From mboxrd@z Thu Jan  1 00:00:00 1970
From: Richard Guy Briggs <rgb@redhat.com>
Subject: [PATCH 10/14] fixup! audit: implement audit by executable
Date: Tue, 17 Jun 2014 23:09:45 -0400
Message-ID: <21d32940e47f2ab4692508629bb47f0ae705c774.1403060033.git.rgb@redhat.com>
References: <cover.1403060033.git.rgb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <cover.1403060033.git.rgb@redhat.com>
In-Reply-To: <cover.1403060033.git.rgb@redhat.com>
References: <cover.1403060033.git.rgb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
Cc: Richard Guy Briggs <rgb@redhat.com>
List-Id: linux-audit@redhat.com

Check for existence of exe rule.
---
 kernel/audit_tree.c  |    2 +-
 kernel/audit_watch.c |    2 +-
 kernel/auditfilter.c |    4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 135944a..b4bf5d2 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -632,7 +632,7 @@ int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op)
 	if (pathname[0] != '/' ||
 	    rule->listnr != AUDIT_FILTER_EXIT ||
 	    op != Audit_equal ||
-	    rule->inode_f || rule->watch || rule->tree)
+	    rule->inode_f || rule->watch || rule->exe || rule->tree)
 		return -EINVAL;
 	rule->tree = alloc_tree(pathname);
 	if (!rule->tree)
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 70b4554..1169de3 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -196,7 +196,7 @@ int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op)
 	if (path[0] != '/' || path[len-1] == '/' ||
 	    krule->listnr != AUDIT_FILTER_EXIT ||
 	    op != Audit_equal ||
-	    krule->inode_f || krule->watch || krule->tree)
+	    krule->inode_f || krule->watch || krule->exe || krule->tree)
 		return -EINVAL;
 
 	watch = audit_init_watch(path);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index cae8eae..eede673 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -148,7 +148,7 @@ static inline int audit_to_inode(struct audit_krule *krule,
 				 struct audit_field *f)
 {
 	if (krule->listnr != AUDIT_FILTER_EXIT ||
-	    krule->inode_f || krule->watch || krule->tree ||
+	    krule->inode_f || krule->watch || krule->exe || krule->tree ||
 	    (f->op != Audit_equal && f->op != Audit_not_equal))
 		return -EINVAL;
 
@@ -1423,7 +1423,7 @@ static int update_lsm_rule(struct audit_krule *r)
 		list_del_rcu(&entry->list);
 		list_del(&r->list);
 	} else {
-		if (r->watch || r->tree)
+		if (r->watch || r->exe || r->tree)
 			list_replace_init(&r->rlist, &nentry->rule.rlist);
 		list_replace_rcu(&entry->list, &nentry->list);
 		list_replace(&r->list, &nentry->rule.list);
-- 
1.7.1