From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: [RFC][PATCH] audit: get inode pathname patch
Date: Wed, 06 Aug 2008 10:36:46 -0400
Message-ID: <1218033406.9023.7.camel@new-host-2.home>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m76EbLZl019838
	for <linux-audit@redhat.com>; Wed, 6 Aug 2008 10:37:21 -0400
Received: from e2.ny.us.ibm.com (e2.ny.us.ibm.com [32.97.182.142])
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id m76Eb8qh023040
	for <linux-audit@redhat.com>; Wed, 6 Aug 2008 10:37:08 -0400
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236])
	by e2.ny.us.ibm.com (8.13.8/8.13.8) with ESMTP id m76Eb3Av028944
	for <linux-audit@redhat.com>; Wed, 6 Aug 2008 10:37:03 -0400
Received: from d01av01.pok.ibm.com (d01av01.pok.ibm.com [9.56.224.215])
	by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v9.0) with ESMTP id
	m76Eb3cP222332
	for <linux-audit@redhat.com>; Wed, 6 Aug 2008 10:37:03 -0400
Received: from d01av01.pok.ibm.com (loopback [127.0.0.1])
	by d01av01.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id
	m76Eb2bp015594
	for <linux-audit@redhat.com>; Wed, 6 Aug 2008 10:37:02 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Linux Audit <linux-audit@redhat.com>
Cc: David Safford <safford@watson.ibm.com>, Reiner Sailer <sailer@us.ibm.com>
List-Id: linux-audit@redhat.com

We are interested in using auditing's context pathname information.  
Is this the best way of accessing it?

Add support for accessing auditing's inode full pathname.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>

Index: security-testing-2.6/include/linux/audit.h
===================================================================
--- security-testing-2.6.orig/include/linux/audit.h
+++ security-testing-2.6/include/linux/audit.h
@@ -403,6 +403,8 @@ extern void audit_syscall_entry(int arch
 				unsigned long a2, unsigned long a3);
 extern void audit_syscall_exit(int failed, long return_code);
 extern void __audit_getname(const char *name);
+extern const char *audit_get_inode_pathname(struct task_struct *tsk,
+					    struct inode *inode);
 extern void audit_putname(const char *name);
 extern void __audit_inode(const char *name, const struct dentry *dentry);
 extern void __audit_inode_child(const char *dname, const struct dentry *dentry,
Index: security-testing-2.6/kernel/auditsc.c
===================================================================
--- security-testing-2.6.orig/kernel/auditsc.c
+++ security-testing-2.6/kernel/auditsc.c
@@ -1677,6 +1677,28 @@ retry:
 #endif
 }
 
+const char *audit_get_inode_pathname(struct task_struct *tsk,
+				     struct inode *inode)
+{
+	struct audit_context *context;
+	int idx;
+
+	context = tsk->audit_context;
+	if (!context)
+		return NULL;
+	for (idx = 0; idx < context->name_count; idx++) {
+		struct audit_names *n = &context->names[idx];
+
+		if (!n->name)
+			continue;
+
+		if (n->ino == inode->i_ino)
+			return n->name;
+	}
+	return NULL;
+}
+EXPORT_SYMBOL_GPL(audit_get_inode_pathname);
+
 /**
  * audit_getname - add a name to the list
  * @name: name to add