aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorThomas Liu <tliu@redhat.com>2009-07-14 12:14:09 -0400
committerJames Morris <jmorris@namei.org>2009-08-16 18:37:18 -0400
commit2bf49690325b62480a42f7afed5e9f164173c570 (patch)
treebc8525f6a45ea3ffaed9449084df7644bcd4e3c2 /security/selinux/hooks.c
parentf322abf83feddc3c37c3a91794e0c5aece4af18e (diff)
SELinux: Convert avc_audit to use lsm_audit.h
Convert avc_audit in security/selinux/avc.c to use lsm_audit.h, for better maintainability. - changed selinux to use common_audit_data instead of avc_audit_data - eliminated code in avc.c and used code from lsm_audit.h instead. Had to add a LSM_AUDIT_NO_AUDIT to lsm_audit.h so that avc_audit can call common_lsm_audit and do the pre and post callbacks without doing the actual dump. This makes it so that the patched version behaves the same way as the unpatched version. Also added a denied field to the selinux_audit_data private space, once again to make it so that the patched version behaves like the unpatched. I've tested and confirmed that AVCs look the same before and after this patch. Signed-off-by: Thomas Liu <tliu@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c142
1 files changed, 71 insertions, 71 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5aa45b16812..254b7983657 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1478,14 +1478,14 @@ static int task_has_capability(struct task_struct *tsk,
1478 const struct cred *cred, 1478 const struct cred *cred,
1479 int cap, int audit) 1479 int cap, int audit)
1480{ 1480{
1481 struct avc_audit_data ad; 1481 struct common_audit_data ad;
1482 struct av_decision avd; 1482 struct av_decision avd;
1483 u16 sclass; 1483 u16 sclass;
1484 u32 sid = cred_sid(cred); 1484 u32 sid = cred_sid(cred);
1485 u32 av = CAP_TO_MASK(cap); 1485 u32 av = CAP_TO_MASK(cap);
1486 int rc; 1486 int rc;
1487 1487
1488 AVC_AUDIT_DATA_INIT(&ad, CAP); 1488 COMMON_AUDIT_DATA_INIT(&ad, CAP);
1489 ad.tsk = tsk; 1489 ad.tsk = tsk;
1490 ad.u.cap = cap; 1490 ad.u.cap = cap;
1491 1491
@@ -1524,10 +1524,10 @@ static int task_has_system(struct task_struct *tsk,
1524static int inode_has_perm(const struct cred *cred, 1524static int inode_has_perm(const struct cred *cred,
1525 struct inode *inode, 1525 struct inode *inode,
1526 u32 perms, 1526 u32 perms,
1527 struct avc_audit_data *adp) 1527 struct common_audit_data *adp)
1528{ 1528{
1529 struct inode_security_struct *isec; 1529 struct inode_security_struct *isec;
1530 struct avc_audit_data ad; 1530 struct common_audit_data ad;
1531 u32 sid; 1531 u32 sid;
1532 1532
1533 if (unlikely(IS_PRIVATE(inode))) 1533 if (unlikely(IS_PRIVATE(inode)))
@@ -1538,7 +1538,7 @@ static int inode_has_perm(const struct cred *cred,
1538 1538
1539 if (!adp) { 1539 if (!adp) {
1540 adp = &ad; 1540 adp = &ad;
1541 AVC_AUDIT_DATA_INIT(&ad, FS); 1541 COMMON_AUDIT_DATA_INIT(&ad, FS);
1542 ad.u.fs.inode = inode; 1542 ad.u.fs.inode = inode;
1543 } 1543 }
1544 1544
@@ -1554,9 +1554,9 @@ static inline int dentry_has_perm(const struct cred *cred,
1554 u32 av) 1554 u32 av)
1555{ 1555{
1556 struct inode *inode = dentry->d_inode; 1556 struct inode *inode = dentry->d_inode;
1557 struct avc_audit_data ad; 1557 struct common_audit_data ad;
1558 1558
1559 AVC_AUDIT_DATA_INIT(&ad, FS); 1559 COMMON_AUDIT_DATA_INIT(&ad, FS);
1560 ad.u.fs.path.mnt = mnt; 1560 ad.u.fs.path.mnt = mnt;
1561 ad.u.fs.path.dentry = dentry; 1561 ad.u.fs.path.dentry = dentry;
1562 return inode_has_perm(cred, inode, av, &ad); 1562 return inode_has_perm(cred, inode, av, &ad);
@@ -1576,11 +1576,11 @@ static int file_has_perm(const struct cred *cred,
1576{ 1576{
1577 struct file_security_struct *fsec = file->f_security; 1577 struct file_security_struct *fsec = file->f_security;
1578 struct inode *inode = file->f_path.dentry->d_inode; 1578 struct inode *inode = file->f_path.dentry->d_inode;
1579 struct avc_audit_data ad; 1579 struct common_audit_data ad;
