diff options
| author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-01 15:01:11 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-04-18 19:52:37 -0400 |
| commit | d7a96f3a1ae279a2129653d6cb18d722f2f00f91 (patch) | |
| tree | fc38736f303133f80912f1640f2d4fac0027fe04 /kernel | |
| parent | 03d37d25e0f91b28c4b6d002be6221f1af4b19d8 (diff) | |
Audit: internally use the new LSM audit hooks
Convert Audit to use the new LSM Audit hooks instead of
the exported SELinux interface.
Basically, use:
security_audit_rule_init
secuirty_audit_rule_free
security_audit_rule_known
security_audit_rule_match
instad of (respectively) :
selinux_audit_rule_init
selinux_audit_rule_free
audit_rule_has_selinux
selinux_audit_rule_match
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/audit.c | 7 | ||||
| -rw-r--r-- | kernel/auditfilter.c | 61 | ||||
| -rw-r--r-- | kernel/auditsc.c | 9 |
3 files changed, 22 insertions, 55 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 784a48e9f382..a7b16086d36f 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -21,7 +21,7 @@ | |||
| 21 | * | 21 | * |
| 22 | * Written by Rickard E. (Rik) Faith <faith@redhat.com> | 22 | * Written by Rickard E. (Rik) Faith <faith@redhat.com> |
| 23 | * | 23 | * |
| 24 | * Goals: 1) Integrate fully with SELinux. | 24 | * Goals: 1) Integrate fully with Security Modules. |
| 25 | * 2) Minimal run-time overhead: | 25 | * 2) Minimal run-time overhead: |
| 26 | * a) Minimal when syscall auditing is disabled (audit_enable=0). | 26 | * a) Minimal when syscall auditing is disabled (audit_enable=0). |
| 27 | * b) Small when syscall auditing is enabled and no audit record | 27 | * b) Small when syscall auditing is enabled and no audit record |
| @@ -55,7 +55,6 @@ | |||
| 55 | #include <net/netlink.h> | 55 | #include <net/netlink.h> |
| 56 | #include <linux/skbuff.h> | 56 | #include <linux/skbuff.h> |
| 57 | #include <linux/netlink.h> | 57 | #include <linux/netlink.h> |
| 58 | #include <linux/selinux.h> | ||
| 59 | #include <linux/inotify.h> | 58 | #include <linux/inotify.h> |
| 60 | #include <linux/freezer.h> | 59 | #include <linux/freezer.h> |
| 61 | #include <linux/tty.h> | 60 | #include <linux/tty.h> |
| @@ -882,10 +881,6 @@ static int __init audit_init(void) | |||
| 882 | audit_enabled = audit_default; | 881 | audit_enabled = audit_default; |
| 883 | audit_ever_enabled |= !!audit_default; | 882 | audit_ever_enabled |= !!audit_default; |
| 884 | 883 | ||
| 885 | /* Register the callback with selinux. This callback will be invoked | ||
| 886 | * when a new policy is loaded. */ | ||
| 887 | selinux_audit_set_callback(&selinux_audit_rule_update); | ||
| 888 | |||
| 889 | audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); | 884 | audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); |
| 890 | 885 | ||
| 891 | #ifdef CONFIG_AUDITSYSCALL | 886 | #ifdef CONFIG_AUDITSYSCALL |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 35e58a146eff..7c69cb5e44fb 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -29,7 +29,6 @@ | |||
| 29 | #include <linux/sched.h> | 29 | #include <linux/sched.h> |
| 30 | #include <linux/inotify.h> | 30 | #include <linux/inotify.h> |
| 31 | #include <linux/security.h> | 31 | #include <linux/security.h> |
| 32 | #include <linux/selinux.h> | ||
| 33 | #include "audit.h" | 32 | #include "audit.h" |
| 34 | 33 | ||
| 35 | /* | 34 | /* |
| @@ -39,7 +38,7 @@ | |||
| 39 | * Synchronizes writes and blocking reads of audit's filterlist | 38 | * Synchronizes writes and blocking reads of audit's filterlist |
| 40 | * data. Rcu is used to traverse the filterlist and access | 39 | * data. Rcu is used to traverse the filterlist and access |
