Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
raspberrypi-kernel
提交
1a9d0797
R
raspberrypi-kernel
项目概览
openeuler
/
raspberrypi-kernel
通知
13
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
raspberrypi-kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
1a9d0797
编写于
12月 14, 2008
作者:
A
Al Viro
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
audit_update_lsm_rules() misses the audit_inode_hash[] ones
Signed-off-by:
N
Al Viro
<
viro@zeniv.linux.org.uk
>
上级
57f71a0a
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
47 addition
and
30 deletion
+47
-30
kernel/auditfilter.c
kernel/auditfilter.c
+47
-30
未找到文件。
kernel/auditfilter.c
浏览文件 @
1a9d0797
...
...
@@ -1778,6 +1778,41 @@ int audit_filter_type(int type)
return
result
;
}
static
int
update_lsm_rule
(
struct
audit_entry
*
entry
)
{
struct
audit_entry
*
nentry
;
struct
audit_watch
*
watch
;
struct
audit_tree
*
tree
;
int
err
=
0
;
if
(
!
security_audit_rule_known
(
&
entry
->
rule
))
return
0
;
watch
=
entry
->
rule
.
watch
;
tree
=
entry
->
rule
.
tree
;
nentry
=
audit_dupe_rule
(
&
entry
->
rule
,
watch
);
if
(
IS_ERR
(
nentry
))
{
/* save the first error encountered for the
* return value */
err
=
PTR_ERR
(
nentry
);
audit_panic
(
"error updating LSM filters"
);
if
(
watch
)
list_del
(
&
entry
->
rule
.
rlist
);
list_del_rcu
(
&
entry
->
list
);
}
else
{
if
(
watch
)
{
list_add
(
&
nentry
->
rule
.
rlist
,
&
watch
->
rules
);
list_del
(
&
entry
->
rule
.
rlist
);
}
else
if
(
tree
)
list_replace_init
(
&
entry
->
rule
.
rlist
,
&
nentry
->
rule
.
rlist
);
list_replace_rcu
(
&
entry
->
list
,
&
nentry
->
list
);
}
call_rcu
(
&
entry
->
rcu
,
audit_free_rule_rcu
);
return
err
;
}
/* This function will re-initialize the lsm_rule field of all applicable rules.
* It will traverse the filter lists serarching for rules that contain LSM
* specific filter fields. When such a rule is found, it is copied, the
...
...
@@ -1785,42 +1820,24 @@ int audit_filter_type(int type)
* updated rule. */
int
audit_update_lsm_rules
(
void
)
{
struct
audit_entry
*
entry
,
*
n
,
*
nentry
;
struct
audit_watch
*
watch
;
struct
audit_tree
*
tree
;
struct
audit_entry
*
e
,
*
n
;
int
i
,
err
=
0
;
/* audit_filter_mutex synchronizes the writers */
mutex_lock
(
&
audit_filter_mutex
);
for
(
i
=
0
;
i
<
AUDIT_NR_FILTERS
;
i
++
)
{
list_for_each_entry_safe
(
entry
,
n
,
&
audit_filter_list
[
i
],
list
)
{
if
(
!
security_audit_rule_known
(
&
entry
->
rule
))
continue
;
watch
=
entry
->
rule
.
watch
;
tree
=
entry
->
rule
.
tree
;
nentry
=
audit_dupe_rule
(
&
entry
->
rule
,
watch
);
if
(
IS_ERR
(
nentry
))
{
/* save the first error encountered for the
* return value */
if
(
!
err
)
err
=
PTR_ERR
(
nentry
);
audit_panic
(
"error updating LSM filters"
);
if
(
watch
)
list_del
(
&
entry
->
rule
.
rlist
);
list_del_rcu
(
&
entry
->
list
);
}
else
{
if
(
watch
)
{
list_add
(
&
nentry
->
rule
.
rlist
,
&
watch
->
rules
);
list_del
(
&
entry
->
rule
.
rlist
);
}
else
if
(
tree
)
list_replace_init
(
&
entry
->
rule
.
rlist
,
&
nentry
->
rule
.
rlist
);
list_replace_rcu
(
&
entry
->
list
,
&
nentry
->
list
);
}
call_rcu
(
&
entry
->
rcu
,
audit_free_rule_rcu
);
list_for_each_entry_safe
(
e
,
n
,
&
audit_filter_list
[
i
],
list
)
{
int
res
=
update_lsm_rule
(
e
);
if
(
!
err
)
err
=
res
;
}
}
for
(
i
=
0
;
i
<
AUDIT_INODE_BUCKETS
;
i
++
)
{
list_for_each_entry_safe
(
e
,
n
,
&
audit_inode_hash
[
i
],
list
)
{
int
res
=
update_lsm_rule
(
e
);
if
(
!
err
)
err
=
res
;
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录