From c82d4ab50179b4e22de3ed34747c5637eaf87ae4 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 15:25:22 -0400 Subject: [PATCH] --- yaml --- r: 333896 b: refs/heads/master c: 78e2e802a8519031e5858595070b39713e26340d h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/include/linux/audit.h | 5 +++++ trunk/kernel/auditsc.c | 15 ++++++++++----- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/[refs] b/[refs] index bf86a526f845..30f23681896b 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: c43a25abba97c7d87131e71db6be24b24d7791a5 +refs/heads/master: 78e2e802a8519031e5858595070b39713e26340d diff --git a/trunk/include/linux/audit.h b/trunk/include/linux/audit.h index 8c66fc248c75..26408934ef2d 100644 --- a/trunk/include/linux/audit.h +++ b/trunk/include/linux/audit.h @@ -452,6 +452,11 @@ struct audit_field { extern int __init audit_register_class(int class, unsigned *list); extern int audit_classify_syscall(int abi, unsigned syscall); extern int audit_classify_arch(int arch); + +/* audit_names->type values */ +#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ +#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ + #ifdef CONFIG_AUDITSYSCALL /* These are defined in auditsc.c */ /* Public API */ diff --git a/trunk/kernel/auditsc.c b/trunk/kernel/auditsc.c index 40743af02d8f..19b232f86d70 100644 --- a/trunk/kernel/auditsc.c +++ b/trunk/kernel/auditsc.c @@ -120,6 +120,7 @@ struct audit_names { struct audit_cap_data fcap; unsigned int fcap_ver; int name_len; /* number of name's characters to log */ + unsigned char type; /* record type */ bool name_put; /* call __putname() for this name */ /* * This was an allocated audit_names and not from the array of @@ -1995,7 +1996,8 @@ static void handle_path(const struct dentry *dentry) #endif } -static struct audit_names *audit_alloc_name(struct audit_context *context) +static struct audit_names *audit_alloc_name(struct audit_context *context, + unsigned char type) { struct audit_names *aname; @@ -2010,6 +2012,7 @@ static struct audit_names *audit_alloc_name(struct audit_context *context) } aname->ino = (unsigned long)-1; + aname->type = type; list_add_tail(&aname->list, &context->names_list); context->name_count++; @@ -2040,7 +2043,7 @@ void __audit_getname(const char *name) return; } - n = audit_alloc_name(context); + n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); if (!n) return; @@ -2157,12 +2160,13 @@ void __audit_inode(const char *name, const struct dentry *dentry) out_alloc: /* unable to find the name from a previous getname() */ - n = audit_alloc_name(context); + n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); if (!n) return; out: handle_path(dentry); audit_copy_inode(n, dentry, inode); + n->type = AUDIT_TYPE_NORMAL; } /** @@ -2219,6 +2223,7 @@ void __audit_inode_child(const struct inode *parent, audit_copy_inode(n, dentry, inode); else n->ino = (unsigned long)-1; + n->type = AUDIT_TYPE_NORMAL; found_child = n->name; goto add_names; } @@ -2226,14 +2231,14 @@ void __audit_inode_child(const struct inode *parent, add_names: if (!found_parent) { - n = audit_alloc_name(context); + n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); if (!n) return; audit_copy_inode(n, NULL, parent); } if (!found_child) { - n = audit_alloc_name(context); + n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); if (!n) return;