| 41 | * contents of structs audit_entry, audit_watch and opaque | 40 | * contents of structs audit_entry, audit_watch and opaque |
| 42 | * selinux rules during filtering. If modified, these structures | 41 | * LSM rules during filtering. If modified, these structures |
| 43 | * must be copied and replace their counterparts in the filterlist. | 42 | * must be copied and replace their counterparts in the filterlist. |
| 44 | * An audit_parent struct is not accessed during filtering, so may | 43 | * An audit_parent struct is not accessed during filtering, so may |
| 45 | * be written directly provided audit_filter_mutex is held. | 44 | * be written directly provided audit_filter_mutex is held. |
| @@ -141,7 +140,7 @@ static inline void audit_free_rule(struct audit_entry *e) | |||
| 141 | for (i = 0; i < e->rule.field_count; i++) { | 140 | for (i = 0; i < e->rule.field_count; i++) { |
| 142 | struct audit_field *f = &e->rule.fields[i]; | 141 | struct audit_field *f = &e->rule.fields[i]; |
| 143 | kfree(f->se_str); | 142 | kfree(f->se_str); |
| 144 | selinux_audit_rule_free(f->se_rule); | 143 | security_audit_rule_free(f->se_rule); |
| 145 | } | 144 | } |
| 146 | kfree(e->rule.fields); | 145 | kfree(e->rule.fields); |
| 147 | kfree(e->rule.filterkey); | 146 | kfree(e->rule.filterkey); |
| @@ -598,12 +597,12 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
| 598 | goto exit_free; | 597 | goto exit_free; |
| 599 | entry->rule.buflen += f->val; | 598 | entry->rule.buflen += f->val; |
| 600 | 599 | ||
| 601 | err = selinux_audit_rule_init(f->type, f->op, str, | 600 | err = security_audit_rule_init(f->type, f->op, str, |
| 602 | &f->se_rule); | 601 | (void **)&f->se_rule); |
| 603 | /* Keep currently invalid fields around in case they | 602 | /* Keep currently invalid fields around in case they |
| 604 | * become valid after a policy reload. */ | 603 | * become valid after a policy reload. */ |
| 605 | if (err == -EINVAL) { | 604 | if (err == -EINVAL) { |
| 606 | printk(KERN_WARNING "audit rule for selinux " | 605 | printk(KERN_WARNING "audit rule for LSM " |
| 607 | "\'%s\' is invalid\n", str); | 606 | "\'%s\' is invalid\n", str); |
| 608 | err = 0; | 607 | err = 0; |
| 609 | } | 608 | } |
| @@ -863,9 +862,9 @@ out: | |||
| 863 | return new; | 862 | return new; |
| 864 | } | 863 | } |
| 865 | 864 | ||
| 866 | /* Duplicate selinux field information. The se_rule is opaque, so must be | 865 | /* Duplicate LSM field information. The se_rule is opaque, so must be |
| 867 | * re-initialized. */ | 866 | * re-initialized. */ |
| 868 | static inline int audit_dupe_selinux_field(struct audit_field *df, | 867 | static inline int audit_dupe_lsm_field(struct audit_field *df, |
| 869 | struct audit_field *sf) | 868 | struct audit_field *sf) |
| 870 | { | 869 | { |
| 871 | int ret = 0; | 870 | int ret = 0; |
| @@ -878,12 +877,12 @@ static inline int audit_dupe_selinux_field(struct audit_field *df, | |||
| 878 | df->se_str = se_str; | 877 | df->se_str = se_str; |
| 879 | 878 | ||
| 880 | /* our own (refreshed) copy of se_rule */ | 879 | /* our own (refreshed) copy of se_rule */ |
| 881 | ret = selinux_audit_rule_init(df->type, df->op, df->se_str, | 880 | ret = security_audit_rule_init(df->type, df->op, df->se_str, |
| 882 | &df->se_rule); | 881 | (void **)&df->se_rule); |
| 883 | /* Keep currently invalid fields around in case they | 882 | /* Keep currently invalid fields around in case they |
| 884 | * become valid after a policy reload. */ | 883 | * become valid after a policy reload. */ |
| 885 | if (ret == -EINVAL) { | 884 | if (ret == -EINVAL) { |
| 886 | printk(KERN_WARNING "audit rule for selinux \'%s\' is " | 885 | printk(KERN_WARNING "audit rule for LSM \'%s\' is " |
