adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2024-12-28 03:36:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

make sure that filterkey of task,always rules is reported

Browse source 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2008-12-16 03:51:22 -05:00
parent e45aa212ea
commit e048e02c89
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
kernel/auditsc.c
View file

@ -652,7 +652,7 @@ static int audit_filter_rules(struct task_struct *tsk,
* completely disabled for this task. Since we only have the task * completely disabled for this task. Since we only have the task
* structure at this point, we can only check uid and gid. * structure at this point, we can only check uid and gid.
*/ */
static enum audit_state audit_filter_task(struct task_struct *tsk) static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)
{ {
struct audit_entry *e; struct audit_entry *e;
enum audit_state state; enum audit_state state;
@ -660,6 +660,8 @@ static enum audit_state audit_filter_task(struct task_struct *tsk)
rcu_read_lock(); rcu_read_lock();
list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) {
if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) { if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) {
if (state == AUDIT_RECORD_CONTEXT)
*key = kstrdup(e->rule.filterkey, GFP_ATOMIC);
rcu_read_unlock(); rcu_read_unlock();
return state; return state;
} }
@ -866,18 +868,21 @@ int audit_alloc(struct task_struct *tsk)
{ {
struct audit_context *context; struct audit_context *context;
enum audit_state state; enum audit_state state;
char *key = NULL;
if (likely(!audit_ever_enabled)) if (likely(!audit_ever_enabled))
return 0; /* Return if not auditing. */ return 0; /* Return if not auditing. */
state = audit_filter_task(tsk); state = audit_filter_task(tsk, &key);
if (likely(state == AUDIT_DISABLED)) if (likely(state == AUDIT_DISABLED))
return 0; return 0;
if (!(context = audit_alloc_context(state))) { if (!(context = audit_alloc_context(state))) {
kfree(key);
audit_log_lost("out of memory in audit_alloc"); audit_log_lost("out of memory in audit_alloc");
return -ENOMEM; return -ENOMEM;
} }
context->filterkey = key;
tsk->audit_context = context; tsk->audit_context = context;
set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
@ -1703,8 +1708,10 @@ void audit_syscall_exit(int valid, long return_code)
context->sockaddr_len = 0; context->sockaddr_len = 0;
context->type = 0; context->type = 0;
context->fds[0] = -1; context->fds[0] = -1;
kfree(context->filterkey); if (context->state != AUDIT_RECORD_CONTEXT) {
context->filterkey = NULL; kfree(context->filterkey);
context->filterkey = NULL;
}
tsk->audit_context = context; tsk->audit_context = context;
} }
} }