diff options
| author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-01 15:01:11 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-04-18 19:52:37 -0400 |
| commit | d7a96f3a1ae279a2129653d6cb18d722f2f00f91 (patch) | |
| tree | fc38736f303133f80912f1640f2d4fac0027fe04 /kernel/auditsc.c | |
| parent | 03d37d25e0f91b28c4b6d002be6221f1af4b19d8 (diff) | |
Audit: internally use the new LSM audit hooks
Convert Audit to use the new LSM Audit hooks instead of
the exported SELinux interface.
Basically, use:
security_audit_rule_init
secuirty_audit_rule_free
security_audit_rule_known
security_audit_rule_match
instad of (respectively) :
selinux_audit_rule_init
selinux_audit_rule_free
audit_rule_has_selinux
selinux_audit_rule_match
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6a83c706b504..c0700535e5c5 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -61,7 +61,6 @@ | |||
| 61 | #include <linux/security.h> | 61 | #include <linux/security.h> |
| 62 | #include <linux/list.h> | 62 | #include <linux/list.h> |
| 63 | #include <linux/tty.h> | 63 | #include <linux/tty.h> |
| 64 | #include <linux/selinux.h> | ||
| 65 | #include <linux/binfmts.h> | 64 | #include <linux/binfmts.h> |
| 66 | #include <linux/highmem.h> | 65 | #include <linux/highmem.h> |
| 67 | #include <linux/syscalls.h> | 66 | #include <linux/syscalls.h> |
| @@ -533,7 +532,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 533 | security_task_getsecid(tsk, &sid); | 532 | security_task_getsecid(tsk, &sid); |
| 534 | need_sid = 0; | 533 | need_sid = 0; |
| 535 | } | 534 | } |
| 536 | result = selinux_audit_rule_match(sid, f->type, | 535 | result = security_audit_rule_match(sid, f->type, |
| 537 | f->op, | 536 | f->op, |
| 538 | f->se_rule, | 537 | f->se_rule, |
| 539 | ctx); | 538 | ctx); |
| @@ -549,12 +548,12 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 549 | if (f->se_rule) { | 548 | if (f->se_rule) { |
| 550 | /* Find files that match */ | 549 | /* Find files that match */ |
| 551 | if (name) { | 550 | if (name) { |
| 552 | result = selinux_audit_rule_match( | 551 | result = security_audit_rule_match( |
| 553 | name->osid, f->type, f->op, | 552 | name->osid, f->type, f->op, |
| 554 | f->se_rule, ctx); | 553 | f->se_rule, ctx); |
| 555 | } else if (ctx) { | 554 | } else if (ctx) { |
| 556 | for (j = 0; j < ctx->name_count; j++) { | 555 | for (j = 0; j < ctx->name_count; j++) { |
| 557 | if (selinux_audit_rule_match( | 556 | if (security_audit_rule_match( |
| 558 | ctx->names[j].osid, | 557 | ctx->names[j].osid, |
| 559 | f->type, f->op, | 558 | f->type, f->op, |
| 560 | f->se_rule, ctx)) { | 559 | f->se_rule, ctx)) { |
| @@ -570,7 +569,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 570 | aux = aux->next) { | 569 | aux = aux->next) { |
| 571 | if (aux->type == AUDIT_IPC) { | 570 | if (aux->type == AUDIT_IPC) { |
| 572 | struct audit_aux_data_ipcctl *axi = (void *)aux; | 571 | struct audit_aux_data_ipcctl *axi = (void *)aux; |
| 573 | if (selinux_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) { | 572 | if (security_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) { |
| 574 | ++result; | 573 | ++result; |
| 575 | break; | 574 | break; |
| 576 | } | 575 | } |