diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2014-04-22 08:48:30 -0400 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-04-23 02:21:04 -0400 |
| commit | 2e71029e2c32ecd59a2e8f351517bfbbad42ac11 (patch) | |
| tree | b149f7d9be228544e36416dece87c2ab6ca28b7b /net/xfrm | |
| parent | f1370cc4a01e61007ab3020c761cef6b88ae3729 (diff) | |
xfrm: Remove useless xfrm_audit struct.
Commit f1370cc4 "xfrm: Remove useless secid field from xfrm_audit." changed
"struct xfrm_audit" to have either
{ audit_get_loginuid(current) / audit_get_sessionid(current) } or
{ INVALID_UID / -1 } pair.
This means that we can represent "struct xfrm_audit" as "bool".
This patch replaces "struct xfrm_audit" argument with "bool".
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 40 | ||||
| -rw-r--r-- | net/xfrm/xfrm_state.c | 34 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 38 |
3 files changed, 34 insertions, 78 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index bd001b7062c0..375267d15c8f 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -769,7 +769,7 @@ EXPORT_SYMBOL(xfrm_policy_byid); | |||
| 769 | 769 | ||
| 770 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 770 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
| 771 | static inline int | 771 | static inline int |
| 772 | xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info) | 772 | xfrm_policy_flush_secctx_check(struct net *net, u8 type, bool task_valid) |
| 773 | { | 773 | { |
| 774 | int dir, err = 0; | 774 | int dir, err = 0; |
| 775 | 775 | ||
| @@ -783,9 +783,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi | |||
| 783 | continue; | 783 | continue; |
| 784 | err = security_xfrm_policy_delete(pol->security); | 784 | err = security_xfrm_policy_delete(pol->security); |
| 785 | if (err) { | 785 | if (err) { |
| 786 | xfrm_audit_policy_delete(pol, 0, | 786 | xfrm_audit_policy_delete(pol, 0, task_valid); |
| 787 | audit_info->loginuid, | ||
| 788 | audit_info->sessionid); | ||
| 789 | return err; | 787 | return err; |
| 790 | } | 788 | } |
| 791 | } | 789 | } |
| @@ -799,8 +797,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi | |||
| 799 | pol->security); | 797 | pol->security); |
| 800 | if (err) { | 798 | if (err) { |
| 801 | xfrm_audit_policy_delete(pol, 0, | 799 | xfrm_audit_policy_delete(pol, 0, |
| 802 | audit_info->loginuid, | 800 | task_valid); |
| 803 | audit_info->sessionid); | ||
| 804 | return err; | 801 | return err; |
| 805 | } | 802 | } |
| 806 | } | 803 | } |
| @@ -810,19 +807,19 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi | |||
| 810 | } | 807 | } |
| 811 | #else | 808 | #else |
| 812 | static inline int | 809 | static inline int |
| 813 | xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info) | 810 | xfrm_policy_flush_secctx_check(struct net *net, u8 type, bool task_valid) |
| 814 | { | 811 | { |
| 815 | return 0; | 812 | return 0; |
| 816 | } | 813 | } |
| 817 | #endif | 814 | #endif |
| 818 | 815 | ||
| 819 | int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | 816 | int xfrm_policy_flush(struct net *net, u8 type, bool task_valid) |
| 820 | { | 817 | { |
| 821 | int dir, err = 0, cnt = 0; | 818 | int dir, err = 0, cnt = 0; |
| 822 | 819 | ||
| 823 | write_lock_bh(&net->xfrm.xfrm_policy_lock); | 820 | write_lock_bh(&net->xfrm.xfrm_policy_lock); |
| 824 | 821 | ||
| 825 | err = xfrm_policy_flush_secctx_check(net, type, audit_info); | 822 | err = xfrm_policy_flush_secctx_check(net, type, task_valid); |
| 826 | if (err) | 823 | if (err) |
| 827 | goto out; | 824 | goto out; |
| 828 | 825 | ||
