aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-04-04 15:01:43 -0400
committerEric Paris <eparis@redhat.com>2012-04-09 12:23:06 -0400
commit899838b25f063a94594b1df6e0100aea1ec57fac (patch)
treece22a1fca876195237ba92051cb12b34aa957447 /security
parent1d3492927118d0ce1ea1ff3e007746699cba8f3e (diff)
SELinux: unify the selinux_audit_data and selinux_late_audit_data
We no longer need the distinction. We only need data after we decide to do an audit. So turn the "late" audit data into just "data" and remove what we currently have as "data". Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/avc.c31
-rw-r--r--security/selinux/hooks.c67
-rw-r--r--security/selinux/include/avc.h9
3 files changed, 16 insertions, 91 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index cd91e25667d1..c03a964ffde2 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -436,9 +436,9 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
436{ 436{
437 struct common_audit_data *ad = a; 437 struct common_audit_data *ad = a;
438 audit_log_format(ab, "avc: %s ", 438 audit_log_format(ab, "avc: %s ",
439 ad->selinux_audit_data->slad->denied ? "denied" : "granted"); 439 ad->selinux_audit_data->denied ? "denied" : "granted");
440 avc_dump_av(ab, ad->selinux_audit_data->slad->tclass, 440 avc_dump_av(ab, ad->selinux_audit_data->tclass,
441 ad->selinux_audit_data->slad->audited); 441 ad->selinux_audit_data->audited);
442 audit_log_format(ab, " for "); 442 audit_log_format(ab, " for ");
443} 443}
444 444
@@ -452,9 +452,9 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
452{ 452{
453 struct common_audit_data *ad = a; 453 struct common_audit_data *ad = a;
454 audit_log_format(ab, " "); 454 audit_log_format(ab, " ");
455 avc_dump_query(ab, ad->selinux_audit_data->slad->ssid, 455 avc_dump_query(ab, ad->selinux_audit_data->ssid,
456 ad->selinux_audit_data->slad->tsid, 456 ad->selinux_audit_data->tsid,
457 ad->selinux_audit_data->slad->tclass); 457 ad->selinux_audit_data->tclass);
458} 458}
459 459
460/* This is the slow part of avc audit with big stack footprint */ 460/* This is the slow part of avc audit with big stack footprint */
@@ -464,13 +464,11 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
464 unsigned flags) 464 unsigned flags)
465{ 465{
466 struct common_audit_data stack_data; 466 struct common_audit_data stack_data;
467 struct selinux_audit_data sad = {0,}; 467 struct selinux_audit_data sad;
468 struct selinux_late_audit_data slad;
469 468
470 if (!a) { 469 if (!a) {
471 a = &stack_data; 470 a = &stack_data;
472 a->type = LSM_AUDIT_DATA_NONE; 471 a->type = LSM_AUDIT_DATA_NONE;
473 a->selinux_audit_data = &sad;
474 } 472 }
475 473
476 /* 474 /*
@@ -484,14 +482,15 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
484 (flags & MAY_NOT_BLOCK)) 482 (flags & MAY_NOT_BLOCK))
485 return -ECHILD; 483 return -ECHILD;
486 484
487 slad.tclass = tclass; 485 sad.tclass = tclass;
488 slad.requested = requested; 486 sad.requested = requested;
489 slad.ssid = ssid; 487 sad.ssid = ssid;
490 slad.tsid = tsid; 488 sad.tsid = tsid;
491 slad.audited = audited; 489 sad.audited = audited;
492 slad.denied = denied; 490 sad.denied = denied;
491
492 a->selinux_audit_data = &sad;
493 493
494 a->selinux_audit_data->slad = &slad;
495 common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback); 494 common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
496 return 0; 495 return 0;
497} 496}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d9fa2489a551..2578de549ad7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1420,7 +1420,6 @@ static int cred_has_capability(const struct cred *cred,
