diff options
author | Eric Paris <eparis@redhat.com> | 2012-04-04 15:01:43 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2012-04-09 12:23:04 -0400 |
commit | 50c205f5e5c2e2af002fd4ef537ded79b90b1b56 (patch) | |
tree | 9965a7746aa8c5e982357d5b8c46850f3283206c | |
parent | 07f62eb66c6626aa5653a0fcb34c9c040d0bd032 (diff) |
LSM: do not initialize common_audit_data to 0
It isn't needed. If you don't set the type of the data associated with
that type it is a pretty obvious programming bug. So why waste the cycles?
Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r-- | include/linux/lsm_audit.h | 5 | ||||
-rw-r--r-- | security/apparmor/capability.c | 2 | ||||
-rw-r--r-- | security/apparmor/file.c | 2 | ||||
-rw-r--r-- | security/apparmor/ipc.c | 2 | ||||
-rw-r--r-- | security/apparmor/lib.c | 2 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 2 | ||||
-rw-r--r-- | security/apparmor/policy.c | 2 | ||||
-rw-r--r-- | security/apparmor/policy_unpack.c | 2 | ||||
-rw-r--r-- | security/apparmor/resource.c | 2 | ||||
-rw-r--r-- | security/selinux/avc.c | 2 | ||||
-rw-r--r-- | security/selinux/hooks.c | 68 | ||||
-rw-r--r-- | security/smack/smack.h | 2 |
12 files changed, 44 insertions, 49 deletions
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h index 75368c1aac78..1cc89e9df480 100644 --- a/include/linux/lsm_audit.h +++ b/include/linux/lsm_audit.h | |||
@@ -92,11 +92,6 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb, | |||
92 | int ipv6_skb_to_auditdata(struct sk_buff *skb, | 92 | int ipv6_skb_to_auditdata(struct sk_buff *skb, |
93 | struct common_audit_data *ad, u8 *proto); | 93 | struct common_audit_data *ad, u8 *proto); |
94 | 94 | ||
95 | /* Initialize an LSM audit data structure. */ | ||
96 | #define COMMON_AUDIT_DATA_INIT(_d, _t) \ | ||
97 | { memset((_d), 0, sizeof(struct common_audit_data)); \ | ||
98 | (_d)->type = _t; } | ||
99 | |||
100 | void common_lsm_audit(struct common_audit_data *a, | 95 | void common_lsm_audit(struct common_audit_data *a, |
101 | void (*pre_audit)(struct audit_buffer *, void *), | 96 | void (*pre_audit)(struct audit_buffer *, void *), |
102 | void (*post_audit)(struct audit_buffer *, void *)); | 97 | void (*post_audit)(struct audit_buffer *, void *)); |
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index b66a0e4a5693..887a5e948945 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c | |||
@@ -65,7 +65,7 @@ static int audit_caps(struct aa_profile *profile, struct task_struct *task, | |||
65 | int type = AUDIT_APPARMOR_AUTO; | 65 | int type = AUDIT_APPARMOR_AUTO; |
66 | struct common_audit_data sa; | 66 | struct common_audit_data sa; |
67 | struct apparmor_audit_data aad = {0,}; | 67 | struct apparmor_audit_data aad = {0,}; |
68 | COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_CAP); | 68 | sa.type = LSM_AUDIT_DATA_CAP; |
69 | sa.aad = &aad; | 69 | sa.aad = &aad; |
70 | sa.u.cap = cap; | 70 | sa.u.cap = cap; |
71 | sa.aad->tsk = task; | 71 | sa.aad->tsk = task; |
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 6ab264ca85cc..cf19d4093ca4 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c | |||
@@ -108,7 +108,7 @@ int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, | |||
108 | int type = AUDIT_APPARMOR_AUTO; | 108 | int type = AUDIT_APPARMOR_AUTO; |
109 | struct common_audit_data sa; | 109 | struct common_audit_data sa; |