1580 u32 sid = cred_sid(cred); 1580 u32 sid = cred_sid(cred);
1581 int rc; 1581 int rc;
1582 1582
1583 AVC_AUDIT_DATA_INIT(&ad, FS); 1583 COMMON_AUDIT_DATA_INIT(&ad, FS);
1584 ad.u.fs.path = file->f_path; 1584 ad.u.fs.path = file->f_path;
1585 1585
1586 if (sid != fsec->sid) { 1586 if (sid != fsec->sid) {
@@ -1611,7 +1611,7 @@ static int may_create(struct inode *dir,
1611 struct inode_security_struct *dsec; 1611 struct inode_security_struct *dsec;
1612 struct superblock_security_struct *sbsec; 1612 struct superblock_security_struct *sbsec;
1613 u32 sid, newsid; 1613 u32 sid, newsid;
1614 struct avc_audit_data ad; 1614 struct common_audit_data ad;
1615 int rc; 1615 int rc;
1616 1616
1617 dsec = dir->i_security; 1617 dsec = dir->i_security;
@@ -1620,7 +1620,7 @@ static int may_create(struct inode *dir,
1620 sid = tsec->sid; 1620 sid = tsec->sid;
1621 newsid = tsec->create_sid; 1621 newsid = tsec->create_sid;
1622 1622
1623 AVC_AUDIT_DATA_INIT(&ad, FS); 1623 COMMON_AUDIT_DATA_INIT(&ad, FS);
1624 ad.u.fs.path.dentry = dentry; 1624 ad.u.fs.path.dentry = dentry;
1625 1625
1626 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, 1626 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
@@ -1664,7 +1664,7 @@ static int may_link(struct inode *dir,
1664 1664
1665{ 1665{
1666 struct inode_security_struct *dsec, *isec; 1666 struct inode_security_struct *dsec, *isec;
1667 struct avc_audit_data ad; 1667 struct common_audit_data ad;
1668 u32 sid = current_sid(); 1668 u32 sid = current_sid();
1669 u32 av; 1669 u32 av;
1670 int rc; 1670 int rc;
@@ -1672,7 +1672,7 @@ static int may_link(struct inode *dir,
1672 dsec = dir->i_security; 1672 dsec = dir->i_security;
1673 isec = dentry->d_inode->i_security; 1673 isec = dentry->d_inode->i_security;
1674 1674
1675 AVC_AUDIT_DATA_INIT(&ad, FS); 1675 COMMON_AUDIT_DATA_INIT(&ad, FS);
1676 ad.u.fs.path.dentry = dentry; 1676 ad.u.fs.path.dentry = dentry;
1677 1677
1678 av = DIR__SEARCH; 1678 av = DIR__SEARCH;
@@ -1707,7 +1707,7 @@ static inline int may_rename(struct inode *old_dir,
1707 struct dentry *new_dentry) 1707 struct dentry *new_dentry)
1708{ 1708{
1709 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; 1709 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1710 struct avc_audit_data ad; 1710 struct common_audit_data ad;
1711 u32 sid = current_sid(); 1711 u32 sid = current_sid();
1712 u32 av; 1712 u32 av;
1713 int old_is_dir, new_is_dir; 1713 int old_is_dir, new_is_dir;
@@ -1718,7 +1718,7 @@ static inline int may_rename(struct inode *old_dir,
1718 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); 1718 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1719 new_dsec = new_dir->i_security; 1719 new_dsec = new_dir->i_security;
1720 1720
1721 AVC_AUDIT_DATA_INIT(&ad, FS); 1721 COMMON_AUDIT_DATA_INIT(&ad, FS);
1722 1722
1723 ad.u.fs.path.dentry = old_dentry; 1723 ad.u.fs.path.dentry = old_dentry;
1724 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, 1724 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
@@ -1760,7 +1760,7 @@ static inline int may_rename(struct inode *old_dir,
1760static int superblock_has_perm(const struct cred *cred, 1760static int superblock_has_perm(const struct cred *cred,
1761 struct super_block *sb, 1761 struct super_block *sb,
1762 u32 perms, 1762 u32 perms,
1763 struct avc_audit_data *ad) 1763 struct common_audit_data *ad)
1764{ 1764{
1765 struct superblock_security_struct *sbsec; 1765 struct superblock_security_struct *sbsec;
1766 u32 sid = cred_sid(cred); 1766 u32 sid = cred_sid(cred);
@@ -2100,7 +2100,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2100 const struct task_security_struct *old_tsec; 2100 const struct task_security_struct *old_tsec;
2101 struct task_security_struct *new_tsec; 2101 struct task_security_struct *new_tsec;
2102 struct inode_security_struct *isec; 2102 struct inode_security_struct *isec;
2103 struct avc_audit_data ad; 2103 struct common_audit_data ad;
