diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2014-03-26 07:26:47 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2014-09-23 16:37:53 -0400 |
| commit | 219ca39427bf6c46c4e1473493e33bc00635e99b (patch) | |
| tree | c619484ff5565d783d29ae867253e1e24bda588e /kernel | |
| parent | e7df61f4d1ddb7fdd654dde6cd40f7cc398c3932 (diff) | |
audit: use union for audit_field values since they are mutually exclusive
Since only one of val, uid, gid and lsm* are used at any given time, combine
them to reduce the size of the struct audit_field.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/auditfilter.c | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index b65a138250b8..40ed9813d4b2 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -71,6 +71,24 @@ static struct list_head audit_rules_list[AUDIT_NR_FILTERS] = { | |||
| 71 | 71 | ||
| 72 | DEFINE_MUTEX(audit_filter_mutex); | 72 | DEFINE_MUTEX(audit_filter_mutex); |
| 73 | 73 | ||
| 74 | static void audit_free_lsm_field(struct audit_field *f) | ||
| 75 | { | ||
| 76 | switch (f->type) { | ||
| 77 | case AUDIT_SUBJ_USER: | ||
| 78 | case AUDIT_SUBJ_ROLE: | ||
| 79 | case AUDIT_SUBJ_TYPE: | ||
| 80 | case AUDIT_SUBJ_SEN: | ||
| 81 | case AUDIT_SUBJ_CLR: | ||
| 82 | case AUDIT_OBJ_USER: | ||
| 83 | case AUDIT_OBJ_ROLE: | ||
| 84 | case AUDIT_OBJ_TYPE: | ||
| 85 | case AUDIT_OBJ_LEV_LOW: | ||
| 86 | case AUDIT_OBJ_LEV_HIGH: | ||
| 87 | kfree(f->lsm_str); | ||
| 88 | security_audit_rule_free(f->lsm_rule); | ||
| 89 | } | ||
| 90 | } | ||
| 91 | |||
| 74 | static inline void audit_free_rule(struct audit_entry *e) | 92 | static inline void audit_free_rule(struct audit_entry *e) |
| 75 | { | 93 | { |
| 76 | int i; | 94 | int i; |
| @@ -80,11 +98,8 @@ static inline void audit_free_rule(struct audit_entry *e) | |||
| 80 | if (erule->watch) | 98 | if (erule->watch) |
| 81 | audit_put_watch(erule->watch); | 99 | audit_put_watch(erule->watch); |
| 82 | if (erule->fields) | 100 | if (erule->fields) |
| 83 | for (i = 0; i < erule->field_count; i++) { | 101 | for (i = 0; i < erule->field_count; i++) |
| 84 | struct audit_field *f = &erule->fields[i]; | 102 | audit_free_lsm_field(&erule->fields[i]); |
| 85 | kfree(f->lsm_str); | ||
| 86 | security_audit_rule_free(f->lsm_rule); | ||
| 87 | } | ||
| 88 | kfree(erule->fields); | 103 | kfree(erule->fields); |
| 89 | kfree(erule->filterkey); | 104 | kfree(erule->filterkey); |
| 90 | kfree(e); | 105 | kfree(e); |
| @@ -422,10 +437,6 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
| 422 | 437 | ||
| 423 | f->type = data->fields[i]; | 438 | f->type = data->fields[i]; |
| 424 | f->val = data->values[i]; | 439 | f->val = data->values[i]; |
| 425 | f->uid = INVALID_UID; | ||
| 426 | f->gid = INVALID_GID; | ||
| 427 | f->lsm_str = NULL; | ||
| 428 | f->lsm_rule = NULL; | ||
| 429 | 440 | ||
| 430 | /* Support legacy tests for a valid loginuid */ | 441 | /* Support legacy tests for a valid loginuid */ |
| 431 | if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) { | 442 | if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) { |