[PATCH] audit: convert AUDIT_FILTER_PATH to AUDIT_FILTER_FS

Tue Jun 27 18:47:02 UTC 2017

Switch from AUDIT_FILTER_PATH to AUDIT_FILTER_FS to align with the userspace
request to avoid a name collision with the path record and path field option.

Also update the corresponding feature bitmap macros.

See: https://github.com/linux-audit/audit-kernel/issues/8
See: https://github.com/linux-audit/audit-userspace/issues/15

Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
---
 include/uapi/linux/audit.h |    6 +++---
 kernel/auditfilter.c       |   10 +++++-----
 kernel/auditsc.c           |    2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 0464910..cfaf346 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -155,7 +155,7 @@
 #define AUDIT_FILTER_WATCH	0x03	/* Apply rule to file system watches */
 #define AUDIT_FILTER_EXIT	0x04	/* Apply rule at syscall exit */
 #define AUDIT_FILTER_TYPE	0x05	/* Apply rule at audit_log_start */
-#define AUDIT_FILTER_PATH	0x06	/* Apply rule at __audit_inode_child */
+#define AUDIT_FILTER_FS		0x06	/* Apply rule at __audit_inode_child */
 
 #define AUDIT_NR_FILTERS	7
 
@@ -336,14 +336,14 @@ enum {
 #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH	0x00000004
 #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER	0x00000010
 #define AUDIT_FEATURE_BITMAP_LOST_RESET		0x00000020
-#define AUDIT_FEATURE_BITMAP_FILTER_PATH	0x00000040
+#define AUDIT_FEATURE_BITMAP_FILTER_FS		0x00000040
 
 #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
 				  AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
 				  AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
 				  AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \
 				  AUDIT_FEATURE_BITMAP_LOST_RESET | \
-				  AUDIT_FEATURE_BITMAP_FILTER_PATH)
+				  AUDIT_FEATURE_BITMAP_FILTER_FS)
 
 /* deprecated: AUDIT_VERSION_* */
 #define AUDIT_VERSION_LATEST 		AUDIT_FEATURE_BITMAP_ALL
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 3e0ccf2..0fe34ce 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -265,7 +265,7 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule_data *
 #endif
 	case AUDIT_FILTER_USER:
 	case AUDIT_FILTER_TYPE:
-	case AUDIT_FILTER_PATH:
+	case AUDIT_FILTER_FS:
 		;
 	}
 	if (unlikely(rule->action == AUDIT_POSSIBLE)) {
@@ -342,13 +342,13 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)
 			return -EINVAL;
 		break;
 	case AUDIT_FSTYPE:
-		if (entry->rule.listnr != AUDIT_FILTER_PATH)
+		if (entry->rule.listnr != AUDIT_FILTER_FS)
 			return -EINVAL;
 		break;
 	}
 
 	switch(entry->rule.listnr) {
-	case AUDIT_FILTER_PATH:
+	case AUDIT_FILTER_FS:
 		switch(f->type) {
 		case AUDIT_FSTYPE:
 		case AUDIT_FILTERKEY:
@@ -933,7 +933,7 @@ static inline int audit_add_rule(struct audit_entry *entry)
 	switch(entry->rule.listnr) {
 	case AUDIT_FILTER_USER:
 	case AUDIT_FILTER_TYPE:
-	case AUDIT_FILTER_PATH:
+	case AUDIT_FILTER_FS:
 		dont_count = 1;
 	}
 #endif
@@ -1015,7 +1015,7 @@ int audit_del_rule(struct audit_entry *entry)
 	switch(entry->rule.listnr) {
 	case AUDIT_FILTER_USER:
 	case AUDIT_FILTER_TYPE:
-	case AUDIT_FILTER_PATH:
+	case AUDIT_FILTER_FS:
 		dont_count = 1;
 	}
 #endif
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index a12531f..7f369b2 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1869,7 +1869,7 @@ void __audit_inode_child(struct inode *parent,
 	const char *dname = dentry->d_name.name;
 	struct audit_names *n, *found_parent = NULL, *found_child = NULL;
 	struct audit_entry *e;
-	struct list_head *list = &audit_filter_list[AUDIT_FILTER_PATH];
+	struct list_head *list = &audit_filter_list[AUDIT_FILTER_FS];
 	int i;
 
 	if (!context->in_syscall)
-- 
1.7.1