1420 int cap, int audit) 1420 int cap, int audit)
1421{ 1421{
1422 struct common_audit_data ad; 1422 struct common_audit_data ad;
1423 struct selinux_audit_data sad = {0,};
1424 struct av_decision avd; 1423 struct av_decision avd;
1425 u16 sclass; 1424 u16 sclass;
1426 u32 sid = cred_sid(cred); 1425 u32 sid = cred_sid(cred);
@@ -1428,7 +1427,6 @@ static int cred_has_capability(const struct cred *cred,
1428 int rc; 1427 int rc;
1429 1428
1430 ad.type = LSM_AUDIT_DATA_CAP; 1429 ad.type = LSM_AUDIT_DATA_CAP;
1431 ad.selinux_audit_data = &sad;
1432 ad.u.cap = cap; 1430 ad.u.cap = cap;
1433 1431
1434 switch (CAP_TO_INDEX(cap)) { 1432 switch (CAP_TO_INDEX(cap)) {
@@ -1496,11 +1494,9 @@ static inline int dentry_has_perm(const struct cred *cred,
1496{ 1494{
1497 struct inode *inode = dentry->d_inode; 1495 struct inode *inode = dentry->d_inode;
1498 struct common_audit_data ad; 1496 struct common_audit_data ad;
1499 struct selinux_audit_data sad = {0,};
1500 1497
1501 ad.type = LSM_AUDIT_DATA_DENTRY; 1498 ad.type = LSM_AUDIT_DATA_DENTRY;
1502 ad.u.dentry = dentry; 1499 ad.u.dentry = dentry;
1503 ad.selinux_audit_data = &sad;
1504 return inode_has_perm(cred, inode, av, &ad, 0); 1500 return inode_has_perm(cred, inode, av, &ad, 0);
1505} 1501}
1506 1502
@@ -1513,11 +1509,9 @@ static inline int path_has_perm(const struct cred *cred,
1513{ 1509{
1514 struct inode *inode = path->dentry->d_inode; 1510 struct inode *inode = path->dentry->d_inode;
1515 struct common_audit_data ad; 1511 struct common_audit_data ad;
1516 struct selinux_audit_data sad = {0,};
1517 1512
1518 ad.type = LSM_AUDIT_DATA_PATH; 1513 ad.type = LSM_AUDIT_DATA_PATH;
1519 ad.u.path = *path; 1514 ad.u.path = *path;
1520 ad.selinux_audit_data = &sad;
1521 return inode_has_perm(cred, inode, av, &ad, 0); 1515 return inode_has_perm(cred, inode, av, &ad, 0);
1522} 1516}
1523 1517
@@ -1536,13 +1530,11 @@ static int file_has_perm(const struct cred *cred,
1536 struct file_security_struct *fsec = file->f_security; 1530 struct file_security_struct *fsec = file->f_security;
1537 struct inode *inode = file->f_path.dentry->d_inode; 1531 struct inode *inode = file->f_path.dentry->d_inode;
1538 struct common_audit_data ad; 1532 struct common_audit_data ad;
1539 struct selinux_audit_data sad = {0,};
1540 u32 sid = cred_sid(cred); 1533 u32 sid = cred_sid(cred);
1541 int rc; 1534 int rc;
1542 1535
1543 ad.type = LSM_AUDIT_DATA_PATH; 1536 ad.type = LSM_AUDIT_DATA_PATH;
1544 ad.u.path = file->f_path; 1537 ad.u.path = file->f_path;
1545 ad.selinux_audit_data = &sad;
1546 1538
1547 if (sid != fsec->sid) { 1539 if (sid != fsec->sid) {
1548 rc = avc_has_perm(sid, fsec->sid, 1540 rc = avc_has_perm(sid, fsec->sid,
@@ -1572,7 +1564,6 @@ static int may_create(struct inode *dir,
1572 struct superblock_security_struct *sbsec; 1564 struct superblock_security_struct *sbsec;
1573 u32 sid, newsid; 1565 u32 sid, newsid;
1574 struct common_audit_data ad; 1566 struct common_audit_data ad;
1575 struct selinux_audit_data sad = {0,};
1576 int rc; 1567 int rc;
1577 1568
1578 dsec = dir->i_security; 1569 dsec = dir->i_security;
@@ -1583,7 +1574,6 @@ static int may_create(struct inode *dir,
1583 1574
1584 ad.type = LSM_AUDIT_DATA_DENTRY; 1575 ad.type = LSM_AUDIT_DATA_DENTRY;
1585 ad.u.dentry = dentry; 1576 ad.u.dentry = dentry;
1586 ad.selinux_audit_data = &sad;
1587 1577
1588 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, 1578 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1589 DIR__ADD_NAME | DIR__SEARCH, 1579 DIR__ADD_NAME | DIR__SEARCH,
@@ -1628,7 +1618,6 @@ static int may_link(struct inode *dir,
1628{ 1618{
