diff options
author | Darrel Goeddel <dgoeddel@trustedcs.com> | 2006-06-29 17:56:39 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-07-01 05:44:08 -0400 |
commit | 3a6b9f85c641a3b89420b0c8150ed377526a1fe1 (patch) | |
tree | e44e64edf0620d3f6da443c57540b09882231459 | |
parent | 5adc8a6adc91c4c85a64c75a70a619fffc924817 (diff) |
[PATCH] audit: rename AUDIT_SE_* constants
This patch renames some audit constant definitions and adds
additional definitions used by the following patch. The renaming
avoids ambiguity with respect to the new definitions.
Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com>
include/linux/audit.h | 15 ++++++++----
kernel/auditfilter.c | 50 ++++++++++++++++++++---------------------
kernel/auditsc.c | 10 ++++----
security/selinux/ss/services.c | 32 +++++++++++++-------------
4 files changed, 56 insertions(+), 51 deletions(-)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | include/linux/audit.h | 15 | ||||
-rw-r--r-- | kernel/auditfilter.c | 50 | ||||
-rw-r--r-- | kernel/auditsc.c | 10 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 32 |
4 files changed, 56 insertions, 51 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index a489104ae3a..c211f0a2abb 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -151,12 +151,17 @@ | |||
151 | #define AUDIT_PERS 10 | 151 | #define AUDIT_PERS 10 |
152 | #define AUDIT_ARCH 11 | 152 | #define AUDIT_ARCH 11 |
153 | #define AUDIT_MSGTYPE 12 | 153 | #define AUDIT_MSGTYPE 12 |
154 | #define AUDIT_SE_USER 13 /* security label user */ | 154 | #define AUDIT_SUBJ_USER 13 /* security label user */ |
155 | #define AUDIT_SE_ROLE 14 /* security label role */ | 155 | #define AUDIT_SUBJ_ROLE 14 /* security label role */ |
156 | #define AUDIT_SE_TYPE 15 /* security label type */ | 156 | #define AUDIT_SUBJ_TYPE 15 /* security label type */ |
157 | #define AUDIT_SE_SEN 16 /* security label sensitivity label */ | 157 | #define AUDIT_SUBJ_SEN 16 /* security label sensitivity label */ |
158 | #define AUDIT_SE_CLR 17 /* security label clearance label */ | 158 | #define AUDIT_SUBJ_CLR 17 /* security label clearance label */ |
159 | #define AUDIT_PPID 18 | 159 | #define AUDIT_PPID 18 |
160 | #define AUDIT_OBJ_USER 19 | ||
161 | #define AUDIT_OBJ_ROLE 20 | ||
162 | #define AUDIT_OBJ_TYPE 21 | ||
163 | #define AUDIT_OBJ_LEV_LOW 22 | ||
164 | #define AUDIT_OBJ_LEV_HIGH 23 | ||
160 | 165 | ||
161 | /* These are ONLY useful when checking | 166 | /* These are ONLY useful when checking |
162 | * at syscall exit time (AUDIT_AT_EXIT). */ | 167 | * at syscall exit time (AUDIT_AT_EXIT). */ |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index e98db08fc6d..40a9931a13e 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -470,11 +470,11 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
470 | case AUDIT_ARG2: | 470 | case AUDIT_ARG2: |
471 | case AUDIT_ARG3: | 471 | case AUDIT_ARG3: |
472 | break; | 472 | break; |
473 | case AUDIT_SE_USER: | 473 | case AUDIT_SUBJ_USER: |
474 | case AUDIT_SE_ROLE: | 474 | case AUDIT_SUBJ_ROLE: |
475 | case AUDIT_SE_TYPE: | 475 | case AUDIT_SUBJ_TYPE: |
476 | case AUDIT_SE_SEN: | 476 | case AUDIT_SUBJ_SEN: |
477 | case AUDIT_SE_CLR: | 477 | case AUDIT_SUBJ_CLR: |