2104 struct inode *inode = bprm->file->f_path.dentry->d_inode; 2104 struct inode *inode = bprm->file->f_path.dentry->d_inode;
2105 int rc; 2105 int rc;
2106 2106
@@ -2138,7 +2138,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2138 return rc; 2138 return rc;
2139 } 2139 }
2140 2140
2141 AVC_AUDIT_DATA_INIT(&ad, FS); 2141 COMMON_AUDIT_DATA_INIT(&ad, FS);
2142 ad.u.fs.path = bprm->file->f_path; 2142 ad.u.fs.path = bprm->file->f_path;
2143 2143
2144 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) 2144 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
@@ -2231,7 +2231,7 @@ extern struct dentry *selinux_null;
2231static inline void flush_unauthorized_files(const struct cred *cred, 2231static inline void flush_unauthorized_files(const struct cred *cred,
2232 struct files_struct *files) 2232 struct files_struct *files)
2233{ 2233{
2234 struct avc_audit_data ad; 2234 struct common_audit_data ad;
2235 struct file *file, *devnull = NULL; 2235 struct file *file, *devnull = NULL;
2236 struct tty_struct *tty; 2236 struct tty_struct *tty;
2237 struct fdtable *fdt; 2237 struct fdtable *fdt;
@@ -2265,7 +2265,7 @@ static inline void flush_unauthorized_files(const struct cred *cred,
2265 2265
2266 /* Revalidate access to inherited open files. */ 2266 /* Revalidate access to inherited open files. */
2267 2267
2268 AVC_AUDIT_DATA_INIT(&ad, FS); 2268 COMMON_AUDIT_DATA_INIT(&ad, FS);
2269 2269
2270 spin_lock(&files->file_lock); 2270 spin_lock(&files->file_lock);
2271 for (;;) { 2271 for (;;) {
@@ -2514,7 +2514,7 @@ out:
2514static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) 2514static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2515{ 2515{
2516 const struct cred *cred = current_cred(); 2516 const struct cred *cred = current_cred();
2517 struct avc_audit_data ad; 2517 struct common_audit_data ad;
2518 int rc; 2518 int rc;
2519 2519
2520 rc = superblock_doinit(sb, data); 2520 rc = superblock_doinit(sb, data);
@@ -2525,7 +2525,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2525 if (flags & MS_KERNMOUNT) 2525 if (flags & MS_KERNMOUNT)
2526 return 0; 2526 return 0;
2527 2527
2528 AVC_AUDIT_DATA_INIT(&ad, FS); 2528 COMMON_AUDIT_DATA_INIT(&ad, FS);
2529 ad.u.fs.path.dentry = sb->s_root; 2529 ad.u.fs.path.dentry = sb->s_root;
2530 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); 2530 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2531} 2531}
@@ -2533,9 +2533,9 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2533static int selinux_sb_statfs(struct dentry *dentry) 2533static int selinux_sb_statfs(struct dentry *dentry)
2534{ 2534{
2535 const struct cred *cred = current_cred(); 2535 const struct cred *cred = current_cred();
2536 struct avc_audit_data ad; 2536 struct common_audit_data ad;
2537 2537
2538 AVC_AUDIT_DATA_INIT(&ad, FS); 2538 COMMON_AUDIT_DATA_INIT(&ad, FS);
2539 ad.u.fs.path.dentry = dentry->d_sb->s_root; 2539 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2540 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); 2540 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2541} 2541}
@@ -2755,7 +2755,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2755 struct inode *inode = dentry->d_inode; 2755 struct inode *inode = dentry->d_inode;
2756 struct inode_security_struct *isec = inode->i_security; 2756 struct inode_security_struct *isec = inode->i_security;
2757 struct superblock_security_struct *sbsec; 2757 struct superblock_security_struct *sbsec;
2758 struct avc_audit_data ad; 2758 struct common_audit_data ad;
2759 u32 newsid, sid = current_sid(); 2759 u32 newsid, sid = current_sid();
2760 int rc = 0; 2760 int rc = 0;
2761 2761
@@ -2769,7 +2769,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2769 if (!is_owner_or_cap(inode)) 2769 if (!is_owner_or_cap(inode))
2770 return -EPERM; 2770 return -EPERM;
2771 2771
2772 AVC_AUDIT_DATA_INIT(&ad, FS); 2772 COMMON_AUDIT_DATA_INIT(&ad, FS);
2773 ad.u.fs.path.dentry = dentry; 2773 ad.u.fs.path.dentry = dentry;
2774 2774
