aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorAhmed S. Darwish <darwish.07@gmail.com>2008-03-01 14:54:38 -0500
committerJames Morris <jmorris@namei.org>2008-04-18 19:52:34 -0400
commit2a862b32f3da5a2120043921ad301322ad526084 (patch)
treebb97054b2f648504f670e3eaed2626b547c4d081 /kernel/audit.c
parent713a04aeaba35bb95d442cdeb52055498519be25 (diff)
Audit: use new LSM hooks instead of SELinux exports
Stop using the following exported SELinux interfaces: selinux_get_inode_sid(inode, sid) selinux_get_ipc_sid(ipcp, sid) selinux_get_task_sid(tsk, sid) selinux_sid_to_string(sid, ctx, len) kfree(ctx) and use following generic LSM equivalents respectively: security_inode_getsecid(inode, secid) security_ipc_getsecid*(ipcp, secid) security_task_getsecid(tsk, secid) security_sid_to_secctx(sid, ctx, len) security_release_secctx(ctx, len) Call security_release_secctx only if security_secid_to_secctx succeeded. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c17
1 files changed, 9 insertions, 8 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index b782b046543d..784a48e9f382 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -265,13 +265,13 @@ static int audit_log_config_change(char *function_name, int new, int old,
265 char *ctx = NULL; 265 char *ctx = NULL;
266 u32 len; 266 u32 len;
267 267
268 rc = selinux_sid_to_string(sid, &ctx, &len); 268 rc = security_secid_to_secctx(sid, &ctx, &len);
269 if (rc) { 269 if (rc) {
270 audit_log_format(ab, " sid=%u", sid); 270 audit_log_format(ab, " sid=%u", sid);
271 allow_changes = 0; /* Something weird, deny request */ 271 allow_changes = 0; /* Something weird, deny request */
272 } else { 272 } else {
273 audit_log_format(ab, " subj=%s", ctx); 273 audit_log_format(ab, " subj=%s", ctx);
274 kfree(ctx); 274 security_release_secctx(ctx, len);
275 } 275 }
276 } 276 }
277 audit_log_format(ab, " res=%d", allow_changes); 277 audit_log_format(ab, " res=%d", allow_changes);
@@ -550,12 +550,13 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
550 audit_log_format(*ab, "user pid=%d uid=%u auid=%u", 550 audit_log_format(*ab, "user pid=%d uid=%u auid=%u",
551 pid, uid, auid); 551 pid, uid, auid);
552 if (sid) { 552 if (sid) {
553 rc = selinux_sid_to_string(sid, &ctx, &len); 553 rc = security_secid_to_secctx(sid, &ctx, &len);
554 if (rc) 554 if (rc)
555 audit_log_format(*ab, " ssid=%u", sid); 555 audit_log_format(*ab, " ssid=%u", sid);
556 else 556 else {
557 audit_log_format(*ab, " subj=%s", ctx); 557 audit_log_format(*ab, " subj=%s", ctx);
558 kfree(ctx); 558 security_release_secctx(ctx, len);
559 }
559 } 560 }
560 561
561 return rc; 562 return rc;
@@ -758,18 +759,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
758 break; 759 break;
759 } 760 }
760 case AUDIT_SIGNAL_INFO: 761 case AUDIT_SIGNAL_INFO:
761 err = selinux_sid_to_string(audit_sig_sid, &ctx, &len); 762 err = security_secid_to_secctx(audit_sig_sid, &ctx, &len);
762 if (err) 763 if (err)
763 return err; 764 return err;
764 sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); 765 sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
765 if (!sig_data) { 766 if (!sig_data) {
766 kfree(ctx); 767 security_release_secctx(ctx, len);
767 return -ENOMEM; 768 return -ENOMEM;
768 } 769 }
769 sig_data->uid = audit_sig_uid; 770 sig_data->uid = audit_sig_uid;
770 sig_data->pid = audit_sig_pid; 771 sig_data->pid = audit_sig_pid;
771 memcpy(sig_data->ctx, ctx, len); 772 memcpy(sig_data->ctx, ctx, len);
772 kfree(ctx); 773 security_release_secctx(ctx, len);
773 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, 774 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO,
774 0, 0, sig_data, sizeof(*sig_data) + len); 775 0, 0, sig_data, sizeof(*sig_data) + len);
775 kfree(sig_data); 776 kfree(sig_data);