[PATCH] audit: convert AUDIT_FILTER_PATH to AUDIT_FILTER_FS

From: Richard Guy Briggs
Date: Tue Jun 27 2017 - 14:47:43 EST


Switch from AUDIT_FILTER_PATH to AUDIT_FILTER_FS to align with the userspace
request to avoid a name collision with the path record and path field option.

Also update the corresponding feature bitmap macros.

See: https://github.com/linux-audit/audit-kernel/issues/8
See: https://github.com/linux-audit/audit-userspace/issues/15

Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx>
---
include/uapi/linux/audit.h | 6 +++---
kernel/auditfilter.c | 10 +++++-----
kernel/auditsc.c | 2 +-
3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 0464910..cfaf346 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -155,7 +155,7 @@
#define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */
#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */
#define AUDIT_FILTER_TYPE 0x05 /* Apply rule at audit_log_start */
-#define AUDIT_FILTER_PATH 0x06 /* Apply rule at __audit_inode_child */
+#define AUDIT_FILTER_FS 0x06 /* Apply rule at __audit_inode_child */

#define AUDIT_NR_FILTERS 7

@@ -336,14 +336,14 @@ enum {
#define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH 0x00000004
#define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x00000010
#define AUDIT_FEATURE_BITMAP_LOST_RESET 0x00000020
-#define AUDIT_FEATURE_BITMAP_FILTER_PATH 0x00000040
+#define AUDIT_FEATURE_BITMAP_FILTER_FS 0x00000040

#define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \
AUDIT_FEATURE_BITMAP_LOST_RESET | \
- AUDIT_FEATURE_BITMAP_FILTER_PATH)
+ AUDIT_FEATURE_BITMAP_FILTER_FS)

/* deprecated: AUDIT_VERSION_* */
#define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP_ALL
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 3e0ccf2..0fe34ce 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -265,7 +265,7 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule_data *
#endif
case AUDIT_FILTER_USER:
case AUDIT_FILTER_TYPE:
- case AUDIT_FILTER_PATH:
+ case AUDIT_FILTER_FS:
;
}
if (unlikely(rule->action == AUDIT_POSSIBLE)) {
@@ -342,13 +342,13 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)
return -EINVAL;
break;
case AUDIT_FSTYPE:
- if (entry->rule.listnr != AUDIT_FILTER_PATH)
+ if (entry->rule.listnr != AUDIT_FILTER_FS)
return -EINVAL;
break;
}

switch(entry->rule.listnr) {
- case AUDIT_FILTER_PATH:
+ case AUDIT_FILTER_FS:
switch(f->type) {
case AUDIT_FSTYPE:
case AUDIT_FILTERKEY:
@@ -933,7 +933,7 @@ static inline int audit_add_rule(struct audit_entry *entry)
switch(entry->rule.listnr) {
case AUDIT_FILTER_USER:
case AUDIT_FILTER_TYPE:
- case AUDIT_FILTER_PATH:
+ case AUDIT_FILTER_FS:
dont_count = 1;
}
#endif
@@ -1015,7 +1015,7 @@ int audit_del_rule(struct audit_entry *entry)
switch(entry->rule.listnr) {
case AUDIT_FILTER_USER:
case AUDIT_FILTER_TYPE:
- case AUDIT_FILTER_PATH:
+ case AUDIT_FILTER_FS:
dont_count = 1;
}
#endif
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index a12531f..7f369b2 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1869,7 +1869,7 @@ void __audit_inode_child(struct inode *parent,
const char *dname = dentry->d_name.name;
struct audit_names *n, *found_parent = NULL, *found_child = NULL;
struct audit_entry *e;
- struct list_head *list = &audit_filter_list[AUDIT_FILTER_PATH];
+ struct list_head *list = &audit_filter_list[AUDIT_FILTER_FS];
int i;

if (!context->in_syscall)
--
1.7.1