Re: [PATCH V4 (was V6)] audit: use macros for unset inode and device values

From: Richard Guy Briggs
Date: Wed Aug 05 2015 - 02:30:26 EST

Next message: K. Y. Srinivasan: "[PATCH 12/13] cpu-hotplug: export cpu_hotplug_enable/cpu_hotplug_disable"
Previous message: K. Y. Srinivasan: "[PATCH 03/13] Drivers: hv: vmbus: Improve the CPU affiliation for channels"
In reply to: Paul Moore: "Re: [PATCH V4 (was V6)] audit: use macros for unset inode and device values"
Next in thread: Paul Moore: "Re: [PATCH V4 (was V6)] audit: use macros for unset inode and device values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15/08/04, Paul Moore wrote:
> On Saturday, August 01, 2015 03:42:23 PM Richard Guy Briggs wrote:
> > Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx>
> > ---
> > include/uapi/linux/audit.h | 2 ++
> > kernel/audit.c | 2 +-
> > kernel/audit_watch.c | 8 ++++----
> > kernel/auditsc.c | 6 +++---
> > 4 files changed, 10 insertions(+), 8 deletions(-)
>
> Yipee, less magic numbers!
>
> However, one question for you ... are we ever going to see a device or inode
> set to -1 in the userspace facing API? In other words, should the new
> #defines go in the uapi headers or simply in kernel/audit.h? Unless it is
> part of the API, let's leave it out of uapi as we have to be very careful
> about that stuff and I'd prefer to keep it minimal.

This is a good point. I did briefly thing about this at one point.
Perhaps Steve can answer this. It would be trivial to move it back to
uapi if needed. Would you be ok with it in include/linux/audit.h for
now?

> Also, if we can put the #defines in kernel/audit.h we can use the proper type
> for AUDIT_DEV_UNSET which would make me happy.
>
> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> > index d3475e1..971df22 100644
> > --- a/include/uapi/linux/audit.h
> > +++ b/include/uapi/linux/audit.h
> > @@ -440,6 +440,8 @@ struct audit_tty_status {
> > };
> >
> > #define AUDIT_UID_UNSET (unsigned int)-1
> > +#define AUDIT_INO_UNSET (unsigned long)-1
> > +#define AUDIT_DEV_UNSET (unsigned)-1
> >
> > /* audit_rule_data supports filter rules with both integer and string
> > * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index 1c13e42..d546003 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -1761,7 +1761,7 @@ void audit_log_name(struct audit_context *context,
> > struct audit_names *n, } else
> > audit_log_format(ab, " name=(null)");
> >
> > - if (n->ino != (unsigned long)-1)
> > + if (n->ino != AUDIT_INO_UNSET)
> > audit_log_format(ab, " inode=%lu"
> > " dev=%02x:%02x mode=%#ho"
> > " ouid=%u ogid=%u rdev=%02x:%02x",
> > diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> > index 8f123d7..c668bfc 100644
> > --- a/kernel/audit_watch.c
> > +++ b/kernel/audit_watch.c
> > @@ -138,7 +138,7 @@ char *audit_watch_path(struct audit_watch *watch)
> >
> > int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t
> > dev) {
> > - return (watch->ino != (unsigned long)-1) &&
> > + return (watch->ino != AUDIT_INO_UNSET) &&
> > (watch->ino == ino) &&
> > (watch->dev == dev);
> > }
> > @@ -179,8 +179,8 @@ static struct audit_watch *audit_init_watch(char *path)
> > INIT_LIST_HEAD(&watch->rules);
> > atomic_set(&watch->count, 1);
> > watch->path = path;
> > - watch->dev = (dev_t)-1;
> > - watch->ino = (unsigned long)-1;
> > + watch->dev = AUDIT_DEV_UNSET;
> > + watch->ino = AUDIT_INO_UNSET;
> >
> > return watch;
> > }
> > @@ -493,7 +493,7 @@ static int audit_watch_handle_event(struct
> > fsnotify_group *group, if (mask & (FS_CREATE|FS_MOVED_TO) && inode)
> > audit_update_watch(parent, dname, inode->i_sb->s_dev, inode->i_ino, 0);
> > else if (mask & (FS_DELETE|FS_MOVED_FROM))
> > - audit_update_watch(parent, dname, (dev_t)-1, (unsigned long)-1, 1);
> > + audit_update_watch(parent, dname, AUDIT_DEV_UNSET, AUDIT_INO_UNSET, 1);
> > else if (mask & (FS_DELETE_SELF|FS_UNMOUNT|FS_MOVE_SELF))
> > audit_remove_parent_watches(parent);
> >
> > diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> > index 9fb9d1c..701ea5c 100644
> > --- a/kernel/auditsc.c
> > +++ b/kernel/auditsc.c
> > @@ -180,7 +180,7 @@ static int audit_match_filetype(struct audit_context
> > *ctx, int val) return 0;
> >
> > list_for_each_entry(n, &ctx->names_list, list) {
> > - if ((n->ino != -1) &&
> > + if ((n->ino != AUDIT_INO_UNSET) &&
> > ((n->mode & S_IFMT) == mode))
> > return 1;
> > }
> > @@ -1683,7 +1683,7 @@ static struct audit_names *audit_alloc_name(struct
> > audit_context *context, aname->should_free = true;
> > }
> >
> > - aname->ino = (unsigned long)-1;
> > + aname->ino = AUDIT_INO_UNSET;
> > aname->type = type;
> > list_add_tail(&aname->list, &context->names_list);
> >
> > @@ -1925,7 +1925,7 @@ void __audit_inode_child(const struct inode *parent,
> > if (inode)
> > audit_copy_inode(found_child, dentry, inode);
> > else
> > - found_child->ino = (unsigned long)-1;
> > + found_child->ino = AUDIT_INO_UNSET;
> > }
> > EXPORT_SYMBOL_GPL(__audit_inode_child);
>
> --
> paul moore
> security @ redhat
>

- RGB

--
Richard Guy Briggs <rbriggs@xxxxxxxxxx>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: K. Y. Srinivasan: "[PATCH 12/13] cpu-hotplug: export cpu_hotplug_enable/cpu_hotplug_disable"
Previous message: K. Y. Srinivasan: "[PATCH 03/13] Drivers: hv: vmbus: Improve the CPU affiliation for channels"
In reply to: Paul Moore: "Re: [PATCH V4 (was V6)] audit: use macros for unset inode and device values"
Next in thread: Paul Moore: "Re: [PATCH V4 (was V6)] audit: use macros for unset inode and device values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]