[NetLabel]: audit fixups due to delayed feedback

Fix some issues Steve Grubb had with the way NetLabel was using the audit subsystem. This should make NetLabel more consistent with other kernel generated audit messages specifying configuration changes. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Paul Moore <paul.moore@hp.com> 2006-09-29 20:05:05 -0400
committer: David S. Miller <davem@davemloft.net> 2006-09-29 20:05:05 -0400
commit: 95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch)
tree: 2133c970e6786bdf82004ace225b6bca19b9ddba /net/netlabel/netlabel_domainhash.c
parent: d6c641026dec68acfb4b0baa98aad960e963ed97 (diff)
1 files changed, 43 insertions, 39 deletions
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index d64e2ae3b129..af4371d3b459 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -188,7 +188,7 @@ int netlbl_domhsh_init(u32 size)
 /**
 * netlbl_domhsh_add - Adds a entry to the domain hash table
 * @entry: the entry to add
- * @audit_secid: the LSM secid to use in the audit message
+ * @audit_info: NetLabel audit information
 *
 * Description:
 * Adds a new entry to the domain hash table and handles any updates to the
@@ -196,7 +196,8 @@ int netlbl_domhsh_init(u32 size)
 * negative on failure.
 *
 */
-int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
+int netlbl_domhsh_add(struct netlbl_dom_map *entry,
+                      struct netlbl_audit *audit_info)
 {
        int ret_val;
        u32 bkt;
@@ -241,26 +242,26 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
                spin_unlock(&netlbl_domhsh_def_lock);
        } else
                ret_val = -EINVAL;
-        if (ret_val == 0) {
-                if (entry->domain != NULL)
+        if (entry->domain != NULL)
-                        audit_domain = entry->domain;
+                audit_domain = entry->domain;
-                else
+        else
-                        audit_domain = "(default)";
+                audit_domain = "(default)";
-                audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD,
+        audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, audit_info);
-                                                      audit_secid);
+        audit_log_format(audit_buf, " nlbl_domain=%s", audit_domain);
-                audit_log_format(audit_buf, " domain=%s", audit_domain);
+        switch (entry->type) {
-                switch (entry->type) {
+        case NETLBL_NLTYPE_UNLABELED:
-                case NETLBL_NLTYPE_UNLABELED:
+                audit_log_format(audit_buf, " nlbl_protocol=unlbl");
-                        audit_log_format(audit_buf, " protocol=unlbl");
+                break;
-                        break;
+        case NETLBL_NLTYPE_CIPSOV4:
-                case NETLBL_NLTYPE_CIPSOV4:
+                audit_log_format(audit_buf,
-                        audit_log_format(audit_buf,
+                                 " nlbl_protocol=cipsov4 cipso_doi=%u",
-                                         " protocol=cipsov4 doi=%u",
+                                 entry->type_def.cipsov4->doi);
-                                         entry->type_def.cipsov4->doi);
+                break;
-                        break;
-                }
-                audit_log_end(audit_buf);
        }
+        audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
+        audit_log_end(audit_buf);
        rcu_read_unlock();
        if (ret_val != 0) {
@@ -279,7 +280,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
 /**
 * netlbl_domhsh_add_default - Adds the default entry to the domain hash table
 * @entry: the entry to add
- * @audit_secid: the LSM secid to use in the audit message
+ * @audit_info: NetLabel audit information
 *
 * Description:
 * Adds a new default entry to the domain hash table and handles any updates
@@ -287,15 +288,16 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
 * negative on failure.
 *
 */
-int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid)
+int netlbl_domhsh_add_default(struct netlbl_dom_map *entry,
+                              struct netlbl_audit *audit_info)
 {
-        return netlbl_domhsh_add(entry, audit_secid);
+        return netlbl_domhsh_add(entry, audit_info);
 }
 /**
 * netlbl_domhsh_remove - Removes an entry from the domain hash table
 * @domain: the domain to remove
- * @audit_secid: the LSM secid to use in the audit message
+ * @audit_info: NetLabel audit information
 *
 * Description:
 * Removes an entry from the domain hash table and handles any updates to the
@@ -303,7 +305,7 @@ int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid)
 * negative on failure.