1629 struct inode_security_struct *dsec, *isec; 1619 struct inode_security_struct *dsec, *isec;
1630 struct common_audit_data ad; 1620 struct common_audit_data ad;
1631 struct selinux_audit_data sad = {0,};
1632 u32 sid = current_sid(); 1621 u32 sid = current_sid();
1633 u32 av; 1622 u32 av;
1634 int rc; 1623 int rc;
@@ -1638,7 +1627,6 @@ static int may_link(struct inode *dir,
1638 1627
1639 ad.type = LSM_AUDIT_DATA_DENTRY; 1628 ad.type = LSM_AUDIT_DATA_DENTRY;
1640 ad.u.dentry = dentry; 1629 ad.u.dentry = dentry;
1641 ad.selinux_audit_data = &sad;
1642 1630
1643 av = DIR__SEARCH; 1631 av = DIR__SEARCH;
1644 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); 1632 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
@@ -1673,7 +1661,6 @@ static inline int may_rename(struct inode *old_dir,
1673{ 1661{
1674 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; 1662 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1675 struct common_audit_data ad; 1663 struct common_audit_data ad;
1676 struct selinux_audit_data sad = {0,};
1677 u32 sid = current_sid(); 1664 u32 sid = current_sid();
1678 u32 av; 1665 u32 av;
1679 int old_is_dir, new_is_dir; 1666 int old_is_dir, new_is_dir;
@@ -1685,7 +1672,6 @@ static inline int may_rename(struct inode *old_dir,
1685 new_dsec = new_dir->i_security; 1672 new_dsec = new_dir->i_security;
1686 1673
1687 ad.type = LSM_AUDIT_DATA_DENTRY; 1674 ad.type = LSM_AUDIT_DATA_DENTRY;
1688 ad.selinux_audit_data = &sad;
1689 1675
1690 ad.u.dentry = old_dentry; 1676 ad.u.dentry = old_dentry;
1691 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, 1677 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
@@ -1971,7 +1957,6 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1971 struct task_security_struct *new_tsec; 1957 struct task_security_struct *new_tsec;
1972 struct inode_security_struct *isec; 1958 struct inode_security_struct *isec;
1973 struct common_audit_data ad; 1959 struct common_audit_data ad;
1974 struct selinux_audit_data sad = {0,};
1975 struct inode *inode = bprm->file->f_path.dentry->d_inode; 1960 struct inode *inode = bprm->file->f_path.dentry->d_inode;
1976 int rc; 1961 int rc;
1977 1962
@@ -2011,7 +1996,6 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2011 } 1996 }
2012 1997
2013 ad.type = LSM_AUDIT_DATA_PATH; 1998 ad.type = LSM_AUDIT_DATA_PATH;
2014 ad.selinux_audit_data = &sad;
2015 ad.u.path = bprm->file->f_path; 1999 ad.u.path = bprm->file->f_path;
2016 2000
2017 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) 2001 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
@@ -2101,7 +2085,6 @@ static inline void flush_unauthorized_files(const struct cred *cred,
2101 struct files_struct *files) 2085 struct files_struct *files)
2102{ 2086{
2103 struct common_audit_data ad; 2087 struct common_audit_data ad;
2104 struct selinux_audit_data sad = {0,};
2105 struct file *file, *devnull = NULL; 2088 struct file *file, *devnull = NULL;
2106 struct tty_struct *tty; 2089 struct tty_struct *tty;
2107 struct fdtable *fdt; 2090 struct fdtable *fdt;
@@ -2135,7 +2118,6 @@ static inline void flush_unauthorized_files(const struct cred *cred,
2135 /* Revalidate access to inherited open files. */ 2118 /* Revalidate access to inherited open files. */
2136 2119
2137 ad.type = LSM_AUDIT_DATA_INODE; 2120 ad.type = LSM_AUDIT_DATA_INODE;
2138 ad.selinux_audit_data = &sad;
2139 2121
2140 spin_lock(&files->file_lock); 2122 spin_lock(&files->file_lock);
2141 for (;;) { 2123 for (;;) {
@@ -2473,7 +2455,6 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2473{ 2455{
2474 const struct cred *cred = current_cred(); 2456 const struct cred *cred = current_cred();
