diff options
author | Thomas Liu <tliu@redhat.com> | 2009-07-10 10:31:04 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-07-12 17:54:48 -0400 |
commit | 8113a8d80f4c6a3dc3724b39b470f3fee9c426b6 (patch) | |
tree | 27eb775108daaff8390ad564010a9f2fbd5187a2 /security/selinux/hooks.c | |
parent | 65c3f0a2d0f72d210c879e4974c2d222b7951321 (diff) |
SELinux: Convert avc_audit to use lsm_audit.h
Convert avc_audit in security/selinux/avc.c to use lsm_audit.h,
for better maintainability and for less code duplication.
- changed selinux to use common_audit_data instead of
avc_audit_data
- eliminated code in avc.c and used code from lsm_audit.h instead.
I have tested to make sure that the avcs look the same before and
after this patch.
Signed-off-by: Thomas Liu <tliu@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 142 |
1 files changed, 71 insertions, 71 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2081055f6783..a7de261e167f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1478,14 +1478,14 @@ static int task_has_capability(struct task_struct *tsk, | |||
1478 | const struct cred *cred, | 1478 | const struct cred *cred, |
1479 | int cap, int audit) | 1479 | int cap, int audit) |
1480 | { | 1480 | { |
1481 | struct avc_audit_data ad; | 1481 | struct common_audit_data ad; |
1482 | struct av_decision avd; | 1482 | struct av_decision avd; |
1483 | u16 sclass; | 1483 | u16 sclass; |
1484 | u32 sid = cred_sid(cred); | 1484 | u32 sid = cred_sid(cred); |
1485 | u32 av = CAP_TO_MASK(cap); | 1485 | u32 av = CAP_TO_MASK(cap); |
1486 | int rc; | 1486 | int rc; |
1487 | 1487 | ||
1488 | AVC_AUDIT_DATA_INIT(&ad, CAP); | 1488 | COMMON_AUDIT_DATA_INIT(&ad, CAP); |
1489 | ad.tsk = tsk; | 1489 | ad.tsk = tsk; |
1490 | ad.u.cap = cap; | 1490 | ad.u.cap = cap; |
1491 | 1491 | ||
@@ -1524,10 +1524,10 @@ static int task_has_system(struct task_struct *tsk, | |||
1524 | static int inode_has_perm(const struct cred *cred, | 1524 | static int inode_has_perm(const struct cred *cred, |
1525 | struct inode *inode, | 1525 | struct inode *inode, |
1526 | u32 perms, | 1526 | u32 perms, |
1527 | struct avc_audit_data *adp) | 1527 | struct common_audit_data *adp) |
1528 | { | 1528 | { |
1529 | struct inode_security_struct *isec; | 1529 | struct inode_security_struct *isec; |
1530 | struct avc_audit_data ad; | 1530 | struct common_audit_data ad; |
1531 | u32 sid; | 1531 | u32 sid; |
1532 | 1532 | ||
1533 | if (unlikely(IS_PRIVATE(inode))) | 1533 | if (unlikely(IS_PRIVATE(inode))) |
@@ -1538,7 +1538,7 @@ static int inode_has_perm(const struct cred *cred, | |||
1538 | 1538 | ||
1539 | if (!adp) { | 1539 | if (!adp) { |
1540 | adp = &ad; | 1540 | adp = &ad; |
1541 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1541 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
1542 | ad.u.fs.inode = inode; | 1542 | ad.u.fs.inode = inode; |
1543 | } | 1543 | } |
1544 | 1544 | ||
@@ -1554,9 +1554,9 @@ static inline int dentry_has_perm(const struct cred *cred, | |||
1554 | u32 av) | 1554 | u32 av) |
1555 | { | 1555 | { |
1556 | struct inode *inode = dentry->d_inode; | 1556 | struct inode *inode = dentry->d_inode; |
1557 | struct avc_audit_data ad; | 1557 | struct common_audit_data ad; |
1558 | 1558 | ||
1559 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1559 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
1560 | ad.u.fs.path.mnt = mnt; | 1560 | ad.u.fs.path.mnt = mnt; |
1561 | ad.u.fs.path.dentry = dentry; | 1561 | ad.u.fs.path.dentry = dentry; |
1562 | return inode_has_perm(cred, inode, av, &ad); | 1562 | return inode_has_perm(cred, inode, av, &ad); |
@@ -1576,11 +1576,11 @@ static int file_has_perm(const struct cred *cred, | |||
1576 | { | 1576 | { |
1577 | struct file_security_struct *fsec = file->f_security; | 1577 | struct file_security_struct *fsec = file->f_security; |
1578 | struct inode *inode = file->f_path.dentry->d_inode; | 1578 | struct inode *inode = file->f_path.dentry->d_inode; |
1579 | struct avc_audit_data ad; | 1579 | struct common_audit_data ad; |
1580 | u32 sid = cred_sid(cred); | 1580 | u32 sid = cred_sid(cred); |
1581 | int rc; | 1581 | int rc; |
1582 | 1582 | ||
1583 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1583 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
1584 | ad.u.fs.path = file->f_path; | 1584 | ad.u.fs.path = file->f_path; |
1585 | 1585 | ||
1586 | if (sid != fsec->sid) { | 1586 | if (sid != fsec->sid) { |
@@ -1611,7 +1611,7 @@ static int may_create(struct inode *dir, | |||
