Commit ce0d9f04 authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Eric Paris

audit: refactor audit_receive_msg() to clarify AUDIT_*_RULE* cases

audit_receive_msg() needlessly contained a fallthrough case that called
audit_receive_filter(), containing no common code between the cases.  Separate
them to make the logic clearer.  Refactor AUDIT_LIST_RULES, AUDIT_ADD_RULE,
AUDIT_DEL_RULE cases to create audit_rule_change(), audit_list_rules_send()
functions.  This should not functionally change the logic.
Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent a06e56b2
...@@ -461,8 +461,10 @@ extern int audit_update_lsm_rules(void); ...@@ -461,8 +461,10 @@ extern int audit_update_lsm_rules(void);
/* Private API (for audit.c only) */ /* Private API (for audit.c only) */
extern int audit_filter_user(int type); extern int audit_filter_user(int type);
extern int audit_filter_type(int type); extern int audit_filter_type(int type);
extern int audit_receive_filter(int type, __u32 portid, int seq, extern int audit_rule_change(int type, __u32 portid, int seq,
void *data, size_t datasz); void *data, size_t datasz);
extern int audit_list_rules_send(__u32 portid, int seq);
extern int audit_enabled; extern int audit_enabled;
#else /* CONFIG_AUDIT */ #else /* CONFIG_AUDIT */
static inline __printf(4, 5) static inline __printf(4, 5)
......
...@@ -903,11 +903,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -903,11 +903,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
audit_log_end(ab); audit_log_end(ab);
return -EPERM; return -EPERM;
} }
/* fallthrough */ err = audit_rule_change(msg_type, NETLINK_CB(skb).portid,
case AUDIT_LIST_RULES:
err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid,
seq, data, nlmsg_len(nlh)); seq, data, nlmsg_len(nlh));
break; break;
case AUDIT_LIST_RULES:
err = audit_list_rules_send(NETLINK_CB(skb).portid, seq);
break;
case AUDIT_TRIM: case AUDIT_TRIM:
audit_trim_trees(); audit_trim_trees();
audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE); audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE);
......
...@@ -1023,23 +1023,57 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re ...@@ -1023,23 +1023,57 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re
} }
/** /**
* audit_receive_filter - apply all rules to the specified message type * audit_rule_change - apply all rules to the specified message type
* @type: audit message type * @type: audit message type
* @portid: target port id for netlink audit messages * @portid: target port id for netlink audit messages
* @seq: netlink audit message sequence (serial) number * @seq: netlink audit message sequence (serial) number
* @data: payload data * @data: payload data
* @datasz: size of payload data * @datasz: size of payload data
*/ */
int audit_receive_filter(int type, __u32 portid, int seq, void *data, int audit_rule_change(int type, __u32 portid, int seq, void *data,
size_t datasz) size_t datasz)
{ {
struct task_struct *tsk;
struct audit_netlink_list *dest;
int err = 0; int err = 0;
struct audit_entry *entry; struct audit_entry *entry;
switch (type) { switch (type) {
case AUDIT_LIST_RULES: case AUDIT_ADD_RULE:
entry = audit_data_to_entry(data, datasz);
if (IS_ERR(entry))
return PTR_ERR(entry);
err = audit_add_rule(entry);
audit_log_rule_change("add rule", &entry->rule, !err);
if (err)
audit_free_rule(entry);
break;
case AUDIT_DEL_RULE:
entry = audit_data_to_entry(data, datasz);
if (IS_ERR(entry))
return PTR_ERR(entry);
err = audit_del_rule(entry);
audit_log_rule_change("remove rule", &entry->rule, !err);
audit_free_rule(entry);
break;
default:
return -EINVAL;
}
return err;
}
/**
* audit_list_rules_send - list the audit rules
* @portid: target portid for netlink audit messages
* @seq: netlink audit message sequence (serial) number
*/
int audit_list_rules_send(__u32 portid, int seq)
{
struct task_struct *tsk;
struct audit_netlink_list *dest;
int err = 0;
/* We can't just spew out the rules here because we might fill /* We can't just spew out the rules here because we might fill
* the available socket buffer space and deadlock waiting for * the available socket buffer space and deadlock waiting for
* auditctl to read from it... which isn't ever going to * auditctl to read from it... which isn't ever going to
...@@ -1063,29 +1097,6 @@ int audit_receive_filter(int type, __u32 portid, int seq, void *data, ...@@ -1063,29 +1097,6 @@ int audit_receive_filter(int type, __u32 portid, int seq, void *data,
kfree(dest); kfree(dest);
err = PTR_ERR(tsk); err = PTR_ERR(tsk);
} }
break;
case AUDIT_ADD_RULE:
entry = audit_data_to_entry(data, datasz);
if (IS_ERR(entry))
return PTR_ERR(entry);
err = audit_add_rule(entry);
audit_log_rule_change("add rule", &entry->rule, !err);
if (err)
audit_free_rule(entry);
break;
case AUDIT_DEL_RULE:
entry = audit_data_to_entry(data, datasz);
if (IS_ERR(entry))
return PTR_ERR(entry);
err = audit_del_rule(entry);
audit_log_rule_change("remove rule", &entry->rule, !err);
audit_free_rule(entry);
break;
default:
return -EINVAL;
}
return err; return err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment