Audit: internally use the new LSM audit hooks

Convert Audit to use the new LSM Audit hooks instead of the exported SELinux interface. Basically, use: security_audit_rule_init secuirty_audit_rule_free security_audit_rule_known security_audit_rule_match instad of (respectively) : selinux_audit_rule_init selinux_audit_rule_free audit_rule_has_selinux selinux_audit_rule_match Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org>
author: Ahmed S. Darwish <darwish.07@gmail.com> 2008-03-01 15:01:11 -0500
committer: James Morris <jmorris@namei.org> 2008-04-18 19:52:37 -0400
commit: d7a96f3a1ae279a2129653d6cb18d722f2f00f91 (patch)
tree: fc38736f303133f80912f1640f2d4fac0027fe04 /kernel/auditfilter.c
parent: 03d37d25e0f91b28c4b6d002be6221f1af4b19d8 (diff)
1 files changed, 17 insertions, 44 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 35e58a146eff..7c69cb5e44fb 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -29,7 +29,6 @@
 #include <linux/sched.h>
 #include <linux/inotify.h>
 #include <linux/security.h>
-#include <linux/selinux.h>
 #include "audit.h"
 /*
@@ -39,7 +38,7 @@
 *              Synchronizes writes and blocking reads of audit's filterlist
 *              data.  Rcu is used to traverse the filterlist and access
 *              contents of structs audit_entry, audit_watch and opaque
- *              selinux rules during filtering.  If modified, these structures
+ *              LSM rules during filtering.  If modified, these structures
 *              must be copied and replace their counterparts in the filterlist.
 *              An audit_parent struct is not accessed during filtering, so may
 *              be written directly provided audit_filter_mutex is held.
@@ -141,7 +140,7 @@ static inline void audit_free_rule(struct audit_entry *e)
                for (i = 0; i < e->rule.field_count; i++) {
                        struct audit_field *f = &e->rule.fields[i];
                        kfree(f->se_str);
-                        selinux_audit_rule_free(f->se_rule);
+                        security_audit_rule_free(f->se_rule);
                }
        kfree(e->rule.fields);
        kfree(e->rule.filterkey);
@@ -598,12 +597,12 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
                                goto exit_free;
                        entry->rule.buflen += f->val;
-                        err = selinux_audit_rule_init(f->type, f->op, str,
+                        err = security_audit_rule_init(f->type, f->op, str,
-                                                      &f->se_rule);
+                                                       (void **)&f->se_rule);
                        /* Keep currently invalid fields around in case they
                         * become valid after a policy reload. */
                        if (err == -EINVAL) {
-                                printk(KERN_WARNING "audit rule for selinux "
+                                printk(KERN_WARNING "audit rule for LSM "
                                       "\'%s\' is invalid\n",  str);
                                err = 0;
                        }
@@ -863,9 +862,9 @@ out:
        return new;
 }
-/* Duplicate selinux field information.  The se_rule is opaque, so must be
+/* Duplicate LSM field information.  The se_rule is opaque, so must be
 * re-initialized. */
-static inline int audit_dupe_selinux_field(struct audit_field *df,
+static inline int audit_dupe_lsm_field(struct audit_field *df,
                                           struct audit_field *sf)
 {
        int ret = 0;
@@ -878,12 +877,12 @@ static inline int audit_dupe_selinux_field(struct audit_field *df,
        df->se_str = se_str;
        /* our own (refreshed) copy of se_rule */
-        ret = selinux_audit_rule_init(df->type, df->op, df->se_str,
+        ret = security_audit_rule_init(df->type, df->op, df->se_str,
-                                      &df->se_rule);
+                                       (void **)&df->se_rule);
        /* Keep currently invalid fields around in case they
         * become valid after a policy reload. */
        if (ret == -EINVAL) {
-                printk(KERN_WARNING "audit rule for selinux \'%s\' is "
+                printk(KERN_WARNING "audit rule for LSM \'%s\' is "
                       "invalid\n", df->se_str);
                ret = 0;
        }
@@ -892,7 +891,7 @@ static inline int audit_dupe_selinux_field(struct audit_field *df,
 }
 /* Duplicate an audit rule.  This will be a deep copy with the exception
- * of the watch - that pointer is carried over.  The selinux specific fields
+ * of the watch - that pointer is carried over.  The LSM specific fields
 * will be updated in the copy.  The point is to be able to replace the old
 * rule with the new rule in the filterlist, then free the old rule.