1611 | struct inode_security_struct *dsec; | 1611 | struct inode_security_struct *dsec; |
1612 | struct superblock_security_struct *sbsec; | 1612 | struct superblock_security_struct *sbsec; |
1613 | u32 sid, newsid; | 1613 | u32 sid, newsid; |
1614 | struct avc_audit_data ad; | 1614 | struct common_audit_data ad; |
1615 | int rc; | 1615 | int rc; |
1616 | 1616 | ||
1617 | dsec = dir->i_security; | 1617 | dsec = dir->i_security; |
@@ -1620,7 +1620,7 @@ static int may_create(struct inode *dir, | |||
1620 | sid = tsec->sid; | 1620 | sid = tsec->sid; |
1621 | newsid = tsec->create_sid; | 1621 | newsid = tsec->create_sid; |
1622 | 1622 | ||
1623 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1623 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
1624 | ad.u.fs.path.dentry = dentry; | 1624 | ad.u.fs.path.dentry = dentry; |
1625 | 1625 | ||
1626 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, | 1626 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, |
@@ -1664,7 +1664,7 @@ static int may_link(struct inode *dir, | |||
1664 | 1664 | ||
1665 | { | 1665 | { |
1666 | struct inode_security_struct *dsec, *isec; | 1666 | struct inode_security_struct *dsec, *isec; |
1667 | struct avc_audit_data ad; | 1667 | struct common_audit_data ad; |
1668 | u32 sid = current_sid(); | 1668 | u32 sid = current_sid(); |
1669 | u32 av; | 1669 | u32 av; |
1670 | int rc; | 1670 | int rc; |
@@ -1672,7 +1672,7 @@ static int may_link(struct inode *dir, | |||
1672 | dsec = dir->i_security; | 1672 | dsec = dir->i_security; |
1673 | isec = dentry->d_inode->i_security; | 1673 | isec = dentry->d_inode->i_security; |
1674 | 1674 | ||
1675 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1675 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
1676 | ad.u.fs.path.dentry = dentry; | 1676 | ad.u.fs.path.dentry = dentry; |
1677 | 1677 | ||
1678 | av = DIR__SEARCH; | 1678 | av = DIR__SEARCH; |
@@ -1707,7 +1707,7 @@ static inline int may_rename(struct inode *old_dir, | |||
1707 | struct dentry *new_dentry) | 1707 | struct dentry *new_dentry) |
1708 | { | 1708 | { |
1709 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; | 1709 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; |
1710 | struct avc_audit_data ad; | 1710 | struct common_audit_data ad; |
1711 | u32 sid = current_sid(); | 1711 | u32 sid = current_sid(); |
1712 | u32 av; | 1712 | u32 av; |
1713 | int old_is_dir, new_is_dir; | 1713 | int old_is_dir, new_is_dir; |
@@ -1718,7 +1718,7 @@ static inline int may_rename(struct inode *old_dir, | |||
1718 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); | 1718 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); |
1719 | new_dsec = new_dir->i_security; | 1719 | new_dsec = new_dir->i_security; |
1720 | 1720 | ||
1721 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1721 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
1722 | 1722 | ||
1723 | ad.u.fs.path.dentry = old_dentry; | 1723 | ad.u.fs.path.dentry = old_dentry; |
1724 | rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, | 1724 | rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, |
@@ -1760,7 +1760,7 @@ static inline int may_rename(struct inode *old_dir, | |||
1760 | static int superblock_has_perm(const struct cred *cred, | 1760 | static int superblock_has_perm(const struct cred *cred, |
1761 | struct super_block *sb, | 1761 | struct super_block *sb, |
1762 | u32 perms, | 1762 | u32 perms, |
1763 | struct avc_audit_data *ad) | 1763 | struct common_audit_data *ad) |
1764 | { | 1764 | { |
1765 | struct superblock_security_struct *sbsec; | 1765 | struct superblock_security_struct *sbsec; |
1766 | u32 sid = cred_sid(cred); | 1766 | u32 sid = cred_sid(cred); |
@@ -2100,7 +2100,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) | |||
2100 | const struct task_security_struct *old_tsec; | 2100 | const struct task_security_struct *old_tsec; |
2101 | struct task_security_struct *new_tsec; | 2101 | struct task_security_struct *new_tsec; |
2102 | struct inode_security_struct *isec; | 2102 | struct inode_security_struct *isec; |
2103 | struct avc_audit_data ad; | 2103 | struct common_audit_data ad; |
2104 | struct inode *inode = bprm->file->f_path.dentry->d_inode; | 2104 | struct inode *inode = bprm->file->f_path.dentry->d_inode; |
2105 | int rc; | 2105 | int rc; |
2106 | 2106 | ||
@@ -2138,7 +2138,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) | |||
2138 | return rc; | 2138 | return rc; |
2139 | } | 2139 | } |
2140 | 2140 | ||
