diff options
author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-01 15:01:11 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-04-18 19:52:37 -0400 |
commit | d7a96f3a1ae279a2129653d6cb18d722f2f00f91 (patch) | |
tree | fc38736f303133f80912f1640f2d4fac0027fe04 /kernel/auditfilter.c | |
parent | 03d37d25e0f91b28c4b6d002be6221f1af4b19d8 (diff) |
Audit: internally use the new LSM audit hooks
Convert Audit to use the new LSM Audit hooks instead of
the exported SELinux interface.
Basically, use:
security_audit_rule_init
secuirty_audit_rule_free
security_audit_rule_known
security_audit_rule_match
instad of (respectively) :
selinux_audit_rule_init
selinux_audit_rule_free
audit_rule_has_selinux
selinux_audit_rule_match
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/auditfilter.c')
-rw-r--r-- | kernel/auditfilter.c | 61 |
1 files changed, 17 insertions, 44 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 35e58a146eff..7c69cb5e44fb 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -29,7 +29,6 @@ | |||
29 | #include <linux/sched.h> | 29 | #include <linux/sched.h> |
30 | #include <linux/inotify.h> | 30 | #include <linux/inotify.h> |
31 | #include <linux/security.h> | 31 | #include <linux/security.h> |
32 | #include <linux/selinux.h> | ||
33 | #include "audit.h" | 32 | #include "audit.h" |
34 | 33 | ||
35 | /* | 34 | /* |
@@ -39,7 +38,7 @@ | |||
39 | * Synchronizes writes and blocking reads of audit's filterlist | 38 | * Synchronizes writes and blocking reads of audit's filterlist |
40 | * data. Rcu is used to traverse the filterlist and access | 39 | * data. Rcu is used to traverse the filterlist and access |
41 | * contents of structs audit_entry, audit_watch and opaque | 40 | * contents of structs audit_entry, audit_watch and opaque |
42 | * selinux rules during filtering. If modified, these structures | 41 | * LSM rules during filtering. If modified, these structures |
43 | * must be copied and replace their counterparts in the filterlist. | 42 | * must be copied and replace their counterparts in the filterlist. |
44 | * An audit_parent struct is not accessed during filtering, so may | 43 | * An audit_parent struct is not accessed during filtering, so may |
45 | * be written directly provided audit_filter_mutex is held. | 44 | * be written directly provided audit_filter_mutex is held. |
@@ -141,7 +140,7 @@ static inline void audit_free_rule(struct audit_entry *e) | |||
141 | for (i = 0; i < e->rule.field_count; i++) { | 140 | for (i = 0; i < e->rule.field_count; i++) { |
142 | struct audit_field *f = &e->rule.fields[i]; | 141 | struct audit_field *f = &e->rule.fields[i]; |
143 | kfree(f->se_str); | 142 | kfree(f->se_str); |
144 | selinux_audit_rule_free(f->se_rule); | 143 | security_audit_rule_free(f->se_rule); |
145 | } | 144 | } |
146 | kfree(e->rule.fields); | 145 | kfree(e->rule.fields); |
147 | kfree(e->rule.filterkey); | 146 | kfree(e->rule.filterkey); |
@@ -598,12 +597,12 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
598 | goto exit_free; | 597 | goto exit_free; |
599 | entry->rule.buflen += f->val; | 598 | entry->rule.buflen += f->val; |
600 | 599 | ||
601 | err = selinux_audit_rule_init(f->type, f->op, str, | 600 | err = security_audit_rule_init(f->type, f->op, str, |
602 | &f->se_rule); | 601 | (void **)&f->se_rule); |