110 | struct apparmor_audit_data aad = {0,}; | 110 | struct apparmor_audit_data aad = {0,}; |
111 | COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); | 111 | sa.type = LSM_AUDIT_DATA_NONE; |
112 | sa.aad = &aad; | 112 | sa.aad = &aad; |
113 | aad.op = op, | 113 | aad.op = op, |
114 | aad.fs.request = request; | 114 | aad.fs.request = request; |
diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c index dba449b74db3..cf1071b14232 100644 --- a/security/apparmor/ipc.c +++ b/security/apparmor/ipc.c | |||
@@ -42,7 +42,7 @@ static int aa_audit_ptrace(struct aa_profile *profile, | |||
42 | { | 42 | { |
43 | struct common_audit_data sa; | 43 | struct common_audit_data sa; |
44 | struct apparmor_audit_data aad = {0,}; | 44 | struct apparmor_audit_data aad = {0,}; |
45 | COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); | 45 | sa.type = LSM_AUDIT_DATA_NONE; |
46 | sa.aad = &aad; | 46 | sa.aad = &aad; |
47 | aad.op = OP_PTRACE; | 47 | aad.op = OP_PTRACE; |
48 | aad.target = target; | 48 | aad.target = target; |
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index b11a2652f541..7430298116d6 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c | |||
@@ -66,7 +66,7 @@ void aa_info_message(const char *str) | |||
66 | if (audit_enabled) { | 66 | if (audit_enabled) { |
67 | struct common_audit_data sa; | 67 | struct common_audit_data sa; |
68 | struct apparmor_audit_data aad = {0,}; | 68 | struct apparmor_audit_data aad = {0,}; |
69 | COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); | 69 | sa.type = LSM_AUDIT_DATA_NONE; |
70 | sa.aad = &aad; | 70 | sa.aad = &aad; |
71 | aad.info = str; | 71 | aad.info = str; |
72 | aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL); | 72 | aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL); |
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 4f7bc07b2dce..032daab449b0 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
@@ -589,7 +589,7 @@ static int apparmor_setprocattr(struct task_struct *task, char *name, | |||
589 | } else { | 589 | } else { |
590 | struct common_audit_data sa; | 590 | struct common_audit_data sa; |
591 | struct apparmor_audit_data aad = {0,}; | 591 | struct apparmor_audit_data aad = {0,}; |
592 | COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); | 592 | sa.type = LSM_AUDIT_DATA_NONE; |
593 | sa.aad = &aad; | 593 | sa.aad = &aad; |
594 | aad.op = OP_SETPROCATTR; | 594 | aad.op = OP_SETPROCATTR; |
595 | aad.info = name; | 595 | aad.info = name; |
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 03dbaef2f8e3..421681c7c346 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c | |||
@@ -965,7 +965,7 @@ static int audit_policy(int op, gfp_t gfp, const char *name, const char *info, | |||
965 | { | 965 | { |
966 | struct common_audit_data sa; | 966 | struct common_audit_data sa; |
967 | struct apparmor_audit_data aad = {0,}; | 967 | struct apparmor_audit_data aad = {0,}; |
968 | COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); | 968 | sa.type = LSM_AUDIT_DATA_NONE; |
969 | sa.aad = &aad; | 969 | sa.aad = &aad; |
970 | aad.op = op; | 970 | aad.op = op; |
971 | aad.name = name; | 971 | aad.name = name; |
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 504ba4015aa2..329b1fd30749 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c | |||
@@ -95,7 +95,7 @@ static int audit_iface(struct aa_profile *new, const char *name, | |||
