moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH

Browse Source 
This patch separates and audit message that only contains a dentry from
one that contains a full path.  This allows us to make it harder to
misuse the interfaces or for the interfaces to be implemented wrong.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
Eric Paris
2011-04-25 13:10:27 -04:00
parent f48b739984
commit a269434d2f
5 changed files with 52 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
security/lsm_audit.c
View File

@@ -229,17 +229,24 @@ static void dump_common_audit_data(struct audit_buffer *ab,
audit_log_format(ab, " capability=%d ", a->u.cap);
break;
case LSM_AUDIT_DATA_PATH: {
struct dentry *dentry = a->u.path.dentry;
struct inode *inode;
if (a->u.path.mnt) {
audit_log_d_path(ab, "path=", &a->u.path);
} else {
audit_log_format(ab, " name=");
audit_log_untrustedstring(ab,
dentry->d_name.name);
}
inode = dentry->d_inode;
audit_log_d_path(ab, "path=", &a->u.path);
inode = a->u.path.dentry->d_inode;
if (inode)
audit_log_format(ab, " dev=%s ino=%lu",
inode->i_sb->s_id,
inode->i_ino);
break;
}
case LSM_AUDIT_DATA_DENTRY: {
struct inode *inode;
audit_log_format(ab, " name=");
audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
inode = a->u.dentry->d_inode;
if (inode)
audit_log_format(ab, " dev=%s ino=%lu",
inode->i_sb->s_id,