From: Eric Paris <eparis@redhat.com>
Date: Tue, 3 Jan 2012 19:23:07 +0000 (-0500)
Subject: audit: reject entry,always rules
X-Git-Tag: v3.3-rc1~23^2~15
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7ff68e53ece8c175d2951bb8a30b3cce8f9c5579;p=profile%2Fivi%2Fkernel-adaptation-intel-automotive.git

audit: reject entry,always rules

We deprecated entry,always rules a long time ago.  Reject those rules as
invalid.

Signed-off-by: Eric Paris <eparis@redhat.com>
---

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index d94dde8..903caa2 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -235,13 +235,15 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
 	switch(listnr) {
 	default:
 		goto exit_err;
-	case AUDIT_FILTER_USER:
-	case AUDIT_FILTER_TYPE:
 #ifdef CONFIG_AUDITSYSCALL
 	case AUDIT_FILTER_ENTRY:
+		if (rule->action == AUDIT_ALWAYS)
+			goto exit_err;
 	case AUDIT_FILTER_EXIT:
 	case AUDIT_FILTER_TASK:
 #endif
+	case AUDIT_FILTER_USER:
+	case AUDIT_FILTER_TYPE:
 		;
 	}
 	if (unlikely(rule->action == AUDIT_POSSIBLE)) {