summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2012-10-10 15:25:22 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2012-10-12 00:32:00 -0400
commit78e2e802a8519031e5858595070b39713e26340d (patch)
tree92f79d2039f4119a127ab59e31a2d1c9dfb892fe
parentc43a25abba97c7d87131e71db6be24b24d7791a5 (diff)
downloadop-kernel-dev-78e2e802a8519031e5858595070b39713e26340d.zip
op-kernel-dev-78e2e802a8519031e5858595070b39713e26340d.tar.gz
audit: add a new "type" field to audit_names struct
For now, we just have two possibilities: UNKNOWN: for a new audit_names record that we don't know anything about yet NORMAL: for everything else In later patches, we'll add other types so we can distinguish and update records created under different circumstances. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--include/linux/audit.h5
-rw-r--r--kernel/auditsc.c15
2 files changed, 15 insertions, 5 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 8c66fc2..2640893 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -452,6 +452,11 @@ struct audit_field {
extern int __init audit_register_class(int class, unsigned *list);
extern int audit_classify_syscall(int abi, unsigned syscall);
extern int audit_classify_arch(int arch);
+
+/* audit_names->type values */
+#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */
+#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */
+
#ifdef CONFIG_AUDITSYSCALL
/* These are defined in auditsc.c */
/* Public API */
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 40743af..19b232f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -120,6 +120,7 @@ struct audit_names {
struct audit_cap_data fcap;
unsigned int fcap_ver;
int name_len; /* number of name's characters to log */
+ unsigned char type; /* record type */
bool name_put; /* call __putname() for this name */
/*
* This was an allocated audit_names and not from the array of
@@ -1995,7 +1996,8 @@ retry:
#endif
}
-static struct audit_names *audit_alloc_name(struct audit_context *context)
+static struct audit_names *audit_alloc_name(struct audit_context *context,
+ unsigned char type)
{
struct audit_names *aname;
@@ -2010,6 +2012,7 @@ static struct audit_names *audit_alloc_name(struct audit_context *context)
}
aname->ino = (unsigned long)-1;
+ aname->type = type;
list_add_tail(&aname->list, &context->names_list);
context->name_count++;
@@ -2040,7 +2043,7 @@ void __audit_getname(const char *name)
return;
}
- n = audit_alloc_name(context);
+ n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN);
if (!n)
return;
@@ -2157,12 +2160,13 @@ void __audit_inode(const char *name, const struct dentry *dentry)
out_alloc:
/* unable to find the name from a previous getname() */
- n = audit_alloc_name(context);
+ n = audit_alloc_name(context, AUDIT_TYPE_NORMAL);
if (!n)
return;
out:
handle_path(dentry);
audit_copy_inode(n, dentry, inode);
+ n->type = AUDIT_TYPE_NORMAL;
}
/**
@@ -2219,6 +2223,7 @@ void __audit_inode_child(const struct inode *parent,
audit_copy_inode(n, dentry, inode);
else
n->ino = (unsigned long)-1;
+ n->type = AUDIT_TYPE_NORMAL;
found_child = n->name;
goto add_names;
}
@@ -2226,14 +2231,14 @@ void __audit_inode_child(const struct inode *parent,
add_names:
if (!found_parent) {
- n = audit_alloc_name(context);
+ n = audit_alloc_name(context, AUDIT_TYPE_NORMAL);
if (!n)
return;
audit_copy_inode(n, NULL, parent);
}
if (!found_child) {
- n = audit_alloc_name(context);
+ n = audit_alloc_name(context, AUDIT_TYPE_NORMAL);
if (!n)
return;
OpenPOWER on IntegriCloud