aboutsummaryrefslogtreecommitdiff
path: root/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'kernel')
-rw-r--r--kernel/audit.c32
-rw-r--r--kernel/auditsc.c21
2 files changed, 30 insertions, 23 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index c1ab8dbbb67..09a37581213 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -429,25 +429,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
break;
case AUDIT_USER:
case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
- read_lock(&tasklist_lock);
- tsk = find_task_by_pid(pid);
- if (tsk)
- get_task_struct(tsk);
- read_unlock(&tasklist_lock);
- if (!tsk)
- return -ESRCH;
-
- if (audit_enabled && audit_filter_user(tsk, msg_type)) {
- ab = audit_log_start(NULL, msg_type);
- if (ab) {
- audit_log_format(ab,
- "user pid=%d uid=%u auid=%u msg='%.1024s'",
- pid, uid, loginuid, (char *)data);
- audit_set_pid(ab, pid);
- audit_log_end(ab);
- }
+ if (!audit_enabled && msg_type != AUDIT_USER_AVC)
+ return 0;
+
+ err = audit_filter_user(pid, msg_type);
+ if (err == 1) {
+ err = 0;
+ ab = audit_log_start(NULL, msg_type);
+ if (ab) {
+ audit_log_format(ab,
+ "user pid=%d uid=%u auid=%u msg='%.1024s'",
+ pid, uid, loginuid, (char *)data);
+ audit_set_pid(ab, pid);
+ audit_log_end(ab);
+ }
}
- put_task_struct(tsk);
break;
case AUDIT_ADD:
case AUDIT_DEL:
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index cb8a4494515..fc858b0c044 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -530,22 +530,33 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
return AUDIT_BUILD_CONTEXT;
}
-int audit_filter_user(struct task_struct *tsk, int type)
+int audit_filter_user(int pid, int type)
{
+ struct task_struct *tsk;
struct audit_entry *e;
enum audit_state state;
+ int ret = 1;
- if (audit_pid && tsk->pid == audit_pid)
- return AUDIT_DISABLED;
+ read_lock(&tasklist_lock);
+ tsk = find_task_by_pid(pid);
+ if (tsk)
+ get_task_struct(tsk);
+ read_unlock(&tasklist_lock);
+
+ if (!tsk)
+ return -ESRCH;
rcu_read_lock();
list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
if (audit_filter_rules(tsk, &e->rule, NULL, &state)) {
- rcu_read_unlock();
- return state != AUDIT_DISABLED;
+ if (state == AUDIT_DISABLED)
+ ret = 0;
+ break;
}
}
rcu_read_unlock();
+ put_task_struct(tsk);
+
return 1; /* Audit by default */
}