478 | str = audit_unpack_string(&bufp, &remain, f->val); | 478 | str = audit_unpack_string(&bufp, &remain, f->val); |
479 | if (IS_ERR(str)) | 479 | if (IS_ERR(str)) |
480 | goto exit_free; | 480 | goto exit_free; |
@@ -611,11 +611,11 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule) | |||
611 | data->fields[i] = f->type; | 611 | data->fields[i] = f->type; |
612 | data->fieldflags[i] = f->op; | 612 | data->fieldflags[i] = f->op; |
613 | switch(f->type) { | 613 | switch(f->type) { |
614 | case AUDIT_SE_USER: | 614 | case AUDIT_SUBJ_USER: |
615 | case AUDIT_SE_ROLE: | 615 | case AUDIT_SUBJ_ROLE: |
616 | case AUDIT_SE_TYPE: | 616 | case AUDIT_SUBJ_TYPE: |
617 | case AUDIT_SE_SEN: | 617 | case AUDIT_SUBJ_SEN: |
618 | case AUDIT_SE_CLR: | 618 | case AUDIT_SUBJ_CLR: |
619 | data->buflen += data->values[i] = | 619 | data->buflen += data->values[i] = |
620 | audit_pack_string(&bufp, f->se_str); | 620 | audit_pack_string(&bufp, f->se_str); |
621 | break; | 621 | break; |
@@ -654,11 +654,11 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) | |||
654 | return 1; | 654 | return 1; |
655 | 655 | ||
656 | switch(a->fields[i].type) { | 656 | switch(a->fields[i].type) { |
657 | case AUDIT_SE_USER: | 657 | case AUDIT_SUBJ_USER: |
658 | case AUDIT_SE_ROLE: | 658 | case AUDIT_SUBJ_ROLE: |
659 | case AUDIT_SE_TYPE: | 659 | case AUDIT_SUBJ_TYPE: |
660 | case AUDIT_SE_SEN: | 660 | case AUDIT_SUBJ_SEN: |
661 | case AUDIT_SE_CLR: | 661 | case AUDIT_SUBJ_CLR: |
662 | if (strcmp(a->fields[i].se_str, b->fields[i].se_str)) | 662 | if (strcmp(a->fields[i].se_str, b->fields[i].se_str)) |
663 | return 1; | 663 | return 1; |
664 | break; | 664 | break; |
@@ -774,11 +774,11 @@ static struct audit_entry *audit_dupe_rule(struct audit_krule *old, | |||
774 | * the originals will all be freed when the old rule is freed. */ | 774 | * the originals will all be freed when the old rule is freed. */ |
775 | for (i = 0; i < fcount; i++) { | 775 | for (i = 0; i < fcount; i++) { |
776 | switch (new->fields[i].type) { | 776 | switch (new->fields[i].type) { |
777 | case AUDIT_SE_USER: | 777 | case AUDIT_SUBJ_USER: |
778 | case AUDIT_SE_ROLE: | 778 | case AUDIT_SUBJ_ROLE: |
779 | case AUDIT_SE_TYPE: | 779 | case AUDIT_SUBJ_TYPE: |
780 | case AUDIT_SE_SEN: | 780 | case AUDIT_SUBJ_SEN: |
781 | case AUDIT_SE_CLR: | 781 | case AUDIT_SUBJ_CLR: |
782 | err = audit_dupe_selinux_field(&new->fields[i], | 782 | err = audit_dupe_selinux_field(&new->fields[i], |
783 | &old->fields[i]); | 783 | &old->fields[i]); |
784 | break; | 784 | break; |
@@ -1537,11 +1537,11 @@ static inline int audit_rule_has_selinux(struct audit_krule *rule) | |||
1537 | for (i = 0; i < rule->field_count; i++) { | 1537 | for (i = 0; i < rule->field_count; i++) { |
1538 | struct audit_field *f = &rule->fields[i]; | 1538 | struct audit_field *f = &rule->fields[i]; |
1539 | switch (f->type) { | 1539 | switch (f->type) { |
1540 | case AUDIT_SE_USER: | 1540 | case AUDIT_SUBJ_USER: |
1541 | case AUDIT_SE_ROLE: | 1541 | case AUDIT_SUBJ_ROLE: |
1542 | case AUDIT_SE_TYPE: | 1542 | case AUDIT_SUBJ_TYPE: |
1543 | case AUDIT_SE_SEN: | 1543 | case AUDIT_SUBJ_SEN: |
1544 | case AUDIT_SE_CLR: | 1544 | case AUDIT_SUBJ_CLR: |