| @@ -839,8 +836,7 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | |||
| 839 | write_unlock_bh(&net->xfrm.xfrm_policy_lock); | 836 | write_unlock_bh(&net->xfrm.xfrm_policy_lock); |
| 840 | cnt++; | 837 | cnt++; |
| 841 | 838 | ||
| 842 | xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, | 839 | xfrm_audit_policy_delete(pol, 1, task_valid); |
| 843 | audit_info->sessionid); | ||
| 844 | 840 | ||
| 845 | xfrm_policy_kill(pol); | 841 | xfrm_policy_kill(pol); |
| 846 | 842 | ||
| @@ -859,9 +855,7 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | |||
| 859 | write_unlock_bh(&net->xfrm.xfrm_policy_lock); | 855 | write_unlock_bh(&net->xfrm.xfrm_policy_lock); |
| 860 | cnt++; | 856 | cnt++; |
| 861 | 857 | ||
| 862 | xfrm_audit_policy_delete(pol, 1, | 858 | xfrm_audit_policy_delete(pol, 1, task_valid); |
| 863 | audit_info->loginuid, | ||
| 864 | audit_info->sessionid); | ||
| 865 | xfrm_policy_kill(pol); | 859 | xfrm_policy_kill(pol); |
| 866 | 860 | ||
| 867 | write_lock_bh(&net->xfrm.xfrm_policy_lock); | 861 | write_lock_bh(&net->xfrm.xfrm_policy_lock); |
| @@ -2858,19 +2852,14 @@ out_byidx: | |||
| 2858 | 2852 | ||
| 2859 | static void xfrm_policy_fini(struct net *net) | 2853 | static void xfrm_policy_fini(struct net *net) |
| 2860 | { | 2854 | { |
| 2861 | struct xfrm_audit audit_info; | ||
| 2862 | unsigned int sz; | 2855 | unsigned int sz; |
| 2863 | int dir; | 2856 | int dir; |
| 2864 | 2857 | ||
| 2865 | flush_work(&net->xfrm.policy_hash_work); | 2858 | flush_work(&net->xfrm.policy_hash_work); |
| 2866 | #ifdef CONFIG_XFRM_SUB_POLICY | 2859 | #ifdef CONFIG_XFRM_SUB_POLICY |
| 2867 | audit_info.loginuid = INVALID_UID; | 2860 | xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, false); |
| 2868 | audit_info.sessionid = (unsigned int)-1; | ||
| 2869 | xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, &audit_info); | ||
| 2870 | #endif | 2861 | #endif |
| 2871 | audit_info.loginuid = INVALID_UID; | 2862 | xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, false); |
| 2872 | audit_info.sessionid = (unsigned int)-1; | ||
| 2873 | xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info); | ||
| 2874 | 2863 | ||
| 2875 | WARN_ON(!list_empty(&net->xfrm.policy_all)); | 2864 | WARN_ON(!list_empty(&net->xfrm.policy_all)); |
| 2876 | 2865 | ||
| @@ -2985,15 +2974,14 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp, | |||
| 2985 | } | 2974 | } |
| 2986 | } | 2975 | } |
| 2987 | 2976 | ||
| 2988 | void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, | 2977 | void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, bool task_valid) |
| 2989 | kuid_t auid, unsigned int sessionid) | ||
| 2990 | { | 2978 | { |
| 2991 | struct audit_buffer *audit_buf; | 2979 | struct audit_buffer *audit_buf; |
| 2992 | 2980 | ||
| 2993 | audit_buf = xfrm_audit_start("SPD-add"); | 2981 | audit_buf = xfrm_audit_start("SPD-add"); |
| 2994 | if (audit_buf == NULL) | 2982 | if (audit_buf == NULL) |
| 2995 | return; | 2983 | return; |
| 2996 | xfrm_audit_helper_usrinfo(auid, sessionid, audit_buf); | 2984 | xfrm_audit_helper_usrinfo(task_valid, audit_buf); |
| 2997 | audit_log_format(audit_buf, " res=%u", result); | 2985 | audit_log_format(audit_buf, " res=%u", result); |
| 2998 | xfrm_audit_common_policyinfo(xp, audit_buf); | 2986 | xfrm_audit_common_policyinfo(xp, audit_buf); |
| 2999 | audit_log_end(audit_buf); | 2987 | audit_log_end(audit_buf); |
| @@ -3001,14 +2989,14 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, | |||
| 3001 | EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); | 2989 | EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); |