603 | /* Keep currently invalid fields around in case they | 602 | /* Keep currently invalid fields around in case they |
604 | * become valid after a policy reload. */ | 603 | * become valid after a policy reload. */ |
605 | if (err == -EINVAL) { | 604 | if (err == -EINVAL) { |
606 | printk(KERN_WARNING "audit rule for selinux " | 605 | printk(KERN_WARNING "audit rule for LSM " |
607 | "\'%s\' is invalid\n", str); | 606 | "\'%s\' is invalid\n", str); |
608 | err = 0; | 607 | err = 0; |
609 | } | 608 | } |
@@ -863,9 +862,9 @@ out: | |||
863 | return new; | 862 | return new; |
864 | } | 863 | } |
865 | 864 | ||
866 | /* Duplicate selinux field information. The se_rule is opaque, so must be | 865 | /* Duplicate LSM field information. The se_rule is opaque, so must be |
867 | * re-initialized. */ | 866 | * re-initialized. */ |
868 | static inline int audit_dupe_selinux_field(struct audit_field *df, | 867 | static inline int audit_dupe_lsm_field(struct audit_field *df, |
869 | struct audit_field *sf) | 868 | struct audit_field *sf) |
870 | { | 869 | { |
871 | int ret = 0; | 870 | int ret = 0; |
@@ -878,12 +877,12 @@ static inline int audit_dupe_selinux_field(struct audit_field *df, | |||
878 | df->se_str = se_str; | 877 | df->se_str = se_str; |
879 | 878 | ||
880 | /* our own (refreshed) copy of se_rule */ | 879 | /* our own (refreshed) copy of se_rule */ |
881 | ret = selinux_audit_rule_init(df->type, df->op, df->se_str, | 880 | ret = security_audit_rule_init(df->type, df->op, df->se_str, |
882 | &df->se_rule); | 881 | (void **)&df->se_rule); |
883 | /* Keep currently invalid fields around in case they | 882 | /* Keep currently invalid fields around in case they |
884 | * become valid after a policy reload. */ | 883 | * become valid after a policy reload. */ |
885 | if (ret == -EINVAL) { | 884 | if (ret == -EINVAL) { |
886 | printk(KERN_WARNING "audit rule for selinux \'%s\' is " | 885 | printk(KERN_WARNING "audit rule for LSM \'%s\' is " |
887 | "invalid\n", df->se_str); | 886 | "invalid\n", df->se_str); |
888 | ret = 0; | 887 | ret = 0; |
889 | } | 888 | } |
@@ -892,7 +891,7 @@ static inline int audit_dupe_selinux_field(struct audit_field *df, | |||
892 | } | 891 | } |
893 | 892 | ||
894 | /* Duplicate an audit rule. This will be a deep copy with the exception | 893 | /* Duplicate an audit rule. This will be a deep copy with the exception |
895 | * of the watch - that pointer is carried over. The selinux specific fields | 894 | * of the watch - that pointer is carried over. The LSM specific fields |
896 | * will be updated in the copy. The point is to be able to replace the old | 895 | * will be updated in the copy. The point is to be able to replace the old |
897 | * rule with the new rule in the filterlist, then free the old rule. | 896 | * rule with the new rule in the filterlist, then free the old rule. |
898 | * The rlist element is undefined; list manipulations are handled apart from | 897 | * The rlist element is undefined; list manipulations are handled apart from |
@@ -945,7 +944,7 @@ static struct audit_entry *audit_dupe_rule(struct audit_krule *old, | |||
945 | case AUDIT_OBJ_TYPE: | 944 | case AUDIT_OBJ_TYPE: |
946 | case AUDIT_OBJ_LEV_LOW: | 945 | case AUDIT_OBJ_LEV_LOW: |
947 | case AUDIT_OBJ_LEV_HIGH: | 946 | case AUDIT_OBJ_LEV_HIGH: |
