[PATCH] Collect more inode information during syscall processing. (73241ccc) · Commits · 戴 / test

fs/namei.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -1353,6 +1353,7 @@ static int may_delete(struct inode dir,struct dentry victim,int isdir)
		return -ENOENT;

		BUG_ON(victim->d_parent->d_inode != dir);
		audit_inode_child(victim->d_name.name, victim->d_inode, dir->i_ino);

		error = permission(dir,MAY_WRITE \| MAY_EXEC, NULL);
		if (error)

fs/open.c

+7 −1

Original line number	Diff line number	Diff line
		@@ -27,6 +27,7 @@
		#include <linux/pagemap.h>
		#include <linux/syscalls.h>
		#include <linux/rcupdate.h>
		#include <linux/audit.h>

		#include <asm/unistd.h>

		@@ -626,6 +627,8 @@ asmlinkage long sys_fchmod(unsigned int fd, mode_t mode)
		dentry = file->f_dentry;
		inode = dentry->d_inode;

		audit_inode(NULL, inode, 0);

		err = -EROFS;
		if (IS_RDONLY(inode))
		goto out_putf;
		@@ -775,7 +778,10 @@ asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group)

		file = fget(fd);
		if (file) {
		error = chown_common(file->f_dentry, user, group);
		struct dentry * dentry;
		dentry = file->f_dentry;
		audit_inode(NULL, dentry->d_inode, 0);
		error = chown_common(dentry, user, group);
		fput(file);
		}
		return error;

fs/xattr.c

+9 −2

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@
		#include <linux/syscalls.h>
		#include <linux/module.h>
		#include <linux/fsnotify.h>
		#include <linux/audit.h>
		#include <asm/uaccess.h>


		@@ -234,12 +235,15 @@ sys_fsetxattr(int fd, char __user name, void __user value,
		size_t size, int flags)
		{
		struct file *f;
		struct dentry *dentry;
		int error = -EBADF;

		f = fget(fd);
		if (!f)
		return error;
		error = setxattr(f->f_dentry, name, value, size, flags);
		dentry = f->f_dentry;
		audit_inode(NULL, dentry->d_inode, 0);
		error = setxattr(dentry, name, value, size, flags);
		fput(f);
		return error;
		}
		@@ -458,12 +462,15 @@ asmlinkage long
		sys_fremovexattr(int fd, char __user *name)
		{
		struct file *f;
		struct dentry *dentry;
		int error = -EBADF;

		f = fget(fd);
		if (!f)
		return error;
		error = removexattr(f->f_dentry, name);
		dentry = f->f_dentry;
		audit_inode(NULL, dentry->d_inode, 0);
		error = removexattr(dentry, name);
		fput(f);
		return error;
		}

include/linux/audit.h

+17 −1

Original line number	Diff line number	Diff line
		@@ -260,7 +260,20 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
		extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
		extern void audit_getname(const char *name);
		extern void audit_putname(const char *name);
		extern void audit_inode(const char name, const struct inode inode, unsigned flags);
		extern void __audit_inode(const char name, const struct inode inode, unsigned flags);
		extern void __audit_inode_child(const char dname, const struct inode inode,
		unsigned long pino);
		static inline void audit_inode(const char name, const struct inode inode,
		unsigned flags) {
		if (unlikely(current->audit_context))
		__audit_inode(name, inode, flags);
		}
		static inline void audit_inode_child(const char *dname,
		const struct inode *inode,
		unsigned long pino) {
		if (unlikely(current->audit_context))
		__audit_inode_child(dname, inode, pino);
		}

		/* Private API (for audit.c only) */
		extern int audit_receive_filter(int type, int pid, int uid, int seq,
		@@ -283,7 +296,10 @@ extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
		#define audit_syscall_exit(t,f,r) do { ; } while (0)
		#define audit_getname(n) do { ; } while (0)
		#define audit_putname(n) do { ; } while (0)
		#define __audit_inode(n,i,f) do { ; } while (0)
		#define __audit_inode_child(d,i,p) do { ; } while (0)
		#define audit_inode(n,i,f) do { ; } while (0)
		#define audit_inode_child(d,i,p) do { ; } while (0)
		#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
		#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
		#define audit_get_loginuid(c) ({ -1; })

include/linux/fsnotify.h

+5 −0

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@

		#include <linux/dnotify.h>
		#include <linux/inotify.h>
		#include <linux/audit.h>

		/*
		* fsnotify_move - file old_name at old_dir was moved to new_name at new_dir
		@@ -45,6 +46,8 @@ static inline void fsnotify_move(struct inode old_dir, struct inode new_dir,
		if (source) {
		inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL);
		}
		audit_inode_child(old_name, source, old_dir->i_ino);
		audit_inode_child(new_name, target, new_dir->i_ino);
		}

		/*
		@@ -74,6 +77,7 @@ static inline void fsnotify_create(struct inode inode, struct dentry dentry)
		{
		inode_dir_notify(inode, DN_CREATE);
		inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name);
		audit_inode_child(dentry->d_name.name, dentry->d_inode, inode->i_ino);
		}

		/*
		@@ -84,6 +88,7 @@ static inline void fsnotify_mkdir(struct inode inode, struct dentry dentry)
		inode_dir_notify(inode, DN_CREATE);
		inotify_inode_queue_event(inode, IN_CREATE \| IN_ISDIR, 0,
		dentry->d_name.name);
		audit_inode_child(dentry->d_name.name, dentry->d_inode, inode->i_ino);
		}

		/*

Admin message