aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorAhmed S. Darwish <darwish.07@gmail.com>2008-03-01 14:54:38 -0500
committerJames Morris <jmorris@namei.org>2008-04-18 19:52:34 -0400
commit2a862b32f3da5a2120043921ad301322ad526084 (patch)
treebb97054b2f648504f670e3eaed2626b547c4d081 /kernel/auditsc.c
parent713a04aeaba35bb95d442cdeb52055498519be25 (diff)
Audit: use new LSM hooks instead of SELinux exports
Stop using the following exported SELinux interfaces: selinux_get_inode_sid(inode, sid) selinux_get_ipc_sid(ipcp, sid) selinux_get_task_sid(tsk, sid) selinux_sid_to_string(sid, ctx, len) kfree(ctx) and use following generic LSM equivalents respectively: security_inode_getsecid(inode, secid) security_ipc_getsecid*(ipcp, secid) security_task_getsecid(tsk, secid) security_sid_to_secctx(sid, ctx, len) security_release_secctx(ctx, len) Call security_release_secctx only if security_secid_to_secctx succeeded. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c55
1 files changed, 29 insertions, 26 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 782262e4107d..6a83c706b504 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -530,7 +530,7 @@ static int audit_filter_rules(struct task_struct *tsk,
530 logged upon error */ 530 logged upon error */
531 if (f->se_rule) { 531 if (f->se_rule) {
532 if (need_sid) { 532 if (need_sid) {
533 selinux_get_task_sid(tsk, &sid); 533 security_task_getsecid(tsk, &sid);
534 need_sid = 0; 534 need_sid = 0;
535 } 535 }
536 result = selinux_audit_rule_match(sid, f->type, 536 result = selinux_audit_rule_match(sid, f->type,
@@ -885,11 +885,11 @@ void audit_log_task_context(struct audit_buffer *ab)
885 int error; 885 int error;
886 u32 sid; 886 u32 sid;
887 887
888 selinux_get_task_sid(current, &sid); 888 security_task_getsecid(current, &sid);
889 if (!sid) 889 if (!sid)
890 return; 890 return;
891 891
892 error = selinux_sid_to_string(sid, &ctx, &len); 892 error = security_secid_to_secctx(sid, &ctx, &len);
893 if (error) { 893 if (error) {
894 if (error != -EINVAL) 894 if (error != -EINVAL)
895 goto error_path; 895 goto error_path;
@@ -897,7 +897,7 @@ void audit_log_task_context(struct audit_buffer *ab)
897 } 897 }
898 898
899 audit_log_format(ab, " subj=%s", ctx); 899 audit_log_format(ab, " subj=%s", ctx);
900 kfree(ctx); 900 security_release_secctx(ctx, len);
901 return; 901 return;
902 902
903error_path: 903error_path:
@@ -941,7 +941,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
941 u32 sid, char *comm) 941 u32 sid, char *comm)
942{ 942{
943 struct audit_buffer *ab; 943 struct audit_buffer *ab;
944 char *s = NULL; 944 char *ctx = NULL;
945 u32 len; 945 u32 len;
946 int rc = 0; 946 int rc = 0;
947 947
@@ -951,15 +951,16 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
951 951
952 audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, auid, 952 audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, auid,
953 uid, sessionid); 953 uid, sessionid);
954 if (selinux_sid_to_string(sid, &s, &len)) { 954 if (security_secid_to_secctx(sid, &ctx, &len)) {
955 audit_log_format(ab, " obj=(none)"); 955 audit_log_format(ab, " obj=(none)");
956 rc = 1; 956 rc = 1;
957 } else 957 } else {
958 audit_log_format(ab, " obj=%s", s); 958 audit_log_format(ab, " obj=%s", ctx);
959 security_release_secctx(ctx, len);
960 }
959 audit_log_format(ab, " ocomm="); 961 audit_log_format(ab, " ocomm=");
960 audit_log_untrustedstring(ab, comm); 962 audit_log_untrustedstring(ab, comm);
961 audit_log_end(ab); 963 audit_log_end(ab);
962 kfree(s);
963 964
964 return rc; 965 return rc;
965} 966}
@@ -1271,14 +1272,15 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1271 if (axi->osid != 0) { 1272 if (axi->osid != 0) {
1272 char *ctx = NULL; 1273 char *ctx = NULL;
1273 u32 len; 1274 u32 len;
1274 if (selinux_sid_to_string( 1275 if (security_secid_to_secctx(
1275 axi->osid, &ctx, &len)) { 1276 axi->osid, &ctx, &len)) {
1276 audit_log_format(ab, " osid=%u", 1277 audit_log_format(ab, " osid=%u",
1277 axi->osid); 1278 axi->osid);
1278 call_panic = 1; 1279 call_panic = 1;
1279 } else 1280 } else {
1280 audit_log_format(ab, " obj=%s", ctx); 1281 audit_log_format(ab, " obj=%s", ctx);
1281 kfree(ctx); 1282 security_release_secctx(ctx, len);
1283 }
1282 } 1284 }
1283 break; } 1285 break; }
1284 1286
@@ -1392,13 +1394,14 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1392 if (n->osid != 0) { 1394 if (n->osid != 0) {
1393 char *ctx = NULL; 1395 char *ctx = NULL;
1394 u32 len; 1396 u32 len;
1395 if (selinux_sid_to_string( 1397 if (security_secid_to_secctx(
1396 n->osid, &ctx, &len)) { 1398 n->osid, &ctx, &len)) {
1397 audit_log_format(ab, " osid=%u", n->osid); 1399 audit_log_format(ab, " osid=%u", n->osid);
1398 call_panic = 2; 1400 call_panic = 2;
1399 } else 1401 } else {
