Commit 6422e78d authored by Eric Paris's avatar Eric Paris Committed by Al Viro

audit: remove audit_finish_fork as it can't be called

Audit entry,always rules are not allowed and are automatically changed in
exit,always rules in userspace.  The kernel refuses to load such rules.

Thus a task in the middle of a syscall (and thus in audit_finish_fork())
can only be in one of two states: AUDIT_BUILD_CONTEXT or AUDIT_DISABLED.
Since the current task cannot be in AUDIT_RECORD_CONTEXT we aren't every
going to actually use the code in audit_finish_fork() since it will
return without doing anything.  Thus drop the code.
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 7ff68e53
...@@ -415,7 +415,6 @@ extern int audit_classify_arch(int arch); ...@@ -415,7 +415,6 @@ extern int audit_classify_arch(int arch);
#ifdef CONFIG_AUDITSYSCALL #ifdef CONFIG_AUDITSYSCALL
/* These are defined in auditsc.c */ /* These are defined in auditsc.c */
/* Public API */ /* Public API */
extern void audit_finish_fork(struct task_struct *child);
extern int audit_alloc(struct task_struct *task); extern int audit_alloc(struct task_struct *task);
extern void __audit_free(struct task_struct *task); extern void __audit_free(struct task_struct *task);
extern void __audit_syscall_entry(int arch, extern void __audit_syscall_entry(int arch,
...@@ -586,7 +585,6 @@ static inline void audit_mmap_fd(int fd, int flags) ...@@ -586,7 +585,6 @@ static inline void audit_mmap_fd(int fd, int flags)
extern int audit_n_rules; extern int audit_n_rules;
extern int audit_signals; extern int audit_signals;
#else /* CONFIG_AUDITSYSCALL */ #else /* CONFIG_AUDITSYSCALL */
#define audit_finish_fork(t)
#define audit_alloc(t) ({ 0; }) #define audit_alloc(t) ({ 0; })
#define audit_free(t) do { ; } while (0) #define audit_free(t) do { ; } while (0)
#define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0) #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
......
...@@ -1707,26 +1707,6 @@ void __audit_syscall_entry(int arch, int major, ...@@ -1707,26 +1707,6 @@ void __audit_syscall_entry(int arch, int major,
context->ppid = 0; context->ppid = 0;
} }
void audit_finish_fork(struct task_struct *child)
{
struct audit_context *ctx = current->audit_context;
struct audit_context *p = child->audit_context;
if (!p || !ctx)
return;
if (!ctx->in_syscall || ctx->current_state != AUDIT_RECORD_CONTEXT)
return;
p->arch = ctx->arch;
p->major = ctx->major;
memcpy(p->argv, ctx->argv, sizeof(ctx->argv));
p->ctime = ctx->ctime;
p->dummy = ctx->dummy;
p->in_syscall = ctx->in_syscall;
p->filterkey = kstrdup(ctx->filterkey, GFP_KERNEL);
p->ppid = current->pid;
p->prio = ctx->prio;
p->current_state = ctx->current_state;
}
/** /**
* audit_syscall_exit - deallocate audit context after a system call * audit_syscall_exit - deallocate audit context after a system call
* @pt_regs: syscall registers * @pt_regs: syscall registers
......
...@@ -1525,8 +1525,6 @@ long do_fork(unsigned long clone_flags, ...@@ -1525,8 +1525,6 @@ long do_fork(unsigned long clone_flags,
init_completion(&vfork); init_completion(&vfork);
} }
audit_finish_fork(p);
/* /*
* We set PF_STARTING at creation in case tracing wants to * We set PF_STARTING at creation in case tracing wants to
* use this to distinguish a fully live task from one that * use this to distinguish a fully live task from one that
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment