diff options
author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-01 15:01:11 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-04-18 19:52:37 -0400 |
commit | d7a96f3a1ae279a2129653d6cb18d722f2f00f91 (patch) | |
tree | fc38736f303133f80912f1640f2d4fac0027fe04 | |
parent | 03d37d25e0f91b28c4b6d002be6221f1af4b19d8 (diff) |
Audit: internally use the new LSM audit hooks
Convert Audit to use the new LSM Audit hooks instead of
the exported SELinux interface.
Basically, use:
security_audit_rule_init
secuirty_audit_rule_free
security_audit_rule_known
security_audit_rule_match
instad of (respectively) :
selinux_audit_rule_init
selinux_audit_rule_free
audit_rule_has_selinux
selinux_audit_rule_match
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
-rw-r--r-- | kernel/audit.c | 7 | ||||
-rw-r--r-- | kernel/auditfilter.c | 61 | ||||
-rw-r--r-- | kernel/auditsc.c | 9 |
3 files changed, 22 insertions, 55 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 784a48e9f382..a7b16086d36f 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -21,7 +21,7 @@ | |||
21 | * | 21 | * |
22 | * Written by Rickard E. (Rik) Faith <faith@redhat.com> | 22 | * Written by Rickard E. (Rik) Faith <faith@redhat.com> |
23 | * | 23 | * |
24 | * Goals: 1) Integrate fully with SELinux. | 24 | * Goals: 1) Integrate fully with Security Modules. |
25 | * 2) Minimal run-time overhead: | 25 | * 2) Minimal run-time overhead: |
26 | * a) Minimal when syscall auditing is disabled (audit_enable=0). | 26 | * a) Minimal when syscall auditing is disabled (audit_enable=0). |
27 | * b) Small when syscall auditing is enabled and no audit record | 27 | * b) Small when syscall auditing is enabled and no audit record |
@@ -55,7 +55,6 @@ | |||
55 | #include <net/netlink.h> | 55 | #include <net/netlink.h> |
56 | #include <linux/skbuff.h> | 56 | #include <linux/skbuff.h> |
57 | #include <linux/netlink.h> | 57 | #include <linux/netlink.h> |
58 | #include <linux/selinux.h> | ||
59 | #include <linux/inotify.h> | 58 | #include <linux/inotify.h> |
60 | #include <linux/freezer.h> | 59 | #include <linux/freezer.h> |
61 | #include <linux/tty.h> | 60 | #include <linux/tty.h> |
@@ -882,10 +881,6 @@ static int __init audit_init(void) | |||
882 | audit_enabled = audit_default; | 881 | audit_enabled = audit_default; |
883 | audit_ever_enabled |= !!audit_default; | 882 | audit_ever_enabled |= !!audit_default; |
884 | 883 | ||
885 | /* Register the callback with selinux. This callback will be invoked | ||
886 | * when a new policy is loaded. */ | ||
887 | selinux_audit_set_callback(&selinux_audit_rule_update); | ||
888 | |||
889 | audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); | 884 | audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); |
890 | 885 | ||
891 | #ifdef CONFIG_AUDITSYSCALL | 886 | #ifdef CONFIG_AUDITSYSCALL |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 35e58a146eff..7c69cb5e44fb 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -29,7 +29,6 @@ | |||
29 | #include <linux/sched.h> | 29 | #include <linux/sched.h> |
30 | #include <linux/inotify.h> | 30 | #include <linux/inotify.h> |
31 | #include <linux/security.h> | 31 | #include <linux/security.h> |
32 | #include <linux/selinux.h> | ||
33 | #include "audit.h" | 32 | #include "audit.h" |
34 | 33 | ||
35 | /* | 34 | /* |
@@ -39,7 +38,7 @@ | |||
39 | * Synchronizes writes and blocking reads of audit's filterlist | 38 | * Synchronizes writes and blocking reads of audit's filterlist |
40 | * data. Rcu is used to traverse the filterlist and access | 39 | * data. Rcu is used to traverse the filterlist and access |