| 887 | "invalid\n", df->se_str); | 886 | "invalid\n", df->se_str); |
| 888 | ret = 0; | 887 | ret = 0; |
| 889 | } | 888 | } |
| @@ -892,7 +891,7 @@ static inline int audit_dupe_selinux_field(struct audit_field *df, | |||
| 892 | } | 891 | } |
| 893 | 892 | ||
| 894 | /* Duplicate an audit rule. This will be a deep copy with the exception | 893 | /* Duplicate an audit rule. This will be a deep copy with the exception |
| 895 | * of the watch - that pointer is carried over. The selinux specific fields | 894 | * of the watch - that pointer is carried over. The LSM specific fields |
| 896 | * will be updated in the copy. The point is to be able to replace the old | 895 | * will be updated in the copy. The point is to be able to replace the old |
| 897 | * rule with the new rule in the filterlist, then free the old rule. | 896 | * rule with the new rule in the filterlist, then free the old rule. |
| 898 | * The rlist element is undefined; list manipulations are handled apart from | 897 | * The rlist element is undefined; list manipulations are handled apart from |
| @@ -945,7 +944,7 @@ static struct audit_entry *audit_dupe_rule(struct audit_krule *old, | |||
| 945 | case AUDIT_OBJ_TYPE: | 944 | case AUDIT_OBJ_TYPE: |
| 946 | case AUDIT_OBJ_LEV_LOW: | 945 | case AUDIT_OBJ_LEV_LOW: |
| 947 | case AUDIT_OBJ_LEV_HIGH: | 946 | case AUDIT_OBJ_LEV_HIGH: |
| 948 | err = audit_dupe_selinux_field(&new->fields[i], | 947 | err = audit_dupe_lsm_field(&new->fields[i], |
| 949 | &old->fields[i]); | 948 | &old->fields[i]); |
| 950 | break; | 949 | break; |
| 951 | case AUDIT_FILTERKEY: | 950 | case AUDIT_FILTERKEY: |
| @@ -1763,38 +1762,12 @@ unlock_and_return: | |||
| 1763 | return result; | 1762 | return result; |
| 1764 | } | 1763 | } |
| 1765 | 1764 | ||
| 1766 | /* Check to see if the rule contains any selinux fields. Returns 1 if there | ||
| 1767 | are selinux fields specified in the rule, 0 otherwise. */ | ||
| 1768 | static inline int audit_rule_has_selinux(struct audit_krule *rule) | ||
| 1769 | { | ||
| 1770 | int i; | ||
| 1771 | |||
| 1772 | for (i = 0; i < rule->field_count; i++) { | ||
| 1773 | struct audit_field *f = &rule->fields[i]; | ||
| 1774 | switch (f->type) { | ||
| 1775 | case AUDIT_SUBJ_USER: | ||
| 1776 | case AUDIT_SUBJ_ROLE: | ||
| 1777 | case AUDIT_SUBJ_TYPE: | ||
| 1778 | case AUDIT_SUBJ_SEN: | ||
| 1779 | case AUDIT_SUBJ_CLR: | ||
| 1780 | case AUDIT_OBJ_USER: | ||
| 1781 | case AUDIT_OBJ_ROLE: | ||
| 1782 | case AUDIT_OBJ_TYPE: | ||
| 1783 | case AUDIT_OBJ_LEV_LOW: | ||
| 1784 | case AUDIT_OBJ_LEV_HIGH: | ||
| 1785 | return 1; | ||
| 1786 | } | ||
| 1787 | } | ||
| 1788 | |||
| 1789 | return 0; | ||
| 1790 | } | ||
| 1791 | |||
| 1792 | /* This function will re-initialize the se_rule field of all applicable rules. | 1765 | /* This function will re-initialize the se_rule field of all applicable rules. |
| 1793 | * It will traverse the filter lists serarching for rules that contain selinux | 1766 | * It will traverse the filter lists serarching for rules that contain LSM |
| 1794 | * specific filter fields. When such a rule is found, it is copied, the | 1767 | * specific filter fields. When such a rule is found, it is copied, the |
| 1795 | * selinux field is re-initialized, and the old rule is replaced with the | 1768 | * LSM field is re-initialized, and the old rule is replaced with the |
| 1796 | * updated rule. */ | 1769 | * updated rule. */ |
| 1797 | int selinux_audit_rule_update(void) | 1770 | int audit_update_lsm_rules(void) |
| 1798 | { | 1771 | { |
| 1799 | struct audit_entry *entry, *n, *nentry; | 1772 | struct audit_entry *entry, *n, *nentry; |
