adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2024-12-28 03:36:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

audit_update_lsm_rules() misses the audit_inode_hash[] ones

Browse source 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2008-12-14 12:04:02 -05:00
parent 57f71a0af4
commit 1a9d0797b8
1 changed files with 47 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

77
kernel/auditfilter.c
View file

@ -1778,6 +1778,41 @@ unlock_and_return:
return result; return result;
} }
static int update_lsm_rule(struct audit_entry *entry)
{
struct audit_entry *nentry;
struct audit_watch *watch;
struct audit_tree *tree;
int err = 0;
if (!security_audit_rule_known(&entry->rule))
return 0;
watch = entry->rule.watch;
tree = entry->rule.tree;
nentry = audit_dupe_rule(&entry->rule, watch);
if (IS_ERR(nentry)) {
/* save the first error encountered for the
* return value */
err = PTR_ERR(nentry);
audit_panic("error updating LSM filters");
if (watch)
list_del(&entry->rule.rlist);
list_del_rcu(&entry->list);
} else {
if (watch) {
list_add(&nentry->rule.rlist, &watch->rules);
list_del(&entry->rule.rlist);
} else if (tree)
list_replace_init(&entry->rule.rlist,
&nentry->rule.rlist);
list_replace_rcu(&entry->list, &nentry->list);
}
call_rcu(&entry->rcu, audit_free_rule_rcu);
return err;
}
/* This function will re-initialize the lsm_rule field of all applicable rules. /* This function will re-initialize the lsm_rule field of all applicable rules.
* It will traverse the filter lists serarching for rules that contain LSM * It will traverse the filter lists serarching for rules that contain LSM
* specific filter fields. When such a rule is found, it is copied, the * specific filter fields. When such a rule is found, it is copied, the
@ -1785,42 +1820,24 @@ unlock_and_return:
* updated rule. */ * updated rule. */
int audit_update_lsm_rules(void) int audit_update_lsm_rules(void)
{ {
struct audit_entry *entry, *n, *nentry; struct audit_entry *e, *n;
struct audit_watch *watch;
struct audit_tree *tree;
int i, err = 0; int i, err = 0;
/* audit_filter_mutex synchronizes the writers */ /* audit_filter_mutex synchronizes the writers */
mutex_lock(&audit_filter_mutex); mutex_lock(&audit_filter_mutex);
for (i = 0; i < AUDIT_NR_FILTERS; i++) { for (i = 0; i < AUDIT_NR_FILTERS; i++) {
list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) { list_for_each_entry_safe(e, n, &audit_filter_list[i], list) {
if (!security_audit_rule_known(&entry->rule)) int res = update_lsm_rule(e);
continue; if (!err)
err = res;
watch = entry->rule.watch; }
tree = entry->rule.tree; }
nentry = audit_dupe_rule(&entry->rule, watch); for (i=0; i< AUDIT_INODE_BUCKETS; i++) {
if (IS_ERR(nentry)) { list_for_each_entry_safe(e, n, &audit_inode_hash[i], list) {
/* save the first error encountered for the int res = update_lsm_rule(e);
* return value */ if (!err)
if (!err) err = res;
err = PTR_ERR(nentry);
audit_panic("error updating LSM filters");
if (watch)
list_del(&entry->rule.rlist);
list_del_rcu(&entry->list);
} else {
if (watch) {
list_add(&nentry->rule.rlist,
&watch->rules);
list_del(&entry->rule.rlist);
} else if (tree)
list_replace_init(&entry->rule.rlist,
&nentry->rule.rlist);
list_replace_rcu(&entry->list, &nentry->list);
}
call_rcu(&entry->rcu, audit_free_rule_rcu);
} }
} }