95 | struct aa_profile *profile = __aa_current_profile(); | 95 | struct aa_profile *profile = __aa_current_profile(); |
96 | struct common_audit_data sa; | 96 | struct common_audit_data sa; |
97 | struct apparmor_audit_data aad = {0,}; | 97 | struct apparmor_audit_data aad = {0,}; |
98 | COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); | 98 | sa.type = LSM_AUDIT_DATA_NONE; |
99 | sa.aad = &aad; | 99 | sa.aad = &aad; |
100 | if (e) | 100 | if (e) |
101 | aad.iface.pos = e->pos - e->start; | 101 | aad.iface.pos = e->pos - e->start; |
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index d06f57b74f77..e1f3d7ef2c54 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c | |||
@@ -52,7 +52,7 @@ static int audit_resource(struct aa_profile *profile, unsigned int resource, | |||
52 | struct common_audit_data sa; | 52 | struct common_audit_data sa; |
53 | struct apparmor_audit_data aad = {0,}; | 53 | struct apparmor_audit_data aad = {0,}; |
54 | 54 | ||
55 | COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); | 55 | sa.type = LSM_AUDIT_DATA_NONE; |
56 | sa.aad = &aad; | 56 | sa.aad = &aad; |
57 | aad.op = OP_SETRLIMIT, | 57 | aad.op = OP_SETRLIMIT, |
58 | aad.rlim.rlim = resource; | 58 | aad.rlim.rlim = resource; |
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index c04eea2bdb0a..cd91e25667d1 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -469,7 +469,7 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, | |||
469 | 469 | ||
470 | if (!a) { | 470 | if (!a) { |
471 | a = &stack_data; | 471 | a = &stack_data; |
472 | COMMON_AUDIT_DATA_INIT(a, LSM_AUDIT_DATA_NONE); | 472 | a->type = LSM_AUDIT_DATA_NONE; |
473 | a->selinux_audit_data = &sad; | 473 | a->selinux_audit_data = &sad; |
474 | } | 474 | } |
475 | 475 | ||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d79762946c6e..d9fa2489a551 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1427,7 +1427,7 @@ static int cred_has_capability(const struct cred *cred, | |||
1427 | u32 av = CAP_TO_MASK(cap); | 1427 | u32 av = CAP_TO_MASK(cap); |
1428 | int rc; | 1428 | int rc; |
1429 | 1429 | ||
1430 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_CAP); | 1430 | ad.type = LSM_AUDIT_DATA_CAP; |
1431 | ad.selinux_audit_data = &sad; | 1431 | ad.selinux_audit_data = &sad; |
1432 | ad.u.cap = cap; | 1432 | ad.u.cap = cap; |
1433 | 1433 | ||
@@ -1498,7 +1498,7 @@ static inline int dentry_has_perm(const struct cred *cred, | |||
1498 | struct common_audit_data ad; | 1498 | struct common_audit_data ad; |
1499 | struct selinux_audit_data sad = {0,}; | 1499 | struct selinux_audit_data sad = {0,}; |
1500 | 1500 | ||
1501 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); | 1501 | ad.type = LSM_AUDIT_DATA_DENTRY; |
1502 | ad.u.dentry = dentry; | 1502 | ad.u.dentry = dentry; |
1503 | ad.selinux_audit_data = &sad; | 1503 | ad.selinux_audit_data = &sad; |
1504 | return inode_has_perm(cred, inode, av, &ad, 0); | 1504 | return inode_has_perm(cred, inode, av, &ad, 0); |
@@ -1515,7 +1515,7 @@ static inline int path_has_perm(const struct cred *cred, | |||
1515 | struct common_audit_data ad; | 1515 | struct common_audit_data ad; |
1516 | struct selinux_audit_data sad = {0,}; | 1516 | struct selinux_audit_data sad = {0,}; |
1517 | 1517 | ||
1518 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_PATH); | 1518 | ad.type = LSM_AUDIT_DATA_PATH; |
