diff options
author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-01 14:54:38 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-04-18 19:52:34 -0400 |
commit | 2a862b32f3da5a2120043921ad301322ad526084 (patch) | |
tree | bb97054b2f648504f670e3eaed2626b547c4d081 /kernel/audit.c | |
parent | 713a04aeaba35bb95d442cdeb52055498519be25 (diff) |
Audit: use new LSM hooks instead of SELinux exports
Stop using the following exported SELinux interfaces:
selinux_get_inode_sid(inode, sid)
selinux_get_ipc_sid(ipcp, sid)
selinux_get_task_sid(tsk, sid)
selinux_sid_to_string(sid, ctx, len)
kfree(ctx)
and use following generic LSM equivalents respectively:
security_inode_getsecid(inode, secid)
security_ipc_getsecid*(ipcp, secid)
security_task_getsecid(tsk, secid)
security_sid_to_secctx(sid, ctx, len)
security_release_secctx(ctx, len)
Call security_release_secctx only if security_secid_to_secctx
succeeded.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index b782b046543..784a48e9f38 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -265,13 +265,13 @@ static int audit_log_config_change(char *function_name, int new, int old, | |||
265 | char *ctx = NULL; | 265 | char *ctx = NULL; |
266 | u32 len; | 266 | u32 len; |
267 | 267 | ||
268 | rc = selinux_sid_to_string(sid, &ctx, &len); | 268 | rc = security_secid_to_secctx(sid, &ctx, &len); |
269 | if (rc) { | 269 | if (rc) { |
270 | audit_log_format(ab, " sid=%u", sid); | 270 | audit_log_format(ab, " sid=%u", sid); |
271 | allow_changes = 0; /* Something weird, deny request */ | 271 | allow_changes = 0; /* Something weird, deny request */ |
272 | } else { | 272 | } else { |
273 | audit_log_format(ab, " subj=%s", ctx); | 273 | audit_log_format(ab, " subj=%s", ctx); |
274 | kfree(ctx); | 274 | security_release_secctx(ctx, len); |
275 | } | 275 | } |
276 | } | 276 | } |
277 | audit_log_format(ab, " res=%d", allow_changes); | 277 | audit_log_format(ab, " res=%d", allow_changes); |
@@ -550,12 +550,13 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type, | |||
550 | audit_log_format(*ab, "user pid=%d uid=%u auid=%u", | 550 | audit_log_format(*ab, "user pid=%d uid=%u auid=%u", |
551 | pid, uid, auid); | 551 | pid, uid, auid); |
552 | if (sid) { | 552 | if (sid) { |
553 | rc = selinux_sid_to_string(sid, &ctx, &len); | 553 | rc = security_secid_to_secctx(sid, &ctx, &len); |
554 | if (rc) | 554 | if (rc) |
555 | audit_log_format(*ab, " ssid=%u", sid); | 555 | audit_log_format(*ab, " ssid=%u", sid); |
556 | else | 556 | else { |
557 | audit_log_format(*ab, " subj=%s", ctx); | 557 | audit_log_format(*ab, " subj=%s", ctx); |
558 | kfree(ctx); | 558 | security_release_secctx(ctx, len); |
559 | } | ||
559 | } | 560 | } |
560 | 561 | ||
561 | return rc; | 562 | return rc; |
@@ -758,18 +759,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
758 | break; | 759 | break; |
759 | } | 760 | } |
760 | case AUDIT_SIGNAL_INFO: | 761 | case AUDIT_SIGNAL_INFO: |
761 | err = selinux_sid_to_string(audit_sig_sid, &ctx, &len); | 762 | err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); |
762 | if (err) | 763 | if (err) |
763 | return err; | 764 | return err; |
764 | sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); | 765 | sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); |
765 | if (!sig_data) { | 766 | if (!sig_data) { |
766 | kfree(ctx); | 767 | security_release_secctx(ctx, len); |
767 | return -ENOMEM; | 768 | return -ENOMEM; |
768 | } | 769 | } |
769 | sig_data->uid = audit_sig_uid; | 770 | sig_data->uid = audit_sig_uid; |
770 | sig_data->pid = audit_sig_pid; | 771 | sig_data->pid = audit_sig_pid; |
771 | memcpy(sig_data->ctx, ctx, len); | 772 | memcpy(sig_data->ctx, ctx, len); |
772 | kfree(ctx); | 773 | security_release_secctx(ctx, len); |
773 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, | 774 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, |
774 | 0, 0, sig_data, sizeof(*sig_data) + len); | 775 | 0, 0, sig_data, sizeof(*sig_data) + len); |
775 | kfree(sig_data); | 776 | kfree(sig_data); |