| 3002 | 2990 | ||
| 3003 | void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, | 2991 | void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, |
| 3004 | kuid_t auid, unsigned int sessionid) | 2992 | bool task_valid) |
| 3005 | { | 2993 | { |
| 3006 | struct audit_buffer *audit_buf; | 2994 | struct audit_buffer *audit_buf; |
| 3007 | 2995 | ||
| 3008 | audit_buf = xfrm_audit_start("SPD-delete"); | 2996 | audit_buf = xfrm_audit_start("SPD-delete"); |
| 3009 | if (audit_buf == NULL) | 2997 | if (audit_buf == NULL) |
| 3010 | return; | 2998 | return; |
| 3011 | xfrm_audit_helper_usrinfo(auid, sessionid, audit_buf); | 2999 | xfrm_audit_helper_usrinfo(task_valid, audit_buf); |
| 3012 | audit_log_format(audit_buf, " res=%u", result); | 3000 | audit_log_format(audit_buf, " res=%u", result); |
| 3013 | xfrm_audit_common_policyinfo(xp, audit_buf); | 3001 | xfrm_audit_common_policyinfo(xp, audit_buf); |
| 3014 | audit_log_end(audit_buf); | 3002 | audit_log_end(audit_buf); |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index d91312b5ceb0..0ab54134bb40 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -463,9 +463,7 @@ expired: | |||
| 463 | if (!err) | 463 | if (!err) |
| 464 | km_state_expired(x, 1, 0); | 464 | km_state_expired(x, 1, 0); |
| 465 | 465 | ||
| 466 | xfrm_audit_state_delete(x, err ? 0 : 1, | 466 | xfrm_audit_state_delete(x, err ? 0 : 1, true); |
| 467 | audit_get_loginuid(current), | ||
| 468 | audit_get_sessionid(current)); | ||
| 469 | 467 | ||
| 470 | out: | 468 | out: |
| 471 | spin_unlock(&x->lock); | 469 | spin_unlock(&x->lock); |
| @@ -562,7 +560,7 @@ EXPORT_SYMBOL(xfrm_state_delete); | |||
| 562 | 560 | ||
| 563 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 561 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
| 564 | static inline int | 562 | static inline int |
| 565 | xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info) | 563 | xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid) |
| 566 | { | 564 | { |
| 567 | int i, err = 0; | 565 | int i, err = 0; |
| 568 | 566 | ||
| @@ -572,9 +570,7 @@ xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audi | |||
| 572 | hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { | 570 | hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { |
| 573 | if (xfrm_id_proto_match(x->id.proto, proto) && | 571 | if (xfrm_id_proto_match(x->id.proto, proto) && |
| 574 | (err = security_xfrm_state_delete(x)) != 0) { | 572 | (err = security_xfrm_state_delete(x)) != 0) { |
| 575 | xfrm_audit_state_delete(x, 0, | 573 | xfrm_audit_state_delete(x, 0, task_valid); |
| 576 | audit_info->loginuid, | ||
| 577 | audit_info->sessionid); | ||
| 578 | return err; | 574 | return err; |
| 579 | } | 575 | } |
| 580 | } | 576 | } |
| @@ -584,18 +580,18 @@ xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audi | |||
| 584 | } | 580 | } |
| 585 | #else | 581 | #else |
| 586 | static inline int | 582 | static inline int |
| 587 | xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info) | 583 | xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid) |
| 588 | { | 584 | { |
| 589 | return 0; | 585 | return 0; |
| 590 | } | 586 | } |
| 591 | #endif | 587 | #endif |
| 592 | 588 | ||
| 593 | int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info) | 589 | int xfrm_state_flush(struct net *net, u8 proto, bool task_valid) |
| 594 | { | 590 | { |
| 595 | int i, err = 0, cnt = 0; | 591 | int i, err = 0, cnt = 0; |
| 596 | 592 | ||
| 597 | spin_lock_bh(&net->xfrm.xfrm_state_lock); | 593 | spin_lock_bh(&net->xfrm.xfrm_state_lock); |