1519 | ad.u.path = *path; | 1519 | ad.u.path = *path; |
1520 | ad.selinux_audit_data = &sad; | 1520 | ad.selinux_audit_data = &sad; |
1521 | return inode_has_perm(cred, inode, av, &ad, 0); | 1521 | return inode_has_perm(cred, inode, av, &ad, 0); |
@@ -1540,7 +1540,7 @@ static int file_has_perm(const struct cred *cred, | |||
1540 | u32 sid = cred_sid(cred); | 1540 | u32 sid = cred_sid(cred); |
1541 | int rc; | 1541 | int rc; |
1542 | 1542 | ||
1543 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_PATH); | 1543 | ad.type = LSM_AUDIT_DATA_PATH; |
1544 | ad.u.path = file->f_path; | 1544 | ad.u.path = file->f_path; |
1545 | ad.selinux_audit_data = &sad; | 1545 | ad.selinux_audit_data = &sad; |
1546 | 1546 | ||
@@ -1581,7 +1581,7 @@ static int may_create(struct inode *dir, | |||
1581 | sid = tsec->sid; | 1581 | sid = tsec->sid; |
1582 | newsid = tsec->create_sid; | 1582 | newsid = tsec->create_sid; |
1583 | 1583 | ||
1584 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); | 1584 | ad.type = LSM_AUDIT_DATA_DENTRY; |
1585 | ad.u.dentry = dentry; | 1585 | ad.u.dentry = dentry; |
1586 | ad.selinux_audit_data = &sad; | 1586 | ad.selinux_audit_data = &sad; |
1587 | 1587 | ||
@@ -1636,7 +1636,7 @@ static int may_link(struct inode *dir, | |||
1636 | dsec = dir->i_security; | 1636 | dsec = dir->i_security; |
1637 | isec = dentry->d_inode->i_security; | 1637 | isec = dentry->d_inode->i_security; |
1638 | 1638 | ||
1639 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); | 1639 | ad.type = LSM_AUDIT_DATA_DENTRY; |
1640 | ad.u.dentry = dentry; | 1640 | ad.u.dentry = dentry; |
1641 | ad.selinux_audit_data = &sad; | 1641 | ad.selinux_audit_data = &sad; |
1642 | 1642 | ||
@@ -1684,7 +1684,7 @@ static inline int may_rename(struct inode *old_dir, | |||
1684 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); | 1684 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); |
1685 | new_dsec = new_dir->i_security; | 1685 | new_dsec = new_dir->i_security; |
1686 | 1686 | ||
1687 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); | 1687 | ad.type = LSM_AUDIT_DATA_DENTRY; |
1688 | ad.selinux_audit_data = &sad; | 1688 | ad.selinux_audit_data = &sad; |
1689 | 1689 | ||
1690 | ad.u.dentry = old_dentry; | 1690 | ad.u.dentry = old_dentry; |
@@ -2010,7 +2010,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) | |||
2010 | return rc; | 2010 | return rc; |
2011 | } | 2011 | } |
2012 | 2012 | ||
2013 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_PATH); | 2013 | ad.type = LSM_AUDIT_DATA_PATH; |
2014 | ad.selinux_audit_data = &sad; | 2014 | ad.selinux_audit_data = &sad; |
2015 | ad.u.path = bprm->file->f_path; | 2015 | ad.u.path = bprm->file->f_path; |
2016 | 2016 | ||
@@ -2134,7 +2134,7 @@ static inline void flush_unauthorized_files(const struct cred *cred, | |||
2134 | 2134 | ||
2135 | /* Revalidate access to inherited open files. */ | 2135 | /* Revalidate access to inherited open files. */ |
2136 | 2136 | ||
2137 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_INODE); | 2137 | ad.type = LSM_AUDIT_DATA_INODE; |
2138 | ad.selinux_audit_data = &sad; | 2138 | ad.selinux_audit_data = &sad; |
2139 | 2139 | ||
2140 | spin_lock(&files->file_lock); | 2140 | spin_lock(&files->file_lock); |
@@ -2484,7 +2484,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) | |||
2484 | if (flags & MS_KERNMOUNT) | 2484 | if (flags & MS_KERNMOUNT) |
