Skip to content

Commit 1a9d079

Browse files
author
Al Viro
committed
audit_update_lsm_rules() misses the audit_inode_hash[] ones
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1 parent 57f71a0 commit 1a9d079

File tree

1 file changed

+47
-30
lines changed

1 file changed

+47
-30
lines changed

kernel/auditfilter.c

+47-30
Original file line numberDiff line numberDiff line change
@@ -1778,49 +1778,66 @@ int audit_filter_type(int type)
17781778
return result;
17791779
}
17801780

1781+
static int update_lsm_rule(struct audit_entry *entry)
1782+
{
1783+
struct audit_entry *nentry;
1784+
struct audit_watch *watch;
1785+
struct audit_tree *tree;
1786+
int err = 0;
1787+
1788+
if (!security_audit_rule_known(&entry->rule))
1789+
return 0;
1790+
1791+
watch = entry->rule.watch;
1792+
tree = entry->rule.tree;
1793+
nentry = audit_dupe_rule(&entry->rule, watch);
1794+
if (IS_ERR(nentry)) {
1795+
/* save the first error encountered for the
1796+
* return value */
1797+
err = PTR_ERR(nentry);
1798+
audit_panic("error updating LSM filters");
1799+
if (watch)
1800+
list_del(&entry->rule.rlist);
1801+
list_del_rcu(&entry->list);
1802+
} else {
1803+
if (watch) {
1804+
list_add(&nentry->rule.rlist, &watch->rules);
1805+
list_del(&entry->rule.rlist);
1806+
} else if (tree)
1807+
list_replace_init(&entry->rule.rlist,
1808+
&nentry->rule.rlist);
1809+
list_replace_rcu(&entry->list, &nentry->list);
1810+
}
1811+
call_rcu(&entry->rcu, audit_free_rule_rcu);
1812+
1813+
return err;
1814+
}
1815+
17811816
/* This function will re-initialize the lsm_rule field of all applicable rules.
17821817
* It will traverse the filter lists serarching for rules that contain LSM
17831818
* specific filter fields. When such a rule is found, it is copied, the
17841819
* LSM field is re-initialized, and the old rule is replaced with the
17851820
* updated rule. */
17861821
int audit_update_lsm_rules(void)
17871822
{
1788-
struct audit_entry *entry, *n, *nentry;
1789-
struct audit_watch *watch;
1790-
struct audit_tree *tree;
1823+
struct audit_entry *e, *n;
17911824
int i, err = 0;
17921825

17931826
/* audit_filter_mutex synchronizes the writers */
17941827
mutex_lock(&audit_filter_mutex);
17951828

17961829
for (i = 0; i < AUDIT_NR_FILTERS; i++) {
1797-
list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) {
1798-
if (!security_audit_rule_known(&entry->rule))
1799-
continue;
1800-
1801-
watch = entry->rule.watch;
1802-
tree = entry->rule.tree;
1803-
nentry = audit_dupe_rule(&entry->rule, watch);
1804-
if (IS_ERR(nentry)) {
1805-
/* save the first error encountered for the
1806-
* return value */
1807-
if (!err)
1808-
err = PTR_ERR(nentry);
1809-
audit_panic("error updating LSM filters");
1810-
if (watch)
1811-
list_del(&entry->rule.rlist);
1812-
list_del_rcu(&entry->list);
1813-
} else {
1814-
if (watch) {
1815-
list_add(&nentry->rule.rlist,
1816-
&watch->rules);
1817-
list_del(&entry->rule.rlist);
1818-
} else if (tree)
1819-
list_replace_init(&entry->rule.rlist,
1820-
&nentry->rule.rlist);
1821-
list_replace_rcu(&entry->list, &nentry->list);
1822-
}
1823-
call_rcu(&entry->rcu, audit_free_rule_rcu);
1830+
list_for_each_entry_safe(e, n, &audit_filter_list[i], list) {
1831+
int res = update_lsm_rule(e);
1832+
if (!err)
1833+
err = res;
1834+
}
1835+
}
1836+
for (i=0; i< AUDIT_INODE_BUCKETS; i++) {
1837+
list_for_each_entry_safe(e, n, &audit_inode_hash[i], list) {
1838+
int res = update_lsm_rule(e);
1839+
if (!err)
1840+
err = res;
18241841
}
18251842
}
18261843

0 commit comments

Comments
 (0)