| 598 | err = xfrm_state_flush_secctx_check(net, proto, audit_info); | 594 | err = xfrm_state_flush_secctx_check(net, proto, task_valid); |
| 599 | if (err) | 595 | if (err) |
| 600 | goto out; | 596 | goto out; |
| 601 | 597 | ||
| @@ -611,8 +607,7 @@ restart: | |||
| 611 | 607 | ||
| 612 | err = xfrm_state_delete(x); | 608 | err = xfrm_state_delete(x); |
| 613 | xfrm_audit_state_delete(x, err ? 0 : 1, | 609 | xfrm_audit_state_delete(x, err ? 0 : 1, |
| 614 | audit_info->loginuid, | 610 | task_valid); |
| 615 | audit_info->sessionid); | ||
| 616 | xfrm_state_put(x); | 611 | xfrm_state_put(x); |
| 617 | if (!err) | 612 | if (!err) |
| 618 | cnt++; | 613 | cnt++; |
| @@ -2126,13 +2121,10 @@ out_bydst: | |||
| 2126 | 2121 | ||
| 2127 | void xfrm_state_fini(struct net *net) | 2122 | void xfrm_state_fini(struct net *net) |
| 2128 | { | 2123 | { |
| 2129 | struct xfrm_audit audit_info; | ||
| 2130 | unsigned int sz; | 2124 | unsigned int sz; |
| 2131 | 2125 | ||
| 2132 | flush_work(&net->xfrm.state_hash_work); | 2126 | flush_work(&net->xfrm.state_hash_work); |
| 2133 | audit_info.loginuid = INVALID_UID; | 2127 | xfrm_state_flush(net, IPSEC_PROTO_ANY, false); |
| 2134 | audit_info.sessionid = (unsigned int)-1; | ||
| 2135 | xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info); | ||
| 2136 | flush_work(&net->xfrm.state_gc_work); | 2128 | flush_work(&net->xfrm.state_gc_work); |
| 2137 | 2129 | ||
| 2138 | WARN_ON(!list_empty(&net->xfrm.state_all)); | 2130 | WARN_ON(!list_empty(&net->xfrm.state_all)); |
| @@ -2195,30 +2187,28 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family, | |||
| 2195 | } | 2187 | } |
| 2196 | } | 2188 | } |
| 2197 | 2189 | ||
| 2198 | void xfrm_audit_state_add(struct xfrm_state *x, int result, | 2190 | void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid) |
| 2199 | kuid_t auid, unsigned int sessionid) | ||
| 2200 | { | 2191 | { |
| 2201 | struct audit_buffer *audit_buf; | 2192 | struct audit_buffer *audit_buf; |
| 2202 | 2193 | ||
| 2203 | audit_buf = xfrm_audit_start("SAD-add"); | 2194 | audit_buf = xfrm_audit_start("SAD-add"); |
| 2204 | if (audit_buf == NULL) | 2195 | if (audit_buf == NULL) |
| 2205 | return; | 2196 | return; |
| 2206 | xfrm_audit_helper_usrinfo(auid, sessionid, audit_buf); | 2197 | xfrm_audit_helper_usrinfo(task_valid, audit_buf); |
| 2207 | xfrm_audit_helper_sainfo(x, audit_buf); | 2198 | xfrm_audit_helper_sainfo(x, audit_buf); |
| 2208 | audit_log_format(audit_buf, " res=%u", result); | 2199 | audit_log_format(audit_buf, " res=%u", result); |
| 2209 | audit_log_end(audit_buf); | 2200 | audit_log_end(audit_buf); |
| 2210 | } | 2201 | } |
| 2211 | EXPORT_SYMBOL_GPL(xfrm_audit_state_add); | 2202 | EXPORT_SYMBOL_GPL(xfrm_audit_state_add); |
| 2212 | 2203 | ||
| 2213 | void xfrm_audit_state_delete(struct xfrm_state *x, int result, | 2204 | void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid) |
| 2214 | kuid_t auid, unsigned int sessionid) | ||
| 2215 | { | 2205 | { |
| 2216 | struct audit_buffer *audit_buf; | 2206 | struct audit_buffer *audit_buf; |
| 2217 | 2207 | ||
| 2218 | audit_buf = xfrm_audit_start("SAD-delete"); | 2208 | audit_buf = xfrm_audit_start("SAD-delete"); |
| 2219 | if (audit_buf == NULL) | 2209 | if (audit_buf == NULL) |
| 2220 | return; | 2210 | return; |
| 2221 | xfrm_audit_helper_usrinfo(auid, sessionid, audit_buf); | 2211 | xfrm_audit_helper_usrinfo(task_valid, audit_buf); |
| 2222 | xfrm_audit_helper_sainfo(x, audit_buf); | 2212 | xfrm_audit_helper_sainfo(x, audit_buf); |
| 2223 | audit_log_format(audit_buf, " res=%u", result); | 2213 | audit_log_format(audit_buf, " res=%u", result); |
