From 4a4cd633b575609b741a1de7837223a2d9e1c34c Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@shinybook.infradead.org>
Date: Wed, 22 Jun 2005 14:56:47 +0100
Subject: AUDIT: Optimise the audit-disabled case for discarding user messages

Also exempt USER_AVC message from being discarded to preserve
existing behaviour for SE Linux.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 kernel/auditsc.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'kernel/auditsc.c')

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index cb8a44945157..fc858b0c044a 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -530,22 +530,33 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
 	return AUDIT_BUILD_CONTEXT;
 }
 
-int audit_filter_user(struct task_struct *tsk, int type)
+int audit_filter_user(int pid, int type)
 {
+	struct task_struct *tsk;
 	struct audit_entry *e;
 	enum audit_state   state;
+	int ret = 1;
 
-	if (audit_pid && tsk->pid == audit_pid)
-		return AUDIT_DISABLED;
+	read_lock(&tasklist_lock);
+	tsk = find_task_by_pid(pid);
+	if (tsk)
+		get_task_struct(tsk);
+	read_unlock(&tasklist_lock);
+
+	if (!tsk)
+		return -ESRCH;
 
 	rcu_read_lock();
 	list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
 		if (audit_filter_rules(tsk, &e->rule, NULL, &state)) {
-			rcu_read_unlock();
-			return state != AUDIT_DISABLED;
+			if (state == AUDIT_DISABLED)
+				ret = 0;
+			break;
 		}
 	}
 	rcu_read_unlock();
+	put_task_struct(tsk);
+
 	return 1; /* Audit by default */
 
 }
-- 
cgit v1.2.3