2775 rc = avc_has_perm(sid, isec->sid, isec->sclass, 2775 rc = avc_has_perm(sid, isec->sid, isec->sclass,
@@ -3418,7 +3418,7 @@ static void selinux_task_to_inode(struct task_struct *p,
3418 3418
3419/* Returns error only if unable to parse addresses */ 3419/* Returns error only if unable to parse addresses */
3420static int selinux_parse_skb_ipv4(struct sk_buff *skb, 3420static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3421 struct avc_audit_data *ad, u8 *proto) 3421 struct common_audit_data *ad, u8 *proto)
3422{ 3422{
3423 int offset, ihlen, ret = -EINVAL; 3423 int offset, ihlen, ret = -EINVAL;
3424 struct iphdr _iph, *ih; 3424 struct iphdr _iph, *ih;
@@ -3499,7 +3499,7 @@ out:
3499 3499
3500/* Returns error only if unable to parse addresses */ 3500/* Returns error only if unable to parse addresses */
3501static int selinux_parse_skb_ipv6(struct sk_buff *skb, 3501static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3502 struct avc_audit_data *ad, u8 *proto) 3502 struct common_audit_data *ad, u8 *proto)
3503{ 3503{
3504 u8 nexthdr; 3504 u8 nexthdr;
3505 int ret = -EINVAL, offset; 3505 int ret = -EINVAL, offset;
@@ -3570,7 +3570,7 @@ out:
3570 3570
3571#endif /* IPV6 */ 3571#endif /* IPV6 */
3572 3572
3573static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, 3573static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3574 char **_addrp, int src, u8 *proto) 3574 char **_addrp, int src, u8 *proto)
3575{ 3575{
3576 char *addrp; 3576 char *addrp;
@@ -3652,7 +3652,7 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock,
3652 u32 perms) 3652 u32 perms)
3653{ 3653{
3654 struct inode_security_struct *isec; 3654 struct inode_security_struct *isec;
3655 struct avc_audit_data ad; 3655 struct common_audit_data ad;
3656 u32 sid; 3656 u32 sid;
3657 int err = 0; 3657 int err = 0;
3658 3658
@@ -3662,7 +3662,7 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock,
3662 goto out; 3662 goto out;
3663 sid = task_sid(task); 3663 sid = task_sid(task);
3664 3664
3665 AVC_AUDIT_DATA_INIT(&ad, NET); 3665 COMMON_AUDIT_DATA_INIT(&ad, NET);
3666 ad.u.net.sk = sock->sk; 3666 ad.u.net.sk = sock->sk;
3667 err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); 3667 err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
3668 3668
@@ -3749,7 +3749,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3749 if (family == PF_INET || family == PF_INET6) { 3749 if (family == PF_INET || family == PF_INET6) {
3750 char *addrp; 3750 char *addrp;
3751 struct inode_security_struct *isec; 3751 struct inode_security_struct *isec;
3752 struct avc_audit_data ad; 3752 struct common_audit_data ad;
3753 struct sockaddr_in *addr4 = NULL; 3753 struct sockaddr_in *addr4 = NULL;
3754 struct sockaddr_in6 *addr6 = NULL; 3754 struct sockaddr_in6 *addr6 = NULL;
3755 unsigned short snum; 3755 unsigned short snum;
@@ -3778,7 +3778,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3778 snum, &sid); 3778 snum, &sid);
3779 if (err) 3779 if (err)
3780 goto out; 3780 goto out;
3781 AVC_AUDIT_DATA_INIT(&ad, NET); 3781 COMMON_AUDIT_DATA_INIT(&ad, NET);
3782 ad.u.net.sport = htons(snum); 3782 ad.u.net.sport = htons(snum);
3783 ad.u.net.family = family; 3783 ad.u.net.family = family;
3784 err = avc_has_perm(isec->sid, sid, 3784 err = avc_has_perm(isec->sid, sid,
@@ -3811,7 +3811,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3811 if (err) 3811 if (err)
3812 goto out; 3812 goto out;
3813 3813
3814 AVC_AUDIT_DATA_INIT(&ad, NET); 3814 COMMON_AUDIT_DATA_INIT(&ad, NET);
3815 ad.u.net.sport = htons(snum); 3815 ad.u.net.sport = htons(snum);
3816 ad.u.net.family = family; 3816 ad.u.net.family = family;
3817 3817
@@ -3845,7 +3845,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3845 isec = SOCK_INODE(sock)->i_security; 3845 isec = SOCK_INODE(sock)->i_security;
3846 if (isec->sclass == SECCLASS_TCP_SOCKET || 3846 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3847 isec->sclass == SECCLASS_DCCP_SOCKET) { 3847 isec->sclass == SECCLASS_DCCP_SOCKET) {