| 2224 | audit_log_end(audit_buf); | 2214 | audit_log_end(audit_buf); |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index d6409d927b82..3d4b4c464091 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -597,8 +597,6 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 597 | struct xfrm_state *x; | 597 | struct xfrm_state *x; |
| 598 | int err; | 598 | int err; |
| 599 | struct km_event c; | 599 | struct km_event c; |
| 600 | kuid_t loginuid = audit_get_loginuid(current); | ||
| 601 | unsigned int sessionid = audit_get_sessionid(current); | ||
| 602 | 600 | ||
| 603 | err = verify_newsa_info(p, attrs); | 601 | err = verify_newsa_info(p, attrs); |
| 604 | if (err) | 602 | if (err) |
| @@ -614,7 +612,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 614 | else | 612 | else |
| 615 | err = xfrm_state_update(x); | 613 | err = xfrm_state_update(x); |
| 616 | 614 | ||
| 617 | xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid); | 615 | xfrm_audit_state_add(x, err ? 0 : 1, true); |
| 618 | 616 | ||
| 619 | if (err < 0) { | 617 | if (err < 0) { |
| 620 | x->km.state = XFRM_STATE_DEAD; | 618 | x->km.state = XFRM_STATE_DEAD; |
| @@ -674,8 +672,6 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 674 | int err = -ESRCH; | 672 | int err = -ESRCH; |
| 675 | struct km_event c; | 673 | struct km_event c; |
| 676 | struct xfrm_usersa_id *p = nlmsg_data(nlh); | 674 | struct xfrm_usersa_id *p = nlmsg_data(nlh); |
| 677 | kuid_t loginuid = audit_get_loginuid(current); | ||
| 678 | unsigned int sessionid = audit_get_sessionid(current); | ||
| 679 | 675 | ||
| 680 | x = xfrm_user_state_lookup(net, p, attrs, &err); | 676 | x = xfrm_user_state_lookup(net, p, attrs, &err); |
| 681 | if (x == NULL) | 677 | if (x == NULL) |
| @@ -700,7 +696,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 700 | km_state_notify(x, &c); | 696 | km_state_notify(x, &c); |
| 701 | 697 | ||
| 702 | out: | 698 | out: |
| 703 | xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid); | 699 | xfrm_audit_state_delete(x, err ? 0 : 1, true); |
| 704 | xfrm_state_put(x); | 700 | xfrm_state_put(x); |
| 705 | return err; | 701 | return err; |
| 706 | } | 702 | } |
| @@ -1410,8 +1406,6 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1410 | struct km_event c; | 1406 | struct km_event c; |
| 1411 | int err; | 1407 | int err; |
| 1412 | int excl; | 1408 | int excl; |
| 1413 | kuid_t loginuid = audit_get_loginuid(current); | ||
| 1414 | unsigned int sessionid = audit_get_sessionid(current); | ||
| 1415 | 1409 | ||
| 1416 | err = verify_newpolicy_info(p); | 1410 | err = verify_newpolicy_info(p); |
| 1417 | if (err) | 1411 | if (err) |
| @@ -1430,7 +1424,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1430 | * a type XFRM_MSG_UPDPOLICY - JHS */ | 1424 | * a type XFRM_MSG_UPDPOLICY - JHS */ |
| 1431 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; | 1425 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; |
| 1432 | err = xfrm_policy_insert(p->dir, xp, excl); | 1426 | err = xfrm_policy_insert(p->dir, xp, excl); |
| 1433 | xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid); | 1427 | xfrm_audit_policy_add(xp, err ? 0 : 1, true); |
| 1434 | 1428 | ||
| 1435 | if (err) { | 1429 | if (err) { |
| 1436 | security_xfrm_policy_free(xp->security); | 1430 | security_xfrm_policy_free(xp->security); |
| @@ -1667,10 +1661,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1667 | NETLINK_CB(skb).portid); | 1661 | NETLINK_CB(skb).portid); |
| 1668 | } | 1662 | } |
| 1669 | } else { | 1663 | } else { |