2485 | return 0; | 2485 | return 0; |
2486 | 2486 | ||
2487 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); | 2487 | ad.type = LSM_AUDIT_DATA_DENTRY; |
2488 | ad.selinux_audit_data = &sad; | 2488 | ad.selinux_audit_data = &sad; |
2489 | ad.u.dentry = sb->s_root; | 2489 | ad.u.dentry = sb->s_root; |
2490 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); | 2490 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); |
@@ -2496,7 +2496,7 @@ static int selinux_sb_statfs(struct dentry *dentry) | |||
2496 | struct common_audit_data ad; | 2496 | struct common_audit_data ad; |
2497 | struct selinux_audit_data sad = {0,}; | 2497 | struct selinux_audit_data sad = {0,}; |
2498 | 2498 | ||
2499 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); | 2499 | ad.type = LSM_AUDIT_DATA_DENTRY; |
2500 | ad.selinux_audit_data = &sad; | 2500 | ad.selinux_audit_data = &sad; |
2501 | ad.u.dentry = dentry->d_sb->s_root; | 2501 | ad.u.dentry = dentry->d_sb->s_root; |
2502 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); | 2502 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); |
@@ -2666,7 +2666,7 @@ static noinline int audit_inode_permission(struct inode *inode, | |||
2666 | struct inode_security_struct *isec = inode->i_security; | 2666 | struct inode_security_struct *isec = inode->i_security; |
2667 | int rc; | 2667 | int rc; |
2668 | 2668 | ||
2669 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_INODE); | 2669 | ad.type = LSM_AUDIT_DATA_INODE; |
2670 | ad.selinux_audit_data = &sad; | 2670 | ad.selinux_audit_data = &sad; |
2671 | ad.u.inode = inode; | 2671 | ad.u.inode = inode; |
2672 | 2672 | ||
@@ -2796,7 +2796,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2796 | if (!inode_owner_or_capable(inode)) | 2796 | if (!inode_owner_or_capable(inode)) |
2797 | return -EPERM; | 2797 | return -EPERM; |
2798 | 2798 | ||
2799 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); | 2799 | ad.type = LSM_AUDIT_DATA_DENTRY; |
2800 | ad.selinux_audit_data = &sad; | 2800 | ad.selinux_audit_data = &sad; |
2801 | ad.u.dentry = dentry; | 2801 | ad.u.dentry = dentry; |
2802 | 2802 | ||
@@ -3411,7 +3411,7 @@ static int selinux_kernel_module_request(char *kmod_name) | |||
3411 | 3411 | ||
3412 | sid = task_sid(current); | 3412 | sid = task_sid(current); |
3413 | 3413 | ||
3414 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_KMOD); | 3414 | ad.type = LSM_AUDIT_DATA_KMOD; |
3415 | ad.selinux_audit_data = &sad; | 3415 | ad.selinux_audit_data = &sad; |
3416 | ad.u.kmod_name = kmod_name; | 3416 | ad.u.kmod_name = kmod_name; |
3417 | 3417 | ||
@@ -3792,7 +3792,7 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms) | |||
3792 | if (sksec->sid == SECINITSID_KERNEL) | 3792 | if (sksec->sid == SECINITSID_KERNEL) |
3793 | return 0; | 3793 | return 0; |
3794 | 3794 | ||
3795 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 3795 | ad.type = LSM_AUDIT_DATA_NET; |
3796 | ad.selinux_audit_data = &sad; | 3796 | ad.selinux_audit_data = &sad; |
3797 | ad.u.net = &net; | 3797 | ad.u.net = &net; |
3798 | ad.u.net->sk = sk; | 3798 | ad.u.net->sk = sk; |
@@ -3900,7 +3900,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3900 | snum, &sid); | 3900 | snum, &sid); |
3901 | if (err) | 3901 | if (err) |
3902 | goto out; | 3902 | goto out; |
3903 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 3903 | ad.type = LSM_AUDIT_DATA_NET; |