3848 struct avc_audit_data ad; 3848 struct common_audit_data ad;
3849 struct sockaddr_in *addr4 = NULL; 3849 struct sockaddr_in *addr4 = NULL;
3850 struct sockaddr_in6 *addr6 = NULL; 3850 struct sockaddr_in6 *addr6 = NULL;
3851 unsigned short snum; 3851 unsigned short snum;
@@ -3870,7 +3870,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3870 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ? 3870 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3871 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; 3871 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3872 3872
3873 AVC_AUDIT_DATA_INIT(&ad, NET); 3873 COMMON_AUDIT_DATA_INIT(&ad, NET);
3874 ad.u.net.dport = htons(snum); 3874 ad.u.net.dport = htons(snum);
3875 ad.u.net.family = sk->sk_family; 3875 ad.u.net.family = sk->sk_family;
3876 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad); 3876 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
@@ -3960,13 +3960,13 @@ static int selinux_socket_unix_stream_connect(struct socket *sock,
3960 struct sk_security_struct *ssec; 3960 struct sk_security_struct *ssec;
3961 struct inode_security_struct *isec; 3961 struct inode_security_struct *isec;
3962 struct inode_security_struct *other_isec; 3962 struct inode_security_struct *other_isec;
3963 struct avc_audit_data ad; 3963 struct common_audit_data ad;
3964 int err; 3964 int err;
3965 3965
3966 isec = SOCK_INODE(sock)->i_security; 3966 isec = SOCK_INODE(sock)->i_security;
3967 other_isec = SOCK_INODE(other)->i_security; 3967 other_isec = SOCK_INODE(other)->i_security;
3968 3968
3969 AVC_AUDIT_DATA_INIT(&ad, NET); 3969 COMMON_AUDIT_DATA_INIT(&ad, NET);
3970 ad.u.net.sk = other->sk; 3970 ad.u.net.sk = other->sk;
3971 3971
3972 err = avc_has_perm(isec->sid, other_isec->sid, 3972 err = avc_has_perm(isec->sid, other_isec->sid,
@@ -3992,13 +3992,13 @@ static int selinux_socket_unix_may_send(struct socket *sock,
3992{ 3992{
3993 struct inode_security_struct *isec; 3993 struct inode_security_struct *isec;
3994 struct inode_security_struct *other_isec; 3994 struct inode_security_struct *other_isec;
3995 struct avc_audit_data ad; 3995 struct common_audit_data ad;
3996 int err; 3996 int err;
3997 3997
3998 isec = SOCK_INODE(sock)->i_security; 3998 isec = SOCK_INODE(sock)->i_security;
3999 other_isec = SOCK_INODE(other)->i_security; 3999 other_isec = SOCK_INODE(other)->i_security;
4000 4000
4001 AVC_AUDIT_DATA_INIT(&ad, NET); 4001 COMMON_AUDIT_DATA_INIT(&ad, NET);
4002 ad.u.net.sk = other->sk; 4002 ad.u.net.sk = other->sk;
4003 4003
4004 err = avc_has_perm(isec->sid, other_isec->sid, 4004 err = avc_has_perm(isec->sid, other_isec->sid,
@@ -4011,7 +4011,7 @@ static int selinux_socket_unix_may_send(struct socket *sock,
4011 4011
4012static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, 4012static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4013 u32 peer_sid, 4013 u32 peer_sid,
4014 struct avc_audit_data *ad) 4014 struct common_audit_data *ad)
4015{ 4015{
4016 int err; 4016 int err;
4017 u32 if_sid; 4017 u32 if_sid;
@@ -4039,10 +4039,10 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4039 struct sk_security_struct *sksec = sk->sk_security; 4039 struct sk_security_struct *sksec = sk->sk_security;
4040 u32 peer_sid; 4040 u32 peer_sid;
4041 u32 sk_sid = sksec->sid; 4041 u32 sk_sid = sksec->sid;
4042 struct avc_audit_data ad; 4042 struct common_audit_data ad;
4043 char *addrp; 4043 char *addrp;
4044 4044
4045 AVC_AUDIT_DATA_INIT(&ad, NET); 4045 COMMON_AUDIT_DATA_INIT(&ad, NET);
4046 ad.u.net.netif = skb->iif; 4046 ad.u.net.netif = skb->iif;
4047 ad.u.net.family = family; 4047 ad.u.net.family = family;
4048 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); 4048 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
@@ -4080,7 +4080,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4080 struct sk_security_struct *sksec = sk->sk_security; 4080 struct sk_security_struct *sksec = sk->sk_security;