 *
 */
-int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
+int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
 {
        int ret_val = -ENOENT;
        struct netlbl_dom_map *entry;
@@ -345,18 +347,20 @@ int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
                        ret_val = -ENOENT;
                spin_unlock(&netlbl_domhsh_def_lock);
        }
-        if (ret_val == 0) {
-                if (entry->domain != NULL)
-                        audit_domain = entry->domain;
-                else
-                        audit_domain = "(default)";
-                audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL,
-                                                      audit_secid);
-                audit_log_format(audit_buf, " domain=%s", audit_domain);
-                audit_log_end(audit_buf);
+        if (entry->domain != NULL)
+                audit_domain = entry->domain;
+        else
+                audit_domain = "(default)";
+        audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info);
+        audit_log_format(audit_buf,
+                         " nlbl_domain=%s res=%u",
+                         audit_domain,
+                         ret_val == 0 ? 1 : 0);
+        audit_log_end(audit_buf);
+        if (ret_val == 0)
                call_rcu(&entry->rcu, netlbl_domhsh_free_entry);
-        }
 remove_return:
        rcu_read_unlock();
@@ -365,7 +369,7 @@ remove_return:
 /**
 * netlbl_domhsh_remove_default - Removes the default entry from the table
- * @audit_secid: the LSM secid to use in the audit message
+ * @audit_info: NetLabel audit information
 *
 * Description:
 * Removes/resets the default entry for the domain hash table and handles any
@@ -373,9 +377,9 @@ remove_return:
 * success, non-zero on failure.
 *
 */
-int netlbl_domhsh_remove_default(u32 audit_secid)
+int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info)
 {
-        return netlbl_domhsh_remove(NULL, audit_secid);
+        return netlbl_domhsh_remove(NULL, audit_info);
 }
 /**
author	Paul Moore <paul.moore@hp.com>	2006-09-29 20:05:05 -0400
committer	David S. Miller <davem@davemloft.net>	2006-09-29 20:05:05 -0400
commit	95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch)
tree	2133c970e6786bdf82004ace225b6bca19b9ddba /net/netlabel/netlabel_domainhash.c
parent	d6c641026dec68acfb4b0baa98aad960e963ed97 (diff)

diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c index d64e2ae3b129..af4371d3b459 100644 --- a/net/netlabel/netlabel_domainhash.c +++ b/net/netlabel/netlabel_domainhash.c
@@ -188,7 +188,7 @@ int netlbl_domhsh_init(u32 size)
188	/**	188	/**
189	* netlbl_domhsh_add - Adds a entry to the domain hash table	189	* netlbl_domhsh_add - Adds a entry to the domain hash table
190	* @entry: the entry to add	190	* @entry: the entry to add
191	* @audit_secid: the LSM secid to use in the audit message	191	* @audit_info: NetLabel audit information
192	*	192	*
193	* Description:	193	* Description:
194	* Adds a new entry to the domain hash table and handles any updates to the	194	* Adds a new entry to the domain hash table and handles any updates to the
@@ -196,7 +196,8 @@ int netlbl_domhsh_init(u32 size)
196	* negative on failure.	196	* negative on failure.
197	*	197	*
198	*/	198	*/
199	int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)	199	int netlbl_domhsh_add(struct netlbl_dom_map *entry,
		200	struct netlbl_audit *audit_info)
200	{	201	{
201	int ret_val;	202	int ret_val;
202	u32 bkt;	203	u32 bkt;
@@ -241,26 +242,26 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
241	spin_unlock(&netlbl_domhsh_def_lock);	242	spin_unlock(&netlbl_domhsh_def_lock);
242	} else	243	} else
243	ret_val = -EINVAL;	244	ret_val = -EINVAL;
244	if (ret_val == 0) {	245
245	if (entry->domain != NULL)	246	if (entry->domain != NULL)
246	audit_domain = entry->domain;	247	audit_domain = entry->domain;
247	else	248	else
248	audit_domain = "(default)";	249	audit_domain = "(default)";
249	audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD,	250	audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, audit_info);
250	audit_secid);	251	audit_log_format(audit_buf, " nlbl_domain=%s", audit_domain);
251	audit_log_format(audit_buf, " domain=%s", audit_domain);	252	switch (entry->type) {
252	switch (entry->type) {	253	case NETLBL_NLTYPE_UNLABELED:
253	case NETLBL_NLTYPE_UNLABELED:	254	audit_log_format(audit_buf, " nlbl_protocol=unlbl");
254	audit_log_format(audit_buf, " protocol=unlbl");	255	break;
255	break;	256	case NETLBL_NLTYPE_CIPSOV4:
256	case NETLBL_NLTYPE_CIPSOV4:	257	audit_log_format(audit_buf,
257	audit_log_format(audit_buf,	258	" nlbl_protocol=cipsov4 cipso_doi=%u",
258	" protocol=cipsov4 doi=%u",	259	entry->type_def.cipsov4->doi);
259	entry->type_def.cipsov4->doi);	260	break;
260	break;
261	}
262	audit_log_end(audit_buf);
263	}	261	}
		262	audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
		263	audit_log_end(audit_buf);
		264
264	rcu_read_unlock();	265	rcu_read_unlock();
265		266
266	if (ret_val != 0) {	267	if (ret_val != 0) {
@@ -279,7 +280,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
279	/**	280	/**
280	* netlbl_domhsh_add_default - Adds the default entry to the domain hash table	281	* netlbl_domhsh_add_default - Adds the default entry to the domain hash table
281	* @entry: the entry to add	282	* @entry: the entry to add
282	* @audit_secid: the LSM secid to use in the audit message	283	* @audit_info: NetLabel audit information
283	*	284	*
284	* Description:	285	* Description:
285	* Adds a new default entry to the domain hash table and handles any updates	286	* Adds a new default entry to the domain hash table and handles any updates
@@ -287,15 +288,16 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
287	* negative on failure.	288	* negative on failure.
