[NetLabel]: audit fixups due to delayed feedback

Fix some issues Steve Grubb had with the way NetLabel was using the audit subsystem. This should make NetLabel more consistent with other kernel generated audit messages specifying configuration changes. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Paul Moore <paul.moore@hp.com> 2006-09-29 20:05:05 -0400
committer: David S. Miller <davem@davemloft.net> 2006-09-29 20:05:05 -0400
commit: 95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch)
tree: 2133c970e6786bdf82004ace225b6bca19b9ddba /net/netlabel/netlabel_user.c
parent: d6c641026dec68acfb4b0baa98aad960e963ed97 (diff)
1 files changed, 8 insertions, 58 deletions
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index c2343af584cb..98a416381e61 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -85,7 +85,7 @@ int netlbl_netlink_init(void)
 /**
 * netlbl_audit_start_common - Start an audit message
 * @type: audit message type
- * @secid: LSM context ID
+ * @audit_info: NetLabel audit information
 *
 * Description:
 * Start an audit message using the type specified in @type and fill the audit
@@ -93,14 +93,11 @@ int netlbl_netlink_init(void)
 * a pointer to the audit buffer on success, NULL on failure.
 *
 */
-struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
+struct audit_buffer *netlbl_audit_start_common(int type,
+                                               struct netlbl_audit *audit_info)
 {
        struct audit_context *audit_ctx = current->audit_context;
        struct audit_buffer *audit_buf;
-        uid_t audit_loginuid;
-        const char *audit_tty;
-        char audit_comm[sizeof(current->comm)];
-        struct vm_area_struct *vma;
        char *secctx;
        u32 secctx_len;
@@ -108,60 +105,13 @@ struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
        if (audit_buf == NULL)
                return NULL;
-        audit_loginuid = audit_get_loginuid(audit_ctx);
+        audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid);
-        if (current->signal &&
-            current->signal->tty &&
-            current->signal->tty->name)
-                audit_tty = current->signal->tty->name;
-        else
-                audit_tty = "(none)";
-        get_task_comm(audit_comm, current);
-        audit_log_format(audit_buf,
+        if (audit_info->secid != 0 &&
-                         "netlabel: auid=%u uid=%u tty=%s pid=%d",
+            security_secid_to_secctx(audit_info->secid,
-                         audit_loginuid,
+                                     &secctx,
-                         current->uid,
+                                     &secctx_len) == 0)
-                         audit_tty,
-                         current->pid);
-        audit_log_format(audit_buf, " comm=");
-        audit_log_untrustedstring(audit_buf, audit_comm);
-        if (current->mm) {
-                down_read(&current->mm->mmap_sem);
-                vma = current->mm->mmap;
-                while (vma) {
-                        if ((vma->vm_flags & VM_EXECUTABLE) &&
-                            vma->vm_file) {
-                                audit_log_d_path(audit_buf,
-                                                 " exe=",
-                                                 vma->vm_file->f_dentry,
-                                                 vma->vm_file->f_vfsmnt);
-                                break;
-                        }
-                        vma = vma->vm_next;
-                }
-                up_read(&current->mm->mmap_sem);
-        }
-        if (secid != 0 &&
-            security_secid_to_secctx(secid, &secctx, &secctx_len) == 0)
                audit_log_format(audit_buf, " subj=%s", secctx);
        return audit_buf;
 }
-/**
- * netlbl_audit_nomsg - Send an audit message without additional text
- * @type: audit message type
- * @secid: LSM context ID
- *
- * Description:
- * Send an audit message with only the common NetLabel audit fields.
