[PATCH] Exclude messages by message type

[safe/jmp/linux-2.6] / include / linux / audit.h

diff --git a/include/linux/audit.h b/include/linux/audit.h
index fd65078..8fa1a8f 100644 (file)
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -92,8 +92,9 @@
 #define AUDIT_FILTER_ENTRY     0x02    /* Apply rule at syscall entry */
 #define AUDIT_FILTER_WATCH     0x03    /* Apply rule to file system watches */
 #define AUDIT_FILTER_EXIT      0x04    /* Apply rule at syscall exit */
+#define AUDIT_FILTER_TYPE      0x05    /* Apply rule at audit_log_start */
 
-#define AUDIT_NR_FILTERS       5
+#define AUDIT_NR_FILTERS       6
 
 #define AUDIT_FILTER_PREPEND   0x10    /* Prepend to front of list */
 
@@ -132,6 +133,7 @@
 #define AUDIT_LOGINUID 9
 #define AUDIT_PERS     10
 #define AUDIT_ARCH     11
+#define AUDIT_MSGTYPE  12
 
                                /* These are ONLY useful when checking
                                 * at syscall exit time (AUDIT_AT_EXIT). */
@@ -260,7 +262,20 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
 extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
 extern void audit_getname(const char *name);
 extern void audit_putname(const char *name);
-extern void audit_inode(const char *name, const struct inode *inode, unsigned flags);
+extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags);
+extern void __audit_inode_child(const char *dname, const struct inode *inode,
+                               unsigned long pino);
+static inline void audit_inode(const char *name, const struct inode *inode,
+                              unsigned flags) {
+       if (unlikely(current->audit_context))
+               __audit_inode(name, inode, flags);
+}
+static inline void audit_inode_child(const char *dname, 
+                                    const struct inode *inode, 
+                                    unsigned long pino) {
+       if (unlikely(current->audit_context))
+               __audit_inode_child(dname, inode, pino);
+}
 
                                /* Private API (for audit.c only) */
 extern int  audit_receive_filter(int type, int pid, int uid, int seq,
@@ -276,6 +291,7 @@ extern int audit_sockaddr(int len, void *addr);
 extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
 extern void audit_signal_info(int sig, struct task_struct *t);
 extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
+extern int audit_filter_type(int type);
 #else
 #define audit_alloc(t) ({ 0; })
 #define audit_free(t) do { ; } while (0)
@@ -283,7 +299,10 @@ extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
 #define audit_syscall_exit(t,f,r) do { ; } while (0)
 #define audit_getname(n) do { ; } while (0)
 #define audit_putname(n) do { ; } while (0)
+#define __audit_inode(n,i,f) do { ; } while (0)
+#define __audit_inode_child(d,i,p) do { ; } while (0)
 #define audit_inode(n,i,f) do { ; } while (0)
+#define audit_inode_child(d,i,p) do { ; } while (0)
 #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
 #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
 #define audit_get_loginuid(c) ({ -1; })