2141 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2141 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
2142 | ad.u.fs.path = bprm->file->f_path; | 2142 | ad.u.fs.path = bprm->file->f_path; |
2143 | 2143 | ||
2144 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) | 2144 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
@@ -2231,7 +2231,7 @@ extern struct dentry *selinux_null; | |||
2231 | static inline void flush_unauthorized_files(const struct cred *cred, | 2231 | static inline void flush_unauthorized_files(const struct cred *cred, |
2232 | struct files_struct *files) | 2232 | struct files_struct *files) |
2233 | { | 2233 | { |
2234 | struct avc_audit_data ad; | 2234 | struct common_audit_data ad; |
2235 | struct file *file, *devnull = NULL; | 2235 | struct file *file, *devnull = NULL; |
2236 | struct tty_struct *tty; | 2236 | struct tty_struct *tty; |
2237 | struct fdtable *fdt; | 2237 | struct fdtable *fdt; |
@@ -2265,7 +2265,7 @@ static inline void flush_unauthorized_files(const struct cred *cred, | |||
2265 | 2265 | ||
2266 | /* Revalidate access to inherited open files. */ | 2266 | /* Revalidate access to inherited open files. */ |
2267 | 2267 | ||
2268 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2268 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
2269 | 2269 | ||
2270 | spin_lock(&files->file_lock); | 2270 | spin_lock(&files->file_lock); |
2271 | for (;;) { | 2271 | for (;;) { |
@@ -2514,7 +2514,7 @@ out: | |||
2514 | static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) | 2514 | static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) |
2515 | { | 2515 | { |
2516 | const struct cred *cred = current_cred(); | 2516 | const struct cred *cred = current_cred(); |
2517 | struct avc_audit_data ad; | 2517 | struct common_audit_data ad; |
2518 | int rc; | 2518 | int rc; |
2519 | 2519 | ||
2520 | rc = superblock_doinit(sb, data); | 2520 | rc = superblock_doinit(sb, data); |
@@ -2525,7 +2525,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) | |||
2525 | if (flags & MS_KERNMOUNT) | 2525 | if (flags & MS_KERNMOUNT) |
2526 | return 0; | 2526 | return 0; |
2527 | 2527 | ||
2528 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2528 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
2529 | ad.u.fs.path.dentry = sb->s_root; | 2529 | ad.u.fs.path.dentry = sb->s_root; |
2530 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); | 2530 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); |
2531 | } | 2531 | } |
@@ -2533,9 +2533,9 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) | |||
2533 | static int selinux_sb_statfs(struct dentry *dentry) | 2533 | static int selinux_sb_statfs(struct dentry *dentry) |
2534 | { | 2534 | { |
2535 | const struct cred *cred = current_cred(); | 2535 | const struct cred *cred = current_cred(); |
2536 | struct avc_audit_data ad; | 2536 | struct common_audit_data ad; |
2537 | 2537 | ||
2538 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2538 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
2539 | ad.u.fs.path.dentry = dentry->d_sb->s_root; | 2539 | ad.u.fs.path.dentry = dentry->d_sb->s_root; |
2540 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); | 2540 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); |
2541 | } | 2541 | } |
@@ -2755,7 +2755,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2755 | struct inode *inode = dentry->d_inode; | 2755 | struct inode *inode = dentry->d_inode; |
2756 | struct inode_security_struct *isec = inode->i_security; | 2756 | struct inode_security_struct *isec = inode->i_security; |
2757 | struct superblock_security_struct *sbsec; | 2757 | struct superblock_security_struct *sbsec; |
2758 | struct avc_audit_data ad; | 2758 | struct common_audit_data ad; |
2759 | u32 newsid, sid = current_sid(); | 2759 | u32 newsid, sid = current_sid(); |
2760 | int rc = 0; | 2760 | int rc = 0; |
2761 | 2761 | ||
@@ -2769,7 +2769,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2769 | if (!is_owner_or_cap(inode)) | 2769 | if (!is_owner_or_cap(inode)) |
2770 | return -EPERM; | 2770 | return -EPERM; |
2771 | 2771 | ||
2772 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2772 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
2773 | ad.u.fs.path.dentry = dentry; | 2773 | ad.u.fs.path.dentry = dentry; |
2774 | 2774 | ||
2775 | rc = avc_has_perm(sid, isec->sid, isec->sclass, | 2775 | rc = avc_has_perm(sid, isec->sid, isec->sclass, |
@@ -3401,7 +3401,7 @@ static void selinux_task_to_inode(struct task_struct *p, | |||
3401 | 3401 | ||
3402 | /* Returns error only if unable to parse addresses */ | 3402 | /* Returns error only if unable to parse addresses */ |
3403 | static int selinux_parse_skb_ipv4(struct sk_buff *skb, | 3403 | static int selinux_parse_skb_ipv4(struct sk_buff *skb, |
3404 | struct avc_audit_data *ad, u8 *proto) | 3404 | struct common_audit_data *ad, u8 *proto) |
3405 | { | 3405 | { |
3406 | int offset, ihlen, ret = -EINVAL; | 3406 | int offset, ihlen, ret = -EINVAL; |
3407 | struct iphdr _iph, *ih; | 3407 | struct iphdr _iph, *ih; |
@@ -3482,7 +3482,7 @@ out: | |||
3482 | 3482 | ||
3483 | /* Returns error only if unable to parse addresses */ | 3483 | /* Returns error only if unable to parse addresses */ |
3484 | static int selinux_parse_skb_ipv6(struct sk_buff *skb, | 3484 | static int selinux_parse_skb_ipv6(struct sk_buff *skb, |
3485 | struct avc_audit_data *ad, u8 *proto) | 3485 | struct common_audit_data *ad, u8 *proto) |
3486 | { | 3486 | { |
3487 | u8 nexthdr; | 3487 | u8 nexthdr; |
3488 | int ret = -EINVAL, offset; | 3488 | int ret = -EINVAL, offset; |
@@ -3553,7 +3553,7 @@ out: | |||
3553 | 3553 | ||
3554 | #endif /* IPV6 */ | 3554 | #endif /* IPV6 */ |
3555 | 3555 | ||
3556 | static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, | 3556 | static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad, |
3557 | char **_addrp, int src, u8 *proto) | 3557 | char **_addrp, int src, u8 *proto) |
3558 | { | 3558 | { |
3559 | char *addrp; | 3559 | char *addrp; |
@@ -3635,7 +3635,7 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock, | |||
3635 | u32 perms) | 3635 | u32 perms) |
3636 | { | 3636 | { |
3637 | struct inode_security_struct *isec; | 3637 | struct inode_security_struct *isec; |
3638 | struct avc_audit_data ad; | 3638 | struct common_audit_data ad; |
3639 | u32 sid; | 3639 | u32 sid; |
3640 | int err = 0; | 3640 | int err = 0; |
3641 | 3641 | ||
@@ -3645,7 +3645,7 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock, | |||
3645 | goto out; | 3645 | goto out; |
3646 | sid = task_sid(task); | 3646 | sid = task_sid(task); |
3647 | 3647 | ||
3648 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3648 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3649 | ad.u.net.sk = sock->sk; | 3649 | ad.u.net.sk = sock->sk; |
3650 | err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); | 3650 | err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
3651 | 3651 | ||
@@ -3732,7 +3732,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3732 | if (family == PF_INET || family == PF_INET6) { | 3732 | if (family == PF_INET || family == PF_INET6) { |
3733 | char *addrp; | 3733 | char *addrp; |
3734 | struct inode_security_struct *isec; | 3734 | struct inode_security_struct *isec; |
3735 | struct avc_audit_data ad; | 3735 | struct common_audit_data ad; |
3736 | struct sockaddr_in *addr4 = NULL; | 3736 | struct sockaddr_in *addr4 = NULL; |
3737 | struct sockaddr_in6 *addr6 = NULL; | 3737 | struct sockaddr_in6 *addr6 = NULL; |
3738 | unsigned short snum; | 3738 | unsigned short snum; |
@@ -3761,7 +3761,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3761 | snum, &sid); | 3761 | snum, &sid); |
3762 | if (err) | 3762 | if (err) |
3763 | goto out; | 3763 | goto out; |
3764 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3764 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3765 | ad.u.net.sport = htons(snum); | 3765 | ad.u.net.sport = htons(snum); |
3766 | ad.u.net.family = family; | 3766 | ad.u.net.family = family; |
3767 | err = avc_has_perm(isec->sid, sid, | 3767 | err = avc_has_perm(isec->sid, sid, |
@@ -3794,7 +3794,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3794 | if (err) | 3794 | if (err) |
3795 | goto out; | 3795 | goto out; |
3796 | 3796 | ||
3797 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3797 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3798 | ad.u.net.sport = htons(snum); | 3798 | ad.u.net.sport = htons(snum); |
3799 | ad.u.net.family = family; | 3799 | ad.u.net.family = family; |
3800 | 3800 | ||
@@ -3828,7 +3828,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, | |||
3828 | isec = SOCK_INODE(sock)->i_security; | 3828 | isec = SOCK_INODE(sock)->i_security; |
3829 | if (isec->sclass == SECCLASS_TCP_SOCKET || | 3829 | if (isec->sclass == SECCLASS_TCP_SOCKET || |
3830 | isec->sclass == SECCLASS_DCCP_SOCKET) { | 3830 | isec->sclass == SECCLASS_DCCP_SOCKET) { |
3831 | struct avc_audit_data ad; | 3831 | struct common_audit_data ad; |
3832 | struct sockaddr_in *addr4 = NULL; | 3832 | struct sockaddr_in *addr4 = NULL; |
