SELinux: Convert avc_audit to use lsm_audit.h

Convert avc_audit in security/selinux/avc.c to use lsm_audit.h,
for better maintainability and for less code duplication.

 - changed selinux to use common_audit_data instead of
   avc_audit_data
 - eliminated code in avc.c and used code from lsm_audit.h instead.

I have tested to make sure that the avcs look the same before and
after this patch.

Signed-off-by: Thomas Liu <tliu@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

3 files changed, 11 insertions, 50 deletions

diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index ae4c3a0e2c1a..e94e82f73818 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -13,6 +13,7 @@
 #include <linux/spinlock.h>
 #include <linux/init.h>
 #include <linux/audit.h>
+#include <linux/lsm_audit.h>
 #include <linux/in6.h>
 #include <linux/path.h>
 #include <asm/system.h>
@@ -36,48 +37,6 @@ struct inode;
 struct sock;
 struct sk_buff;
 
-/* Auxiliary data to use in generating the audit record. */
-struct avc_audit_data {
-        char    type;
-#define AVC_AUDIT_DATA_FS   1
-#define AVC_AUDIT_DATA_NET  2
-#define AVC_AUDIT_DATA_CAP  3
-#define AVC_AUDIT_DATA_IPC  4
-        struct task_struct *tsk;
-        union   {
-                struct {
-                        struct path path;
-                        struct inode *inode;
-                } fs;
-                struct {
-                        int netif;
-                        struct sock *sk;
-                        u16 family;
-                        __be16 dport;
-                        __be16 sport;
-                        union {
-                                struct {
-                                        __be32 daddr;
-                                        __be32 saddr;
-                                } v4;
-                                struct {
-                                        struct in6_addr daddr;
-                                        struct in6_addr saddr;
-                                } v6;
-                        } fam;
-                } net;
-                int cap;
-                int ipc_id;
-        } u;
-};
-
-#define v4info fam.v4
-#define v6info fam.v6
-
-/* Initialize an AVC audit data structure. */
-#define AVC_AUDIT_DATA_INIT(_d,_t) \
-        { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
-
 /*
  * AVC statistics
  */
@@ -98,7 +57,9 @@ void __init avc_init(void);
 
 void avc_audit(u32 ssid, u32 tsid,
                u16 tclass, u32 requested,
-               struct av_decision *avd, int result, struct avc_audit_data *auditdata);
+               struct av_decision *avd,
+               int result,
+               struct common_audit_data *a);
 
 #define AVC_STRICT 1 /* Ignore permissive mode. */
 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
@@ -108,7 +69,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 
 int avc_has_perm(u32 ssid, u32 tsid,
                  u16 tclass, u32 requested,
-                 struct avc_audit_data *auditdata);
+                 struct common_audit_data *auditdata);
 
 u32 avc_policy_seqno(void);
 
diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h
index b4b5b9b2f0be..8d7384280a7a 100644
--- a/security/selinux/include/netlabel.h
+++ b/security/selinux/include/netlabel.h
@@ -59,7 +59,7 @@ int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
 int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
                                 struct sk_buff *skb,
                                 u16 family,
-                                struct avc_audit_data *ad);
+                                struct common_audit_data *ad);
 int selinux_netlbl_socket_setsockopt(struct socket *sock,
                                      int level,
                                      int optname);
@@ -129,7 +129,7 @@ static inline int selinux_netlbl_socket_post_create(struct sock *sk,
 static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
                                               struct sk_buff *skb,
                                               u16 family,
-                                              struct avc_audit_data *ad)
+                                              struct common_audit_data *ad)
 {
         return 0;
 }
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index 289e24b39e3e..13128f9a3e5a 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -41,9 +41,9 @@ static inline int selinux_xfrm_enabled(void)
 }
 
 int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb,
-                        struct avc_audit_data *ad);
+                        struct common_audit_data *ad);
 int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
-                        struct avc_audit_data *ad, u8 proto);
+                        struct common_audit_data *ad, u8 proto);
 int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
 
 static inline void selinux_xfrm_notify_policyload(void)
@@ -57,13 +57,13 @@ static inline int selinux_xfrm_enabled(void)
 }
 
 static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
-                        struct avc_audit_data *ad)
+                        struct common_audit_data *ad)
 {
         return 0;
 }
 
 static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
-                        struct avc_audit_data *ad, u8 proto)
+                        struct common_audit_data *ad, u8 proto)
 {
         return 0;
 }