288	*	289	*
289	*/	290	*/
290	int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid)	291	int netlbl_domhsh_add_default(struct netlbl_dom_map *entry,
		292	struct netlbl_audit *audit_info)
291	{	293	{
292	return netlbl_domhsh_add(entry, audit_secid);	294	return netlbl_domhsh_add(entry, audit_info);
293	}	295	}
294		296
295	/**	297	/**
296	* netlbl_domhsh_remove - Removes an entry from the domain hash table	298	* netlbl_domhsh_remove - Removes an entry from the domain hash table
297	* @domain: the domain to remove	299	* @domain: the domain to remove
298	* @audit_secid: the LSM secid to use in the audit message	300	* @audit_info: NetLabel audit information
299	*	301	*
300	* Description:	302	* Description:
301	* Removes an entry from the domain hash table and handles any updates to the	303	* Removes an entry from the domain hash table and handles any updates to the
@@ -303,7 +305,7 @@ int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid)
303	* negative on failure.	305	* negative on failure.
304	*	306	*
305	*/	307	*/
306	int netlbl_domhsh_remove(const char *domain, u32 audit_secid)	308	int netlbl_domhsh_remove(const char domain, struct netlbl_audit audit_info)
307	{	309	{
308	int ret_val = -ENOENT;	310	int ret_val = -ENOENT;
309	struct netlbl_dom_map *entry;	311	struct netlbl_dom_map *entry;
@@ -345,18 +347,20 @@ int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
345	ret_val = -ENOENT;	347	ret_val = -ENOENT;
346	spin_unlock(&netlbl_domhsh_def_lock);	348	spin_unlock(&netlbl_domhsh_def_lock);
347	}	349	}
348	if (ret_val == 0) {
349	if (entry->domain != NULL)
350	audit_domain = entry->domain;
351	else
352	audit_domain = "(default)";
353	audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL,
354	audit_secid);
355	audit_log_format(audit_buf, " domain=%s", audit_domain);
356	audit_log_end(audit_buf);
357		350
		351	if (entry->domain != NULL)
		352	audit_domain = entry->domain;
		353	else
		354	audit_domain = "(default)";
		355	audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info);
		356	audit_log_format(audit_buf,
		357	" nlbl_domain=%s res=%u",
		358	audit_domain,
		359	ret_val == 0 ? 1 : 0);
		360	audit_log_end(audit_buf);
		361
		362	if (ret_val == 0)
358	call_rcu(&entry->rcu, netlbl_domhsh_free_entry);	363	call_rcu(&entry->rcu, netlbl_domhsh_free_entry);
359	}
360		364
361	remove_return:	365	remove_return:
362	rcu_read_unlock();	366	rcu_read_unlock();
@@ -365,7 +369,7 @@ remove_return:
365		369
366	/**	370	/**
367	* netlbl_domhsh_remove_default - Removes the default entry from the table	371	* netlbl_domhsh_remove_default - Removes the default entry from the table
368	* @audit_secid: the LSM secid to use in the audit message	372	* @audit_info: NetLabel audit information
369	*	373	*
370	* Description:	374	* Description:
371	* Removes/resets the default entry for the domain hash table and handles any	375	* Removes/resets the default entry for the domain hash table and handles any
@@ -373,9 +377,9 @@ remove_return:
373	* success, non-zero on failure.	377	* success, non-zero on failure.
374	*	378	*
375	*/	379	*/
376	int netlbl_domhsh_remove_default(u32 audit_secid)	380	int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info)
377	{	381	{
378	return netlbl_domhsh_remove(NULL, audit_secid);	382	return netlbl_domhsh_remove(NULL, audit_info);
379	}	383	}
380		384
381	/**	385	/**