3904 | ad.selinux_audit_data = &sad; | 3904 | ad.selinux_audit_data = &sad; |
3905 | ad.u.net = &net; | 3905 | ad.u.net = &net; |
3906 | ad.u.net->sport = htons(snum); | 3906 | ad.u.net->sport = htons(snum); |
@@ -3935,7 +3935,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3935 | if (err) | 3935 | if (err) |
3936 | goto out; | 3936 | goto out; |
3937 | 3937 | ||
3938 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 3938 | ad.type = LSM_AUDIT_DATA_NET; |
3939 | ad.selinux_audit_data = &sad; | 3939 | ad.selinux_audit_data = &sad; |
3940 | ad.u.net = &net; | 3940 | ad.u.net = &net; |
3941 | ad.u.net->sport = htons(snum); | 3941 | ad.u.net->sport = htons(snum); |
@@ -3997,7 +3997,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, | |||
3997 | perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ? | 3997 | perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ? |
3998 | TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; | 3998 | TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; |
3999 | 3999 | ||
4000 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 4000 | ad.type = LSM_AUDIT_DATA_NET; |
4001 | ad.selinux_audit_data = &sad; | 4001 | ad.selinux_audit_data = &sad; |
4002 | ad.u.net = &net; | 4002 | ad.u.net = &net; |
4003 | ad.u.net->dport = htons(snum); | 4003 | ad.u.net->dport = htons(snum); |
@@ -4094,7 +4094,7 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, | |||
4094 | struct lsm_network_audit net = {0,}; | 4094 | struct lsm_network_audit net = {0,}; |
4095 | int err; | 4095 | int err; |
4096 | 4096 | ||
4097 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 4097 | ad.type = LSM_AUDIT_DATA_NET; |
4098 | ad.selinux_audit_data = &sad; | 4098 | ad.selinux_audit_data = &sad; |
4099 | ad.u.net = &net; | 4099 | ad.u.net = &net; |
4100 | ad.u.net->sk = other; | 4100 | ad.u.net->sk = other; |
@@ -4127,7 +4127,7 @@ static int selinux_socket_unix_may_send(struct socket *sock, | |||
4127 | struct selinux_audit_data sad = {0,}; | 4127 | struct selinux_audit_data sad = {0,}; |
4128 | struct lsm_network_audit net = {0,}; | 4128 | struct lsm_network_audit net = {0,}; |
4129 | 4129 | ||
4130 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 4130 | ad.type = LSM_AUDIT_DATA_NET; |
4131 | ad.selinux_audit_data = &sad; | 4131 | ad.selinux_audit_data = &sad; |
4132 | ad.u.net = &net; | 4132 | ad.u.net = &net; |
4133 | ad.u.net->sk = other->sk; | 4133 | ad.u.net->sk = other->sk; |
@@ -4170,7 +4170,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, | |||
4170 | struct lsm_network_audit net = {0,}; | 4170 | struct lsm_network_audit net = {0,}; |
4171 | char *addrp; | 4171 | char *addrp; |
4172 | 4172 | ||
4173 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 4173 | ad.type = LSM_AUDIT_DATA_NET; |
4174 | ad.selinux_audit_data = &sad; | 4174 | ad.selinux_audit_data = &sad; |
4175 | ad.u.net = &net; | 4175 | ad.u.net = &net; |
4176 | ad.u.net->netif = skb->skb_iif; | 4176 | ad.u.net->netif = skb->skb_iif; |
@@ -4226,7 +4226,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
4226 | if (!secmark_active && !peerlbl_active) | 4226 | if (!secmark_active && !peerlbl_active) |
4227 | return 0; | 4227 | return 0; |
4228 | 4228 | ||
4229 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 4229 | ad.type = LSM_AUDIT_DATA_NET; |
4230 | ad.selinux_audit_data = &sad; | 4230 | ad.selinux_audit_data = &sad; |
