aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/avc.c
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-05-20 19:15:52 -0400
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-20 19:15:52 -0400
commit011161051bbc25f7f8b7df059dbd934c534443f0 (patch)
treef1ca3727e4130cacad86dfdae65e7533fcb67784 /security/selinux/avc.c
parentfb19b4c6aa024837a0071f07baa07dbf49d07151 (diff)
AUDIT: Avoid sleeping function in SElinux AVC audit.
This patch changes the SELinux AVC to defer logging of paths to the audit framework upon syscall exit, by saving a reference to the (dentry,vfsmount) pair in an auxiliary audit item on the current audit context for processing by audit_log_exit. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security/selinux/avc.c')
-rw-r--r--security/selinux/avc.c17
1 files changed, 8 insertions, 9 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 62b963aca275..0fbc3e98c5ea 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -573,13 +573,10 @@ void avc_audit(u32 ssid, u32 tsid,
573 case AVC_AUDIT_DATA_FS: 573 case AVC_AUDIT_DATA_FS:
574 if (a->u.fs.dentry) { 574 if (a->u.fs.dentry) {
575 struct dentry *dentry = a->u.fs.dentry; 575 struct dentry *dentry = a->u.fs.dentry;
576 if (a->u.fs.mnt) { 576 if (a->u.fs.mnt)
577 audit_log_d_path(ab, "path=", dentry, 577 audit_avc_path(dentry, a->u.fs.mnt);
578 a->u.fs.mnt); 578 audit_log_format(ab, " name=%s",
579 } else { 579 dentry->d_name.name);
580 audit_log_format(ab, " name=%s",
581 dentry->d_name.name);
582 }
583 inode = dentry->d_inode; 580 inode = dentry->d_inode;
584 } else if (a->u.fs.inode) { 581 } else if (a->u.fs.inode) {
585 struct dentry *dentry; 582 struct dentry *dentry;
@@ -630,8 +627,10 @@ void avc_audit(u32 ssid, u32 tsid,
630 case AF_UNIX: 627 case AF_UNIX:
631 u = unix_sk(sk); 628 u = unix_sk(sk);
632 if (u->dentry) { 629 if (u->dentry) {
633 audit_log_d_path(ab, "path=", 630 audit_avc_path(u->dentry, u->mnt);
634 u->dentry, u->mnt); 631 audit_log_format(ab, " name=%s",
632 u->dentry->d_name.name);
633
635 break; 634 break;
636 } 635 }
637 if (!u->addr) 636 if (!u->addr)