diff options
author | Gaosheng Cui <cuigaosheng1@huawei.com> | 2021-10-16 15:23:51 +0800 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2021-10-18 18:34:37 -0400 |
commit | d9516f346e8b8e9c7dd37976a06a5bde1a871d6f (patch) | |
tree | 0aba70364c97f813187391fb16cc08fae0c151cb | |
parent | 571e5c0efcb29c5dac8cf2949d3eed84ec43056c (diff) |
audit: return early if the filter rule has a lower priority
It is not necessary for audit_filter_rules() functions to check
audit fileds of the rule with a lower priority, and if we did,
there might be some unintended effects, such as the ctx->ppid
may be changed unexpectedly, so return early if the rule has
a lower priority.
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
[PM: slight tweak to the subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | kernel/auditsc.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index a4ba53f5354e..6efb0bb909d0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk, u32 sid; unsigned int sessionid; + if (ctx && rule->prio <= ctx->prio) + return 0; + cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); for (i = 0; i < rule->field_count; i++) { @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk, } if (ctx) { - if (rule->prio <= ctx->prio) - return 0; if (rule->filterkey) { kfree(ctx->filterkey); ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); |