audit: deprecate the AUDIT_FILTER_ENTRY filter (5260ecc2) · Commits · EulixOS / Software / Kernel

kernel/auditfilter.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -258,7 +258,7 @@ static inline struct audit_entry audit_to_entry_common(struct audit_rule_data
		goto exit_err;
		#ifdef CONFIG_AUDITSYSCALL
		case AUDIT_FILTER_ENTRY:
		if (rule->action == AUDIT_ALWAYS)
		pr_err("AUDIT_FILTER_ENTRY is deprecated\n");
		goto exit_err;
		case AUDIT_FILTER_EXIT:
		case AUDIT_FILTER_TASK:

+11 −10

Original line number	Diff line number	Diff line
		@@ -1519,22 +1519,23 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2,
		if (!audit_enabled)
		return;

		context->arch = syscall_get_arch();
		context->major = major;
		context->argv[0] = a1;
		context->argv[1] = a2;
		context->argv[2] = a3;
		context->argv[3] = a4;

		state = context->state;
		if (state == AUDIT_DISABLED)
		return;

		context->dummy = !audit_n_rules;
		if (!context->dummy && state == AUDIT_BUILD_CONTEXT) {
		context->prio = 0;
		state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_ENTRY]);
		}
		if (state == AUDIT_DISABLED)
		if (auditd_test_task(tsk))
		return;
		}

		context->arch = syscall_get_arch();
		context->major = major;
		context->argv[0] = a1;
		context->argv[1] = a2;
		context->argv[2] = a3;
		context->argv[3] = a4;
		context->serial = 0;
		context->ctime = current_kernel_time64();
		context->in_syscall = 1;