3833 | struct sockaddr_in6 *addr6 = NULL; | 3833 | struct sockaddr_in6 *addr6 = NULL; |
3834 | unsigned short snum; | 3834 | unsigned short snum; |
@@ -3853,7 +3853,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, | |||
3853 | perm = (isec->sclass == SECCLASS_TCP_SOCKET) ? | 3853 | perm = (isec->sclass == SECCLASS_TCP_SOCKET) ? |
3854 | TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; | 3854 | TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; |
3855 | 3855 | ||
3856 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3856 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3857 | ad.u.net.dport = htons(snum); | 3857 | ad.u.net.dport = htons(snum); |
3858 | ad.u.net.family = sk->sk_family; | 3858 | ad.u.net.family = sk->sk_family; |
3859 | err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad); | 3859 | err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad); |
@@ -3943,13 +3943,13 @@ static int selinux_socket_unix_stream_connect(struct socket *sock, | |||
3943 | struct sk_security_struct *ssec; | 3943 | struct sk_security_struct *ssec; |
3944 | struct inode_security_struct *isec; | 3944 | struct inode_security_struct *isec; |
3945 | struct inode_security_struct *other_isec; | 3945 | struct inode_security_struct *other_isec; |
3946 | struct avc_audit_data ad; | 3946 | struct common_audit_data ad; |
3947 | int err; | 3947 | int err; |
3948 | 3948 | ||
3949 | isec = SOCK_INODE(sock)->i_security; | 3949 | isec = SOCK_INODE(sock)->i_security; |
3950 | other_isec = SOCK_INODE(other)->i_security; | 3950 | other_isec = SOCK_INODE(other)->i_security; |
3951 | 3951 | ||
3952 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3952 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3953 | ad.u.net.sk = other->sk; | 3953 | ad.u.net.sk = other->sk; |
3954 | 3954 | ||
3955 | err = avc_has_perm(isec->sid, other_isec->sid, | 3955 | err = avc_has_perm(isec->sid, other_isec->sid, |
@@ -3975,13 +3975,13 @@ static int selinux_socket_unix_may_send(struct socket *sock, | |||
3975 | { | 3975 | { |
3976 | struct inode_security_struct *isec; | 3976 | struct inode_security_struct *isec; |
3977 | struct inode_security_struct *other_isec; | 3977 | struct inode_security_struct *other_isec; |
3978 | struct avc_audit_data ad; | 3978 | struct common_audit_data ad; |
3979 | int err; | 3979 | int err; |
3980 | 3980 | ||
3981 | isec = SOCK_INODE(sock)->i_security; | 3981 | isec = SOCK_INODE(sock)->i_security; |
3982 | other_isec = SOCK_INODE(other)->i_security; | 3982 | other_isec = SOCK_INODE(other)->i_security; |
3983 | 3983 | ||
3984 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3984 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
3985 | ad.u.net.sk = other->sk; | 3985 | ad.u.net.sk = other->sk; |
3986 | 3986 | ||
3987 | err = avc_has_perm(isec->sid, other_isec->sid, | 3987 | err = avc_has_perm(isec->sid, other_isec->sid, |
@@ -3994,7 +3994,7 @@ static int selinux_socket_unix_may_send(struct socket *sock, | |||
3994 | 3994 | ||
3995 | static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, | 3995 | static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, |
3996 | u32 peer_sid, | 3996 | u32 peer_sid, |
3997 | struct avc_audit_data *ad) | 3997 | struct common_audit_data *ad) |
3998 | { | 3998 | { |
3999 | int err; | 3999 | int err; |
4000 | u32 if_sid; | 4000 | u32 if_sid; |
@@ -4022,10 +4022,10 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, | |||
4022 | struct sk_security_struct *sksec = sk->sk_security; | 4022 | struct sk_security_struct *sksec = sk->sk_security; |
4023 | u32 peer_sid; | 4023 | u32 peer_sid; |
4024 | u32 sk_sid = sksec->sid; | 4024 | u32 sk_sid = sksec->sid; |
4025 | struct avc_audit_data ad; | 4025 | struct common_audit_data ad; |
4026 | char *addrp; | 4026 | char *addrp; |
4027 | 4027 | ||
4028 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4028 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4029 | ad.u.net.netif = skb->iif; | 4029 | ad.u.net.netif = skb->iif; |
4030 | ad.u.net.family = family; | 4030 | ad.u.net.family = family; |
4031 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); | 4031 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); |
@@ -4063,7 +4063,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
4063 | struct sk_security_struct *sksec = sk->sk_security; | 4063 | struct sk_security_struct *sksec = sk->sk_security; |
4064 | u16 family = sk->sk_family; | 4064 | u16 family = sk->sk_family; |
4065 | u32 sk_sid = sksec->sid; | 4065 | u32 sk_sid = sksec->sid; |
4066 | struct avc_audit_data ad; | 4066 | struct common_audit_data ad; |
4067 | char *addrp; | 4067 | char *addrp; |
4068 | u8 secmark_active; | 4068 | u8 secmark_active; |
4069 | u8 peerlbl_active; | 4069 | u8 peerlbl_active; |
@@ -4087,7 +4087,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
4087 | if (!secmark_active && !peerlbl_active) | 4087 | if (!secmark_active && !peerlbl_active) |
4088 | return 0; | 4088 | return 0; |
4089 | 4089 | ||
4090 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4090 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4091 | ad.u.net.netif = skb->iif; | 4091 | ad.u.net.netif = skb->iif; |
4092 | ad.u.net.family = family; | 4092 | ad.u.net.family = family; |
4093 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); | 4093 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); |
@@ -4345,7 +4345,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex, | |||
4345 | int err; | 4345 | int err; |
4346 | char *addrp; | 4346 | char *addrp; |
4347 | u32 peer_sid; | 4347 | u32 peer_sid; |
4348 | struct avc_audit_data ad; | 4348 | struct common_audit_data ad; |
4349 | u8 secmark_active; | 4349 | u8 secmark_active; |
4350 | u8 netlbl_active; | 4350 | u8 netlbl_active; |
4351 | u8 peerlbl_active; | 4351 | u8 peerlbl_active; |
@@ -4362,7 +4362,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex, | |||
4362 | if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) | 4362 | if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) |
4363 | return NF_DROP; | 4363 | return NF_DROP; |
4364 | 4364 | ||
4365 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4365 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4366 | ad.u.net.netif = ifindex; | 4366 | ad.u.net.netif = ifindex; |
4367 | ad.u.net.family = family; | 4367 | ad.u.net.family = family; |
4368 | if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0) | 4368 | if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0) |
@@ -4450,7 +4450,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, | |||
4450 | { | 4450 | { |
4451 | struct sock *sk = skb->sk; | 4451 | struct sock *sk = skb->sk; |
4452 | struct sk_security_struct *sksec; | 4452 | struct sk_security_struct *sksec; |
4453 | struct avc_audit_data ad; | 4453 | struct common_audit_data ad; |
4454 | char *addrp; | 4454 | char *addrp; |
4455 | u8 proto; | 4455 | u8 proto; |
4456 | 4456 | ||
@@ -4458,7 +4458,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, | |||
4458 | return NF_ACCEPT; | 4458 | return NF_ACCEPT; |
4459 | sksec = sk->sk_security; | 4459 | sksec = sk->sk_security; |
4460 | 4460 | ||
4461 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4461 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4462 | ad.u.net.netif = ifindex; | 4462 | ad.u.net.netif = ifindex; |
4463 | ad.u.net.family = family; | 4463 | ad.u.net.family = family; |
4464 | if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) | 4464 | if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) |
@@ -4482,7 +4482,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, | |||
4482 | u32 secmark_perm; | 4482 | u32 secmark_perm; |
4483 | u32 peer_sid; | 4483 | u32 peer_sid; |
4484 | struct sock *sk; | 4484 | struct sock *sk; |
4485 | struct avc_audit_data ad; | 4485 | struct common_audit_data ad; |
4486 | char *addrp; | 4486 | char *addrp; |
4487 | u8 secmark_active; | 4487 | u8 secmark_active; |
4488 | u8 peerlbl_active; | 4488 | u8 peerlbl_active; |
@@ -4541,7 +4541,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, | |||
4541 | secmark_perm = PACKET__SEND; | 4541 | secmark_perm = PACKET__SEND; |
4542 | } | 4542 | } |
4543 | 4543 | ||
4544 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4544 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
4545 | ad.u.net.netif = ifindex; | 4545 | ad.u.net.netif = ifindex; |
4546 | ad.u.net.family = family; | 4546 | ad.u.net.family = family; |
4547 | if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) | 4547 | if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) |
@@ -4611,13 +4611,13 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
4611 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) | 4611 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) |
4612 | { | 4612 | { |
4613 | int err; | 4613 | int err; |
4614 | struct avc_audit_data ad; | 4614 | struct common_audit_data ad; |
4615 | 4615 | ||
4616 | err = cap_netlink_recv(skb, capability); | 4616 | err = cap_netlink_recv(skb, capability); |