4231 | ad.u.net = &net; | 4231 | ad.u.net = &net; |
4232 | ad.u.net->netif = skb->skb_iif; | 4232 | ad.u.net->netif = skb->skb_iif; |
@@ -4583,7 +4583,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex, | |||
4583 | if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) | 4583 | if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) |
4584 | return NF_DROP; | 4584 | return NF_DROP; |
4585 | 4585 | ||
4586 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 4586 | ad.type = LSM_AUDIT_DATA_NET; |
4587 | ad.selinux_audit_data = &sad; | 4587 | ad.selinux_audit_data = &sad; |
4588 | ad.u.net = &net; | 4588 | ad.u.net = &net; |
4589 | ad.u.net->netif = ifindex; | 4589 | ad.u.net->netif = ifindex; |
@@ -4683,7 +4683,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, | |||
4683 | return NF_ACCEPT; | 4683 | return NF_ACCEPT; |
4684 | sksec = sk->sk_security; | 4684 | sksec = sk->sk_security; |
4685 | 4685 | ||
4686 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 4686 | ad.type = LSM_AUDIT_DATA_NET; |
4687 | ad.selinux_audit_data = &sad; | 4687 | ad.selinux_audit_data = &sad; |
4688 | ad.u.net = &net; | 4688 | ad.u.net = &net; |
4689 | ad.u.net->netif = ifindex; | 4689 | ad.u.net->netif = ifindex; |
@@ -4756,7 +4756,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, | |||
4756 | secmark_perm = PACKET__SEND; | 4756 | secmark_perm = PACKET__SEND; |
4757 | } | 4757 | } |
4758 | 4758 | ||
4759 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); | 4759 | ad.type = LSM_AUDIT_DATA_NET; |
4760 | ad.selinux_audit_data = &sad; | 4760 | ad.selinux_audit_data = &sad; |
4761 | ad.u.net = &net; | 4761 | ad.u.net = &net; |
4762 | ad.u.net->netif = ifindex; | 4762 | ad.u.net->netif = ifindex; |
@@ -4880,7 +4880,7 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | |||
4880 | 4880 | ||
4881 | isec = ipc_perms->security; | 4881 | isec = ipc_perms->security; |
4882 | 4882 | ||
4883 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); | 4883 | ad.type = LSM_AUDIT_DATA_IPC; |
4884 | ad.selinux_audit_data = &sad; | 4884 | ad.selinux_audit_data = &sad; |
4885 | ad.u.ipc_id = ipc_perms->key; | 4885 | ad.u.ipc_id = ipc_perms->key; |
4886 | 4886 | ||
@@ -4912,7 +4912,7 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq) | |||
4912 | 4912 | ||
4913 | isec = msq->q_perm.security; | 4913 | isec = msq->q_perm.security; |
4914 | 4914 | ||
4915 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); | 4915 | ad.type = LSM_AUDIT_DATA_IPC; |
4916 | ad.selinux_audit_data = &sad; | 4916 | ad.selinux_audit_data = &sad; |
4917 | ad.u.ipc_id = msq->q_perm.key; | 4917 | ad.u.ipc_id = msq->q_perm.key; |
4918 | 4918 | ||
@@ -4939,7 +4939,7 @@ static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) | |||
4939 | 4939 | ||
4940 | isec = msq->q_perm.security; | 4940 | isec = msq->q_perm.security; |
4941 | 4941 | ||
4942 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); | 4942 | ad.type = LSM_AUDIT_DATA_IPC; |
4943 | ad.selinux_audit_data = &sad; | 4943 | ad.selinux_audit_data = &sad; |
4944 | ad.u.ipc_id = msq->q_perm.key; | 4944 | ad.u.ipc_id = msq->q_perm.key; |
4945 | 4945 | ||
@@ -5001,7 +5001,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
5001 | return rc; | 5001 | return rc; |
5002 | } | 5002 | } |
5003 | 5003 | ||
5004 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); | 5004 | ad.type = LSM_AUDIT_DATA_IPC; |