2475 struct common_audit_data ad; 2457 struct common_audit_data ad;
2476 struct selinux_audit_data sad = {0,};
2477 int rc; 2458 int rc;
2478 2459
2479 rc = superblock_doinit(sb, data); 2460 rc = superblock_doinit(sb, data);
@@ -2485,7 +2466,6 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2485 return 0; 2466 return 0;
2486 2467
2487 ad.type = LSM_AUDIT_DATA_DENTRY; 2468 ad.type = LSM_AUDIT_DATA_DENTRY;
2488 ad.selinux_audit_data = &sad;
2489 ad.u.dentry = sb->s_root; 2469 ad.u.dentry = sb->s_root;
2490 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); 2470 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2491} 2471}
@@ -2494,10 +2474,8 @@ static int selinux_sb_statfs(struct dentry *dentry)
2494{ 2474{
2495 const struct cred *cred = current_cred(); 2475 const struct cred *cred = current_cred();
2496 struct common_audit_data ad; 2476 struct common_audit_data ad;
2497 struct selinux_audit_data sad = {0,};
2498 2477
2499 ad.type = LSM_AUDIT_DATA_DENTRY; 2478 ad.type = LSM_AUDIT_DATA_DENTRY;
2500 ad.selinux_audit_data = &sad;
2501 ad.u.dentry = dentry->d_sb->s_root; 2479 ad.u.dentry = dentry->d_sb->s_root;
2502 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); 2480 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2503} 2481}
@@ -2662,12 +2640,10 @@ static noinline int audit_inode_permission(struct inode *inode,
2662 unsigned flags) 2640 unsigned flags)
2663{ 2641{
2664 struct common_audit_data ad; 2642 struct common_audit_data ad;
2665 struct selinux_audit_data sad = {0,};
2666 struct inode_security_struct *isec = inode->i_security; 2643 struct inode_security_struct *isec = inode->i_security;
2667 int rc; 2644 int rc;
2668 2645
2669 ad.type = LSM_AUDIT_DATA_INODE; 2646 ad.type = LSM_AUDIT_DATA_INODE;
2670 ad.selinux_audit_data = &sad;
2671 ad.u.inode = inode; 2647 ad.u.inode = inode;
2672 2648
2673 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, 2649 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
@@ -2782,7 +2758,6 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2782 struct inode_security_struct *isec = inode->i_security; 2758 struct inode_security_struct *isec = inode->i_security;
2783 struct superblock_security_struct *sbsec; 2759 struct superblock_security_struct *sbsec;
2784 struct common_audit_data ad; 2760 struct common_audit_data ad;
2785 struct selinux_audit_data sad = {0,};
2786 u32 newsid, sid = current_sid(); 2761 u32 newsid, sid = current_sid();
2787 int rc = 0; 2762 int rc = 0;
2788 2763
@@ -2797,7 +2772,6 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2797 return -EPERM; 2772 return -EPERM;
2798 2773
2799 ad.type = LSM_AUDIT_DATA_DENTRY; 2774 ad.type = LSM_AUDIT_DATA_DENTRY;
2800 ad.selinux_audit_data = &sad;
2801 ad.u.dentry = dentry; 2775 ad.u.dentry = dentry;
2802 2776
2803 rc = avc_has_perm(sid, isec->sid, isec->sclass, 2777 rc = avc_has_perm(sid, isec->sid, isec->sclass,
@@ -3407,12 +3381,10 @@ static int selinux_kernel_module_request(char *kmod_name)
3407{ 3381{
3408 u32 sid; 3382 u32 sid;
3409 struct common_audit_data ad; 3383 struct common_audit_data ad;
3410 struct selinux_audit_data sad = {0,};
3411 3384
3412 sid = task_sid(current); 3385 sid = task_sid(current);
3413 3386
3414 ad.type = LSM_AUDIT_DATA_KMOD; 3387 ad.type = LSM_AUDIT_DATA_KMOD;
3415 ad.selinux_audit_data = &sad;
3416 ad.u.kmod_name = kmod_name; 3388 ad.u.kmod_name = kmod_name;
3417 3389
3418 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM, 3390 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
@@ -3785,7 +3757,6 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3785{ 3757{
