Commit ae7b961b authored by David Woodhouse's avatar David Woodhouse

AUDIT: Report lookup flags with path/inode records.

When LOOKUP_PARENT is used, the inode which results is not the inode
found at the pathname. Report the flags so that this doesn't generate
misleading audit records.
Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent f7056d64
...@@ -1043,7 +1043,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata ...@@ -1043,7 +1043,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata
out: out:
if (unlikely(current->audit_context if (unlikely(current->audit_context
&& nd && nd->dentry && nd->dentry->d_inode)) && nd && nd->dentry && nd->dentry->d_inode))
audit_inode(name, nd->dentry->d_inode); audit_inode(name, nd->dentry->d_inode, flags);
return retval; return retval;
} }
......
...@@ -220,7 +220,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch, ...@@ -220,7 +220,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
extern void audit_getname(const char *name); extern void audit_getname(const char *name);
extern void audit_putname(const char *name); extern void audit_putname(const char *name);
extern void audit_inode(const char *name, const struct inode *inode); extern void audit_inode(const char *name, const struct inode *inode, unsigned flags);
/* Private API (for audit.c only) */ /* Private API (for audit.c only) */
extern int audit_receive_filter(int type, int pid, int uid, int seq, extern int audit_receive_filter(int type, int pid, int uid, int seq,
...@@ -243,7 +243,7 @@ extern int audit_filter_user(struct task_struct *tsk, int type); ...@@ -243,7 +243,7 @@ extern int audit_filter_user(struct task_struct *tsk, int type);
#define audit_syscall_exit(t,f,r) do { ; } while (0) #define audit_syscall_exit(t,f,r) do { ; } while (0)
#define audit_getname(n) do { ; } while (0) #define audit_getname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0) #define audit_putname(n) do { ; } while (0)
#define audit_inode(n,i) do { ; } while (0) #define audit_inode(n,i,f) do { ; } while (0)
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define audit_get_loginuid(c) ({ -1; }) #define audit_get_loginuid(c) ({ -1; })
......
...@@ -95,6 +95,7 @@ struct audit_names { ...@@ -95,6 +95,7 @@ struct audit_names {
uid_t uid; uid_t uid;
gid_t gid; gid_t gid;
dev_t rdev; dev_t rdev;
unsigned flags;
}; };
struct audit_aux_data { struct audit_aux_data {
...@@ -792,6 +793,8 @@ static void audit_log_exit(struct audit_context *context) ...@@ -792,6 +793,8 @@ static void audit_log_exit(struct audit_context *context)
audit_log_format(ab, " name="); audit_log_format(ab, " name=");
audit_log_untrustedstring(ab, context->names[i].name); audit_log_untrustedstring(ab, context->names[i].name);
} }
audit_log_format(ab, " flags=%x\n", context->names[i].flags);
if (context->names[i].ino != (unsigned long)-1) if (context->names[i].ino != (unsigned long)-1)
audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o"
" ouid=%u ogid=%u rdev=%02x:%02x", " ouid=%u ogid=%u rdev=%02x:%02x",
...@@ -1018,7 +1021,7 @@ void audit_putname(const char *name) ...@@ -1018,7 +1021,7 @@ void audit_putname(const char *name)
/* Store the inode and device from a lookup. Called from /* Store the inode and device from a lookup. Called from
* fs/namei.c:path_lookup(). */ * fs/namei.c:path_lookup(). */
void audit_inode(const char *name, const struct inode *inode) void audit_inode(const char *name, const struct inode *inode, unsigned flags)
{ {
int idx; int idx;
struct audit_context *context = current->audit_context; struct audit_context *context = current->audit_context;
...@@ -1044,6 +1047,7 @@ void audit_inode(const char *name, const struct inode *inode) ...@@ -1044,6 +1047,7 @@ void audit_inode(const char *name, const struct inode *inode)
++context->ino_count; ++context->ino_count;
#endif #endif
} }
context->names[idx].flags = flags;
context->names[idx].ino = inode->i_ino; context->names[idx].ino = inode->i_ino;
context->names[idx].dev = inode->i_sb->s_dev; context->names[idx].dev = inode->i_sb->s_dev;
context->names[idx].mode = inode->i_mode; context->names[idx].mode = inode->i_mode;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment