aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorThomas Liu <tliu@redhat.com>2009-07-10 10:31:04 -0400
committerJames Morris <jmorris@namei.org>2009-07-12 17:54:48 -0400
commit8113a8d80f4c6a3dc3724b39b470f3fee9c426b6 (patch)
tree27eb775108daaff8390ad564010a9f2fbd5187a2 /security/selinux/hooks.c
parent65c3f0a2d0f72d210c879e4974c2d222b7951321 (diff)
SELinux: Convert avc_audit to use lsm_audit.h
Convert avc_audit in security/selinux/avc.c to use lsm_audit.h, for better maintainability and for less code duplication. - changed selinux to use common_audit_data instead of avc_audit_data - eliminated code in avc.c and used code from lsm_audit.h instead. I have tested to make sure that the avcs look the same before and after this patch. Signed-off-by: Thomas Liu <tliu@redhat.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c142
1 files changed, 71 insertions, 71 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 2081055f6783..a7de261e167f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1478,14 +1478,14 @@ static int task_has_capability(struct task_struct *tsk,
1478 const struct cred *cred, 1478 const struct cred *cred,
1479 int cap, int audit) 1479 int cap, int audit)
1480{ 1480{
1481 struct avc_audit_data ad; 1481 struct common_audit_data ad;
1482 struct av_decision avd; 1482 struct av_decision avd;
1483 u16 sclass; 1483 u16 sclass;
1484 u32 sid = cred_sid(cred); 1484 u32 sid = cred_sid(cred);
1485 u32 av = CAP_TO_MASK(cap); 1485 u32 av = CAP_TO_MASK(cap);
1486 int rc; 1486 int rc;
1487 1487
1488 AVC_AUDIT_DATA_INIT(&ad, CAP); 1488 COMMON_AUDIT_DATA_INIT(&ad, CAP);
1489 ad.tsk = tsk; 1489 ad.tsk = tsk;
1490 ad.u.cap = cap; 1490 ad.u.cap = cap;
1491 1491
@@ -1524,10 +1524,10 @@ static int task_has_system(struct task_struct *tsk,
1524static int inode_has_perm(const struct cred *cred, 1524static int inode_has_perm(const struct cred *cred,
1525 struct inode *inode, 1525 struct inode *inode,
1526 u32 perms, 1526 u32 perms,
1527 struct avc_audit_data *adp) 1527 struct common_audit_data *adp)
1528{ 1528{
1529 struct inode_security_struct *isec; 1529 struct inode_security_struct *isec;
1530 struct avc_audit_data ad; 1530 struct common_audit_data ad;
1531 u32 sid; 1531 u32 sid;
1532 1532
1533 if (unlikely(IS_PRIVATE(inode))) 1533 if (unlikely(IS_PRIVATE(inode)))
@@ -1538,7 +1538,7 @@ static int inode_has_perm(const struct cred *cred,
1538 1538
1539 if (!adp) { 1539 if (!adp) {
1540 adp = &ad; 1540 adp = &ad;
1541 AVC_AUDIT_DATA_INIT(&ad, FS); 1541 COMMON_AUDIT_DATA_INIT(&ad, FS);
1542 ad.u.fs.inode = inode; 1542 ad.u.fs.inode = inode;
1543 } 1543 }
1544 1544
@@ -1554,9 +1554,9 @@ static inline int dentry_has_perm(const struct cred *cred,
1554 u32 av) 1554 u32 av)
1555{ 1555{
1556 struct inode *inode = dentry->d_inode; 1556 struct inode *inode = dentry->d_inode;
1557 struct avc_audit_data ad; 1557 struct common_audit_data ad;
1558 1558
1559 AVC_AUDIT_DATA_INIT(&ad, FS); 1559 COMMON_AUDIT_DATA_INIT(&ad, FS);
1560 ad.u.fs.path.mnt = mnt; 1560 ad.u.fs.path.mnt = mnt;
1561 ad.u.fs.path.dentry = dentry; 1561 ad.u.fs.path.dentry = dentry;
1562 return inode_has_perm(cred, inode, av, &ad); 1562 return inode_has_perm(cred, inode, av, &ad);
@@ -1576,11 +1576,11 @@ static int file_has_perm(const struct cred *cred,
1576{ 1576{
1577 struct file_security_struct *fsec = file->f_security; 1577 struct file_security_struct *fsec = file->f_security;
1578 struct inode *inode = file->f_path.dentry->d_inode; 1578 struct inode *inode = file->f_path.dentry->d_inode;
1579 struct avc_audit_data ad; 1579 struct common_audit_data ad;
1580 u32 sid = cred_sid(cred); 1580 u32 sid = cred_sid(cred);
1581 int rc; 1581 int rc;
1582 1582
1583 AVC_AUDIT_DATA_INIT(&ad, FS); 1583 COMMON_AUDIT_DATA_INIT(&ad, FS);
1584 ad.u.fs.path = file->f_path; 1584 ad.u.fs.path = file->f_path;
1585 1585
1586 if (sid != fsec->sid) { 1586 if (sid != fsec->sid) {
@@ -1611,7 +1611,7 @@ static int may_create(struct inode *dir,
1611 struct inode_security_struct *dsec; 1611 struct inode_security_struct *dsec;
1612 struct superblock_security_struct *sbsec; 1612 struct superblock_security_struct *sbsec;
1613 u32 sid, newsid; 1613 u32 sid, newsid;
1614 struct avc_audit_data ad; 1614 struct common_audit_data ad;
1615 int rc; 1615 int rc;
1616 1616
1617 dsec = dir->i_security; 1617 dsec = dir->i_security;
@@ -1620,7 +1620,7 @@ static int may_create(struct inode *dir,
1620 sid = tsec->sid; 1620 sid = tsec->sid;
1621 newsid = tsec->create_sid; 1621 newsid = tsec->create_sid;
1622 1622
1623 AVC_AUDIT_DATA_INIT(&ad, FS); 1623 COMMON_AUDIT_DATA_INIT(&ad, FS);
1624 ad.u.fs.path.dentry = dentry; 1624 ad.u.fs.path.dentry = dentry;
1625 1625
1626 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, 1626 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
@@ -1664,7 +1664,7 @@ static int may_link(struct inode *dir,
1664 1664
1665{ 1665{
1666 struct inode_security_struct *dsec, *isec; 1666 struct inode_security_struct *dsec, *isec;
1667 struct avc_audit_data ad; 1667 struct common_audit_data ad;
1668 u32 sid = current_sid(); 1668 u32 sid = current_sid();
1669 u32 av; 1669 u32 av;
1670 int rc; 1670 int rc;
@@ -1672,7 +1672,7 @@ static int may_link(struct inode *dir,
1672 dsec = dir->i_security; 1672 dsec = dir->i_security;
1673 isec = dentry->d_inode->i_security; 1673 isec = dentry->d_inode->i_security;
1674 1674
1675 AVC_AUDIT_DATA_INIT(&ad, FS); 1675 COMMON_AUDIT_DATA_INIT(&ad, FS);
1676 ad.u.fs.path.dentry = dentry; 1676 ad.u.fs.path.dentry = dentry;
1677 1677
1678 av = DIR__SEARCH; 1678 av = DIR__SEARCH;
@@ -1707,7 +1707,7 @@ static inline int may_rename(struct inode *old_dir,
1707 struct dentry *new_dentry) 1707 struct dentry *new_dentry)
1708{ 1708{
1709 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; 1709 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1710 struct avc_audit_data ad; 1710 struct common_audit_data ad;
1711 u32 sid = current_sid(); 1711 u32 sid = current_sid();
1712 u32 av; 1712 u32 av;
1713 int old_is_dir, new_is_dir; 1713 int old_is_dir, new_is_dir;
@@ -1718,7 +1718,7 @@ static inline int may_rename(struct inode *old_dir,
1718 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); 1718 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1719 new_dsec = new_dir->i_security; 1719 new_dsec = new_dir->i_security;
1720 1720
1721 AVC_AUDIT_DATA_INIT(&ad, FS); 1721 COMMON_AUDIT_DATA_INIT(&ad, FS);
1722 1722
1723 ad.u.fs.path.dentry = old_dentry; 1723 ad.u.fs.path.dentry = old_dentry;
1724 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, 1724 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
@@ -1760,7 +1760,7 @@ static inline int may_rename(struct inode *old_dir,
1760static int superblock_has_perm(const struct cred *cred, 1760static int superblock_has_perm(const struct cred *cred,
1761 struct super_block *sb, 1761 struct super_block *sb,
1762 u32 perms, 1762 u32 perms,
1763 struct avc_audit_data *ad) 1763 struct common_audit_data *ad)
1764{ 1764{
1765 struct superblock_security_struct *sbsec; 1765 struct superblock_security_struct *sbsec;
1766 u32 sid = cred_sid(cred); 1766 u32 sid = cred_sid(cred);
@@ -2100,7 +2100,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2100 const struct task_security_struct *old_tsec; 2100 const struct task_security_struct *old_tsec;
2101 struct task_security_struct *new_tsec; 2101 struct task_security_struct *new_tsec;
2102 struct inode_security_struct *isec; 2102 struct inode_security_struct *isec;
2103 struct avc_audit_data ad; 2103 struct common_audit_data ad;
2104 struct inode *inode = bprm->file->f_path.dentry->d_inode; 2104 struct inode *inode = bprm->file->f_path.dentry->d_inode;
2105 int rc; 2105 int rc;
2106 2106
@@ -2138,7 +2138,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2138 return rc; 2138 return rc;
2139 } 2139 }
2140 2140
2141 AVC_AUDIT_DATA_INIT(&ad, FS); 2141 COMMON_AUDIT_DATA_INIT(&ad, FS);
2142 ad.u.fs.path = bprm->file->f_path; 2142 ad.u.fs.path = bprm->file->f_path;
2143 2143
2144 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) 2144 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
@@ -2231,7 +2231,7 @@ extern struct dentry *selinux_null;
2231static inline void flush_unauthorized_files(const struct cred *cred, 2231static inline void flush_unauthorized_files(const struct cred *cred,
2232 struct files_struct *files) 2232 struct files_struct *files)
2233{ 2233{
2234 struct avc_audit_data ad; 2234 struct common_audit_data ad;
2235 struct file *file, *devnull = NULL; 2235 struct file *file, *devnull = NULL;
2236 struct tty_struct *tty; 2236 struct tty_struct *tty;
2237 struct fdtable *fdt; 2237 struct fdtable *fdt;
@@ -2265,7 +2265,7 @@ static inline void flush_unauthorized_files(const struct cred *cred,
2265 2265
2266 /* Revalidate access to inherited open files. */ 2266 /* Revalidate access to inherited open files. */
2267 2267
2268 AVC_AUDIT_DATA_INIT(&ad, FS); 2268 COMMON_AUDIT_DATA_INIT(&ad, FS);
2269 2269
2270 spin_lock(&files->file_lock); 2270 spin_lock(&files->file_lock);
2271 for (;;) { 2271 for (;;) {
@@ -2514,7 +2514,7 @@ out:
2514static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) 2514static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2515{ 2515{
2516 const struct cred *cred = current_cred(); 2516 const struct cred *cred = current_cred();
2517 struct avc_audit_data ad; 2517 struct common_audit_data ad;
2518 int rc; 2518 int rc;
2519 2519
2520 rc = superblock_doinit(sb, data); 2520 rc = superblock_doinit(sb, data);
@@ -2525,7 +2525,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2525 if (flags & MS_KERNMOUNT) 2525 if (flags & MS_KERNMOUNT)
2526 return 0; 2526 return 0;
2527 2527
2528 AVC_AUDIT_DATA_INIT(&ad, FS); 2528 COMMON_AUDIT_DATA_INIT(&ad, FS);
2529 ad.u.fs.path.dentry = sb->s_root; 2529 ad.u.fs.path.dentry = sb->s_root;
2530 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); 2530 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2531} 2531}
@@ -2533,9 +2533,9 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2533static int selinux_sb_statfs(struct dentry *dentry) 2533static int selinux_sb_statfs(struct dentry *dentry)
2534{ 2534{
2535 const struct cred *cred = current_cred(); 2535 const struct cred *cred = current_cred();
2536 struct avc_audit_data ad; 2536 struct common_audit_data ad;
2537 2537
2538 AVC_AUDIT_DATA_INIT(&ad, FS); 2538 COMMON_AUDIT_DATA_INIT(&ad, FS);
2539 ad.u.fs.path.dentry = dentry->d_sb->s_root; 2539 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2540 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); 2540 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2541} 2541}
@@ -2755,7 +2755,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2755 struct inode *inode = dentry->d_inode; 2755 struct inode *inode = dentry->d_inode;
2756 struct inode_security_struct *isec = inode->i_security; 2756 struct inode_security_struct *isec = inode->i_security;
2757 struct superblock_security_struct *sbsec; 2757 struct superblock_security_struct *sbsec;
2758 struct avc_audit_data ad; 2758 struct common_audit_data ad;
2759 u32 newsid, sid = current_sid(); 2759 u32 newsid, sid = current_sid();
2760 int rc = 0; 2760 int rc = 0;
2761 2761
@@ -2769,7 +2769,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2769 if (!is_owner_or_cap(inode)) 2769 if (!is_owner_or_cap(inode))
2770 return -EPERM; 2770 return -EPERM;
2771 2771
2772 AVC_AUDIT_DATA_INIT(&ad, FS); 2772 COMMON_AUDIT_DATA_INIT(&ad, FS);
2773 ad.u.fs.path.dentry = dentry; 2773 ad.u.fs.path.dentry = dentry;
2774 2774
2775 rc = avc_has_perm(sid, isec->sid, isec->sclass, 2775 rc = avc_has_perm(sid, isec->sid, isec->sclass,
@@ -3401,7 +3401,7 @@ static void selinux_task_to_inode(struct task_struct *p,
3401 3401
3402/* Returns error only if unable to parse addresses */ 3402/* Returns error only if unable to parse addresses */
3403static int selinux_parse_skb_ipv4(struct sk_buff *skb, 3403static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3404 struct avc_audit_data *ad, u8 *proto) 3404 struct common_audit_data *ad, u8 *proto)
3405{ 3405{
3406 int offset, ihlen, ret = -EINVAL; 3406 int offset, ihlen, ret = -EINVAL;
3407 struct iphdr _iph, *ih; 3407 struct iphdr _iph, *ih;
@@ -3482,7 +3482,7 @@ out:
3482 3482
3483/* Returns error only if unable to parse addresses */ 3483/* Returns error only if unable to parse addresses */
3484static int selinux_parse_skb_ipv6(struct sk_buff *skb, 3484static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3485 struct avc_audit_data *ad, u8 *proto) 3485 struct common_audit_data *ad, u8 *proto)
3486{ 3486{
3487 u8 nexthdr; 3487 u8 nexthdr;
3488 int ret = -EINVAL, offset; 3488 int ret = -EINVAL, offset;
@@ -3553,7 +3553,7 @@ out:
3553 3553
3554#endif /* IPV6 */ 3554#endif /* IPV6 */
3555 3555
3556static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, 3556static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3557 char **_addrp, int src, u8 *proto) 3557 char **_addrp, int src, u8 *proto)
3558{ 3558{
3559 char *addrp; 3559 char *addrp;
@@ -3635,7 +3635,7 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock,
3635 u32 perms) 3635 u32 perms)
3636{ 3636{
3637 struct inode_security_struct *isec; 3637 struct inode_security_struct *isec;
3638 struct avc_audit_data ad; 3638 struct common_audit_data ad;
3639 u32 sid; 3639 u32 sid;
3640 int err = 0; 3640 int err = 0;
3641 3641
@@ -3645,7 +3645,7 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock,
3645 goto out; 3645 goto out;
3646 sid = task_sid(task); 3646 sid = task_sid(task);
3647 3647
3648 AVC_AUDIT_DATA_INIT(&ad, NET); 3648 COMMON_AUDIT_DATA_INIT(&ad, NET);
3649 ad.u.net.sk = sock->sk; 3649 ad.u.net.sk = sock->sk;
3650 err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); 3650 err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
3651 3651
@@ -3732,7 +3732,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3732 if (family == PF_INET || family == PF_INET6) { 3732 if (family == PF_INET || family == PF_INET6) {
3733 char *addrp; 3733 char *addrp;
3734 struct inode_security_struct *isec; 3734 struct inode_security_struct *isec;
3735 struct avc_audit_data ad; 3735 struct common_audit_data ad;
3736 struct sockaddr_in *addr4 = NULL; 3736 struct sockaddr_in *addr4 = NULL;
3737 struct sockaddr_in6 *addr6 = NULL; 3737 struct sockaddr_in6 *addr6 = NULL;
3738 unsigned short snum; 3738 unsigned short snum;
@@ -3761,7 +3761,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3761 snum, &sid); 3761 snum, &sid);
3762 if (err) 3762 if (err)
3763 goto out; 3763 goto out;
3764 AVC_AUDIT_DATA_INIT(&ad, NET); 3764 COMMON_AUDIT_DATA_INIT(&ad, NET);
3765 ad.u.net.sport = htons(snum); 3765 ad.u.net.sport = htons(snum);
3766 ad.u.net.family = family; 3766 ad.u.net.family = family;
3767 err = avc_has_perm(isec->sid, sid, 3767 err = avc_has_perm(isec->sid, sid,
@@ -3794,7 +3794,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3794 if (err) 3794 if (err)
3795 goto out; 3795 goto out;
3796 3796
3797 AVC_AUDIT_DATA_INIT(&ad, NET); 3797 COMMON_AUDIT_DATA_INIT(&ad, NET);
3798 ad.u.net.sport = htons(snum); 3798 ad.u.net.sport = htons(snum);
3799 ad.u.net.family = family; 3799 ad.u.net.family = family;
3800 3800
@@ -3828,7 +3828,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3828 isec = SOCK_INODE(sock)->i_security; 3828 isec = SOCK_INODE(sock)->i_security;
3829 if (isec->sclass == SECCLASS_TCP_SOCKET || 3829 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3830 isec->sclass == SECCLASS_DCCP_SOCKET) { 3830 isec->sclass == SECCLASS_DCCP_SOCKET) {
3831 struct avc_audit_data ad; 3831 struct common_audit_data ad;
3832 struct sockaddr_in *addr4 = NULL; 3832 struct sockaddr_in *addr4 = NULL;
3833 struct sockaddr_in6 *addr6 = NULL; 3833 struct sockaddr_in6 *addr6 = NULL;
3834 unsigned short snum; 3834 unsigned short snum;
@@ -3853,7 +3853,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3853 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ? 3853 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3854 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; 3854 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3855 3855
3856 AVC_AUDIT_DATA_INIT(&ad, NET); 3856 COMMON_AUDIT_DATA_INIT(&ad, NET);
3857 ad.u.net.dport = htons(snum); 3857 ad.u.net.dport = htons(snum);
3858 ad.u.net.family = sk->sk_family; 3858 ad.u.net.family = sk->sk_family;
3859 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad); 3859 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
@@ -3943,13 +3943,13 @@ static int selinux_socket_unix_stream_connect(struct socket *sock,
3943 struct sk_security_struct *ssec; 3943 struct sk_security_struct *ssec;
3944 struct inode_security_struct *isec; 3944 struct inode_security_struct *isec;
3945 struct inode_security_struct *other_isec; 3945 struct inode_security_struct *other_isec;
3946 struct avc_audit_data ad; 3946 struct common_audit_data ad;
3947 int err; 3947 int err;
3948 3948
3949 isec = SOCK_INODE(sock)->i_security; 3949 isec = SOCK_INODE(sock)->i_security;
3950 other_isec = SOCK_INODE(other)->i_security; 3950 other_isec = SOCK_INODE(other)->i_security;
3951 3951
3952 AVC_AUDIT_DATA_INIT(&ad, NET); 3952 COMMON_AUDIT_DATA_INIT(&ad, NET);
3953 ad.u.net.sk = other->sk; 3953 ad.u.net.sk = other->sk;
3954 3954
3955 err = avc_has_perm(isec->sid, other_isec->sid, 3955 err = avc_has_perm(isec->sid, other_isec->sid,
@@ -3975,13 +3975,13 @@ static int selinux_socket_unix_may_send(struct socket *sock,
3975{ 3975{
3976 struct inode_security_struct *isec; 3976 struct inode_security_struct *isec;
3977 struct inode_security_struct *other_isec; 3977 struct inode_security_struct *other_isec;
3978 struct avc_audit_data ad; 3978 struct common_audit_data ad;
3979 int err; 3979 int err;
3980 3980
3981 isec = SOCK_INODE(sock)->i_security; 3981 isec = SOCK_INODE(sock)->i_security;
3982 other_isec = SOCK_INODE(other)->i_security; 3982 other_isec = SOCK_INODE(other)->i_security;
3983 3983
3984 AVC_AUDIT_DATA_INIT(&ad, NET); 3984 COMMON_AUDIT_DATA_INIT(&ad, NET);
3985 ad.u.net.sk = other->sk; 3985 ad.u.net.sk = other->sk;
3986 3986
3987 err = avc_has_perm(isec->sid, other_isec->sid, 3987 err = avc_has_perm(isec->sid, other_isec->sid,
@@ -3994,7 +3994,7 @@ static int selinux_socket_unix_may_send(struct socket *sock,
3994 3994
3995static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, 3995static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
3996 u32 peer_sid, 3996 u32 peer_sid,
3997 struct avc_audit_data *ad) 3997 struct common_audit_data *ad)
3998{ 3998{
3999 int err; 3999 int err;
4000 u32 if_sid; 4000 u32 if_sid;
@@ -4022,10 +4022,10 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4022 struct sk_security_struct *sksec = sk->sk_security; 4022 struct sk_security_struct *sksec = sk->sk_security;
4023 u32 peer_sid; 4023 u32 peer_sid;
4024 u32 sk_sid = sksec->sid; 4024 u32 sk_sid = sksec->sid;
4025 struct avc_audit_data ad; 4025 struct common_audit_data ad;
4026 char *addrp; 4026 char *addrp;
4027 4027
4028 AVC_AUDIT_DATA_INIT(&ad, NET); 4028 COMMON_AUDIT_DATA_INIT(&ad, NET);
4029 ad.u.net.netif = skb->iif; 4029 ad.u.net.netif = skb->iif;
4030 ad.u.net.family = family; 4030 ad.u.net.family = family;
4031 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); 4031 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
@@ -4063,7 +4063,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4063 struct sk_security_struct *sksec = sk->sk_security; 4063 struct sk_security_struct *sksec = sk->sk_security;
4064 u16 family = sk->sk_family; 4064 u16 family = sk->sk_family;
4065 u32 sk_sid = sksec->sid; 4065 u32 sk_sid = sksec->sid;
4066 struct avc_audit_data ad; 4066 struct common_audit_data ad;
4067 char *addrp; 4067 char *addrp;
4068 u8 secmark_active; 4068 u8 secmark_active;
4069 u8 peerlbl_active; 4069 u8 peerlbl_active;
@@ -4087,7 +4087,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4087 if (!secmark_active && !peerlbl_active) 4087 if (!secmark_active && !peerlbl_active)
4088 return 0; 4088 return 0;
4089 4089
4090 AVC_AUDIT_DATA_INIT(&ad, NET); 4090 COMMON_AUDIT_DATA_INIT(&ad, NET);
4091 ad.u.net.netif = skb->iif; 4091 ad.u.net.netif = skb->iif;
4092 ad.u.net.family = family; 4092 ad.u.net.family = family;
4093 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); 4093 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
@@ -4345,7 +4345,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4345 int err; 4345 int err;
4346 char *addrp; 4346 char *addrp;
4347 u32 peer_sid; 4347 u32 peer_sid;
4348 struct avc_audit_data ad; 4348 struct common_audit_data ad;
4349 u8 secmark_active; 4349 u8 secmark_active;
4350 u8 netlbl_active; 4350 u8 netlbl_active;
4351 u8 peerlbl_active; 4351 u8 peerlbl_active;
@@ -4362,7 +4362,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4362 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) 4362 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4363 return NF_DROP; 4363 return NF_DROP;
4364 4364
4365 AVC_AUDIT_DATA_INIT(&ad, NET); 4365 COMMON_AUDIT_DATA_INIT(&ad, NET);
4366 ad.u.net.netif = ifindex; 4366 ad.u.net.netif = ifindex;
4367 ad.u.net.family = family; 4367 ad.u.net.family = family;
4368 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0) 4368 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
@@ -4450,7 +4450,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4450{ 4450{
4451 struct sock *sk = skb->sk; 4451 struct sock *sk = skb->sk;
4452 struct sk_security_struct *sksec; 4452 struct sk_security_struct *sksec;
4453 struct avc_audit_data ad; 4453 struct common_audit_data ad;
4454 char *addrp; 4454 char *addrp;
4455 u8 proto; 4455 u8 proto;
4456 4456
@@ -4458,7 +4458,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4458 return NF_ACCEPT; 4458 return NF_ACCEPT;
4459 sksec = sk->sk_security; 4459 sksec = sk->sk_security;
4460 4460
4461 AVC_AUDIT_DATA_INIT(&ad, NET); 4461 COMMON_AUDIT_DATA_INIT(&ad, NET);
4462 ad.u.net.netif = ifindex; 4462 ad.u.net.netif = ifindex;
4463 ad.u.net.family = family; 4463 ad.u.net.family = family;
4464 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) 4464 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
@@ -4482,7 +4482,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4482 u32 secmark_perm; 4482 u32 secmark_perm;
4483 u32 peer_sid; 4483 u32 peer_sid;
4484 struct sock *sk; 4484 struct sock *sk;
4485 struct avc_audit_data ad; 4485 struct common_audit_data ad;
4486 char *addrp; 4486 char *addrp;
4487 u8 secmark_active; 4487 u8 secmark_active;
4488 u8 peerlbl_active; 4488 u8 peerlbl_active;
@@ -4541,7 +4541,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4541 secmark_perm = PACKET__SEND; 4541 secmark_perm = PACKET__SEND;
4542 } 4542 }
4543 4543
4544 AVC_AUDIT_DATA_INIT(&ad, NET); 4544 COMMON_AUDIT_DATA_INIT(&ad, NET);
4545 ad.u.net.netif = ifindex; 4545 ad.u.net.netif = ifindex;
4546 ad.u.net.family = family; 4546 ad.u.net.family = family;
4547 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) 4547 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
@@ -4611,13 +4611,13 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4611static int selinux_netlink_recv(struct sk_buff *skb, int capability) 4611static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4612{ 4612{
4613 int err; 4613 int err;
4614 struct avc_audit_data ad; 4614 struct common_audit_data ad;
4615 4615
4616 err = cap_netlink_recv(skb, capability); 4616 err = cap_netlink_recv(skb, capability);
4617 if (err) 4617 if (err)
4618 return err; 4618 return err;
4619 4619
4620 AVC_AUDIT_DATA_INIT(&ad, CAP); 4620 COMMON_AUDIT_DATA_INIT(&ad, CAP);
4621 ad.u.cap = capability; 4621 ad.u.cap = capability;
4622 4622
4623 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, 4623 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
@@ -4676,12 +4676,12 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4676 u32 perms) 4676 u32 perms)
4677{ 4677{
4678 struct ipc_security_struct *isec; 4678 struct ipc_security_struct *isec;
4679 struct avc_audit_data ad; 4679 struct common_audit_data ad;
4680 u32 sid = current_sid(); 4680 u32 sid = current_sid();
4681 4681
4682 isec = ipc_perms->security; 4682 isec = ipc_perms->security;
4683 4683
4684 AVC_AUDIT_DATA_INIT(&ad, IPC); 4684 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4685 ad.u.ipc_id = ipc_perms->key; 4685 ad.u.ipc_id = ipc_perms->key;
4686 4686
4687 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); 4687 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
@@ -4701,7 +4701,7 @@ static void selinux_msg_msg_free_security(struct msg_msg *msg)
4701static int selinux_msg_queue_alloc_security(struct msg_queue *msq) 4701static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4702{ 4702{
4703 struct ipc_security_struct *isec; 4703 struct ipc_security_struct *isec;
4704 struct avc_audit_data ad; 4704 struct common_audit_data ad;
4705 u32 sid = current_sid(); 4705 u32 sid = current_sid();
4706 int rc; 4706 int rc;
4707 4707
@@ -4711,7 +4711,7 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4711 4711
4712 isec = msq->q_perm.security; 4712 isec = msq->q_perm.security;
4713 4713
4714 AVC_AUDIT_DATA_INIT(&ad, IPC); 4714 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4715 ad.u.ipc_id = msq->q_perm.key; 4715 ad.u.ipc_id = msq->q_perm.key;
4716 4716
4717 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4717 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
@@ -4731,12 +4731,12 @@ static void selinux_msg_queue_free_security(struct msg_queue *msq)
4731static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) 4731static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4732{ 4732{
4733 struct ipc_security_struct *isec; 4733 struct ipc_security_struct *isec;
4734 struct avc_audit_data ad; 4734 struct common_audit_data ad;
4735 u32 sid = current_sid(); 4735 u32 sid = current_sid();
4736 4736
4737 isec = msq->q_perm.security; 4737 isec = msq->q_perm.security;
4738 4738
4739 AVC_AUDIT_DATA_INIT(&ad, IPC); 4739 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4740 ad.u.ipc_id = msq->q_perm.key; 4740 ad.u.ipc_id = msq->q_perm.key;
4741 4741
4742 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4742 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
@@ -4775,7 +4775,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4775{ 4775{
4776 struct ipc_security_struct *isec; 4776 struct ipc_security_struct *isec;
4777 struct msg_security_struct *msec; 4777 struct msg_security_struct *msec;
4778 struct avc_audit_data ad; 4778 struct common_audit_data ad;
4779 u32 sid = current_sid(); 4779 u32 sid = current_sid();
4780 int rc; 4780 int rc;
4781 4781
@@ -4796,7 +4796,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4796 return rc; 4796 return rc;
4797 } 4797 }
4798 4798
4799 AVC_AUDIT_DATA_INIT(&ad, IPC); 4799 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4800 ad.u.ipc_id = msq->q_perm.key; 4800 ad.u.ipc_id = msq->q_perm.key;
4801 4801
4802 /* Can this process write to the queue? */ 4802 /* Can this process write to the queue? */
@@ -4820,14 +4820,14 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4820{ 4820{
4821 struct ipc_security_struct *isec; 4821 struct ipc_security_struct *isec;
4822 struct msg_security_struct *msec; 4822 struct msg_security_struct *msec;
4823 struct avc_audit_data ad; 4823 struct common_audit_data ad;
4824 u32 sid = task_sid(target); 4824 u32 sid = task_sid(target);
4825 int rc; 4825 int rc;
4826 4826
4827 isec = msq->q_perm.security; 4827 isec = msq->q_perm.security;
4828 msec = msg->security; 4828 msec = msg->security;
4829 4829
4830 AVC_AUDIT_DATA_INIT(&ad, IPC); 4830 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4831 ad.u.ipc_id = msq->q_perm.key; 4831 ad.u.ipc_id = msq->q_perm.key;
4832 4832
4833 rc = avc_has_perm(sid, isec->sid, 4833 rc = avc_has_perm(sid, isec->sid,
@@ -4842,7 +4842,7 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4842static int selinux_shm_alloc_security(struct shmid_kernel *shp) 4842static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4843{ 4843{
4844 struct ipc_security_struct *isec; 4844 struct ipc_security_struct *isec;
4845 struct avc_audit_data ad; 4845 struct common_audit_data ad;
4846 u32 sid = current_sid(); 4846 u32 sid = current_sid();
4847 int rc; 4847 int rc;
4848 4848
@@ -4852,7 +4852,7 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4852 4852
4853 isec = shp->shm_perm.security; 4853 isec = shp->shm_perm.security;
4854 4854
4855 AVC_AUDIT_DATA_INIT(&ad, IPC); 4855 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4856 ad.u.ipc_id = shp->shm_perm.key; 4856 ad.u.ipc_id = shp->shm_perm.key;
4857 4857
4858 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, 4858 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
@@ -4872,12 +4872,12 @@ static void selinux_shm_free_security(struct shmid_kernel *shp)
4872static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) 4872static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4873{ 4873{
4874 struct ipc_security_struct *isec; 4874 struct ipc_security_struct *isec;
4875 struct avc_audit_data ad; 4875 struct common_audit_data ad;
4876 u32 sid = current_sid(); 4876 u32 sid = current_sid();
4877 4877
4878 isec = shp->shm_perm.security; 4878 isec = shp->shm_perm.security;
4879 4879
4880 AVC_AUDIT_DATA_INIT(&ad, IPC); 4880 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4881 ad.u.ipc_id = shp->shm_perm.key; 4881 ad.u.ipc_id = shp->shm_perm.key;
4882 4882
4883 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, 4883 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
@@ -4934,7 +4934,7 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
4934static int selinux_sem_alloc_security(struct sem_array *sma) 4934static int selinux_sem_alloc_security(struct sem_array *sma)
4935{ 4935{
4936 struct ipc_security_struct *isec; 4936 struct ipc_security_struct *isec;
4937 struct avc_audit_data ad; 4937 struct common_audit_data ad;
4938 u32 sid = current_sid(); 4938 u32 sid = current_sid();
4939 int rc; 4939 int rc;
4940 4940
@@ -4944,7 +4944,7 @@ static int selinux_sem_alloc_security(struct sem_array *sma)
4944 4944
4945 isec = sma->sem_perm.security; 4945 isec = sma->sem_perm.security;
4946 4946
4947 AVC_AUDIT_DATA_INIT(&ad, IPC); 4947 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4948 ad.u.ipc_id = sma->sem_perm.key; 4948 ad.u.ipc_id = sma->sem_perm.key;
4949 4949
4950 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, 4950 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
@@ -4964,12 +4964,12 @@ static void selinux_sem_free_security(struct sem_array *sma)
4964static int selinux_sem_associate(struct sem_array *sma, int semflg) 4964static int selinux_sem_associate(struct sem_array *sma, int semflg)
4965{ 4965{
4966 struct ipc_security_struct *isec; 4966 struct ipc_security_struct *isec;
4967 struct avc_audit_data ad; 4967 struct common_audit_data ad;
4968 u32 sid = current_sid(); 4968 u32 sid = current_sid();
4969 4969
4970 isec = sma->sem_perm.security; 4970 isec = sma->sem_perm.security;
4971 4971
4972 AVC_AUDIT_DATA_INIT(&ad, IPC); 4972 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4973 ad.u.ipc_id = sma->sem_perm.key; 4973 ad.u.ipc_id = sma->sem_perm.key;
4974 4974
4975 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, 4975 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,