Merge tag 'audit-pr-20171113' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoor...

[sfrench/cifs-2.6.git] / kernel / auditsc.c

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 9c723e978245cfe55b33153e6fa36c8761165722..e80459f7e1327731f6960ee5824e22d71037b8c8 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1869,10 +1869,33 @@ void __audit_inode_child(struct inode *parent,
        struct inode *inode = d_backing_inode(dentry);
        const char *dname = dentry->d_name.name;
        struct audit_names *n, *found_parent = NULL, *found_child = NULL;
+       struct audit_entry *e;
+       struct list_head *list = &audit_filter_list[AUDIT_FILTER_FS];
+       int i;
 
        if (!context->in_syscall)
                return;
 
+       rcu_read_lock();
+       if (!list_empty(list)) {
+               list_for_each_entry_rcu(e, list, list) {
+                       for (i = 0; i < e->rule.field_count; i++) {
+                               struct audit_field *f = &e->rule.fields[i];
+
+                               if (f->type == AUDIT_FSTYPE) {
+                                       if (audit_comparator(parent->i_sb->s_magic,
+                                           f->op, f->val)) {
+                                               if (e->rule.action == AUDIT_NEVER) {
+                                                       rcu_read_unlock();
+                                                       return;
+                                               }
+                                       }
+                               }
+                       }
+               }
+       }
+       rcu_read_unlock();
+
        if (inode)
                handle_one(inode);