41 | * contents of structs audit_entry, audit_watch and opaque | 40 | * contents of structs audit_entry, audit_watch and opaque |
42 | * selinux rules during filtering. If modified, these structures | 41 | * LSM rules during filtering. If modified, these structures |
43 | * must be copied and replace their counterparts in the filterlist. | 42 | * must be copied and replace their counterparts in the filterlist. |
44 | * An audit_parent struct is not accessed during filtering, so may | 43 | * An audit_parent struct is not accessed during filtering, so may |
45 | * be written directly provided audit_filter_mutex is held. | 44 | * be written directly provided audit_filter_mutex is held. |
@@ -141,7 +140,7 @@ static inline void audit_free_rule(struct audit_entry *e) | |||
141 | for (i = 0; i < e->rule.field_count; i++) { | 140 | for (i = 0; i < e->rule.field_count; i++) { |
142 | struct audit_field *f = &e->rule.fields[i]; | 141 | struct audit_field *f = &e->rule.fields[i]; |
143 | kfree(f->se_str); | 142 | kfree(f->se_str); |
144 | selinux_audit_rule_free(f->se_rule); | 143 | security_audit_rule_free(f->se_rule); |
145 | } | 144 | } |
146 | kfree(e->rule.fields); | 145 | kfree(e->rule.fields); |
147 | kfree(e->rule.filterkey); | 146 | kfree(e->rule.filterkey); |
@@ -598,12 +597,12 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
598 | goto exit_free; | 597 | goto exit_free; |
599 | entry->rule.buflen += f->val; | 598 | entry->rule.buflen += f->val; |
600 | 599 | ||
601 | err = selinux_audit_rule_init(f->type, f->op, str, | 600 | err = security_audit_rule_init(f->type, f->op, str, |
602 | &f->se_rule); | 601 | (void **)&f->se_rule); |
603 | /* Keep currently invalid fields around in case they | 602 | /* Keep currently invalid fields around in case they |
604 | * become valid after a policy reload. */ | 603 | * become valid after a policy reload. */ |
605 | if (err == -EINVAL) { | 604 | if (err == -EINVAL) { |
606 | printk(KERN_WARNING "audit rule for selinux " | 605 | printk(KERN_WARNING "audit rule for LSM " |
607 | "\'%s\' is invalid\n", str); | 606 | "\'%s\' is invalid\n", str); |
608 | err = 0; | 607 | err = 0; |
609 | } | 608 | } |
@@ -863,9 +862,9 @@ out: | |||
863 | return new; | 862 | return new; |
864 | } | 863 | } |
865 | 864 | ||
866 | /* Duplicate selinux field information. The se_rule is opaque, so must be | 865 | /* Duplicate LSM field information. The se_rule is opaque, so must be |
867 | * re-initialized. */ | 866 | * re-initialized. */ |
868 | static inline int audit_dupe_selinux_field(struct audit_field *df, | 867 | static inline int audit_dupe_lsm_field(struct audit_field *df, |
869 | struct audit_field *sf) | 868 | struct audit_field *sf) |
870 | { | 869 | { |
871 | int ret = 0; | 870 | int ret = 0; |
@@ -878,12 +877,12 @@ static inline int audit_dupe_selinux_field(struct audit_field *df, | |||
878 | df->se_str = se_str; | 877 | df->se_str = se_str; |
879 | 878 | ||
880 | /* our own (refreshed) copy of se_rule */ | 879 | /* our own (refreshed) copy of se_rule */ |
881 | ret = selinux_audit_rule_init(df->type, df->op, df->se_str, | 880 | ret = security_audit_rule_init(df->type, df->op, df->se_str, |
882 | &df->se_rule); | 881 | (void **)&df->se_rule); |
883 | /* Keep currently invalid fields around in case they | 882 | /* Keep currently invalid fields around in case they |
884 | * become valid after a policy reload. */ | 883 | * become valid after a policy reload. */ |
885 | if (ret == -EINVAL) { | 884 | if (ret == -EINVAL) { |