3786 struct sk_security_struct *sksec = sk->sk_security; 3758 struct sk_security_struct *sksec = sk->sk_security;
3787 struct common_audit_data ad; 3759 struct common_audit_data ad;
3788 struct selinux_audit_data sad = {0,};
3789 struct lsm_network_audit net = {0,}; 3760 struct lsm_network_audit net = {0,};
3790 u32 tsid = task_sid(task); 3761 u32 tsid = task_sid(task);
3791 3762
@@ -3793,7 +3764,6 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3793 return 0; 3764 return 0;
3794 3765
3795 ad.type = LSM_AUDIT_DATA_NET; 3766 ad.type = LSM_AUDIT_DATA_NET;
3796 ad.selinux_audit_data = &sad;
3797 ad.u.net = &net; 3767 ad.u.net = &net;
3798 ad.u.net->sk = sk; 3768 ad.u.net->sk = sk;
3799 3769
@@ -3873,7 +3843,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3873 char *addrp; 3843 char *addrp;
3874 struct sk_security_struct *sksec = sk->sk_security; 3844 struct sk_security_struct *sksec = sk->sk_security;
3875 struct common_audit_data ad; 3845 struct common_audit_data ad;
3876 struct selinux_audit_data sad = {0,};
3877 struct lsm_network_audit net = {0,}; 3846 struct lsm_network_audit net = {0,};
3878 struct sockaddr_in *addr4 = NULL; 3847 struct sockaddr_in *addr4 = NULL;
3879 struct sockaddr_in6 *addr6 = NULL; 3848 struct sockaddr_in6 *addr6 = NULL;
@@ -3901,7 +3870,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3901 if (err) 3870 if (err)
3902 goto out; 3871 goto out;
3903 ad.type = LSM_AUDIT_DATA_NET; 3872 ad.type = LSM_AUDIT_DATA_NET;
3904 ad.selinux_audit_data = &sad;
3905 ad.u.net = &net; 3873 ad.u.net = &net;
3906 ad.u.net->sport = htons(snum); 3874 ad.u.net->sport = htons(snum);
3907 ad.u.net->family = family; 3875 ad.u.net->family = family;
@@ -3936,7 +3904,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3936 goto out; 3904 goto out;
3937 3905
3938 ad.type = LSM_AUDIT_DATA_NET; 3906 ad.type = LSM_AUDIT_DATA_NET;
3939 ad.selinux_audit_data = &sad;
3940 ad.u.net = &net; 3907 ad.u.net = &net;
3941 ad.u.net->sport = htons(snum); 3908 ad.u.net->sport = htons(snum);
3942 ad.u.net->family = family; 3909 ad.u.net->family = family;
@@ -3971,7 +3938,6 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3971 if (sksec->sclass == SECCLASS_TCP_SOCKET || 3938 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
3972 sksec->sclass == SECCLASS_DCCP_SOCKET) { 3939 sksec->sclass == SECCLASS_DCCP_SOCKET) {
3973 struct common_audit_data ad; 3940 struct common_audit_data ad;
3974 struct selinux_audit_data sad = {0,};
3975 struct lsm_network_audit net = {0,}; 3941 struct lsm_network_audit net = {0,};
3976 struct sockaddr_in *addr4 = NULL; 3942 struct sockaddr_in *addr4 = NULL;
3977 struct sockaddr_in6 *addr6 = NULL; 3943 struct sockaddr_in6 *addr6 = NULL;
@@ -3998,7 +3964,6 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3998 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; 3964 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3999 3965
4000 ad.type = LSM_AUDIT_DATA_NET; 3966 ad.type = LSM_AUDIT_DATA_NET;
4001 ad.selinux_audit_data = &sad;
4002 ad.u.net = &net; 3967 ad.u.net = &net;
4003 ad.u.net->dport = htons(snum); 3968 ad.u.net->dport = htons(snum);
4004 ad.u.net->family = sk->sk_family; 3969 ad.u.net->family = sk->sk_family;
@@ -4090,12 +4055,10 @@ static int selinux_socket_unix_stream_connect(struct sock *sock,
4090 struct sk_security_struct *sksec_other = other->sk_security; 4055 struct sk_security_struct *sksec_other = other->sk_security;
4091 struct sk_security_struct *sksec_new = newsk->sk_security; 4056 struct sk_security_struct *sksec_new = newsk->sk_security;
4092 struct common_audit_data ad; 4057 struct common_audit_data ad;