4617 | if (err) | 4617 | if (err) |
4618 | return err; | 4618 | return err; |
4619 | 4619 | ||
4620 | AVC_AUDIT_DATA_INIT(&ad, CAP); | 4620 | COMMON_AUDIT_DATA_INIT(&ad, CAP); |
4621 | ad.u.cap = capability; | 4621 | ad.u.cap = capability; |
4622 | 4622 | ||
4623 | return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, | 4623 | return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, |
@@ -4676,12 +4676,12 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | |||
4676 | u32 perms) | 4676 | u32 perms) |
4677 | { | 4677 | { |
4678 | struct ipc_security_struct *isec; | 4678 | struct ipc_security_struct *isec; |
4679 | struct avc_audit_data ad; | 4679 | struct common_audit_data ad; |
4680 | u32 sid = current_sid(); | 4680 | u32 sid = current_sid(); |
4681 | 4681 | ||
4682 | isec = ipc_perms->security; | 4682 | isec = ipc_perms->security; |
4683 | 4683 | ||
4684 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4684 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4685 | ad.u.ipc_id = ipc_perms->key; | 4685 | ad.u.ipc_id = ipc_perms->key; |
4686 | 4686 | ||
4687 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); | 4687 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
@@ -4701,7 +4701,7 @@ static void selinux_msg_msg_free_security(struct msg_msg *msg) | |||
4701 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) | 4701 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) |
4702 | { | 4702 | { |
4703 | struct ipc_security_struct *isec; | 4703 | struct ipc_security_struct *isec; |
4704 | struct avc_audit_data ad; | 4704 | struct common_audit_data ad; |
4705 | u32 sid = current_sid(); | 4705 | u32 sid = current_sid(); |
4706 | int rc; | 4706 | int rc; |
4707 | 4707 | ||
@@ -4711,7 +4711,7 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq) | |||
4711 | 4711 | ||
4712 | isec = msq->q_perm.security; | 4712 | isec = msq->q_perm.security; |
4713 | 4713 | ||
4714 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4714 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4715 | ad.u.ipc_id = msq->q_perm.key; | 4715 | ad.u.ipc_id = msq->q_perm.key; |
4716 | 4716 | ||
4717 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, | 4717 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
@@ -4731,12 +4731,12 @@ static void selinux_msg_queue_free_security(struct msg_queue *msq) | |||
4731 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) | 4731 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) |
4732 | { | 4732 | { |
4733 | struct ipc_security_struct *isec; | 4733 | struct ipc_security_struct *isec; |
4734 | struct avc_audit_data ad; | 4734 | struct common_audit_data ad; |
4735 | u32 sid = current_sid(); | 4735 | u32 sid = current_sid(); |
4736 | 4736 | ||
4737 | isec = msq->q_perm.security; | 4737 | isec = msq->q_perm.security; |
4738 | 4738 | ||
4739 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4739 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4740 | ad.u.ipc_id = msq->q_perm.key; | 4740 | ad.u.ipc_id = msq->q_perm.key; |
4741 | 4741 | ||
4742 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, | 4742 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
@@ -4775,7 +4775,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
4775 | { | 4775 | { |
4776 | struct ipc_security_struct *isec; | 4776 | struct ipc_security_struct *isec; |
4777 | struct msg_security_struct *msec; | 4777 | struct msg_security_struct *msec; |
4778 | struct avc_audit_data ad; | 4778 | struct common_audit_data ad; |
4779 | u32 sid = current_sid(); | 4779 | u32 sid = current_sid(); |
4780 | int rc; | 4780 | int rc; |
4781 | 4781 | ||
@@ -4796,7 +4796,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
4796 | return rc; | 4796 | return rc; |
4797 | } | 4797 | } |
4798 | 4798 | ||
4799 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4799 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4800 | ad.u.ipc_id = msq->q_perm.key; | 4800 | ad.u.ipc_id = msq->q_perm.key; |
4801 | 4801 | ||
4802 | /* Can this process write to the queue? */ | 4802 | /* Can this process write to the queue? */ |
@@ -4820,14 +4820,14 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
4820 | { | 4820 | { |
4821 | struct ipc_security_struct *isec; | 4821 | struct ipc_security_struct *isec; |
4822 | struct msg_security_struct *msec; | 4822 | struct msg_security_struct *msec; |
4823 | struct avc_audit_data ad; | 4823 | struct common_audit_data ad; |
4824 | u32 sid = task_sid(target); | 4824 | u32 sid = task_sid(target); |