- *
- */
-void netlbl_audit_nomsg(int type, u32 secid)
-{
-        struct audit_buffer *audit_buf;
-        audit_buf = netlbl_audit_start_common(type, secid);
-        audit_log_end(audit_buf);
-}
author	Paul Moore <paul.moore@hp.com>	2006-09-29 20:05:05 -0400
committer	David S. Miller <davem@davemloft.net>	2006-09-29 20:05:05 -0400
commit	95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch)
tree	2133c970e6786bdf82004ace225b6bca19b9ddba /net/netlabel/netlabel_user.c
parent	d6c641026dec68acfb4b0baa98aad960e963ed97 (diff)

diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index c2343af584cb..98a416381e61 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c
@@ -85,7 +85,7 @@ int netlbl_netlink_init(void)
85	/**	85	/**
86	* netlbl_audit_start_common - Start an audit message	86	* netlbl_audit_start_common - Start an audit message
87	* @type: audit message type	87	* @type: audit message type
88	* @secid: LSM context ID	88	* @audit_info: NetLabel audit information
89	*	89	*
90	* Description:	90	* Description:
91	* Start an audit message using the type specified in @type and fill the audit	91	* Start an audit message using the type specified in @type and fill the audit
@@ -93,14 +93,11 @@ int netlbl_netlink_init(void)
93	* a pointer to the audit buffer on success, NULL on failure.	93	* a pointer to the audit buffer on success, NULL on failure.
94	*	94	*
95	*/	95	*/
96	struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)	96	struct audit_buffer *netlbl_audit_start_common(int type,
		97	struct netlbl_audit *audit_info)
97	{	98	{
98	struct audit_context *audit_ctx = current->audit_context;	99	struct audit_context *audit_ctx = current->audit_context;
99	struct audit_buffer *audit_buf;	100	struct audit_buffer *audit_buf;
100	uid_t audit_loginuid;
101	const char *audit_tty;
102	char audit_comm[sizeof(current->comm)];
103	struct vm_area_struct *vma;
104	char *secctx;	101	char *secctx;
105	u32 secctx_len;	102	u32 secctx_len;
106		103
@@ -108,60 +105,13 @@ struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
108	if (audit_buf == NULL)	105	if (audit_buf == NULL)
109	return NULL;	106	return NULL;
110		107
111	audit_loginuid = audit_get_loginuid(audit_ctx);	108	audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid);
112	if (current->signal &&
113	current->signal->tty &&
114	current->signal->tty->name)
115	audit_tty = current->signal->tty->name;
116	else
117	audit_tty = "(none)";
118	get_task_comm(audit_comm, current);
119		109
120	audit_log_format(audit_buf,	110	if (audit_info->secid != 0 &&
121	"netlabel: auid=%u uid=%u tty=%s pid=%d",	111	security_secid_to_secctx(audit_info->secid,
122	audit_loginuid,	112	&secctx,
123	current->uid,	113	&secctx_len) == 0)
124	audit_tty,
125	current->pid);
126	audit_log_format(audit_buf, " comm=");
127	audit_log_untrustedstring(audit_buf, audit_comm);
128	if (current->mm) {
129	down_read(&current->mm->mmap_sem);
130	vma = current->mm->mmap;
131	while (vma) {
132	if ((vma->vm_flags & VM_EXECUTABLE) &&
133	vma->vm_file) {
134	audit_log_d_path(audit_buf,
135	" exe=",
136	vma->vm_file->f_dentry,
137	vma->vm_file->f_vfsmnt);
138	break;
139	}
140	vma = vma->vm_next;
141	}
142	up_read(&current->mm->mmap_sem);
143	}
144
145	if (secid != 0 &&
146	security_secid_to_secctx(secid, &secctx, &secctx_len) == 0)
147	audit_log_format(audit_buf, " subj=%s", secctx);	114	audit_log_format(audit_buf, " subj=%s", secctx);
148		115
149	return audit_buf;	116	return audit_buf;
150	}	117	}
151
152	/**
153	* netlbl_audit_nomsg - Send an audit message without additional text
154	* @type: audit message type
155	* @secid: LSM context ID
156	*
157	* Description:
158	* Send an audit message with only the common NetLabel audit fields.
159	*
160	*/
161	void netlbl_audit_nomsg(int type, u32 secid)
162	{
163	struct audit_buffer *audit_buf;
164
165	audit_buf = netlbl_audit_start_common(type, secid);
166	audit_log_end(audit_buf);
167	}