4081 u16 family = sk->sk_family; 4081 u16 family = sk->sk_family;
4082 u32 sk_sid = sksec->sid; 4082 u32 sk_sid = sksec->sid;
4083 struct avc_audit_data ad; 4083 struct common_audit_data ad;
4084 char *addrp; 4084 char *addrp;
4085 u8 secmark_active; 4085 u8 secmark_active;
4086 u8 peerlbl_active; 4086 u8 peerlbl_active;
@@ -4104,7 +4104,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4104 if (!secmark_active && !peerlbl_active) 4104 if (!secmark_active && !peerlbl_active)
4105 return 0; 4105 return 0;
4106 4106
4107 AVC_AUDIT_DATA_INIT(&ad, NET); 4107 COMMON_AUDIT_DATA_INIT(&ad, NET);
4108 ad.u.net.netif = skb->iif; 4108 ad.u.net.netif = skb->iif;
4109 ad.u.net.family = family; 4109 ad.u.net.family = family;
4110 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); 4110 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
@@ -4362,7 +4362,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4362 int err; 4362 int err;
4363 char *addrp; 4363 char *addrp;
4364 u32 peer_sid; 4364 u32 peer_sid;
4365 struct avc_audit_data ad; 4365 struct common_audit_data ad;
4366 u8 secmark_active; 4366 u8 secmark_active;
4367 u8 netlbl_active; 4367 u8 netlbl_active;
4368 u8 peerlbl_active; 4368 u8 peerlbl_active;
@@ -4379,7 +4379,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4379 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) 4379 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4380 return NF_DROP; 4380 return NF_DROP;
4381 4381
4382 AVC_AUDIT_DATA_INIT(&ad, NET); 4382 COMMON_AUDIT_DATA_INIT(&ad, NET);
4383 ad.u.net.netif = ifindex; 4383 ad.u.net.netif = ifindex;
4384 ad.u.net.family = family; 4384 ad.u.net.family = family;
4385 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0) 4385 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
@@ -4467,7 +4467,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4467{ 4467{
4468 struct sock *sk = skb->sk; 4468 struct sock *sk = skb->sk;
4469 struct sk_security_struct *sksec; 4469 struct sk_security_struct *sksec;
4470 struct avc_audit_data ad; 4470 struct common_audit_data ad;
4471 char *addrp; 4471 char *addrp;
4472 u8 proto; 4472 u8 proto;
4473 4473
@@ -4475,7 +4475,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4475 return NF_ACCEPT; 4475 return NF_ACCEPT;
4476 sksec = sk->sk_security; 4476 sksec = sk->sk_security;
4477 4477
4478 AVC_AUDIT_DATA_INIT(&ad, NET); 4478 COMMON_AUDIT_DATA_INIT(&ad, NET);
4479 ad.u.net.netif = ifindex; 4479 ad.u.net.netif = ifindex;
4480 ad.u.net.family = family; 4480 ad.u.net.family = family;
4481 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) 4481 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
@@ -4499,7 +4499,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4499 u32 secmark_perm; 4499 u32 secmark_perm;
4500 u32 peer_sid; 4500 u32 peer_sid;
4501 struct sock *sk; 4501 struct sock *sk;
4502 struct avc_audit_data ad; 4502 struct common_audit_data ad;
4503 char *addrp; 4503 char *addrp;
4504 u8 secmark_active; 4504 u8 secmark_active;
4505 u8 peerlbl_active; 4505 u8 peerlbl_active;
@@ -4558,7 +4558,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4558 secmark_perm = PACKET__SEND; 4558 secmark_perm = PACKET__SEND;
4559 } 4559 }
4560 4560
4561 AVC_AUDIT_DATA_INIT(&ad, NET); 4561 COMMON_AUDIT_DATA_INIT(&ad, NET);
4562 ad.u.net.netif = ifindex; 4562 ad.u.net.netif = ifindex;
4563 ad.u.net.family = family; 4563 ad.u.net.family = family;
4564 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) 4564 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
@@ -4628,13 +4628,13 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4628static int selinux_netlink_recv(struct sk_buff *skb, int capability) 4628static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4629{ 4629{
4630 int err; 4630 int err;
4631 struct avc_audit_data ad; 4631 struct common_audit_data ad;
4632 4632
4633 err = cap_netlink_recv(skb, capability); 4633 err = cap_netlink_recv(skb, capability);