4825 | int rc; | 4825 | int rc; |
4826 | 4826 | ||
4827 | isec = msq->q_perm.security; | 4827 | isec = msq->q_perm.security; |
4828 | msec = msg->security; | 4828 | msec = msg->security; |
4829 | 4829 | ||
4830 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4830 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4831 | ad.u.ipc_id = msq->q_perm.key; | 4831 | ad.u.ipc_id = msq->q_perm.key; |
4832 | 4832 | ||
4833 | rc = avc_has_perm(sid, isec->sid, | 4833 | rc = avc_has_perm(sid, isec->sid, |
@@ -4842,7 +4842,7 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
4842 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) | 4842 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) |
4843 | { | 4843 | { |
4844 | struct ipc_security_struct *isec; | 4844 | struct ipc_security_struct *isec; |
4845 | struct avc_audit_data ad; | 4845 | struct common_audit_data ad; |
4846 | u32 sid = current_sid(); | 4846 | u32 sid = current_sid(); |
4847 | int rc; | 4847 | int rc; |
4848 | 4848 | ||
@@ -4852,7 +4852,7 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp) | |||
4852 | 4852 | ||
4853 | isec = shp->shm_perm.security; | 4853 | isec = shp->shm_perm.security; |
4854 | 4854 | ||
4855 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4855 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4856 | ad.u.ipc_id = shp->shm_perm.key; | 4856 | ad.u.ipc_id = shp->shm_perm.key; |
4857 | 4857 | ||
4858 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, | 4858 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
@@ -4872,12 +4872,12 @@ static void selinux_shm_free_security(struct shmid_kernel *shp) | |||
4872 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) | 4872 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) |
4873 | { | 4873 | { |
4874 | struct ipc_security_struct *isec; | 4874 | struct ipc_security_struct *isec; |
4875 | struct avc_audit_data ad; | 4875 | struct common_audit_data ad; |
4876 | u32 sid = current_sid(); | 4876 | u32 sid = current_sid(); |
4877 | 4877 | ||
4878 | isec = shp->shm_perm.security; | 4878 | isec = shp->shm_perm.security; |
4879 | 4879 | ||
4880 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4880 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4881 | ad.u.ipc_id = shp->shm_perm.key; | 4881 | ad.u.ipc_id = shp->shm_perm.key; |
4882 | 4882 | ||
4883 | return avc_has_perm(sid, isec->sid, SECCLASS_SHM, | 4883 | return avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
@@ -4934,7 +4934,7 @@ static int selinux_shm_shmat(struct shmid_kernel *shp, | |||
4934 | static int selinux_sem_alloc_security(struct sem_array *sma) | 4934 | static int selinux_sem_alloc_security(struct sem_array *sma) |
4935 | { | 4935 | { |
4936 | struct ipc_security_struct *isec; | 4936 | struct ipc_security_struct *isec; |
4937 | struct avc_audit_data ad; | 4937 | struct common_audit_data ad; |
4938 | u32 sid = current_sid(); | 4938 | u32 sid = current_sid(); |
4939 | int rc; | 4939 | int rc; |
4940 | 4940 | ||
@@ -4944,7 +4944,7 @@ static int selinux_sem_alloc_security(struct sem_array *sma) | |||
4944 | 4944 | ||
4945 | isec = sma->sem_perm.security; | 4945 | isec = sma->sem_perm.security; |
4946 | 4946 | ||
4947 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4947 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4948 | ad.u.ipc_id = sma->sem_perm.key; | 4948 | ad.u.ipc_id = sma->sem_perm.key; |
4949 | 4949 | ||
4950 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, | 4950 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, |
@@ -4964,12 +4964,12 @@ static void selinux_sem_free_security(struct sem_array *sma) | |||
4964 | static int selinux_sem_associate(struct sem_array *sma, int semflg) | 4964 | static int selinux_sem_associate(struct sem_array *sma, int semflg) |
4965 | { | 4965 | { |
4966 | struct ipc_security_struct *isec; | 4966 | struct ipc_security_struct *isec; |
4967 | struct avc_audit_data ad; | 4967 | struct common_audit_data ad; |
4968 | u32 sid = current_sid(); | 4968 | u32 sid = current_sid(); |
4969 | 4969 | ||
4970 | isec = sma->sem_perm.security; | 4970 | isec = sma->sem_perm.security; |
4971 | 4971 | ||
4972 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4972 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
4973 | ad.u.ipc_id = sma->sem_perm.key; | 4973 | ad.u.ipc_id = sma->sem_perm.key; |
4974 | 4974 | ||
4975 | return avc_has_perm(sid, isec->sid, SECCLASS_SEM, | 4975 | return avc_has_perm(sid, isec->sid, SECCLASS_SEM, |