aboutsummaryrefslogtreecommitdiffstats
path: root/net/netlabel/netlabel_user.c
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-09-29 20:05:05 -0400
committerDavid S. Miller <davem@davemloft.net>2006-09-29 20:05:05 -0400
commit95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch)
tree2133c970e6786bdf82004ace225b6bca19b9ddba /net/netlabel/netlabel_user.c
parentd6c641026dec68acfb4b0baa98aad960e963ed97 (diff)
[NetLabel]: audit fixups due to delayed feedback
Fix some issues Steve Grubb had with the way NetLabel was using the audit subsystem. This should make NetLabel more consistent with other kernel generated audit messages specifying configuration changes. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlabel/netlabel_user.c')
-rw-r--r--net/netlabel/netlabel_user.c66
1 files changed, 8 insertions, 58 deletions
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index c2343af584cb..98a416381e61 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -85,7 +85,7 @@ int netlbl_netlink_init(void)
85/** 85/**
86 * netlbl_audit_start_common - Start an audit message 86 * netlbl_audit_start_common - Start an audit message
87 * @type: audit message type 87 * @type: audit message type
88 * @secid: LSM context ID 88 * @audit_info: NetLabel audit information
89 * 89 *
90 * Description: 90 * Description:
91 * Start an audit message using the type specified in @type and fill the audit 91 * Start an audit message using the type specified in @type and fill the audit
@@ -93,14 +93,11 @@ int netlbl_netlink_init(void)
93 * a pointer to the audit buffer on success, NULL on failure. 93 * a pointer to the audit buffer on success, NULL on failure.
94 * 94 *
95 */ 95 */
96struct audit_buffer *netlbl_audit_start_common(int type, u32 secid) 96struct audit_buffer *netlbl_audit_start_common(int type,
97 struct netlbl_audit *audit_info)
97{ 98{
98 struct audit_context *audit_ctx = current->audit_context; 99 struct audit_context *audit_ctx = current->audit_context;
99 struct audit_buffer *audit_buf; 100 struct audit_buffer *audit_buf;
100 uid_t audit_loginuid;
101 const char *audit_tty;
102 char audit_comm[sizeof(current->comm)];
103 struct vm_area_struct *vma;
104 char *secctx; 101 char *secctx;
105 u32 secctx_len; 102 u32 secctx_len;
106 103
@@ -108,60 +105,13 @@ struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
108 if (audit_buf == NULL) 105 if (audit_buf == NULL)
109 return NULL; 106 return NULL;
110 107
111 audit_loginuid = audit_get_loginuid(audit_ctx); 108 audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid);
112 if (current->signal &&
113 current->signal->tty &&
114 current->signal->tty->name)
115 audit_tty = current->signal->tty->name;
116 else
117 audit_tty = "(none)";
118 get_task_comm(audit_comm, current);
119 109
120 audit_log_format(audit_buf, 110 if (audit_info->secid != 0 &&
121 "netlabel: auid=%u uid=%u tty=%s pid=%d", 111 security_secid_to_secctx(audit_info->secid,
122 audit_loginuid, 112 &secctx,
123 current->uid, 113 &secctx_len) == 0)
124 audit_tty,
125 current->pid);
126 audit_log_format(audit_buf, " comm=");
127 audit_log_untrustedstring(audit_buf, audit_comm);
128 if (current->mm) {
129 down_read(&current->mm->mmap_sem);
130 vma = current->mm->mmap;
131 while (vma) {
132 if ((vma->vm_flags & VM_EXECUTABLE) &&
133 vma->vm_file) {
134 audit_log_d_path(audit_buf,
135 " exe=",
136 vma->vm_file->f_dentry,
137 vma->vm_file->f_vfsmnt);
138 break;
139 }
140 vma = vma->vm_next;
141 }
142 up_read(&current->mm->mmap_sem);
143 }
144
145 if (secid != 0 &&
146 security_secid_to_secctx(secid, &secctx, &secctx_len) == 0)
147 audit_log_format(audit_buf, " subj=%s", secctx); 114 audit_log_format(audit_buf, " subj=%s", secctx);
148 115
149 return audit_buf; 116 return audit_buf;
150} 117}
151
152/**
153 * netlbl_audit_nomsg - Send an audit message without additional text
154 * @type: audit message type
155 * @secid: LSM context ID
156 *
157 * Description:
158 * Send an audit message with only the common NetLabel audit fields.
159 *
160 */
161void netlbl_audit_nomsg(int type, u32 secid)
162{
163 struct audit_buffer *audit_buf;
164
165 audit_buf = netlbl_audit_start_common(type, secid);
166 audit_log_end(audit_buf);
167}