diff options
author | Eric Paris <eparis@redhat.com> | 2012-04-04 15:01:42 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2012-04-09 12:23:02 -0400 |
commit | 0972c74ecba4878baa5f97bb78b242c0eefacfb6 (patch) | |
tree | 1ea472908798d38ab940f617a494786efe75f380 | |
parent | bd5e50f9c1c71daac273fa586424f07205f6b13b (diff) |
apparmor: move task from common_audit_data to apparmor_audit_data
apparmor is the only LSM that uses the common_audit_data tsk field.
Instead of making all LSMs pay for the stack space move the aa usage into
the apparmor_audit_data.
Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r-- | security/apparmor/audit.c | 11 | ||||
-rw-r--r-- | security/apparmor/capability.c | 2 | ||||
-rw-r--r-- | security/apparmor/include/audit.h | 1 |
3 files changed, 11 insertions, 3 deletions
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index cc3520d39a78..3ae28db5a64f 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c | |||
@@ -111,7 +111,7 @@ static const char *const aa_audit_type[] = { | |||
111 | static void audit_pre(struct audit_buffer *ab, void *ca) | 111 | static void audit_pre(struct audit_buffer *ab, void *ca) |
112 | { | 112 | { |
113 | struct common_audit_data *sa = ca; | 113 | struct common_audit_data *sa = ca; |
114 | struct task_struct *tsk = sa->tsk ? sa->tsk : current; | 114 | struct task_struct *tsk = sa->aad->tsk ? sa->aad->tsk : current; |
115 | 115 | ||
116 | if (aa_g_audit_header) { | 116 | if (aa_g_audit_header) { |
117 | audit_log_format(ab, "apparmor="); | 117 | audit_log_format(ab, "apparmor="); |
@@ -149,6 +149,12 @@ static void audit_pre(struct audit_buffer *ab, void *ca) | |||
149 | audit_log_format(ab, " name="); | 149 | audit_log_format(ab, " name="); |
150 | audit_log_untrustedstring(ab, sa->aad->name); | 150 | audit_log_untrustedstring(ab, sa->aad->name); |
151 | } | 151 | } |
152 | |||
153 | if (sa->aad->tsk) { | ||
154 | audit_log_format(ab, " pid=%d comm=", tsk->pid); | ||
155 | audit_log_untrustedstring(ab, tsk->comm); | ||
156 | } | ||
157 | |||
152 | } | 158 | } |
153 | 159 | ||
154 | /** | 160 | /** |
@@ -205,7 +211,8 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, | |||
205 | aa_audit_msg(type, sa, cb); | 211 | aa_audit_msg(type, sa, cb); |
206 | 212 | ||
207 | if (sa->aad->type == AUDIT_APPARMOR_KILL) | 213 | if (sa->aad->type == AUDIT_APPARMOR_KILL) |
208 | (void)send_sig_info(SIGKILL, NULL, sa->tsk ? sa->tsk : current); | 214 | (void)send_sig_info(SIGKILL, NULL, |
215 | sa->aad->tsk ? sa->aad->tsk : current); | ||
209 | 216 | ||
210 | if (sa->aad->type == AUDIT_APPARMOR_ALLOWED) | 217 | if (sa->aad->type == AUDIT_APPARMOR_ALLOWED) |
211 | return complain_error(sa->aad->error); | 218 | return complain_error(sa->aad->error); |
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index 3ecb8b7d8502..b66a0e4a5693 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c | |||
@@ -67,8 +67,8 @@ static int audit_caps(struct aa_profile *profile, struct task_struct *task, | |||
67 | struct apparmor_audit_data aad = {0,}; | 67 | struct apparmor_audit_data aad = {0,}; |
68 | COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_CAP); | 68 | COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_CAP); |
69 | sa.aad = &aad; | 69 | sa.aad = &aad; |
70 | sa.tsk = task; | ||
71 | sa.u.cap = cap; | 70 | sa.u.cap = cap; |
71 | sa.aad->tsk = task; | ||
72 | sa.aad->op = OP_CAPABLE; | 72 | sa.aad->op = OP_CAPABLE; |
73 | sa.aad->error = error; | 73 | sa.aad->error = error; |
74 | 74 | ||
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 3868b1e5d5ba..4b7e18951aea 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h | |||
@@ -110,6 +110,7 @@ struct apparmor_audit_data { | |||
110 | void *profile; | 110 | void *profile; |
111 | const char *name; | 111 | const char *name; |
112 | const char *info; | 112 | const char *info; |
113 | struct task_struct *tsk; | ||
113 | union { | 114 | union { |
114 | void *target; | 115 | void *target; |
115 | struct { | 116 | struct { |