[PATCH] pass dentry to audit_inode()/audit_inode_child()
makes caller simpler *and* allows to scan ancestors
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index 11be8a3..6a713b3 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -413,7 +413,7 @@
d_move(old_dentry, dentry);
fsnotify_move(old_dir->d_inode, new_dir->d_inode, old_name,
old_dentry->d_name.name, S_ISDIR(old_dentry->d_inode->i_mode),
- NULL, old_dentry->d_inode);
+ NULL, old_dentry);
fsnotify_oldname_free(old_name);
unlock_rename(new_dir, old_dir);
dput(dentry);
diff --git a/fs/namei.c b/fs/namei.c
index 1e5c716..3b993db 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1174,7 +1174,7 @@
out:
if (unlikely(!retval && !audit_dummy_context() && nd->dentry &&
nd->dentry->d_inode))
- audit_inode(name, nd->dentry->d_inode);
+ audit_inode(name, nd->dentry);
out_fail:
return retval;
@@ -1214,7 +1214,7 @@
retval = path_walk(name, nd);
if (unlikely(!retval && !audit_dummy_context() && nd->dentry &&
nd->dentry->d_inode))
- audit_inode(name, nd->dentry->d_inode);
+ audit_inode(name, nd->dentry);
return retval;
@@ -1469,7 +1469,7 @@
return -ENOENT;
BUG_ON(victim->d_parent->d_inode != dir);
- audit_inode_child(victim->d_name.name, victim->d_inode, dir);
+ audit_inode_child(victim->d_name.name, victim, dir);
error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
if (error)
@@ -1783,7 +1783,7 @@
* It already exists.
*/
mutex_unlock(&dir->d_inode->i_mutex);
- audit_inode(pathname, path.dentry->d_inode);
+ audit_inode(pathname, path.dentry);
error = -EEXIST;
if (flag & O_EXCL)
@@ -2562,7 +2562,7 @@
if (!error) {
const char *new_name = old_dentry->d_name.name;
fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir,
- new_dentry->d_inode, old_dentry->d_inode);
+ new_dentry->d_inode, old_dentry);
}
fsnotify_oldname_free(old_name);
diff --git a/fs/open.c b/fs/open.c
index 7538514..3b69c53 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -569,7 +569,7 @@
dentry = file->f_path.dentry;
inode = dentry->d_inode;
- audit_inode(NULL, inode);
+ audit_inode(NULL, dentry);
err = -EROFS;
if (IS_RDONLY(inode))
@@ -727,7 +727,7 @@
goto out;
dentry = file->f_path.dentry;
- audit_inode(NULL, dentry->d_inode);
+ audit_inode(NULL, dentry);
error = chown_common(dentry, user, group);
fput(file);
out:
diff --git a/fs/xattr.c b/fs/xattr.c
index a44fd92..6645b73 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -267,7 +267,7 @@
if (!f)
return error;
dentry = f->f_path.dentry;
- audit_inode(NULL, dentry->d_inode);
+ audit_inode(NULL, dentry);
error = setxattr(dentry, name, value, size, flags);
fput(f);
return error;
@@ -349,7 +349,7 @@
f = fget(fd);
if (!f)
return error;
- audit_inode(NULL, f->f_path.dentry->d_inode);
+ audit_inode(NULL, f->f_path.dentry);
error = getxattr(f->f_path.dentry, name, value, size);
fput(f);
return error;
@@ -422,7 +422,7 @@
f = fget(fd);
if (!f)
return error;
- audit_inode(NULL, f->f_path.dentry->d_inode);
+ audit_inode(NULL, f->f_path.dentry);
error = listxattr(f->f_path.dentry, list, size);
fput(f);
return error;
@@ -485,7 +485,7 @@
if (!f)
return error;
dentry = f->f_path.dentry;
- audit_inode(NULL, dentry->d_inode);
+ audit_inode(NULL, dentry);
error = removexattr(dentry, name);
fput(f);
return error;
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 9ae7409..133b81b 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -366,8 +366,8 @@
extern void audit_syscall_exit(int failed, long return_code);
extern void __audit_getname(const char *name);
extern void audit_putname(const char *name);
-extern void __audit_inode(const char *name, const struct inode *inode);
-extern void __audit_inode_child(const char *dname, const struct inode *inode,
+extern void __audit_inode(const char *name, const struct dentry *dentry);
+extern void __audit_inode_child(const char *dname, const struct dentry *dentry,
const struct inode *parent);
extern void __audit_ptrace(struct task_struct *t);
@@ -381,15 +381,15 @@
if (unlikely(!audit_dummy_context()))
__audit_getname(name);
}
-static inline void audit_inode(const char *name, const struct inode *inode) {