886 | printk(KERN_WARNING "audit rule for selinux \'%s\' is " | 885 | printk(KERN_WARNING "audit rule for LSM \'%s\' is " |
887 | "invalid\n", df->se_str); | 886 | "invalid\n", df->se_str); |
888 | ret = 0; | 887 | ret = 0; |
889 | } | 888 | } |
@@ -892,7 +891,7 @@ static inline int audit_dupe_selinux_field(struct audit_field *df, | |||
892 | } | 891 | } |
893 | 892 | ||
894 | /* Duplicate an audit rule. This will be a deep copy with the exception | 893 | /* Duplicate an audit rule. This will be a deep copy with the exception |
895 | * of the watch - that pointer is carried over. The selinux specific fields | 894 | * of the watch - that pointer is carried over. The LSM specific fields |
896 | * will be updated in the copy. The point is to be able to replace the old | 895 | * will be updated in the copy. The point is to be able to replace the old |
897 | * rule with the new rule in the filterlist, then free the old rule. | 896 | * rule with the new rule in the filterlist, then free the old rule. |
898 | * The rlist element is undefined; list manipulations are handled apart from | 897 | * The rlist element is undefined; list manipulations are handled apart from |
@@ -945,7 +944,7 @@ static struct audit_entry *audit_dupe_rule(struct audit_krule *old, | |||
945 | case AUDIT_OBJ_TYPE: | 944 | case AUDIT_OBJ_TYPE: |
946 | case AUDIT_OBJ_LEV_LOW: | 945 | case AUDIT_OBJ_LEV_LOW: |
947 | case AUDIT_OBJ_LEV_HIGH: | 946 | case AUDIT_OBJ_LEV_HIGH: |
948 | err = audit_dupe_selinux_field(&new->fields[i], | 947 | err = audit_dupe_lsm_field(&new->fields[i], |
949 | &old->fields[i]); | 948 | &old->fields[i]); |
950 | break; | 949 | break; |
951 | case AUDIT_FILTERKEY: | 950 | case AUDIT_FILTERKEY: |
@@ -1763,38 +1762,12 @@ unlock_and_return: | |||
1763 | return result; | 1762 | return result; |
1764 | } | 1763 | } |
1765 | 1764 | ||
1766 | /* Check to see if the rule contains any selinux fields. Returns 1 if there | ||
1767 | are selinux fields specified in the rule, 0 otherwise. */ | ||
1768 | static inline int audit_rule_has_selinux(struct audit_krule *rule) | ||
1769 | { | ||
1770 | int i; | ||
1771 | |||
1772 | for (i = 0; i < rule->field_count; i++) { | ||
1773 | struct audit_field *f = &rule->fields[i]; | ||
1774 | switch (f->type) { | ||
1775 | case AUDIT_SUBJ_USER: | ||
1776 | case AUDIT_SUBJ_ROLE: | ||
1777 | case AUDIT_SUBJ_TYPE: | ||
1778 | case AUDIT_SUBJ_SEN: | ||
1779 | case AUDIT_SUBJ_CLR: | ||
1780 | case AUDIT_OBJ_USER: | ||
1781 | case AUDIT_OBJ_ROLE: | ||
1782 | case AUDIT_OBJ_TYPE: | ||
1783 | case AUDIT_OBJ_LEV_LOW: | ||
1784 | case AUDIT_OBJ_LEV_HIGH: | ||
1785 | return 1; | ||
1786 | } | ||
1787 | } | ||
1788 | |||
1789 | return 0; | ||
1790 | } | ||
1791 | |||
1792 | /* This function will re-initialize the se_rule field of all applicable rules. | 1765 | /* This function will re-initialize the se_rule field of all applicable rules. |
1793 | * It will traverse the filter lists serarching for rules that contain selinux | 1766 | * It will traverse the filter lists serarching for rules that contain LSM |
1794 | * specific filter fields. When such a rule is found, it is copied, the | 1767 | * specific filter fields. When such a rule is found, it is copied, the |
1795 | * selinux field is re-initialized, and the old rule is replaced with the | 1768 | * LSM field is re-initialized, and the old rule is replaced with the |
1796 | * updated rule. */ | 1769 | * updated rule. */ |
1797 | int selinux_audit_rule_update(void) | 1770 | int audit_update_lsm_rules(void) |
1798 | { | 1771 | { |
1799 | struct audit_entry *entry, *n, *nentry; | 1772 | struct audit_entry *entry, *n, *nentry; |
