[PATCH] fix faulty inode data collection for open() with O_CREAT
When the specified path is an existing file or when it is a symlink, audit
collects the wrong inode number, which causes it to miss the open() event.
Adding a second hook to the open() path fixes this.
Also add audit_copy_inode() to consolidate some code.
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/include/linux/audit.h b/include/linux/audit.h
index b27d7de..e7e5e53 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -328,6 +328,7 @@
extern void __audit_inode(const char *name, const struct inode *inode);
extern void __audit_inode_child(const char *dname, const struct inode *inode,
unsigned long pino);
+extern void __audit_inode_update(const struct inode *inode);
static inline void audit_getname(const char *name)
{
if (unlikely(current->audit_context))
@@ -343,6 +344,10 @@
if (unlikely(current->audit_context))
__audit_inode_child(dname, inode, pino);
}
+static inline void audit_inode_update(const struct inode *inode) {
+ if (unlikely(current->audit_context))
+ __audit_inode_update(inode);
+}
/* Private API (for audit.c only) */
extern unsigned int audit_serial(void);
@@ -414,8 +419,10 @@
#define audit_putname(n) do { ; } while (0)
#define __audit_inode(n,i) do { ; } while (0)
#define __audit_inode_child(d,i,p) do { ; } while (0)
+#define __audit_inode_update(i) do { ; } while (0)
#define audit_inode(n,i) do { ; } while (0)
#define audit_inode_child(d,i,p) do { ; } while (0)
+#define audit_inode_update(i) do { ; } while (0)
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define audit_get_loginuid(c) ({ -1; })
#define audit_ipc_obj(i) ({ 0; })