948 | err = audit_dupe_selinux_field(&new->fields[i], | 947 | err = audit_dupe_lsm_field(&new->fields[i], |
949 | &old->fields[i]); | 948 | &old->fields[i]); |
950 | break; | 949 | break; |
951 | case AUDIT_FILTERKEY: | 950 | case AUDIT_FILTERKEY: |
@@ -1763,38 +1762,12 @@ unlock_and_return: | |||
1763 | return result; | 1762 | return result; |
1764 | } | 1763 | } |
1765 | 1764 | ||
1766 | /* Check to see if the rule contains any selinux fields. Returns 1 if there | ||
1767 | are selinux fields specified in the rule, 0 otherwise. */ | ||
1768 | static inline int audit_rule_has_selinux(struct audit_krule *rule) | ||
1769 | { | ||
1770 | int i; | ||
1771 | |||
1772 | for (i = 0; i < rule->field_count; i++) { | ||
1773 | struct audit_field *f = &rule->fields[i]; | ||
1774 | switch (f->type) { | ||
1775 | case AUDIT_SUBJ_USER: | ||
1776 | case AUDIT_SUBJ_ROLE: | ||
1777 | case AUDIT_SUBJ_TYPE: | ||
1778 | case AUDIT_SUBJ_SEN: | ||
1779 | case AUDIT_SUBJ_CLR: | ||
1780 | case AUDIT_OBJ_USER: | ||
1781 | case AUDIT_OBJ_ROLE: | ||
1782 | case AUDIT_OBJ_TYPE: | ||
1783 | case AUDIT_OBJ_LEV_LOW: | ||
1784 | case AUDIT_OBJ_LEV_HIGH: | ||
1785 | return 1; | ||
1786 | } | ||
1787 | } | ||
1788 | |||
1789 | return 0; | ||
1790 | } | ||
1791 | |||
1792 | /* This function will re-initialize the se_rule field of all applicable rules. | 1765 | /* This function will re-initialize the se_rule field of all applicable rules. |
1793 | * It will traverse the filter lists serarching for rules that contain selinux | 1766 | * It will traverse the filter lists serarching for rules that contain LSM |
1794 | * specific filter fields. When such a rule is found, it is copied, the | 1767 | * specific filter fields. When such a rule is found, it is copied, the |
1795 | * selinux field is re-initialized, and the old rule is replaced with the | 1768 | * LSM field is re-initialized, and the old rule is replaced with the |
1796 | * updated rule. */ | 1769 | * updated rule. */ |
1797 | int selinux_audit_rule_update(void) | 1770 | int audit_update_lsm_rules(void) |
1798 | { | 1771 | { |
1799 | struct audit_entry *entry, *n, *nentry; | 1772 | struct audit_entry *entry, *n, *nentry; |
1800 | struct audit_watch *watch; | 1773 | struct audit_watch *watch; |
@@ -1806,7 +1779,7 @@ int selinux_audit_rule_update(void) | |||
1806 | 1779 | ||
1807 | for (i = 0; i < AUDIT_NR_FILTERS; i++) { | 1780 | for (i = 0; i < AUDIT_NR_FILTERS; i++) { |
1808 | list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) { | 1781 | list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) { |
1809 | if (!audit_rule_has_selinux(&entry->rule)) | 1782 | if (!security_audit_rule_known(&entry->rule)) |
1810 | continue; | 1783 | continue; |
1811 | 1784 | ||
1812 | watch = entry->rule.watch; | 1785 | watch = entry->rule.watch; |
@@ -1817,7 +1790,7 @@ int selinux_audit_rule_update(void) | |||
1817 | * return value */ | 1790 | * return value */ |
1818 | if (!err) | 1791 | if (!err) |
1819 | err = PTR_ERR(nentry); | 1792 | err = PTR_ERR(nentry); |
1820 | audit_panic("error updating selinux filters"); | 1793 | audit_panic("error updating LSM filters"); |
1821 | if (watch) | 1794 | if (watch) |
1822 | list_del(&entry->rule.rlist); | 1795 | list_del(&entry->rule.rlist); |
1823 | list_del_rcu(&entry->list); | 1796 | list_del_rcu(&entry->list); |