SELinux: use new audit hooks, remove redundant exports

Setup the new Audit LSM hooks for SELinux. Remove the now redundant exported SELinux Audit interface. Audit: Export 'audit_krule' and 'audit_field' to the public since their internals are needed by the implementation of the new LSM hook 'audit_rule_known'. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org>
author: Ahmed S. Darwish <darwish.07@gmail.com> 2008-03-01 15:03:14 -0500
committer: James Morris <jmorris@namei.org> 2008-04-18 19:53:46 -0400
commit: 9d57a7f9e23dc30783d245280fc9907cf2c87837 (patch)
tree: 508b81e213f5dca1097ccf0ece8ba092b168607b /include/linux/selinux.h
parent: d7a96f3a1ae279a2129653d6cb18d722f2f00f91 (diff)
1 files changed, 0 insertions, 72 deletions
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 24b0af1c4cac..20f965d4b041 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -21,54 +21,6 @@ struct kern_ipc_perm;
 #ifdef CONFIG_SECURITY_SELINUX
 /**
- *      selinux_audit_rule_init - alloc/init an selinux audit rule structure.
- *      @field: the field this rule refers to
- *      @op: the operater the rule uses
- *      @rulestr: the text "target" of the rule
- *      @rule: pointer to the new rule structure returned via this
- *
- *      Returns 0 if successful, -errno if not.  On success, the rule structure
- *      will be allocated internally.  The caller must free this structure with
- *      selinux_audit_rule_free() after use.
- */
-int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
-                            struct selinux_audit_rule **rule);
-/**
- *      selinux_audit_rule_free - free an selinux audit rule structure.
- *      @rule: pointer to the audit rule to be freed
- *
- *      This will free all memory associated with the given rule.
- *      If @rule is NULL, no operation is performed.
- */
-void selinux_audit_rule_free(struct selinux_audit_rule *rule);
-/**
- *      selinux_audit_rule_match - determine if a context ID matches a rule.
- *      @sid: the context ID to check
- *      @field: the field this rule refers to
- *      @op: the operater the rule uses
- *      @rule: pointer to the audit rule to check against
- *      @actx: the audit context (can be NULL) associated with the check
- *
- *      Returns 1 if the context id matches the rule, 0 if it does not, and
- *      -errno on failure.
- */
-int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
-                             struct selinux_audit_rule *rule,
-                             struct audit_context *actx);
-/**
- *      selinux_audit_set_callback - set the callback for policy reloads.
- *      @callback: the function to call when the policy is reloaded
- *
- *      This sets the function callback function that will update the rules
- *      upon policy reloads.  This callback should rebuild all existing rules
- *      using selinux_audit_rule_init().
- */
-void selinux_audit_set_callback(int (*callback)(void));
-/**
 *     selinux_string_to_sid - map a security context string to a security ID
 *     @str: the security context string to be mapped
 *     @sid: ID value returned via this.
@@ -111,30 +63,6 @@ void selinux_secmark_refcount_inc(void);
 void selinux_secmark_refcount_dec(void);
 #else
-static inline int selinux_audit_rule_init(u32 field, u32 op,
-                                          char *rulestr,
-                                          struct selinux_audit_rule **rule)
-{
-        return -EOPNOTSUPP;
-}
-static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
-{
-        return;
-}
-static inline int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
-                                           struct selinux_audit_rule *rule,
-                                           struct audit_context *actx)
-{
-        return 0;
-}
-static inline void selinux_audit_set_callback(int (*callback)(void))
-{
-        return;
-}
 static inline int selinux_string_to_sid(const char *str, u32 *sid)
 {
       *sid = 0;
author	Ahmed S. Darwish <darwish.07@gmail.com>	2008-03-01 15:03:14 -0500
committer	James Morris <jmorris@namei.org>	2008-04-18 19:53:46 -0400
commit	9d57a7f9e23dc30783d245280fc9907cf2c87837 (patch)
tree	508b81e213f5dca1097ccf0ece8ba092b168607b /include/linux/selinux.h
parent	d7a96f3a1ae279a2129653d6cb18d722f2f00f91 (diff)

diff --git a/include/linux/selinux.h b/include/linux/selinux.h index 24b0af1c4cac..20f965d4b041 100644 --- a/include/linux/selinux.h +++ b/include/linux/selinux.h
@@ -21,54 +21,6 @@ struct kern_ipc_perm;
21	#ifdef CONFIG_SECURITY_SELINUX	21	#ifdef CONFIG_SECURITY_SELINUX
22		22
23	/**	23	/**
24	* selinux_audit_rule_init - alloc/init an selinux audit rule structure.
25	* @field: the field this rule refers to
26	* @op: the operater the rule uses
27	* @rulestr: the text "target" of the rule
28	* @rule: pointer to the new rule structure returned via this
29	*
30	* Returns 0 if successful, -errno if not. On success, the rule structure
31	* will be allocated internally. The caller must free this structure with
32	* selinux_audit_rule_free() after use.
33	*/
34	int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
35	struct selinux_audit_rule **rule);
36
37	/**
38	* selinux_audit_rule_free - free an selinux audit rule structure.
39	* @rule: pointer to the audit rule to be freed
40	*
41	* This will free all memory associated with the given rule.
42	* If @rule is NULL, no operation is performed.
43	*/
44	void selinux_audit_rule_free(struct selinux_audit_rule *rule);
45
46	/**
47	* selinux_audit_rule_match - determine if a context ID matches a rule.
48	* @sid: the context ID to check
49	* @field: the field this rule refers to
50	* @op: the operater the rule uses
51	* @rule: pointer to the audit rule to check against
52	* @actx: the audit context (can be NULL) associated with the check
53	*
54	* Returns 1 if the context id matches the rule, 0 if it does not, and
55	* -errno on failure.
56	*/
57	int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
58	struct selinux_audit_rule *rule,
59	struct audit_context *actx);
60
61	/**
62	* selinux_audit_set_callback - set the callback for policy reloads.
63	* @callback: the function to call when the policy is reloaded
64	*
65	* This sets the function callback function that will update the rules
66	* upon policy reloads. This callback should rebuild all existing rules
67	* using selinux_audit_rule_init().
68	*/
69	void selinux_audit_set_callback(int (*callback)(void));
70
71	/**
72	* selinux_string_to_sid - map a security context string to a security ID	24	* selinux_string_to_sid - map a security context string to a security ID
73	* @str: the security context string to be mapped	25	* @str: the security context string to be mapped
74	* @sid: ID value returned via this.	26	* @sid: ID value returned via this.
@@ -111,30 +63,6 @@ void selinux_secmark_refcount_inc(void);
111	void selinux_secmark_refcount_dec(void);	63	void selinux_secmark_refcount_dec(void);
112	#else	64	#else
113		65
114	static inline int selinux_audit_rule_init(u32 field, u32 op,
115	char *rulestr,
116	struct selinux_audit_rule **rule)
117	{
118	return -EOPNOTSUPP;
119	}
120
121	static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
122	{
123	return;
124	}
125
126	static inline int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
127	struct selinux_audit_rule *rule,
128	struct audit_context *actx)
129	{
130	return 0;
131	}
132
133	static inline void selinux_audit_set_callback(int (*callback)(void))
134	{
135	return;
136	}
137
138	static inline int selinux_string_to_sid(const char str, u32 sid)	66	static inline int selinux_string_to_sid(const char str, u32 sid)
139	{	67	{
140	*sid = 0;	68	*sid = 0;