4634 if (err) 4634 if (err)
4635 return err; 4635 return err;
4636 4636
4637 AVC_AUDIT_DATA_INIT(&ad, CAP); 4637 COMMON_AUDIT_DATA_INIT(&ad, CAP);
4638 ad.u.cap = capability; 4638 ad.u.cap = capability;
4639 4639
4640 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, 4640 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
@@ -4693,12 +4693,12 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4693 u32 perms) 4693 u32 perms)
4694{ 4694{
4695 struct ipc_security_struct *isec; 4695 struct ipc_security_struct *isec;
4696 struct avc_audit_data ad; 4696 struct common_audit_data ad;
4697 u32 sid = current_sid(); 4697 u32 sid = current_sid();
4698 4698
4699 isec = ipc_perms->security; 4699 isec = ipc_perms->security;
4700 4700
4701 AVC_AUDIT_DATA_INIT(&ad, IPC); 4701 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4702 ad.u.ipc_id = ipc_perms->key; 4702 ad.u.ipc_id = ipc_perms->key;
4703 4703
4704 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); 4704 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
@@ -4718,7 +4718,7 @@ static void selinux_msg_msg_free_security(struct msg_msg *msg)
4718static int selinux_msg_queue_alloc_security(struct msg_queue *msq) 4718static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4719{ 4719{
4720 struct ipc_security_struct *isec; 4720 struct ipc_security_struct *isec;
4721 struct avc_audit_data ad; 4721 struct common_audit_data ad;
4722 u32 sid = current_sid(); 4722 u32 sid = current_sid();
4723 int rc; 4723 int rc;
4724 4724
@@ -4728,7 +4728,7 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4728 4728
4729 isec = msq->q_perm.security; 4729 isec = msq->q_perm.security;
4730 4730
4731 AVC_AUDIT_DATA_INIT(&ad, IPC); 4731 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4732 ad.u.ipc_id = msq->q_perm.key; 4732 ad.u.ipc_id = msq->q_perm.key;
4733 4733
4734 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4734 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
@@ -4748,12 +4748,12 @@ static void selinux_msg_queue_free_security(struct msg_queue *msq)
4748static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) 4748static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4749{ 4749{
4750 struct ipc_security_struct *isec; 4750 struct ipc_security_struct *isec;
4751 struct avc_audit_data ad; 4751 struct common_audit_data ad;
4752 u32 sid = current_sid(); 4752 u32 sid = current_sid();
4753 4753
4754 isec = msq->q_perm.security; 4754 isec = msq->q_perm.security;
4755 4755
4756 AVC_AUDIT_DATA_INIT(&ad, IPC); 4756 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4757 ad.u.ipc_id = msq->q_perm.key; 4757 ad.u.ipc_id = msq->q_perm.key;
4758 4758
4759 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4759 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
@@ -4792,7 +4792,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4792{ 4792{
4793 struct ipc_security_struct *isec; 4793 struct ipc_security_struct *isec;
4794 struct msg_security_struct *msec; 4794 struct msg_security_struct *msec;
4795 struct avc_audit_data ad; 4795 struct common_audit_data ad;
4796 u32 sid = current_sid(); 4796 u32 sid = current_sid();
4797 int rc; 4797 int rc;
4798 4798
@@ -4813,7 +4813,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4813 return rc; 4813 return rc;
4814 } 4814 }
4815 4815
4816 AVC_AUDIT_DATA_INIT(&ad, IPC); 4816 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4817 ad.u.ipc_id = msq->q_perm.key; 4817 ad.u.ipc_id = msq->q_perm.key;
4818 4818
4819 /* Can this process write to the queue? */ 4819 /* Can this process write to the queue? */
@@ -4837,14 +4837,14 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4837{ 4837{
4838 struct ipc_security_struct *isec; 4838 struct ipc_security_struct *isec;
4839 struct msg_security_struct *msec; 4839 struct msg_security_struct *msec;
4840 struct avc_audit_data ad; 4840 struct common_audit_data ad;
4841 u32 sid = task_sid(target); 4841 u32 sid = task_sid(target);