1400 audit_log_format(ab, " obj=%s", ctx); 1402 audit_log_format(ab, " obj=%s", ctx);
1401 kfree(ctx); 1403 security_release_secctx(ctx, len);
1404 }
1402 } 1405 }
1403 1406
1404 audit_log_end(ab); 1407 audit_log_end(ab);
@@ -1775,7 +1778,7 @@ static void audit_copy_inode(struct audit_names *name, const struct inode *inode
1775 name->uid = inode->i_uid; 1778 name->uid = inode->i_uid;
1776 name->gid = inode->i_gid; 1779 name->gid = inode->i_gid;
1777 name->rdev = inode->i_rdev; 1780 name->rdev = inode->i_rdev;
1778 selinux_get_inode_sid(inode, &name->osid); 1781 security_inode_getsecid(inode, &name->osid);
1779} 1782}
1780 1783
1781/** 1784/**
@@ -2190,8 +2193,7 @@ int __audit_ipc_obj(struct kern_ipc_perm *ipcp)
2190 ax->uid = ipcp->uid; 2193 ax->uid = ipcp->uid;
2191 ax->gid = ipcp->gid; 2194 ax->gid = ipcp->gid;
2192 ax->mode = ipcp->mode; 2195 ax->mode = ipcp->mode;
2193 selinux_get_ipc_sid(ipcp, &ax->osid); 2196 security_ipc_getsecid(ipcp, &ax->osid);
2194
2195 ax->d.type = AUDIT_IPC; 2197 ax->d.type = AUDIT_IPC;
2196 ax->d.next = context->aux; 2198 ax->d.next = context->aux;
2197 context->aux = (void *)ax; 2199 context->aux = (void *)ax;
@@ -2343,7 +2345,7 @@ void __audit_ptrace(struct task_struct *t)
2343 context->target_auid = audit_get_loginuid(t); 2345 context->target_auid = audit_get_loginuid(t);
2344 context->target_uid = t->uid; 2346 context->target_uid = t->uid;
2345 context->target_sessionid = audit_get_sessionid(t); 2347 context->target_sessionid = audit_get_sessionid(t);
2346 selinux_get_task_sid(t, &context->target_sid); 2348 security_task_getsecid(t, &context->target_sid);
2347 memcpy(context->target_comm, t->comm, TASK_COMM_LEN); 2349 memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
2348} 2350}
2349 2351
@@ -2371,7 +2373,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2371 audit_sig_uid = tsk->loginuid; 2373 audit_sig_uid = tsk->loginuid;
2372 else 2374 else
2373 audit_sig_uid = tsk->uid; 2375 audit_sig_uid = tsk->uid;
2374 selinux_get_task_sid(tsk, &audit_sig_sid); 2376 security_task_getsecid(tsk, &audit_sig_sid);
2375 } 2377 }
2376 if (!audit_signals || audit_dummy_context()) 2378 if (!audit_signals || audit_dummy_context())
2377 return 0; 2379 return 0;
@@ -2384,7 +2386,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2384 ctx->target_auid = audit_get_loginuid(t); 2386 ctx->target_auid = audit_get_loginuid(t);
2385 ctx->target_uid = t->uid; 2387 ctx->target_uid = t->uid;
2386 ctx->target_sessionid = audit_get_sessionid(t); 2388 ctx->target_sessionid = audit_get_sessionid(t);
2387 selinux_get_task_sid(t, &ctx->target_sid); 2389 security_task_getsecid(t, &ctx->target_sid);
2388 memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); 2390 memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
2389 return 0; 2391 return 0;
2390 } 2392 }
@@ -2405,7 +2407,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2405 axp->target_auid[axp->pid_count] = audit_get_loginuid(t); 2407 axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
2406 axp->target_uid[axp->pid_count] = t->uid; 2408 axp->target_uid[axp->pid_count] = t->uid;
2407 axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); 2409 axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
2408 selinux_get_task_sid(t, &axp->target_sid[axp->pid_count]); 2410 security_task_getsecid(t, &axp->target_sid[axp->pid_count]);
2409 memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); 2411 memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
2410 axp->pid_count++; 2412 axp->pid_count++;
2411 2413
@@ -2435,16 +2437,17 @@ void audit_core_dumps(long signr)
2435 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); 2437 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
2436 audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u", 2438 audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
2437 auid, current->uid, current->gid, sessionid); 2439 auid, current->uid, current->gid, sessionid);
2438 selinux_get_task_sid(current, &sid); 2440 security_task_getsecid(current, &sid);
2439 if (sid) { 2441 if (sid) {
2440 char *ctx = NULL; 2442 char *ctx = NULL;
2441 u32 len; 2443 u32 len;
2442 2444
2443 if (selinux_sid_to_string(sid, &ctx, &len)) 2445 if (security_secid_to_secctx(sid, &ctx, &len))
2444 audit_log_format(ab, " ssid=%u", sid); 2446 audit_log_format(ab, " ssid=%u", sid);
2445 else 2447 else {
2446 audit_log_format(ab, " subj=%s", ctx); 2448 audit_log_format(ab, " subj=%s", ctx);
2447 kfree(ctx); 2449 security_release_secctx(ctx, len);
2450 }
2448 } 2451 }
2449 audit_log_format(ab, " pid=%d comm=", current->pid); 2452 audit_log_format(ab, " pid=%d comm=", current->pid);
2450 audit_log_untrustedstring(ab, current->comm); 2453 audit_log_untrustedstring(ab, current->comm);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-14 20:44:54 -0500