| 1800 | struct audit_watch *watch; | 1773 | struct audit_watch *watch; |
| @@ -1806,7 +1779,7 @@ int selinux_audit_rule_update(void) | |||
| 1806 | 1779 | ||
| 1807 | for (i = 0; i < AUDIT_NR_FILTERS; i++) { | 1780 | for (i = 0; i < AUDIT_NR_FILTERS; i++) { |
| 1808 | list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) { | 1781 | list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) { |
| 1809 | if (!audit_rule_has_selinux(&entry->rule)) | 1782 | if (!security_audit_rule_known(&entry->rule)) |
| 1810 | continue; | 1783 | continue; |
| 1811 | 1784 | ||
| 1812 | watch = entry->rule.watch; | 1785 | watch = entry->rule.watch; |
| @@ -1817,7 +1790,7 @@ int selinux_audit_rule_update(void) | |||
| 1817 | * return value */ | 1790 | * return value */ |
| 1818 | if (!err) | 1791 | if (!err) |
| 1819 | err = PTR_ERR(nentry); | 1792 | err = PTR_ERR(nentry); |
| 1820 | audit_panic("error updating selinux filters"); | 1793 | audit_panic("error updating LSM filters"); |
| 1821 | if (watch) | 1794 | if (watch) |
| 1822 | list_del(&entry->rule.rlist); | 1795 | list_del(&entry->rule.rlist); |
| 1823 | list_del_rcu(&entry->list); | 1796 | list_del_rcu(&entry->list); |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6a83c706b504..c0700535e5c5 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -61,7 +61,6 @@ | |||
| 61 | #include <linux/security.h> | 61 | #include <linux/security.h> |
| 62 | #include <linux/list.h> | 62 | #include <linux/list.h> |
| 63 | #include <linux/tty.h> | 63 | #include <linux/tty.h> |
| 64 | #include <linux/selinux.h> | ||
| 65 | #include <linux/binfmts.h> | 64 | #include <linux/binfmts.h> |
| 66 | #include <linux/highmem.h> | 65 | #include <linux/highmem.h> |
| 67 | #include <linux/syscalls.h> | 66 | #include <linux/syscalls.h> |
| @@ -533,7 +532,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 533 | security_task_getsecid(tsk, &sid); | 532 | security_task_getsecid(tsk, &sid); |
| 534 | need_sid = 0; | 533 | need_sid = 0; |
| 535 | } | 534 | } |
| 536 | result = selinux_audit_rule_match(sid, f->type, | 535 | result = security_audit_rule_match(sid, f->type, |
| 537 | f->op, | 536 | f->op, |
| 538 | f->se_rule, | 537 | f->se_rule, |
| 539 | ctx); | 538 | ctx); |
| @@ -549,12 +548,12 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 549 | if (f->se_rule) { | 548 | if (f->se_rule) { |
| 550 | /* Find files that match */ | 549 | /* Find files that match */ |
| 551 | if (name) { | 550 | if (name) { |
| 552 | result = selinux_audit_rule_match( | 551 | result = security_audit_rule_match( |
| 553 | name->osid, f->type, f->op, | 552 | name->osid, f->type, f->op, |
| 554 | f->se_rule, ctx); | 553 | f->se_rule, ctx); |
| 555 | } else if (ctx) { | 554 | } else if (ctx) { |
| 556 | for (j = 0; j < ctx->name_count; j++) { | 555 | for (j = 0; j < ctx->name_count; j++) { |
| 557 | if (selinux_audit_rule_match( | 556 | if (security_audit_rule_match( |
| 558 | ctx->names[j].osid, | 557 | ctx->names[j].osid, |
| 559 | f->type, f->op, | 558 | f->type, f->op, |
| 560 | f->se_rule, ctx)) { | 559 | f->se_rule, ctx)) { |
| @@ -570,7 +569,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 570 | aux = aux->next) { | 569 | aux = aux->next) { |
| 571 | if (aux->type == AUDIT_IPC) { | 570 | if (aux->type == AUDIT_IPC) { |
| 572 | struct audit_aux_data_ipcctl *axi = (void *)aux; | 571 | struct audit_aux_data_ipcctl *axi = (void *)aux; |
| 573 | if (selinux_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) { | 572 | if (security_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) { |
| 574 | ++result; | 573 | ++result; |
| 575 | break; | 574 | break; |
| 576 | } | 575 | } |