5005 | ad.selinux_audit_data = &sad; | 5005 | ad.selinux_audit_data = &sad; |
5006 | ad.u.ipc_id = msq->q_perm.key; | 5006 | ad.u.ipc_id = msq->q_perm.key; |
5007 | 5007 | ||
@@ -5034,7 +5034,7 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
5034 | isec = msq->q_perm.security; | 5034 | isec = msq->q_perm.security; |
5035 | msec = msg->security; | 5035 | msec = msg->security; |
5036 | 5036 | ||
5037 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); | 5037 | ad.type = LSM_AUDIT_DATA_IPC; |
5038 | ad.selinux_audit_data = &sad; | 5038 | ad.selinux_audit_data = &sad; |
5039 | ad.u.ipc_id = msq->q_perm.key; | 5039 | ad.u.ipc_id = msq->q_perm.key; |
5040 | 5040 | ||
@@ -5061,7 +5061,7 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp) | |||
5061 | 5061 | ||
5062 | isec = shp->shm_perm.security; | 5062 | isec = shp->shm_perm.security; |
5063 | 5063 | ||
5064 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); | 5064 | ad.type = LSM_AUDIT_DATA_IPC; |
5065 | ad.selinux_audit_data = &sad; | 5065 | ad.selinux_audit_data = &sad; |
5066 | ad.u.ipc_id = shp->shm_perm.key; | 5066 | ad.u.ipc_id = shp->shm_perm.key; |
5067 | 5067 | ||
@@ -5088,7 +5088,7 @@ static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) | |||
5088 | 5088 | ||
5089 | isec = shp->shm_perm.security; | 5089 | isec = shp->shm_perm.security; |
5090 | 5090 | ||
5091 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); | 5091 | ad.type = LSM_AUDIT_DATA_IPC; |
5092 | ad.selinux_audit_data = &sad; | 5092 | ad.selinux_audit_data = &sad; |
5093 | ad.u.ipc_id = shp->shm_perm.key; | 5093 | ad.u.ipc_id = shp->shm_perm.key; |
5094 | 5094 | ||
@@ -5157,7 +5157,7 @@ static int selinux_sem_alloc_security(struct sem_array *sma) | |||
5157 | 5157 | ||
5158 | isec = sma->sem_perm.security; | 5158 | isec = sma->sem_perm.security; |
5159 | 5159 | ||
5160 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); | 5160 | ad.type = LSM_AUDIT_DATA_IPC; |
5161 | ad.selinux_audit_data = &sad; | 5161 | ad.selinux_audit_data = &sad; |
5162 | ad.u.ipc_id = sma->sem_perm.key; | 5162 | ad.u.ipc_id = sma->sem_perm.key; |
5163 | 5163 | ||
@@ -5184,7 +5184,7 @@ static int selinux_sem_associate(struct sem_array *sma, int semflg) | |||
5184 | 5184 | ||
5185 | isec = sma->sem_perm.security; | 5185 | isec = sma->sem_perm.security; |
5186 | 5186 | ||
5187 | COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); | 5187 | ad.type = LSM_AUDIT_DATA_IPC; |
5188 | ad.selinux_audit_data = &sad; | 5188 | ad.selinux_audit_data = &sad; |
5189 | ad.u.ipc_id = sma->sem_perm.key; | 5189 | ad.u.ipc_id = sma->sem_perm.key; |
5190 | 5190 | ||
diff --git a/security/smack/smack.h b/security/smack/smack.h index 4ede719922ed..b61e75f224d4 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
@@ -319,7 +319,7 @@ void smack_log(char *subject_label, char *object_label, | |||
319 | static inline void smk_ad_init(struct smk_audit_info *a, const char *func, | 319 | static inline void smk_ad_init(struct smk_audit_info *a, const char *func, |
320 | char type) | 320 | char type) |
321 | { | 321 | { |
322 | memset(a, 0, sizeof(*a)); | 322 | memset(&a->sad, 0, sizeof(a->sad)); |
323 | a->a.type = type; | 323 | a->a.type = type; |
324 | a->a.smack_audit_data = &a->sad; | 324 | a->a.smack_audit_data = &a->sad; |
325 | a->a.smack_audit_data->function = func; | 325 | a->a.smack_audit_data->function = func; |