1800 | struct audit_watch *watch; | 1773 | struct audit_watch *watch; |
@@ -1806,7 +1779,7 @@ int selinux_audit_rule_update(void) | |||
1806 | 1779 | ||
1807 | for (i = 0; i < AUDIT_NR_FILTERS; i++) { | 1780 | for (i = 0; i < AUDIT_NR_FILTERS; i++) { |
1808 | list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) { | 1781 | list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) { |
1809 | if (!audit_rule_has_selinux(&entry->rule)) | 1782 | if (!security_audit_rule_known(&entry->rule)) |
1810 | continue; | 1783 | continue; |
1811 | 1784 | ||
1812 | watch = entry->rule.watch; | 1785 | watch = entry->rule.watch; |
@@ -1817,7 +1790,7 @@ int selinux_audit_rule_update(void) | |||
1817 | * return value */ | 1790 | * return value */ |
1818 | if (!err) | 1791 | if (!err) |
1819 | err = PTR_ERR(nentry); | 1792 | err = PTR_ERR(nentry); |
1820 | audit_panic("error updating selinux filters"); | 1793 | audit_panic("error updating LSM filters"); |
1821 | if (watch) | 1794 | if (watch) |
1822 | list_del(&entry->rule.rlist); | 1795 | list_del(&entry->rule.rlist); |
1823 | list_del_rcu(&entry->list); | 1796 | list_del_rcu(&entry->list); |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6a83c706b504..c0700535e5c5 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -61,7 +61,6 @@ | |||
61 | #include <linux/security.h> | 61 | #include <linux/security.h> |
62 | #include <linux/list.h> | 62 | #include <linux/list.h> |
63 | #include <linux/tty.h> | 63 | #include <linux/tty.h> |
64 | #include <linux/selinux.h> | ||
65 | #include <linux/binfmts.h> | 64 | #include <linux/binfmts.h> |
66 | #include <linux/highmem.h> | 65 | #include <linux/highmem.h> |
67 | #include <linux/syscalls.h> | 66 | #include <linux/syscalls.h> |
@@ -533,7 +532,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
533 | security_task_getsecid(tsk, &sid); | 532 | security_task_getsecid(tsk, &sid); |
534 | need_sid = 0; | 533 | need_sid = 0; |
535 | } | 534 | } |
536 | result = selinux_audit_rule_match(sid, f->type, | 535 | result = security_audit_rule_match(sid, f->type, |
537 | f->op, | 536 | f->op, |
538 | f->se_rule, | 537 | f->se_rule, |
539 | ctx); | 538 | ctx); |
@@ -549,12 +548,12 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
549 | if (f->se_rule) { | 548 | if (f->se_rule) { |
550 | /* Find files that match */ | 549 | /* Find files that match */ |
551 | if (name) { | 550 | if (name) { |
552 | result = selinux_audit_rule_match( | 551 | result = security_audit_rule_match( |
553 | name->osid, f->type, f->op, | 552 | name->osid, f->type, f->op, |
554 | f->se_rule, ctx); | 553 | f->se_rule, ctx); |
555 | } else if (ctx) { | 554 | } else if (ctx) { |
556 | for (j = 0; j < ctx->name_count; j++) { | 555 | for (j = 0; j < ctx->name_count; j++) { |
557 | if (selinux_audit_rule_match( | 556 | if (security_audit_rule_match( |
558 | ctx->names[j].osid, | 557 | ctx->names[j].osid, |
559 | f->type, f->op, | 558 | f->type, f->op, |
560 | f->se_rule, ctx)) { | 559 | f->se_rule, ctx)) { |
@@ -570,7 +569,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
570 | aux = aux->next) { | 569 | aux = aux->next) { |
571 | if (aux->type == AUDIT_IPC) { | 570 | if (aux->type == AUDIT_IPC) { |
572 | struct audit_aux_data_ipcctl *axi = (void *)aux; | 571 | struct audit_aux_data_ipcctl *axi = (void *)aux; |
573 | if (selinux_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) { | 572 | if (security_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) { |
574 | ++result; | 573 | ++result; |
575 | break; | 574 | break; |
576 | } | 575 | } |