 * The rlist element is undefined; list manipulations are handled apart from
@@ -945,7 +944,7 @@ static struct audit_entry *audit_dupe_rule(struct audit_krule *old,
                case AUDIT_OBJ_TYPE:
                case AUDIT_OBJ_LEV_LOW:
                case AUDIT_OBJ_LEV_HIGH:
-                        err = audit_dupe_selinux_field(&new->fields[i],
+                        err = audit_dupe_lsm_field(&new->fields[i],
                                                       &old->fields[i]);
                        break;
                case AUDIT_FILTERKEY:
@@ -1763,38 +1762,12 @@ unlock_and_return:
        return result;
 }
-/* Check to see if the rule contains any selinux fields.  Returns 1 if there
-   are selinux fields specified in the rule, 0 otherwise. */
-static inline int audit_rule_has_selinux(struct audit_krule *rule)
-{
-        int i;
-        for (i = 0; i < rule->field_count; i++) {
-                struct audit_field *f = &rule->fields[i];
-                switch (f->type) {
-                case AUDIT_SUBJ_USER:
-                case AUDIT_SUBJ_ROLE:
-                case AUDIT_SUBJ_TYPE:
-                case AUDIT_SUBJ_SEN:
-                case AUDIT_SUBJ_CLR:
-                case AUDIT_OBJ_USER:
-                case AUDIT_OBJ_ROLE:
-                case AUDIT_OBJ_TYPE:
-                case AUDIT_OBJ_LEV_LOW:
-                case AUDIT_OBJ_LEV_HIGH:
-                        return 1;
-                }
-        }
-        return 0;
-}
 /* This function will re-initialize the se_rule field of all applicable rules.
- * It will traverse the filter lists serarching for rules that contain selinux
+ * It will traverse the filter lists serarching for rules that contain LSM
 * specific filter fields.  When such a rule is found, it is copied, the
- * selinux field is re-initialized, and the old rule is replaced with the
+ * LSM field is re-initialized, and the old rule is replaced with the
 * updated rule. */
-int selinux_audit_rule_update(void)
+int audit_update_lsm_rules(void)
 {
        struct audit_entry *entry, *n, *nentry;
        struct audit_watch *watch;
@@ -1806,7 +1779,7 @@ int selinux_audit_rule_update(void)
        for (i = 0; i < AUDIT_NR_FILTERS; i++) {
                list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) {
-                        if (!audit_rule_has_selinux(&entry->rule))
+                        if (!security_audit_rule_known(&entry->rule))
                                continue;
                        watch = entry->rule.watch;
@@ -1817,7 +1790,7 @@ int selinux_audit_rule_update(void)
                                 * return value */
                                if (!err)
                                        err = PTR_ERR(nentry);
-                                audit_panic("error updating selinux filters");
+                                audit_panic("error updating LSM filters");
                                if (watch)
                                        list_del(&entry->rule.rlist);
                                list_del_rcu(&entry->list);
author	Ahmed S. Darwish <darwish.07@gmail.com>	2008-03-01 15:01:11 -0500
committer	James Morris <jmorris@namei.org>	2008-04-18 19:52:37 -0400
commit	d7a96f3a1ae279a2129653d6cb18d722f2f00f91 (patch)
tree	fc38736f303133f80912f1640f2d4fac0027fe04 /kernel/auditfilter.c
parent	03d37d25e0f91b28c4b6d002be6221f1af4b19d8 (diff)