disable FB

hc

2024-01-04 1543e317f1da31b75942316931e8f491a8920811

 kernel/kernel/audit_watch.c
..
..
@@ -1,22 +1,9 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
1
2
 /* audit_watch.c -- watching inodes
2
3
  *
3
4
  * Copyright 2003-2009 Red Hat, Inc.
4
5
  * Copyright 2005 Hewlett-Packard Development Company, L.P.
5
6
  * Copyright 2005 IBM Corporation
6
- *
7
- * This program is free software; you can redistribute it and/or modify
8
- * it under the terms of the GNU General Public License as published by
9
- * the Free Software Foundation; either version 2 of the License, or
10
- * (at your option) any later version.
11
- *
12
- * This program is distributed in the hope that it will be useful,
13
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
- * GNU General Public License for more details.
16
- *
17
- * You should have received a copy of the GNU General Public License
18
- * along with this program; if not, write to the Free Software
19
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
20
7
  */
21
8
 
22
9
 #include <linux/file.h>
..
..
@@ -66,7 +53,7 @@
66
53
 
67
54
 /* fsnotify events we care about. */
68
55
 #define AUDIT_FS_WATCH (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\
69
-			FS_MOVE_SELF | FS_EVENT_ON_CHILD | FS_UNMOUNT)
56
+			FS_MOVE_SELF | FS_UNMOUNT)
70
57
 
71
58
 static void audit_free_parent(struct audit_parent *parent)
72
59
 {
..
..
@@ -242,13 +229,11 @@
242
229
 
243
230
 	if (!audit_enabled)
244
231
 		return;
245
-	ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
232
+	ab = audit_log_start(audit_context(), GFP_NOFS, AUDIT_CONFIG_CHANGE);
246
233
 	if (!ab)
247
234
 		return;
248
-	audit_log_format(ab, "auid=%u ses=%u op=%s",
249
-			 from_kuid(&init_user_ns, audit_get_loginuid(current)),
250
-			 audit_get_sessionid(current), op);
251
-	audit_log_format(ab, " path=");
235
+	audit_log_session_info(ab);
236
+	audit_log_format(ab, "op=%s path=", op);
252
237
 	audit_log_untrustedstring(ab, w->path);
253
238
 	audit_log_key(ab, r->filterkey);
254
239
 	audit_log_format(ab, " list=%d res=1", r->listnr);
..
..
@@ -257,7 +242,7 @@
257
242
 
258
243
 /* Update inode info in audit rules based on filesystem event. */
259
244
 static void audit_update_watch(struct audit_parent *parent,
260
-			       const char *dname, dev_t dev,
245
+			       const struct qstr *dname, dev_t dev,
261
246
 			       unsigned long ino, unsigned invalidating)
262
247
 {
263
248
 	struct audit_watch *owatch, *nwatch, *nextw;
..
..
@@ -479,32 +464,17 @@
479
464
 }
480
465
 
481
466
 /* Update watch data in audit rules based on fsnotify events. */
482
-static int audit_watch_handle_event(struct fsnotify_group *group,
483
-				    struct inode *to_tell,
484
-				    u32 mask, const void *data, int data_type,
485
-				    const unsigned char *dname, u32 cookie,
486
-				    struct fsnotify_iter_info *iter_info)
467
+static int audit_watch_handle_event(struct fsnotify_mark *inode_mark, u32 mask,
468
+				    struct inode *inode, struct inode *dir,
469
+				    const struct qstr *dname, u32 cookie)
487
470
 {
488
-	struct fsnotify_mark *inode_mark = fsnotify_iter_inode_mark(iter_info);
489
-	const struct inode *inode;
490
471
 	struct audit_parent *parent;
491
472
 
492
473
 	parent = container_of(inode_mark, struct audit_parent, mark);
493
474
 
494
-	BUG_ON(group != audit_watch_group);
495
-
496
-	switch (data_type) {
497
-	case (FSNOTIFY_EVENT_PATH):
498
-		inode = d_backing_inode(((const struct path *)data)->dentry);
499
-		break;
500
-	case (FSNOTIFY_EVENT_INODE):
501
-		inode = (const struct inode *)data;
502
-		break;
503
-	default:
504
-		BUG();
505
-		inode = NULL;
506
-		break;
507
-	}
475
+	if (WARN_ON_ONCE(inode_mark->group != audit_watch_group) ||
476
+	    WARN_ON_ONCE(!inode))
477
+		return 0;
508
478
 
509
479
 	if (mask & (FS_CREATE|FS_MOVED_TO) && inode)
510
480
 		audit_update_watch(parent, dname, inode->i_sb->s_dev, inode->i_ino, 0);
..
..
@@ -517,7 +487,7 @@
517
487
 }
518
488
 
519
489
 static const struct fsnotify_ops audit_watch_fsnotify_ops = {
520
-	.handle_event = 	audit_watch_handle_event,
490
+	.handle_inode_event =	audit_watch_handle_event,
521
491
 	.free_mark =		audit_watch_free_mark,
522
492
 };
523
493