audit: remove audit_finish_fork as it can't be called
Audit entry,always rules are not allowed and are automatically changed in exit,always rules in userspace. The kernel refuses to load such rules. Thus a task in the middle of a syscall (and thus in audit_finish_fork()) can only be in one of two states: AUDIT_BUILD_CONTEXT or AUDIT_DISABLED. Since the current task cannot be in AUDIT_RECORD_CONTEXT we aren't every going to actually use the code in audit_finish_fork() since it will return without doing anything. Thus drop the code. Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
7ff68e53ec
commit
6422e78de6
|
@ -415,7 +415,6 @@ extern int audit_classify_arch(int arch);
|
||||||
#ifdef CONFIG_AUDITSYSCALL
|
#ifdef CONFIG_AUDITSYSCALL
|
||||||
/* These are defined in auditsc.c */
|
/* These are defined in auditsc.c */
|
||||||
/* Public API */
|
/* Public API */
|
||||||
extern void audit_finish_fork(struct task_struct *child);
|
|
||||||
extern int audit_alloc(struct task_struct *task);
|
extern int audit_alloc(struct task_struct *task);
|
||||||
extern void __audit_free(struct task_struct *task);
|
extern void __audit_free(struct task_struct *task);
|
||||||
extern void __audit_syscall_entry(int arch,
|
extern void __audit_syscall_entry(int arch,
|
||||||
|
@ -586,7 +585,6 @@ static inline void audit_mmap_fd(int fd, int flags)
|
||||||
extern int audit_n_rules;
|
extern int audit_n_rules;
|
||||||
extern int audit_signals;
|
extern int audit_signals;
|
||||||
#else /* CONFIG_AUDITSYSCALL */
|
#else /* CONFIG_AUDITSYSCALL */
|
||||||
#define audit_finish_fork(t)
|
|
||||||
#define audit_alloc(t) ({ 0; })
|
#define audit_alloc(t) ({ 0; })
|
||||||
#define audit_free(t) do { ; } while (0)
|
#define audit_free(t) do { ; } while (0)
|
||||||
#define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
|
#define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
|
||||||
|
|
|
@ -1707,26 +1707,6 @@ void __audit_syscall_entry(int arch, int major,
|
||||||
context->ppid = 0;
|
context->ppid = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void audit_finish_fork(struct task_struct *child)
|
|
||||||
{
|
|
||||||
struct audit_context *ctx = current->audit_context;
|
|
||||||
struct audit_context *p = child->audit_context;
|
|
||||||
if (!p || !ctx)
|
|
||||||
return;
|
|
||||||
if (!ctx->in_syscall || ctx->current_state != AUDIT_RECORD_CONTEXT)
|
|
||||||
return;
|
|
||||||
p->arch = ctx->arch;
|
|
||||||
p->major = ctx->major;
|
|
||||||
memcpy(p->argv, ctx->argv, sizeof(ctx->argv));
|
|
||||||
p->ctime = ctx->ctime;
|
|
||||||
p->dummy = ctx->dummy;
|
|
||||||
p->in_syscall = ctx->in_syscall;
|
|
||||||
p->filterkey = kstrdup(ctx->filterkey, GFP_KERNEL);
|
|
||||||
p->ppid = current->pid;
|
|
||||||
p->prio = ctx->prio;
|
|
||||||
p->current_state = ctx->current_state;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* audit_syscall_exit - deallocate audit context after a system call
|
* audit_syscall_exit - deallocate audit context after a system call
|
||||||
* @pt_regs: syscall registers
|
* @pt_regs: syscall registers
|
||||||
|
|
|
@ -1525,8 +1525,6 @@ long do_fork(unsigned long clone_flags,
|
||||||
init_completion(&vfork);
|
init_completion(&vfork);
|
||||||
}
|
}
|
||||||
|
|
||||||
audit_finish_fork(p);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We set PF_STARTING at creation in case tracing wants to
|
* We set PF_STARTING at creation in case tracing wants to
|
||||||
* use this to distinguish a fully live task from one that
|
* use this to distinguish a fully live task from one that
|
||||||
|
|
Loading…
Reference in New Issue