathname, path.dentry->d_inode); + audit_inode(pathname, path.dentry); error = -EEXIST; if (flag & O_EXCL) @@ -2562,7 +2562,7 @@ int vfs_rename(struct inode *old_dir, struct dentry *old_dentry, if (!error) { const char *new_name = old_dentry->d_name.name; fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir, - new_dentry->d_inode, old_dentry->d_inode); + new_dentry->d_inode, old_dentry); } fsnotify_oldname_free(old_name); @@ -569,7 +569,7 @@ asmlinkage long sys_fchmod(unsigned int fd, mode_t mode) dentry = file->f_path.dentry; inode = dentry->d_inode; - audit_inode(NULL, inode); + audit_inode(NULL, dentry); err = -EROFS; if (IS_RDONLY(inode)) @@ -727,7 +727,7 @@ asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group) goto out; dentry = file->f_path.dentry; - audit_inode(NULL, dentry->d_inode); + audit_inode(NULL, dentry); error = chown_common(dentry, user, group); fput(file); out: @@ -267,7 +267,7 @@ sys_fsetxattr(int fd, char __user *name, void __user *value, if (!f) return error; dentry = f->f_path.dentry; - audit_inode(NULL, dentry->d_inode); + audit_inode(NULL, dentry); error = setxattr(dentry, name, value, size, flags); fput(f); return error; @@ -349,7 +349,7 @@ sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size) f = fget(fd); if (!f) return error; - audit_inode(NULL, f->f_path.dentry->d_inode); + audit_inode(NULL, f->f_path.dentry); error = getxattr(f->f_path.dentry, name, value, size); fput(f); return error; @@ -422,7 +422,7 @@ sys_flistxattr(int fd, char __user *list, size_t size) f = fget(fd); if (!f) return error; - audit_inode(NULL, f->f_path.dentry->d_inode); + audit_inode(NULL, f->f_path.dentry); error = listxattr(f->f_path.dentry, list, size); fput(f); return error; @@ -485,7 +485,7 @@ sys_fremovexattr(int fd, char __user *name) if (!f) return error; dentry = f->f_path.dentry; - audit_inode(NULL, dentry->d_inode); + audit_inode(NULL, dentry); error = removexattr(dentry, name); fput(f); return error; diff --git a/include/linux/audit.h b/include/linux/audit.h index 9ae7409..133b81b 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -366,8 +366,8 @@ extern void audit_syscall_entry(int arch, extern void audit_syscall_exit(int failed, long return_code); extern void __audit_getname(const char *name); extern void audit_putname(const char *name); -extern void __audit_inode(const char *name, const struct inode *inode); -extern void __audit_inode_child(const char *dname, const struct inode *inode, +extern void __audit_inode(const char *name, const struct dentry *dentry); +extern void __audit_inode_child(const char *dname, const struct dentry *dentry, const struct inode *parent); extern void __audit_ptrace(struct task_struct *t); @@ -381,15 +381,15 @@ static inline void audit_getname(const char *name) if (unlikely(!audit_dummy_context())) __audit_getname(name); } -static inline void audit_inode(const char *name, const struct inode *inode) { +static inline void audit_inode(const char *name, const struct dentry *dentry) { if (unlikely(!audit_dummy_context())) - __audit_inode(name, inode); + __audit_inode(name, dentry); } static inline void audit_inode_child(const char *dname, - const struct inode *inode, + const struct dentry *dentry, const struct inode *parent) { if (unlikely(!audit_dummy_context())) - __audit_inode_child(dname, inode, parent); + __audit_inode_child(dname, dentry, parent); } void audit_core_dumps(long signr); @@ -477,9 +477,9 @@ extern int audit_signals; #define audit_dummy_context() 1 #define audit_getname(n) do { ; } while (0) #define audit_putname(n) do { ; } while (0) -#define __audit_inode(n,i) do { ; } while (0) +#define __audit_inode(n,d) do { ; } while (0) #define __audit_inode_child(d,i,p) do { ; } while (0) -#define audit_inode(n,i) do { ; } while (0) +#define audit_inode(n,d) do { ; } while (0) #define audit_inode_child(d,i,p) do { ; } while (0) #define audit_core_dumps(i) do { ; } while (0) #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index dfc4e4f..2bd31fa 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -41,8 +41,9 @@ static inline void fsnotify_d_move(struct dentry *entry) */ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, const char *old_name, const char *new_name, - int isdir, struct inode *target, struct inode *source) + int isdir, struct inode *target, struct dentry *moved) { + struct inode *source = moved->d_inode; u32 cookie = inotify_get_cookie(); if (old_dir == new_dir) @@ -67,7 +68,7 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, if (source) { inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL); } - audit_inode_child(new_name, source, new_dir); + audit_inode_child(new_name, moved, new_dir); } /* @@ -98,7 +99,7 @@ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry) inode_dir_notify(inode, DN_CREATE); inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name, dentry->d_inode); - audit_inode_child(dentry->d_name.name, dentry->d_inode, inode); + audit_inode_child(dentry->d_name.name, dentry, inode); } /* @@ -109,7 +110,7 @@ static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry) inode_dir_notify(inode, DN_CREATE); inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0, dentry->d_name.name, dentry->d_inode); - audit_inode_child(dentry->d_name.name, dentry->d_inode, inode); + audit_inode_child(dentry->d_name.name, dentry, inode); } /* diff --git a/ipc/mqueue.c b/ipc/mqueue.c index c0b26dc..bfa274b 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -676,7 +676,7 @@ asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, if (oflag & O_CREAT) { if (dentry->d_inode) { /* entry already exists */ - audit_inode(name, dentry->d_inode); + audit_inode(name, dentry); error = -EEXIST; if (oflag & O_EXCL) goto out; @@ -689,7 +689,7 @@ asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, error = -ENOENT; if (!dentry->d_inode) goto out; - audit_inode(name, dentry->d_inode); + audit_inode(name, dentry); filp = do_open(dentry, oflag); } @@ -837,7 +837,7 @@ asmlinkage long sys_mq_timedsend(mqd_t mqdes, const char __user *u_msg_ptr, if (unlikely(filp->f_op != &mqueue_file_operations)) goto out_fput; info = MQUEUE_I(inode); - audit_inode(NULL, inode); + audit_inode(NULL, filp->f_path.dentry); if (unlikely(!(filp->f_mode & FMODE_WRITE))) goto out_fput; @@ -921,7 +921,7 @@ asmlinkage ssize_t sys_mq_timedreceive(mqd_t mqdes, char __user *u_msg_ptr, if (unlikely(filp->f_op != &mqueue_file_operations)) goto out_fput; info = MQUEUE_I(inode); - audit_inode(NULL, inode); + audit_inode(NULL, filp->f_path.dentry); if (unlikely(!(filp->f_mode & FMODE_READ))) goto out_fput; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e19b5a3..8a85c20 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1403,10 +1403,11 @@ static void audit_copy_inode(struct audit_names *name, const struct inode *inode * * Called from fs/namei.c:path_lookup(). */ -void __audit_inode(const char *name, const struct inode *inode) +void __audit_inode(const char *name, const struct dentry *dentry) { int idx; struct audit_context *context = current->audit_context; + const struct inode *inode = inode = dentry->d_inode; if (!context->in_syscall) return; @@ -1443,12 +1444,13 @@ void __audit_inode(const char *name, const struct inode *inode) * must be hooked prior, in order to capture the target inode during * unsuccessful attempts. */ -void __audit_inode_child(const char *dname, const struct inode *inode, +void __audit_inode_child(const char *dname, const struct dentry *dentry, const struct inode *parent) { int idx; struct audit_context *context = current->audit_context; const char *found_parent = NULL, *found_child = NULL; + const struct inode *inode = dentry->d_inode; int dirlen = 0; if (!context->in_syscall) |