4842 int rc; 4842 int rc;
4843 4843
4844 isec = msq->q_perm.security; 4844 isec = msq->q_perm.security;
4845 msec = msg->security; 4845 msec = msg->security;
4846 4846
4847 AVC_AUDIT_DATA_INIT(&ad, IPC); 4847 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4848 ad.u.ipc_id = msq->q_perm.key; 4848 ad.u.ipc_id = msq->q_perm.key;
4849 4849
4850 rc = avc_has_perm(sid, isec->sid, 4850 rc = avc_has_perm(sid, isec->sid,
@@ -4859,7 +4859,7 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4859static int selinux_shm_alloc_security(struct shmid_kernel *shp) 4859static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4860{ 4860{
4861 struct ipc_security_struct *isec; 4861 struct ipc_security_struct *isec;
4862 struct avc_audit_data ad; 4862 struct common_audit_data ad;
4863 u32 sid = current_sid(); 4863 u32 sid = current_sid();
4864 int rc; 4864 int rc;
4865 4865
@@ -4869,7 +4869,7 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4869 4869
4870 isec = shp->shm_perm.security; 4870 isec = shp->shm_perm.security;
4871 4871
4872 AVC_AUDIT_DATA_INIT(&ad, IPC); 4872 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4873 ad.u.ipc_id = shp->shm_perm.key; 4873 ad.u.ipc_id = shp->shm_perm.key;
4874 4874
4875 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, 4875 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
@@ -4889,12 +4889,12 @@ static void selinux_shm_free_security(struct shmid_kernel *shp)
4889static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) 4889static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4890{ 4890{
4891 struct ipc_security_struct *isec; 4891 struct ipc_security_struct *isec;
4892 struct avc_audit_data ad; 4892 struct common_audit_data ad;
4893 u32 sid = current_sid(); 4893 u32 sid = current_sid();
4894 4894
4895 isec = shp->shm_perm.security; 4895 isec = shp->shm_perm.security;
4896 4896
4897 AVC_AUDIT_DATA_INIT(&ad, IPC); 4897 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4898 ad.u.ipc_id = shp->shm_perm.key; 4898 ad.u.ipc_id = shp->shm_perm.key;
4899 4899
4900 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, 4900 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
@@ -4951,7 +4951,7 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
4951static int selinux_sem_alloc_security(struct sem_array *sma) 4951static int selinux_sem_alloc_security(struct sem_array *sma)
4952{ 4952{
4953 struct ipc_security_struct *isec; 4953 struct ipc_security_struct *isec;
4954 struct avc_audit_data ad; 4954 struct common_audit_data ad;
4955 u32 sid = current_sid(); 4955 u32 sid = current_sid();
4956 int rc; 4956 int rc;
4957 4957
@@ -4961,7 +4961,7 @@ static int selinux_sem_alloc_security(struct sem_array *sma)
4961 4961
4962 isec = sma->sem_perm.security; 4962 isec = sma->sem_perm.security;
4963 4963
4964 AVC_AUDIT_DATA_INIT(&ad, IPC); 4964 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4965 ad.u.ipc_id = sma->sem_perm.key; 4965 ad.u.ipc_id = sma->sem_perm.key;
4966 4966
4967 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, 4967 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
@@ -4981,12 +4981,12 @@ static void selinux_sem_free_security(struct sem_array *sma)
4981static int selinux_sem_associate(struct sem_array *sma, int semflg) 4981static int selinux_sem_associate(struct sem_array *sma, int semflg)
4982{ 4982{
4983 struct ipc_security_struct *isec; 4983 struct ipc_security_struct *isec;
4984 struct avc_audit_data ad; 4984 struct common_audit_data ad;
4985 u32 sid = current_sid(); 4985 u32 sid = current_sid();
4986 4986
4987 isec = sma->sem_perm.security; 4987 isec = sma->sem_perm.security;
4988 4988
4989 AVC_AUDIT_DATA_INIT(&ad, IPC); 4989 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4990 ad.u.ipc_id = sma->sem_perm.key; 4990 ad.u.ipc_id = sma->sem_perm.key;
4991 4991
4992 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, 4992 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,