aboutsummaryrefslogtreecommitdiffstats
path: root/net/netlabel/netlabel_unlabeled.c
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-09-29 20:05:05 -0400
committerDavid S. Miller <davem@davemloft.net>2006-09-29 20:05:05 -0400
commit95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch)
tree2133c970e6786bdf82004ace225b6bca19b9ddba /net/netlabel/netlabel_unlabeled.c
parentd6c641026dec68acfb4b0baa98aad960e963ed97 (diff)
[NetLabel]: audit fixups due to delayed feedback
Fix some issues Steve Grubb had with the way NetLabel was using the audit subsystem. This should make NetLabel more consistent with other kernel generated audit messages specifying configuration changes. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlabel/netlabel_unlabeled.c')
-rw-r--r--net/netlabel/netlabel_unlabeled.c34
1 files changed, 23 insertions, 11 deletions
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index ab36675fee8c..1833ad233b39 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -70,18 +70,25 @@ static struct nla_policy netlbl_unlabel_genl_policy[NLBL_UNLABEL_A_MAX + 1] = {
70/** 70/**
71 * netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag 71 * netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag
72 * @value: desired value 72 * @value: desired value
73 * @audit_secid: the LSM secid to use in the audit message 73 * @audit_info: NetLabel audit information
74 * 74 *
75 * Description: 75 * Description:
76 * Set the value of the unlabeled accept flag to @value. 76 * Set the value of the unlabeled accept flag to @value.
77 * 77 *
78 */ 78 */
79static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid) 79static void netlbl_unlabel_acceptflg_set(u8 value,
80 struct netlbl_audit *audit_info)
80{ 81{
82 struct audit_buffer *audit_buf;
83 u8 old_val;
84
85 old_val = atomic_read(&netlabel_unlabel_accept_flg);
81 atomic_set(&netlabel_unlabel_accept_flg, value); 86 atomic_set(&netlabel_unlabel_accept_flg, value);
82 netlbl_audit_nomsg((value ? 87
83 AUDIT_MAC_UNLBL_ACCEPT : AUDIT_MAC_UNLBL_DENY), 88 audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_ALLOW,
84 audit_secid); 89 audit_info);
90 audit_log_format(audit_buf, " unlbl_accept=%u old=%u", value, old_val);
91 audit_log_end(audit_buf);
85} 92}
86 93
87/* 94/*
@@ -101,12 +108,13 @@ static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
101static int netlbl_unlabel_accept(struct sk_buff *skb, struct genl_info *info) 108static int netlbl_unlabel_accept(struct sk_buff *skb, struct genl_info *info)
102{ 109{
103 u8 value; 110 u8 value;
111 struct netlbl_audit audit_info;
104 112
105 if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) { 113 if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) {
106 value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]); 114 value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]);
107 if (value == 1 || value == 0) { 115 if (value == 1 || value == 0) {
108 netlbl_unlabel_acceptflg_set(value, 116 netlbl_netlink_auditinfo(skb, &audit_info);
109 NETLINK_CB(skb).sid); 117 netlbl_unlabel_acceptflg_set(value, &audit_info);
110 return 0; 118 return 0;
111 } 119 }
112 } 120 }
@@ -250,19 +258,23 @@ int netlbl_unlabel_defconf(void)
250{ 258{
251 int ret_val; 259 int ret_val;
252 struct netlbl_dom_map *entry; 260 struct netlbl_dom_map *entry;
253 u32 secid; 261 struct netlbl_audit audit_info;
254 262
255 security_task_getsecid(current, &secid); 263 /* Only the kernel is allowed to call this function and the only time
264 * it is called is at bootup before the audit subsystem is reporting
265 * messages so don't worry to much about these values. */
266 security_task_getsecid(current, &audit_info.secid);
267 audit_info.loginuid = 0;
256 268
257 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 269 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
258 if (entry == NULL) 270 if (entry == NULL)
259 return -ENOMEM; 271 return -ENOMEM;
260 entry->type = NETLBL_NLTYPE_UNLABELED; 272 entry->type = NETLBL_NLTYPE_UNLABELED;
261 ret_val = netlbl_domhsh_add_default(entry, secid); 273 ret_val = netlbl_domhsh_add_default(entry, &audit_info);
262 if (ret_val != 0) 274 if (ret_val != 0)
263 return ret_val; 275 return ret_val;
264 276
265 netlbl_unlabel_acceptflg_set(1, secid); 277 netlbl_unlabel_acceptflg_set(1, &audit_info);
266 278
267 return 0; 279 return 0;
268} 280}