aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-04-18 10:12:59 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2008-04-28 06:19:22 -0400
commitb556f8ad58c6e9f8f485c8cef7546e3fc82c382a (patch)
treee7a1c5ce313b6dec9727d69b08b5005dc35709a3 /kernel/audit.c
parentf09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41 (diff)
Audit: standardize string audit interfaces
This patch standardized the string auditing interfaces. No userspace changes will be visible and this is all just cleanup and consistancy work. We have the following string audit interfaces to use: void audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len); void audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n); void audit_log_string(struct audit_buffer *ab, const char *buf); void audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n); void audit_log_untrustedstring(struct audit_buffer *ab, const char *string); This may be the first step to possibly fixing some of the issues that people have with the string output from the kernel audit system. But we still don't have an agreed upon solution to that problem. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c19
1 files changed, 9 insertions, 10 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 520583d8ca1..5b9ad3dda88 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -757,8 +757,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
757 757
758 audit_log_format(ab, " msg="); 758 audit_log_format(ab, " msg=");
759 size = nlmsg_len(nlh); 759 size = nlmsg_len(nlh);
760 audit_log_n_untrustedstring(ab, size, 760 audit_log_n_untrustedstring(ab, data, size);
761 data);
762 } 761 }
763 audit_set_pid(ab, pid); 762 audit_set_pid(ab, pid);
764 audit_log_end(ab); 763 audit_log_end(ab);
@@ -1293,7 +1292,7 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
1293 * This function will take the passed buf and convert it into a string of 1292 * This function will take the passed buf and convert it into a string of
1294 * ascii hex digits. The new string is placed onto the skb. 1293 * ascii hex digits. The new string is placed onto the skb.
1295 */ 1294 */
1296void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, 1295void audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf,
1297 size_t len) 1296 size_t len)
1298{ 1297{
1299 int i, avail, new_len; 1298 int i, avail, new_len;
@@ -1329,8 +1328,8 @@ void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
1329 * Format a string of no more than slen characters into the audit buffer, 1328 * Format a string of no more than slen characters into the audit buffer,
1330 * enclosed in quote marks. 1329 * enclosed in quote marks.
1331 */ 1330 */
1332static void audit_log_n_string(struct audit_buffer *ab, size_t slen, 1331void audit_log_n_string(struct audit_buffer *ab, const char *string,
1333 const char *string) 1332 size_t slen)
1334{ 1333{
1335 int avail, new_len; 1334 int avail, new_len;
1336 unsigned char *ptr; 1335 unsigned char *ptr;
@@ -1386,13 +1385,13 @@ int audit_string_contains_control(const char *string, size_t len)
1386 * The caller specifies the number of characters in the string to log, which may 1385 * The caller specifies the number of characters in the string to log, which may
1387 * or may not be the entire string. 1386 * or may not be the entire string.
1388 */ 1387 */
1389void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len, 1388void audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string,
1390 const char *string) 1389 size_t len)
1391{ 1390{
1392 if (audit_string_contains_control(string, len)) 1391 if (audit_string_contains_control(string, len))
1393 audit_log_hex(ab, string, len); 1392 audit_log_n_hex(ab, string, len);
1394 else 1393 else
1395 audit_log_n_string(ab, len, string); 1394 audit_log_n_string(ab, string, len);
1396} 1395}
1397 1396
1398/** 1397/**
@@ -1405,7 +1404,7 @@ void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
1405 */ 1404 */
1406void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) 1405void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
1407{ 1406{
1408 audit_log_n_untrustedstring(ab, strlen(string), string); 1407 audit_log_n_untrustedstring(ab, string, strlen(string));
1409} 1408}
1410 1409
1411/* This is a helper-function to print the escaped d_path */ 1410/* This is a helper-function to print the escaped d_path */