aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2013-04-19 15:00:33 -0400
committerEric Paris <eparis@redhat.com>2013-04-30 15:31:28 -0400
commitb122c3767c1d89763b4babca062c3171a71ed97c (patch)
tree6d11cbca5af63bd1ac4089895d8751f09af28823 /kernel/audit.c
parent152f497b9b5940f81de3205465840a5eb316458e (diff)
audit: use a consistent audit helper to log lsm information
We have a number of places we were reimplementing the same code to write out lsm labels. Just do it one darn place. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c34
1 files changed, 4 insertions, 30 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 79b42fd14c22..a3c77b979b5b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -271,29 +271,15 @@ static int audit_log_config_change(char *function_name, int new, int old,
271 int rc = 0; 271 int rc = 0;
272 u32 sessionid = audit_get_sessionid(current); 272 u32 sessionid = audit_get_sessionid(current);
273 uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current)); 273 uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));
274 u32 sid;
275
276 274
277 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 275 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
278 if (unlikely(!ab)) 276 if (unlikely(!ab))
279 return rc; 277 return rc;
280 audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new, 278 audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
281 old, auid, sessionid); 279 old, auid, sessionid);
282 280 rc = audit_log_task_context(ab);
283 security_task_getsecid(current, &sid); 281 if (rc)
284 if (sid) { 282 allow_changes = 0; /* Something weird, deny request */
285 char *ctx = NULL;
286 u32 len;
287
288 rc = security_secid_to_secctx(sid, &ctx, &len);
289 if (rc) {
290 audit_log_format(ab, " sid=%u", sid);
291 allow_changes = 0; /* Something weird, deny request */
292 } else {
293 audit_log_format(ab, " subj=%s", ctx);
294 security_release_secctx(ctx, len);
295 }
296 }
297 audit_log_format(ab, " res=%d", allow_changes); 283 audit_log_format(ab, " res=%d", allow_changes);
298 audit_log_end(ab); 284 audit_log_end(ab);
299 return rc; 285 return rc;
@@ -625,12 +611,9 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
625static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type) 611static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
626{ 612{
627 int rc = 0; 613 int rc = 0;
628 char *ctx = NULL;
629 u32 len;
630 u32 sessionid = audit_get_sessionid(current); 614 u32 sessionid = audit_get_sessionid(current);
631 uid_t uid = from_kuid(&init_user_ns, current_uid()); 615 uid_t uid = from_kuid(&init_user_ns, current_uid());
632 uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current)); 616 uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));
633 u32 sid;
634 617
635 if (!audit_enabled) { 618 if (!audit_enabled) {
636 *ab = NULL; 619 *ab = NULL;
@@ -642,16 +625,7 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
642 return rc; 625 return rc;
643 audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u", 626 audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
644 task_tgid_vnr(current), uid, auid, sessionid); 627 task_tgid_vnr(current), uid, auid, sessionid);
645 security_task_getsecid(current, &sid); 628 audit_log_task_context(*ab);
646 if (sid) {
647 rc = security_secid_to_secctx(sid, &ctx, &len);
648 if (rc)
649 audit_log_format(*ab, " ssid=%u", sid);
650 else {
651 audit_log_format(*ab, " subj=%s", ctx);
652 security_release_secctx(ctx, len);
653 }
654 }
655 629
656 return rc; 630 return rc;
657} 631}