1545 | return 1; | 1545 | return 1; |
1546 | } | 1546 | } |
1547 | } | 1547 | } |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 31665785516..1d24fade17e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -321,11 +321,11 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
321 | if (ctx) | 321 | if (ctx) |
322 | result = audit_comparator(ctx->loginuid, f->op, f->val); | 322 | result = audit_comparator(ctx->loginuid, f->op, f->val); |
323 | break; | 323 | break; |
324 | case AUDIT_SE_USER: | 324 | case AUDIT_SUBJ_USER: |
325 | case AUDIT_SE_ROLE: | 325 | case AUDIT_SUBJ_ROLE: |
326 | case AUDIT_SE_TYPE: | 326 | case AUDIT_SUBJ_TYPE: |
327 | case AUDIT_SE_SEN: | 327 | case AUDIT_SUBJ_SEN: |
328 | case AUDIT_SE_CLR: | 328 | case AUDIT_SUBJ_CLR: |
329 | /* NOTE: this may return negative values indicating | 329 | /* NOTE: this may return negative values indicating |
330 | a temporary error. We simply treat this as a | 330 | a temporary error. We simply treat this as a |
331 | match for now to avoid losing information that | 331 | match for now to avoid losing information that |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index e9548bc049e..92e80b99d18 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -1845,15 +1845,15 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, | |||
1845 | return -ENOTSUPP; | 1845 | return -ENOTSUPP; |
1846 | 1846 | ||
1847 | switch (field) { | 1847 | switch (field) { |
1848 | case AUDIT_SE_USER: | 1848 | case AUDIT_SUBJ_USER: |
1849 | case AUDIT_SE_ROLE: | 1849 | case AUDIT_SUBJ_ROLE: |
1850 | case AUDIT_SE_TYPE: | 1850 | case AUDIT_SUBJ_TYPE: |
1851 | /* only 'equals' and 'not equals' fit user, role, and type */ | 1851 | /* only 'equals' and 'not equals' fit user, role, and type */ |
1852 | if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL) | 1852 | if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL) |
1853 | return -EINVAL; | 1853 | return -EINVAL; |
1854 | break; | 1854 | break; |
1855 | case AUDIT_SE_SEN: | 1855 | case AUDIT_SUBJ_SEN: |
1856 | case AUDIT_SE_CLR: | 1856 | case AUDIT_SUBJ_CLR: |
1857 | /* we do not allow a range, indicated by the presense of '-' */ | 1857 | /* we do not allow a range, indicated by the presense of '-' */ |
1858 | if (strchr(rulestr, '-')) | 1858 | if (strchr(rulestr, '-')) |
1859 | return -EINVAL; | 1859 | return -EINVAL; |
@@ -1874,29 +1874,29 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, | |||
1874 | tmprule->au_seqno = latest_granting; | 1874 | tmprule->au_seqno = latest_granting; |
1875 | 1875 | ||
1876 | switch (field) { | 1876 | switch (field) { |
1877 | case AUDIT_SE_USER: | 1877 | case AUDIT_SUBJ_USER: |
1878 | userdatum = hashtab_search(policydb.p_users.table, rulestr); | 1878 | userdatum = hashtab_search(policydb.p_users.table, rulestr); |
1879 | if (!userdatum) | 1879 | if (!userdatum) |
1880 | rc = -EINVAL; | 1880 | rc = -EINVAL; |
1881 | else | 1881 | else |
1882 | tmprule->au_ctxt.user = userdatum->value; | 1882 | tmprule->au_ctxt.user = userdatum->value; |
1883 | break; | 1883 | break; |
1884 | case AUDIT_SE_ROLE: | 1884 | case AUDIT_SUBJ_ROLE: |
