summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2014-10-31 17:44:57 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2014-11-19 13:01:26 -0500
commit9f45f5bf302daad6835ce64701fb3c286a2cc6af (patch)
treef267e8363c8c9db15195f1698997179a1370687c
parent6f4e0d5aaa9efaa701f4c3c0bb9b22d7943157c9 (diff)
downloadlwn-9f45f5bf302daad6835ce64701fb3c286a2cc6af.tar.gz
lwn-9f45f5bf302daad6835ce64701fb3c286a2cc6af.zip
new helper: audit_file()
... for situations when we don't have any candidate in pathnames - basically, in descriptor-based syscalls. [Folded the build fix for !CONFIG_AUDITSYSCALL configs from Chen Gang] Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--fs/open.c4
-rw-r--r--fs/xattr.c16
-rw-r--r--include/linux/audit.h9
-rw-r--r--ipc/mqueue.c4
-rw-r--r--kernel/auditsc.c5
5 files changed, 24 insertions, 14 deletions
diff --git a/fs/open.c b/fs/open.c
index de92c13b58be..b1bf3d542d5d 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -516,7 +516,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode)
int err = -EBADF;
if (f.file) {
- audit_inode(NULL, f.file->f_path.dentry, 0);
+ audit_file(f.file);
err = chmod_common(&f.file->f_path, mode);
fdput(f);
}
@@ -642,7 +642,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group)
error = mnt_want_write_file(f.file);
if (error)
goto out_fput;
- audit_inode(NULL, f.file->f_path.dentry, 0);
+ audit_file(f.file);
error = chown_common(&f.file->f_path, user, group);
mnt_drop_write_file(f.file);
out_fput:
diff --git a/fs/xattr.c b/fs/xattr.c
index 64e83efb742d..4ef698549e31 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -405,16 +405,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
const void __user *,value, size_t, size, int, flags)
{
struct fd f = fdget(fd);
- struct dentry *dentry;
int error = -EBADF;
if (!f.file)
return error;
- dentry = f.file->f_path.dentry;
- audit_inode(NULL, dentry, 0);
+ audit_file(f.file);
error = mnt_want_write_file(f.file);
if (!error) {
- error = setxattr(dentry, name, value, size, flags);
+ error = setxattr(f.file->f_path.dentry, name, value, size, flags);
mnt_drop_write_file(f.file);
}
fdput(f);
@@ -509,7 +507,7 @@ SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
if (!f.file)
return error;
- audit_inode(NULL, f.file->f_path.dentry, 0);
+ audit_file(f.file);
error = getxattr(f.file->f_path.dentry, name, value, size);
fdput(f);
return error;
@@ -590,7 +588,7 @@ SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
if (!f.file)
return error;
- audit_inode(NULL, f.file->f_path.dentry, 0);
+ audit_file(f.file);
error = listxattr(f.file->f_path.dentry, list, size);
fdput(f);
return error;
@@ -651,16 +649,14 @@ SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
{
struct fd f = fdget(fd);
- struct dentry *dentry;
int error = -EBADF;
if (!f.file)
return error;
- dentry = f.file->f_path.dentry;
- audit_inode(NULL, dentry, 0);
+ audit_file(f.file);
error = mnt_want_write_file(f.file);
if (!error) {
- error = removexattr(dentry, name);
+ error = removexattr(f.file->f_path.dentry, name);
mnt_drop_write_file(f.file);
}
fdput(f);
diff --git a/include/linux/audit.h b/include/linux/audit.h
index e58fe7df8b9c..0c04917c2f12 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -130,6 +130,7 @@ extern void audit_putname(struct filename *name);
#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
extern void __audit_inode(struct filename *name, const struct dentry *dentry,
unsigned int flags);
+extern void __audit_file(const struct file *);
extern void __audit_inode_child(const struct inode *parent,
const struct dentry *dentry,
const unsigned char type);
@@ -183,6 +184,11 @@ static inline void audit_inode(struct filename *name,
__audit_inode(name, dentry, flags);
}
}
+static inline void audit_file(struct file *file)
+{
+ if (unlikely(!audit_dummy_context()))
+ __audit_file(file);
+}
static inline void audit_inode_parent_hidden(struct filename *name,
const struct dentry *dentry)
{
@@ -357,6 +363,9 @@ static inline void audit_inode(struct filename *name,
const struct dentry *dentry,
unsigned int parent)
{ }
+static inline void audit_file(struct file *file)
+{
+}
static inline void audit_inode_parent_hidden(struct filename *name,
const struct dentry *dentry)
{ }
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 4fcf39af1776..7635a1cf99f3 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -990,7 +990,7 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr,
goto out_fput;
}
info = MQUEUE_I(inode);
- audit_inode(NULL, f.file->f_path.dentry, 0);
+ audit_file(f.file);
if (unlikely(!(f.file->f_mode & FMODE_WRITE))) {
ret = -EBADF;
@@ -1106,7 +1106,7 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr,
goto out_fput;
}
info = MQUEUE_I(inode);
- audit_inode(NULL, f.file->f_path.dentry, 0);
+ audit_file(f.file);
if (unlikely(!(f.file->f_mode & FMODE_READ))) {
ret = -EBADF;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 06820657c8ca..c75522a83678 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1897,6 +1897,11 @@ out:
audit_copy_inode(n, dentry, inode);
}
+void __audit_file(const struct file *file)
+{
+ __audit_inode(NULL, file->f_path.dentry, 0);
+}
+
/**
* __audit_inode_child - collect inode info for created/removed objects
* @parent: inode of dentry parent