diff options
author | Paul Moore <paul.moore@hp.com> | 2006-09-29 20:05:05 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-09-29 20:05:05 -0400 |
commit | 95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch) | |
tree | 2133c970e6786bdf82004ace225b6bca19b9ddba /net/netlabel/netlabel_user.c | |
parent | d6c641026dec68acfb4b0baa98aad960e963ed97 (diff) |
[NetLabel]: audit fixups due to delayed feedback
Fix some issues Steve Grubb had with the way NetLabel was using the audit
subsystem. This should make NetLabel more consistent with other kernel
generated audit messages specifying configuration changes.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlabel/netlabel_user.c')
-rw-r--r-- | net/netlabel/netlabel_user.c | 66 |
1 files changed, 8 insertions, 58 deletions
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index c2343af584cb..98a416381e61 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c | |||
@@ -85,7 +85,7 @@ int netlbl_netlink_init(void) | |||
85 | /** | 85 | /** |
86 | * netlbl_audit_start_common - Start an audit message | 86 | * netlbl_audit_start_common - Start an audit message |
87 | * @type: audit message type | 87 | * @type: audit message type |
88 | * @secid: LSM context ID | 88 | * @audit_info: NetLabel audit information |
89 | * | 89 | * |
90 | * Description: | 90 | * Description: |
91 | * Start an audit message using the type specified in @type and fill the audit | 91 | * Start an audit message using the type specified in @type and fill the audit |
@@ -93,14 +93,11 @@ int netlbl_netlink_init(void) | |||
93 | * a pointer to the audit buffer on success, NULL on failure. | 93 | * a pointer to the audit buffer on success, NULL on failure. |
94 | * | 94 | * |
95 | */ | 95 | */ |
96 | struct audit_buffer *netlbl_audit_start_common(int type, u32 secid) | 96 | struct audit_buffer *netlbl_audit_start_common(int type, |
97 | struct netlbl_audit *audit_info) | ||
97 | { | 98 | { |
98 | struct audit_context *audit_ctx = current->audit_context; | 99 | struct audit_context *audit_ctx = current->audit_context; |
99 | struct audit_buffer *audit_buf; | 100 | struct audit_buffer *audit_buf; |
100 | uid_t audit_loginuid; | ||
101 | const char *audit_tty; | ||
102 | char audit_comm[sizeof(current->comm)]; | ||
103 | struct vm_area_struct *vma; | ||
104 | char *secctx; | 101 | char *secctx; |
105 | u32 secctx_len; | 102 | u32 secctx_len; |
106 | 103 | ||
@@ -108,60 +105,13 @@ struct audit_buffer *netlbl_audit_start_common(int type, u32 secid) | |||
108 | if (audit_buf == NULL) | 105 | if (audit_buf == NULL) |
109 | return NULL; | 106 | return NULL; |
110 | 107 | ||
111 | audit_loginuid = audit_get_loginuid(audit_ctx); | 108 | audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid); |
112 | if (current->signal && | ||
113 | current->signal->tty && | ||
114 | current->signal->tty->name) | ||
115 | audit_tty = current->signal->tty->name; | ||
116 | else | ||
117 | audit_tty = "(none)"; | ||
118 | get_task_comm(audit_comm, current); | ||
119 | 109 | ||
120 | audit_log_format(audit_buf, | 110 | if (audit_info->secid != 0 && |
121 | "netlabel: auid=%u uid=%u tty=%s pid=%d", | 111 | security_secid_to_secctx(audit_info->secid, |
122 | audit_loginuid, | 112 | &secctx, |
123 | current->uid, | 113 | &secctx_len) == 0) |
124 | audit_tty, | ||
125 | current->pid); | ||
126 | audit_log_format(audit_buf, " comm="); | ||
127 | audit_log_untrustedstring(audit_buf, audit_comm); | ||
128 | if (current->mm) { | ||
129 | down_read(¤t->mm->mmap_sem); | ||
130 | vma = current->mm->mmap; | ||
131 | while (vma) { | ||
132 | if ((vma->vm_flags & VM_EXECUTABLE) && | ||
133 | vma->vm_file) { | ||
134 | audit_log_d_path(audit_buf, | ||
135 | " exe=", | ||
136 | vma->vm_file->f_dentry, | ||
137 | vma->vm_file->f_vfsmnt); | ||
138 | break; | ||
139 | } | ||
140 | vma = vma->vm_next; | ||
141 | } | ||
142 | up_read(¤t->mm->mmap_sem); | ||
143 | } | ||
144 | |||
145 | if (secid != 0 && | ||
146 | security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) | ||
147 | audit_log_format(audit_buf, " subj=%s", secctx); | 114 | audit_log_format(audit_buf, " subj=%s", secctx); |
148 | 115 | ||
149 | return audit_buf; | 116 | return audit_buf; |
150 | } | 117 | } |
151 | |||
152 | /** | ||
153 | * netlbl_audit_nomsg - Send an audit message without additional text | ||
154 | * @type: audit message type | ||
155 | * @secid: LSM context ID | ||
156 | * | ||
157 | * Description: | ||
158 | * Send an audit message with only the common NetLabel audit fields. | ||
159 | * | ||
160 | */ | ||
161 | void netlbl_audit_nomsg(int type, u32 secid) | ||
162 | { | ||
163 | struct audit_buffer *audit_buf; | ||
164 | |||
165 | audit_buf = netlbl_audit_start_common(type, secid); | ||
166 | audit_log_end(audit_buf); | ||
167 | } | ||