| 1670 | kuid_t loginuid = audit_get_loginuid(current); | 1664 | xfrm_audit_policy_delete(xp, err ? 0 : 1, true); |
| 1671 | unsigned int sessionid = audit_get_sessionid(current); | ||
| 1672 | |||
| 1673 | xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid); | ||
| 1674 | 1665 | ||
| 1675 | if (err != 0) | 1666 | if (err != 0) |
| 1676 | goto out; | 1667 | goto out; |
| @@ -1695,12 +1686,9 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1695 | struct net *net = sock_net(skb->sk); | 1686 | struct net *net = sock_net(skb->sk); |
| 1696 | struct km_event c; | 1687 | struct km_event c; |
| 1697 | struct xfrm_usersa_flush *p = nlmsg_data(nlh); | 1688 | struct xfrm_usersa_flush *p = nlmsg_data(nlh); |
| 1698 | struct xfrm_audit audit_info; | ||
| 1699 | int err; | 1689 | int err; |
| 1700 | 1690 | ||
| 1701 | audit_info.loginuid = audit_get_loginuid(current); | 1691 | err = xfrm_state_flush(net, p->proto, true); |
| 1702 | audit_info.sessionid = audit_get_sessionid(current); | ||
| 1703 | err = xfrm_state_flush(net, p->proto, &audit_info); | ||
| 1704 | if (err) { | 1692 | if (err) { |
| 1705 | if (err == -ESRCH) /* empty table */ | 1693 | if (err == -ESRCH) /* empty table */ |
| 1706 | return 0; | 1694 | return 0; |
| @@ -1884,15 +1872,12 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1884 | struct km_event c; | 1872 | struct km_event c; |
| 1885 | u8 type = XFRM_POLICY_TYPE_MAIN; | 1873 | u8 type = XFRM_POLICY_TYPE_MAIN; |
| 1886 | int err; | 1874 | int err; |
| 1887 | struct xfrm_audit audit_info; | ||
| 1888 | 1875 | ||
| 1889 | err = copy_from_user_policy_type(&type, attrs); | 1876 | err = copy_from_user_policy_type(&type, attrs); |
| 1890 | if (err) | 1877 | if (err) |
| 1891 | return err; | 1878 | return err; |
| 1892 | 1879 | ||
| 1893 | audit_info.loginuid = audit_get_loginuid(current); | 1880 | err = xfrm_policy_flush(net, type, true); |
| 1894 | audit_info.sessionid = audit_get_sessionid(current); | ||
| 1895 | err = xfrm_policy_flush(net, type, &audit_info); | ||
| 1896 | if (err) { | 1881 | if (err) { |
| 1897 | if (err == -ESRCH) /* empty table */ | 1882 | if (err == -ESRCH) /* empty table */ |
| 1898 | return 0; | 1883 | return 0; |
| @@ -1958,12 +1943,8 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1958 | 1943 | ||
| 1959 | err = 0; | 1944 | err = 0; |
| 1960 | if (up->hard) { | 1945 | if (up->hard) { |
| 1961 | kuid_t loginuid = audit_get_loginuid(current); | ||
| 1962 | unsigned int sessionid = audit_get_sessionid(current); | ||
| 1963 | |||
| 1964 | xfrm_policy_delete(xp, p->dir); | 1946 | xfrm_policy_delete(xp, p->dir); |
| 1965 | xfrm_audit_policy_delete(xp, 1, loginuid, sessionid); | 1947 | xfrm_audit_policy_delete(xp, 1, true); |
| 1966 | |||
| 1967 | } else { | 1948 | } else { |
| 1968 | // reset the timers here? | 1949 | // reset the timers here? |
| 1969 | WARN(1, "Dont know what to do with soft policy expire\n"); | 1950 | WARN(1, "Dont know what to do with soft policy expire\n"); |
| @@ -1999,11 +1980,8 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1999 | km_state_expired(x, ue->hard, nlh->nlmsg_pid); | 1980 | km_state_expired(x, ue->hard, nlh->nlmsg_pid); |
| 2000 | 1981 | ||
| 2001 | if (ue->hard) { | 1982 | if (ue->hard) { |
| 2002 | kuid_t loginuid = audit_get_loginuid(current); | ||
| 2003 | unsigned int sessionid = audit_get_sessionid(current); | ||
| 2004 | |||
| 2005 | __xfrm_state_delete(x); | 1983 | __xfrm_state_delete(x); |
| 2006 | xfrm_audit_state_delete(x, 1, loginuid, sessionid); | 1984 | xfrm_audit_state_delete(x, 1, true); |
| 2007 | } | 1985 | } |
| 2008 | err = 0; | 1986 | err = 0; |
| 2009 | out: | 1987 | out: |