Commit cfcad62c authored by Eric Paris's avatar Eric Paris Committed by Al Viro

audit: seperate audit inode watches into a subfile

In preparation for converting audit to use fsnotify instead of inotify we
seperate the inode watching code into it's own file.  This is similar to
how the audit tree watching code is already seperated into audit_tree.c
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent ea7ae60b
...@@ -70,7 +70,7 @@ obj-$(CONFIG_RESOURCE_COUNTERS) += res_counter.o ...@@ -70,7 +70,7 @@ obj-$(CONFIG_RESOURCE_COUNTERS) += res_counter.o
obj-$(CONFIG_STOP_MACHINE) += stop_machine.o obj-$(CONFIG_STOP_MACHINE) += stop_machine.o
obj-$(CONFIG_KPROBES_SANITY_TEST) += test_kprobes.o obj-$(CONFIG_KPROBES_SANITY_TEST) += test_kprobes.o
obj-$(CONFIG_AUDIT) += audit.o auditfilter.o obj-$(CONFIG_AUDIT) += audit.o auditfilter.o
obj-$(CONFIG_AUDITSYSCALL) += auditsc.o obj-$(CONFIG_AUDITSYSCALL) += auditsc.o audit_watch.o
obj-$(CONFIG_GCOV_KERNEL) += gcov/ obj-$(CONFIG_GCOV_KERNEL) += gcov/
obj-$(CONFIG_AUDIT_TREE) += audit_tree.o obj-$(CONFIG_AUDIT_TREE) += audit_tree.o
obj-$(CONFIG_KPROBES) += kprobes.o obj-$(CONFIG_KPROBES) += kprobes.o
......
...@@ -115,9 +115,6 @@ static atomic_t audit_lost = ATOMIC_INIT(0); ...@@ -115,9 +115,6 @@ static atomic_t audit_lost = ATOMIC_INIT(0);
/* The netlink socket. */ /* The netlink socket. */
static struct sock *audit_sock; static struct sock *audit_sock;
/* Inotify handle. */
struct inotify_handle *audit_ih;
/* Hash for inode-based rules */ /* Hash for inode-based rules */
struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS]; struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
...@@ -971,13 +968,6 @@ static void audit_receive(struct sk_buff *skb) ...@@ -971,13 +968,6 @@ static void audit_receive(struct sk_buff *skb)
mutex_unlock(&audit_cmd_mutex); mutex_unlock(&audit_cmd_mutex);
} }
#ifdef CONFIG_AUDITSYSCALL
static const struct inotify_operations audit_inotify_ops = {
.handle_event = audit_handle_ievent,
.destroy_watch = audit_free_parent,
};
#endif
/* Initialize audit support at boot time. */ /* Initialize audit support at boot time. */
static int __init audit_init(void) static int __init audit_init(void)
{ {
...@@ -1003,12 +993,6 @@ static int __init audit_init(void) ...@@ -1003,12 +993,6 @@ static int __init audit_init(void)
audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
#ifdef CONFIG_AUDITSYSCALL
audit_ih = inotify_init(&audit_inotify_ops);
if (IS_ERR(audit_ih))
audit_panic("cannot initialize inotify handle");
#endif
for (i = 0; i < AUDIT_INODE_BUCKETS; i++) for (i = 0; i < AUDIT_INODE_BUCKETS; i++)
INIT_LIST_HEAD(&audit_inode_hash[i]); INIT_LIST_HEAD(&audit_inode_hash[i]);
......
...@@ -53,18 +53,7 @@ enum audit_state { ...@@ -53,18 +53,7 @@ enum audit_state {
}; };
/* Rule lists */ /* Rule lists */
struct audit_parent; struct audit_watch;
struct audit_watch {
atomic_t count; /* reference count */
char *path; /* insertion path */
dev_t dev; /* associated superblock device */
unsigned long ino; /* associated inode number */
struct audit_parent *parent; /* associated parent */
struct list_head wlist; /* entry in parent->watches list */
struct list_head rules; /* associated rules */
};
struct audit_tree; struct audit_tree;
struct audit_chunk; struct audit_chunk;
...@@ -108,19 +97,31 @@ struct audit_netlink_list { ...@@ -108,19 +97,31 @@ struct audit_netlink_list {
int audit_send_list(void *); int audit_send_list(void *);
struct inotify_watch;
/* Inotify handle */
extern struct inotify_handle *audit_ih;
extern void audit_free_parent(struct inotify_watch *);
extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32,
const char *, struct inode *);
extern int selinux_audit_rule_update(void); extern int selinux_audit_rule_update(void);
extern struct mutex audit_filter_mutex; extern struct mutex audit_filter_mutex;
extern void audit_free_rule_rcu(struct rcu_head *); extern void audit_free_rule_rcu(struct rcu_head *);
extern struct list_head audit_filter_list[]; extern struct list_head audit_filter_list[];
/* audit watch functions */
extern unsigned long audit_watch_inode(struct audit_watch *watch);
extern dev_t audit_watch_dev(struct audit_watch *watch);
extern void audit_put_watch(struct audit_watch *watch);
extern void audit_get_watch(struct audit_watch *watch);
extern int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op);
extern int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw);
extern void audit_put_nd(struct nameidata *ndp, struct nameidata *ndw);
extern int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp,
struct nameidata *ndw);
extern void audit_remove_watch(struct audit_watch *watch);
extern void audit_remove_watch_rule(struct audit_krule *krule, struct list_head *list);
extern void audit_inotify_unregister(struct list_head *in_list);
extern char *audit_watch_path(struct audit_watch *watch);
extern struct list_head *audit_watch_rules(struct audit_watch *watch);
extern struct audit_entry *audit_dupe_rule(struct audit_krule *old,
struct audit_watch *watch);
#ifdef CONFIG_AUDIT_TREE #ifdef CONFIG_AUDIT_TREE
extern struct audit_chunk *audit_tree_lookup(const struct inode *); extern struct audit_chunk *audit_tree_lookup(const struct inode *);
extern void audit_put_chunk(struct audit_chunk *); extern void audit_put_chunk(struct audit_chunk *);
......
This diff is collapsed.
This diff is collapsed.
...@@ -548,9 +548,9 @@ static int audit_filter_rules(struct task_struct *tsk, ...@@ -548,9 +548,9 @@ static int audit_filter_rules(struct task_struct *tsk,
} }
break; break;
case AUDIT_WATCH: case AUDIT_WATCH:
if (name && rule->watch->ino != (unsigned long)-1) if (name && audit_watch_inode(rule->watch) != (unsigned long)-1)
result = (name->dev == rule->watch->dev && result = (name->dev == audit_watch_dev(rule->watch) &&
name->ino == rule->watch->ino); name->ino == audit_watch_inode(rule->watch));
break; break;
case AUDIT_DIR: case AUDIT_DIR:
if (ctx) if (ctx)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment