Now that we've added audit_find_rule(), make audit_del_rule() use it
too.
Signed-off-by: Amy Griffis <[EMAIL PROTECTED]>
---
kernel/auditfilter.c | 101 +++++++++++++++++++-------------------------------
1 files changed, 39 insertions(+), 62 deletions(-)
49331df422d7d3f7b1d387c4373bb3113f45f04d
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 3cedc73..461f404 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1102,83 +1102,60 @@ error:
return err;
}
-/* Rule removal helper.
- * Caller must hold audit_filter_mutex. */
-static inline int audit_do_del_rule(struct audit_entry *entry,
- struct list_head *list,
- struct list_head *inotify_list)
+/* Remove an existing rule from filterlist. */
+static inline int audit_del_rule(struct audit_entry *entry,
+ struct list_head *list)
{
struct audit_entry *e;
+ struct audit_field *inode_f = entry->rule.inode_f;
+ struct audit_watch *watch, *tmp_watch = entry->rule.watch;
+ LIST_HEAD(inotify_list);
+ int h, ret = 0;
- list_for_each_entry(e, list, list) {
- struct audit_watch *watch = e->rule.watch;
+ if (inode_f) {
+ h = audit_hash_ino(inode_f->val);
+ list = &audit_inode_hash[h];
+ }
- if (audit_compare_rule(&entry->rule, &e->rule))
- continue;
+ mutex_lock(&audit_filter_mutex);
+ e = audit_find_rule(entry, list);
+ if (!e) {
+ mutex_unlock(&audit_filter_mutex);
+ ret = -ENOENT;
+ goto out;
+ }
- if (watch) {
- struct audit_parent *parent = watch->parent;
+ watch = e->rule.watch;
+ if (watch) {
+ struct audit_parent *parent = watch->parent;
- list_del(&e->rule.rlist);
+ list_del(&e->rule.rlist);
- if (list_empty(&watch->rules)) {
- audit_remove_watch(watch);
+ if (list_empty(&watch->rules)) {
+ audit_remove_watch(watch);
- if (list_empty(&parent->watches)) {
- /* Put parent on the inotify
- * un-registration list. Grab
- * a reference before releasing
- * audit_filter_mutex, to be released in
- * audit_inotify_unregister(). */
- list_add(&parent->ilist, inotify_list);
- get_inotify_watch(&parent->wdata);
- }
+ if (list_empty(&parent->watches)) {
+ /* Put parent on the inotify un-registration
+ * list. Grab a reference before releasing
+ * audit_filter_mutex, to be released in
+ * audit_inotify_unregister(). */
+ list_add(&parent->ilist, &inotify_list);
+ get_inotify_watch(&parent->wdata);
}
}
-
- list_del_rcu(&e->list);
- call_rcu(&e->rcu, audit_free_rule_rcu);
-
- return 0;
}
- return -ENOENT; /* No matching rule */
-}
-/* Remove an existing rule from filterlist. */
-static inline int audit_del_rule(struct audit_entry *entry,
- struct list_head *list)
-{
- int h, ret;
- struct audit_field *inode_f = entry->rule.inode_f;
- struct audit_watch *watch = entry->rule.watch;
- LIST_HEAD(inotify_list);
+ list_del_rcu(&e->list);
+ call_rcu(&e->rcu, audit_free_rule_rcu);
- if (watch) {
- mutex_lock(&audit_filter_mutex);
- /* we don't know the inode number, so must walk entire hash */
- for (h = 0; h < AUDIT_INODE_BUCKETS; h++) {
- list = &audit_inode_hash[h];
- ret = audit_do_del_rule(entry, list, &inotify_list);
- if (!ret)
- break;
- }
- mutex_unlock(&audit_filter_mutex);
-
- if (!list_empty(&inotify_list))
- audit_inotify_unregister(&inotify_list);
+ mutex_unlock(&audit_filter_mutex);
- /* match initial get for tmp watch */
- audit_put_watch(watch);
+ if (!list_empty(&inotify_list))
+ audit_inotify_unregister(&inotify_list);
- } else {
- if (inode_f) {
- h = audit_hash_ino(inode_f->val);
- list = &audit_inode_hash[h];
- }
- mutex_lock(&audit_filter_mutex);
- ret = audit_do_del_rule(entry, list, &inotify_list);
- mutex_unlock(&audit_filter_mutex);
- }
+out:
+ if (tmp_watch)
+ audit_put_watch(tmp_watch); /* match initial get */
return ret;
}
--
1.3.0
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
