Commit 471a5c7c authored by Al Viro's avatar Al Viro

[PATCH] introduce audit rules counter

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 5422e01a
...@@ -410,6 +410,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) ...@@ -410,6 +410,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
return __audit_mq_getsetattr(mqdes, mqstat); return __audit_mq_getsetattr(mqdes, mqstat);
return 0; return 0;
} }
extern int audit_n_rules;
#else #else
#define audit_alloc(t) ({ 0; }) #define audit_alloc(t) ({ 0; })
#define audit_free(t) do { ; } while (0) #define audit_free(t) do { ; } while (0)
...@@ -437,6 +438,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) ...@@ -437,6 +438,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
#define audit_mq_timedreceive(d,l,p,t) ({ 0; }) #define audit_mq_timedreceive(d,l,p,t) ({ 0; })
#define audit_mq_notify(d,n) ({ 0; }) #define audit_mq_notify(d,n) ({ 0; })
#define audit_mq_getsetattr(d,s) ({ 0; }) #define audit_mq_getsetattr(d,s) ({ 0; })
#define audit_n_rules 0
#endif #endif
#ifdef CONFIG_AUDIT #ifdef CONFIG_AUDIT
......
...@@ -1136,6 +1136,14 @@ static inline int audit_add_rule(struct audit_entry *entry, ...@@ -1136,6 +1136,14 @@ static inline int audit_add_rule(struct audit_entry *entry,
struct audit_watch *watch = entry->rule.watch; struct audit_watch *watch = entry->rule.watch;
struct nameidata *ndp, *ndw; struct nameidata *ndp, *ndw;
int h, err, putnd_needed = 0; int h, err, putnd_needed = 0;
#ifdef CONFIG_AUDITSYSCALL
int dont_count = 0;
/* If either of these, don't count towards total */
if (entry->rule.listnr == AUDIT_FILTER_USER ||
entry->rule.listnr == AUDIT_FILTER_TYPE)
dont_count = 1;
#endif
if (inode_f) { if (inode_f) {
h = audit_hash_ino(inode_f->val); h = audit_hash_ino(inode_f->val);
...@@ -1176,6 +1184,10 @@ static inline int audit_add_rule(struct audit_entry *entry, ...@@ -1176,6 +1184,10 @@ static inline int audit_add_rule(struct audit_entry *entry,
} else { } else {
list_add_tail_rcu(&entry->list, list); list_add_tail_rcu(&entry->list, list);
} }
#ifdef CONFIG_AUDITSYSCALL
if (!dont_count)
audit_n_rules++;
#endif
mutex_unlock(&audit_filter_mutex); mutex_unlock(&audit_filter_mutex);
if (putnd_needed) if (putnd_needed)
...@@ -1200,6 +1212,14 @@ static inline int audit_del_rule(struct audit_entry *entry, ...@@ -1200,6 +1212,14 @@ static inline int audit_del_rule(struct audit_entry *entry,
struct audit_watch *watch, *tmp_watch = entry->rule.watch; struct audit_watch *watch, *tmp_watch = entry->rule.watch;
LIST_HEAD(inotify_list); LIST_HEAD(inotify_list);
int h, ret = 0; int h, ret = 0;
#ifdef CONFIG_AUDITSYSCALL
int dont_count = 0;
/* If either of these, don't count towards total */
if (entry->rule.listnr == AUDIT_FILTER_USER ||
entry->rule.listnr == AUDIT_FILTER_TYPE)
dont_count = 1;
#endif
if (inode_f) { if (inode_f) {
h = audit_hash_ino(inode_f->val); h = audit_hash_ino(inode_f->val);
...@@ -1237,6 +1257,10 @@ static inline int audit_del_rule(struct audit_entry *entry, ...@@ -1237,6 +1257,10 @@ static inline int audit_del_rule(struct audit_entry *entry,
list_del_rcu(&e->list); list_del_rcu(&e->list);
call_rcu(&e->rcu, audit_free_rule_rcu); call_rcu(&e->rcu, audit_free_rule_rcu);
#ifdef CONFIG_AUDITSYSCALL
if (!dont_count)
audit_n_rules--;
#endif
mutex_unlock(&audit_filter_mutex); mutex_unlock(&audit_filter_mutex);
if (!list_empty(&inotify_list)) if (!list_empty(&inotify_list))
......
...@@ -85,6 +85,9 @@ extern int audit_enabled; ...@@ -85,6 +85,9 @@ extern int audit_enabled;
/* Indicates that audit should log the full pathname. */ /* Indicates that audit should log the full pathname. */
#define AUDIT_NAME_FULL -1 #define AUDIT_NAME_FULL -1
/* number of audit rules */
int audit_n_rules;
/* When fs/namei.c:getname() is called, we store the pointer in name and /* When fs/namei.c:getname() is called, we store the pointer in name and
* we don't let putname() free it (instead we free all of the saved * we don't let putname() free it (instead we free all of the saved
* pointers at syscall exit time). * pointers at syscall exit time).
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment