[PATCH] change lspp ipc auditing

Hi, The patch below converts IPC auditing to collect sid's and convert to context string only if it needs to output an audit record. This patch depends on the inode audit change patch already being applied. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Steve Grubb <sgrubb@redhat.com> 2006-03-31 15:22:49 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2006-05-01 06:09:56 -0400
commit: 9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d (patch)
tree: 1e1489ed5080ea4aff6206bfa904f549de8e56ca /include/linux
parent: 1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb (diff)
2 files changed, 15 insertions, 16 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index aaa0a5cdbf75..1bab48f6aeac 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -869,11 +869,6 @@ struct swap_info_struct;
 *      @ipcp contains the kernel IPC permission structure
 *      @flag contains the desired (requested) permission set
 *      Return 0 if permission is granted.
- * @ipc_getsecurity:
- *      Copy the security label associated with the ipc object into
- *      @buffer.  @buffer may be NULL to request the size of the buffer 
- *      required.  @size indicates the size of @buffer in bytes. Return 
- *      number of bytes used/required on success.
 *
 * Security hooks for individual messages held in System V IPC message queues
 * @msg_msg_alloc_security:
@@ -1223,7 +1218,6 @@ struct security_operations {
        void (*task_to_inode)(struct task_struct *p, struct inode *inode);
        int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
-        int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size);
        int (*msg_msg_alloc_security) (struct msg_msg * msg);
        void (*msg_msg_free_security) (struct msg_msg * msg);
@@ -1887,11 +1881,6 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
        return security_ops->ipc_permission (ipcp, flag);
 }
-static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
-{
-        return security_ops->ipc_getsecurity(ipcp, buffer, size);
-}
 static inline int security_msg_msg_alloc (struct msg_msg * msg)
 {
        return security_ops->msg_msg_alloc_security (msg);
@@ -2532,11 +2521,6 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
        return 0;
 }
-static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
-{
-        return -EOPNOTSUPP;
-}
 static inline int security_msg_msg_alloc (struct msg_msg * msg)
 {
        return 0;
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 84a6c7404687..413d66773b91 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -16,6 +16,7 @@
 struct selinux_audit_rule;
 struct audit_context;
 struct inode;
+struct kern_ipc_perm;
 #ifdef CONFIG_SECURITY_SELINUX
@@ -98,6 +99,15 @@ int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen);
 */
 void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
+/**
+ *     selinux_get_ipc_sid - get the ipc security context ID
+ *     @ipcp: ipc structure to get the sid from.
+ *     @sid: pointer to security context ID to be filled in.
+ *
+ *     Returns nothing
+ */
+void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
 #else
 static inline int selinux_audit_rule_init(u32 field, u32 op,
@@ -141,6 +151,11 @@ static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
        *sid = 0;
 }
+static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
+{
+        *sid = 0;
+}
 #endif  /* CONFIG_SECURITY_SELINUX */
 #endif /* _LINUX_SELINUX_H */
author	Steve Grubb <sgrubb@redhat.com>	2006-03-31 15:22:49 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2006-05-01 06:09:56 -0400
commit	9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d (patch)
tree	1e1489ed5080ea4aff6206bfa904f549de8e56ca /include/linux
parent	1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb (diff)