diff options
| author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-01 14:54:38 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-04-18 19:52:34 -0400 |
| commit | 2a862b32f3da5a2120043921ad301322ad526084 (patch) | |
| tree | bb97054b2f648504f670e3eaed2626b547c4d081 /kernel/auditfilter.c | |
| parent | 713a04aeaba35bb95d442cdeb52055498519be25 (diff) | |
Audit: use new LSM hooks instead of SELinux exports
Stop using the following exported SELinux interfaces:
selinux_get_inode_sid(inode, sid)
selinux_get_ipc_sid(ipcp, sid)
selinux_get_task_sid(tsk, sid)
selinux_sid_to_string(sid, ctx, len)
kfree(ctx)
and use following generic LSM equivalents respectively:
security_inode_getsecid(inode, secid)
security_ipc_getsecid*(ipcp, secid)
security_task_getsecid(tsk, secid)
security_sid_to_secctx(sid, ctx, len)
security_release_secctx(ctx, len)
Call security_release_secctx only if security_secid_to_secctx
succeeded.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Diffstat (limited to 'kernel/auditfilter.c')
| -rw-r--r-- | kernel/auditfilter.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 2f2914b7cc3..35e58a146ef 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -28,6 +28,7 @@ | |||
| 28 | #include <linux/netlink.h> | 28 | #include <linux/netlink.h> |
| 29 | #include <linux/sched.h> | 29 | #include <linux/sched.h> |
| 30 | #include <linux/inotify.h> | 30 | #include <linux/inotify.h> |
| 31 | #include <linux/security.h> | ||
| 31 | #include <linux/selinux.h> | 32 | #include <linux/selinux.h> |
| 32 | #include "audit.h" | 33 | #include "audit.h" |
| 33 | 34 | ||
| @@ -1515,11 +1516,12 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action, | |||
| 1515 | if (sid) { | 1516 | if (sid) { |
| 1516 | char *ctx = NULL; | 1517 | char *ctx = NULL; |
| 1517 | u32 len; | 1518 | u32 len; |
| 1518 | if (selinux_sid_to_string(sid, &ctx, &len)) | 1519 | if (security_secid_to_secctx(sid, &ctx, &len)) |
| 1519 | audit_log_format(ab, " ssid=%u", sid); | 1520 | audit_log_format(ab, " ssid=%u", sid); |
| 1520 | else | 1521 | else { |
| 1521 | audit_log_format(ab, " subj=%s", ctx); | 1522 | audit_log_format(ab, " subj=%s", ctx); |
| 1522 | kfree(ctx); | 1523 | security_release_secctx(ctx, len); |
| 1524 | } | ||
| 1523 | } | 1525 | } |
| 1524 | audit_log_format(ab, " op=%s rule key=", action); | 1526 | audit_log_format(ab, " op=%s rule key=", action); |
| 1525 | if (rule->filterkey) | 1527 | if (rule->filterkey) |