+static inline void audit_inode(const char *name, const struct dentry *dentry) {
if (unlikely(!audit_dummy_context()))
- __audit_inode(name, inode);
+ __audit_inode(name, dentry);
}
static inline void audit_inode_child(const char *dname,
- const struct inode *inode,
+ const struct dentry *dentry,
const struct inode *parent) {
if (unlikely(!audit_dummy_context()))
- __audit_inode_child(dname, inode, parent);
+ __audit_inode_child(dname, dentry, parent);
}
void audit_core_dumps(long signr);
@@ -477,9 +477,9 @@
#define audit_dummy_context() 1
#define audit_getname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0)
-#define __audit_inode(n,i) do { ; } while (0)
+#define __audit_inode(n,d) do { ; } while (0)
#define __audit_inode_child(d,i,p) do { ; } while (0)
-#define audit_inode(n,i) do { ; } while (0)
+#define audit_inode(n,d) do { ; } while (0)
#define audit_inode_child(d,i,p) do { ; } while (0)
#define audit_core_dumps(i) do { ; } while (0)
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index dfc4e4f..2bd31fa 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -41,8 +41,9 @@
*/
static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir,
const char *old_name, const char *new_name,
- int isdir, struct inode *target, struct inode *source)
+ int isdir, struct inode *target, struct dentry *moved)
{
+ struct inode *source = moved->d_inode;
u32 cookie = inotify_get_cookie();
if (old_dir == new_dir)
@@ -67,7 +68,7 @@
if (source) {
inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL);
}
- audit_inode_child(new_name, source, new_dir);
+ audit_inode_child(new_name, moved, new_dir);
}
/*
@@ -98,7 +99,7 @@
inode_dir_notify(inode, DN_CREATE);
inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name,
dentry->d_inode);
- audit_inode_child(dentry->d_name.name, dentry->d_inode, inode);
+ audit_inode_child(dentry->d_name.name, dentry, inode);
}
/*
@@ -109,7 +110,7 @@
inode_dir_notify(inode, DN_CREATE);
inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0,
dentry->d_name.name, dentry->d_inode);
- audit_inode_child(dentry->d_name.name, dentry->d_inode, inode);
+ audit_inode_child(dentry->d_name.name, dentry, inode);
}
/*
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index c0b26dc..bfa274b 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -676,7 +676,7 @@
if (oflag & O_CREAT) {
if (dentry->d_inode) { /* entry already exists */
- audit_inode(name, dentry->d_inode);
+ audit_inode(name, dentry);
error = -EEXIST;
if (oflag & O_EXCL)
goto out;
@@ -689,7 +689,7 @@
error = -ENOENT;
if (!dentry->d_inode)
goto out;
- audit_inode(name, dentry->d_inode);
+ audit_inode(name, dentry);
filp = do_open(dentry, oflag);
}
@@ -837,7 +837,7 @@
if (unlikely(filp->f_op != &mqueue_file_operations))
goto out_fput;
info = MQUEUE_I(inode);
- audit_inode(NULL, inode);
+ audit_inode(NULL, filp->f_path.dentry);
if (unlikely(!(filp->f_mode & FMODE_WRITE)))
goto out_fput;
@@ -921,7 +921,7 @@
if (unlikely(filp->f_op != &mqueue_file_operations))
goto out_fput;
info = MQUEUE_I(inode);
- audit_inode(NULL, inode);
+ audit_inode(NULL, filp->f_path.dentry);
if (unlikely(!(filp->f_mode & FMODE_READ)))
goto out_fput;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index e19b5a3..8a85c20 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1403,10 +1403,11 @@
*
* Called from fs/namei.c:path_lookup().
*/
-void __audit_inode(const char *name, const struct inode *inode)
+void __audit_inode(const char *name, const struct dentry *dentry)
{
int idx;
struct audit_context *context = current->audit_context;
+ const struct inode *inode = inode = dentry->d_inode;
if (!context->in_syscall)
return;
@@ -1443,12 +1444,13 @@
* must be hooked prior, in order to capture the target inode during
* unsuccessful attempts.
*/
-void __audit_inode_child(const char *dname, const struct inode *inode,
+void __audit_inode_child(const char *dname, const struct dentry *dentry,
const struct inode *parent)
{
int idx;
struct audit_context *context = current->audit_context;
const char *found_parent = NULL, *found_child = NULL;
+ const struct inode *inode = dentry->d_inode;
int dirlen = 0;
if (!context->in_syscall)