[PATCH 10/14] fixup! audit: implement audit by executable

Tue, 17 Jun 2014 20:14:35 -0700 

Check for existence of exe rule.
---
 kernel/audit_tree.c  |    2 +-
 kernel/audit_watch.c |    2 +-
 kernel/auditfilter.c |    4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 135944a..b4bf5d2 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -632,7 +632,7 @@ int audit_make_tree(struct audit_krule *rule, char 
*pathname, u32 op)
        if (pathname[0] != '/' ||
            rule->listnr != AUDIT_FILTER_EXIT ||
            op != Audit_equal ||
-           rule->inode_f || rule->watch || rule->tree)
+           rule->inode_f || rule->watch || rule->exe || rule->tree)
                return -EINVAL;
        rule->tree = alloc_tree(pathname);
        if (!rule->tree)
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 70b4554..1169de3 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -196,7 +196,7 @@ int audit_to_watch(struct audit_krule *krule, char *path, 
int len, u32 op)
        if (path[0] != '/' || path[len-1] == '/' ||
            krule->listnr != AUDIT_FILTER_EXIT ||
            op != Audit_equal ||
-           krule->inode_f || krule->watch || krule->tree)
+           krule->inode_f || krule->watch || krule->exe || krule->tree)
                return -EINVAL;
 
        watch = audit_init_watch(path);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index cae8eae..eede673 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -148,7 +148,7 @@ static inline int audit_to_inode(struct audit_krule *krule,
                                 struct audit_field *f)
 {
        if (krule->listnr != AUDIT_FILTER_EXIT ||
-           krule->inode_f || krule->watch || krule->tree ||
+           krule->inode_f || krule->watch || krule->exe || krule->tree ||
            (f->op != Audit_equal && f->op != Audit_not_equal))
                return -EINVAL;
 
@@ -1423,7 +1423,7 @@ static int update_lsm_rule(struct audit_krule *r)
                list_del_rcu(&entry->list);
                list_del(&r->list);
        } else {
-               if (r->watch || r->tree)
+               if (r->watch || r->exe || r->tree)
                        list_replace_init(&r->rlist, &nentry->rule.rlist);
                list_replace_rcu(&entry->list, &nentry->list);
                list_replace(&r->list, &nentry->rule.list);
-- 
1.7.1

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to