1885 | roledatum = hashtab_search(policydb.p_roles.table, rulestr); | 1885 | roledatum = hashtab_search(policydb.p_roles.table, rulestr); |
1886 | if (!roledatum) | 1886 | if (!roledatum) |
1887 | rc = -EINVAL; | 1887 | rc = -EINVAL; |
1888 | else | 1888 | else |
1889 | tmprule->au_ctxt.role = roledatum->value; | 1889 | tmprule->au_ctxt.role = roledatum->value; |
1890 | break; | 1890 | break; |
1891 | case AUDIT_SE_TYPE: | 1891 | case AUDIT_SUBJ_TYPE: |
1892 | typedatum = hashtab_search(policydb.p_types.table, rulestr); | 1892 | typedatum = hashtab_search(policydb.p_types.table, rulestr); |
1893 | if (!typedatum) | 1893 | if (!typedatum) |
1894 | rc = -EINVAL; | 1894 | rc = -EINVAL; |
1895 | else | 1895 | else |
1896 | tmprule->au_ctxt.type = typedatum->value; | 1896 | tmprule->au_ctxt.type = typedatum->value; |
1897 | break; | 1897 | break; |
1898 | case AUDIT_SE_SEN: | 1898 | case AUDIT_SUBJ_SEN: |
1899 | case AUDIT_SE_CLR: | 1899 | case AUDIT_SUBJ_CLR: |
1900 | rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC); | 1900 | rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC); |
1901 | break; | 1901 | break; |
1902 | } | 1902 | } |
@@ -1948,7 +1948,7 @@ int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op, | |||
1948 | /* a field/op pair that is not caught here will simply fall through | 1948 | /* a field/op pair that is not caught here will simply fall through |
1949 | without a match */ | 1949 | without a match */ |
1950 | switch (field) { | 1950 | switch (field) { |
1951 | case AUDIT_SE_USER: | 1951 | case AUDIT_SUBJ_USER: |
1952 | switch (op) { | 1952 | switch (op) { |
1953 | case AUDIT_EQUAL: | 1953 | case AUDIT_EQUAL: |
1954 | match = (ctxt->user == rule->au_ctxt.user); | 1954 | match = (ctxt->user == rule->au_ctxt.user); |
@@ -1958,7 +1958,7 @@ int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op, | |||
1958 | break; | 1958 | break; |
1959 | } | 1959 | } |
1960 | break; | 1960 | break; |
1961 | case AUDIT_SE_ROLE: | 1961 | case AUDIT_SUBJ_ROLE: |
1962 | switch (op) { | 1962 | switch (op) { |
1963 | case AUDIT_EQUAL: | 1963 | case AUDIT_EQUAL: |
1964 | match = (ctxt->role == rule->au_ctxt.role); | 1964 | match = (ctxt->role == rule->au_ctxt.role); |
@@ -1968,7 +1968,7 @@ int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op, | |||
1968 | break; | 1968 | break; |
1969 | } | 1969 | } |
1970 | break; | 1970 | break; |
1971 | case AUDIT_SE_TYPE: | 1971 | case AUDIT_SUBJ_TYPE: |
1972 | switch (op) { | 1972 | switch (op) { |
1973 | case AUDIT_EQUAL: | 1973 | case AUDIT_EQUAL: |
1974 | match = (ctxt->type == rule->au_ctxt.type); | 1974 | match = (ctxt->type == rule->au_ctxt.type); |
@@ -1978,9 +1978,9 @@ int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op, | |||
1978 | break; | 1978 | break; |
1979 | } | 1979 | } |
1980 | break; | 1980 | break; |
1981 | case AUDIT_SE_SEN: | 1981 | case AUDIT_SUBJ_SEN: |
1982 | case AUDIT_SE_CLR: | 1982 | case AUDIT_SUBJ_CLR: |
1983 | level = (field == AUDIT_SE_SEN ? | 1983 | level = (field == AUDIT_SUBJ_SEN ? |
1984 | &ctxt->range.level[0] : &ctxt->range.level[1]); | 1984 | &ctxt->range.level[0] : &ctxt->range.level[1]); |
1985 | switch (op) { | 1985 | switch (op) { |
1986 | case AUDIT_EQUAL: | 1986 | case AUDIT_EQUAL: |