4093 struct selinux_audit_data sad = {0,};
4094 struct lsm_network_audit net = {0,}; 4058 struct lsm_network_audit net = {0,};
4095 int err; 4059 int err;
4096 4060
4097 ad.type = LSM_AUDIT_DATA_NET; 4061 ad.type = LSM_AUDIT_DATA_NET;
4098 ad.selinux_audit_data = &sad;
4099 ad.u.net = &net; 4062 ad.u.net = &net;
4100 ad.u.net->sk = other; 4063 ad.u.net->sk = other;
4101 4064
@@ -4124,11 +4087,9 @@ static int selinux_socket_unix_may_send(struct socket *sock,
4124 struct sk_security_struct *ssec = sock->sk->sk_security; 4087 struct sk_security_struct *ssec = sock->sk->sk_security;
4125 struct sk_security_struct *osec = other->sk->sk_security; 4088 struct sk_security_struct *osec = other->sk->sk_security;
4126 struct common_audit_data ad; 4089 struct common_audit_data ad;
4127 struct selinux_audit_data sad = {0,};
4128 struct lsm_network_audit net = {0,}; 4090 struct lsm_network_audit net = {0,};
4129 4091
4130 ad.type = LSM_AUDIT_DATA_NET; 4092 ad.type = LSM_AUDIT_DATA_NET;
4131 ad.selinux_audit_data = &sad;
4132 ad.u.net = &net; 4093 ad.u.net = &net;
4133 ad.u.net->sk = other->sk; 4094 ad.u.net->sk = other->sk;
4134 4095
@@ -4166,12 +4127,10 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4166 struct sk_security_struct *sksec = sk->sk_security; 4127 struct sk_security_struct *sksec = sk->sk_security;
4167 u32 sk_sid = sksec->sid; 4128 u32 sk_sid = sksec->sid;
4168 struct common_audit_data ad; 4129 struct common_audit_data ad;
4169 struct selinux_audit_data sad = {0,};
4170 struct lsm_network_audit net = {0,}; 4130 struct lsm_network_audit net = {0,};
4171 char *addrp; 4131 char *addrp;
4172 4132
4173 ad.type = LSM_AUDIT_DATA_NET; 4133 ad.type = LSM_AUDIT_DATA_NET;
4174 ad.selinux_audit_data = &sad;
4175 ad.u.net = &net; 4134 ad.u.net = &net;
4176 ad.u.net->netif = skb->skb_iif; 4135 ad.u.net->netif = skb->skb_iif;
4177 ad.u.net->family = family; 4136 ad.u.net->family = family;
@@ -4201,7 +4160,6 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4201 u16 family = sk->sk_family; 4160 u16 family = sk->sk_family;
4202 u32 sk_sid = sksec->sid; 4161 u32 sk_sid = sksec->sid;
4203 struct common_audit_data ad; 4162 struct common_audit_data ad;
4204 struct selinux_audit_data sad = {0,};
4205 struct lsm_network_audit net = {0,}; 4163 struct lsm_network_audit net = {0,};
4206 char *addrp; 4164 char *addrp;
4207 u8 secmark_active; 4165 u8 secmark_active;
@@ -4227,7 +4185,6 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4227 return 0; 4185 return 0;
4228 4186
4229 ad.type = LSM_AUDIT_DATA_NET; 4187 ad.type = LSM_AUDIT_DATA_NET;
4230 ad.selinux_audit_data = &sad;
4231 ad.u.net = &net; 4188 ad.u.net = &net;
4232 ad.u.net->netif = skb->skb_iif; 4189 ad.u.net->netif = skb->skb_iif;
4233 ad.u.net->family = family; 4190 ad.u.net->family = family;
@@ -4565,7 +4522,6 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4565 char *addrp; 4522 char *addrp;
4566 u32 peer_sid; 4523 u32 peer_sid;
4567 struct common_audit_data ad; 4524 struct common_audit_data ad;
4568 struct selinux_audit_data sad = {0,};
4569 struct lsm_network_audit net = {0,}; 4525 struct lsm_network_audit net = {0,};
4570 u8 secmark_active; 4526 u8 secmark_active;
4571 u8 netlbl_active; 4527 u8 netlbl_active;
@@ -4584,7 +4540,6 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4584 return NF_DROP; 4540 return NF_DROP;
4585 4541
4586 ad.type = LSM_AUDIT_DATA_NET; 4542 ad.type = LSM_AUDIT_DATA_NET;
4587 ad.selinux_audit_data = &sad;
4588 ad.u.net = &net; 4543 ad.u.net = &net;
4589 ad.u.net->netif = ifindex; 4544 ad.u.net->netif = ifindex;
4590 ad.u.net->family = family; 4545 ad.u.net->family = family;
@@ -4674,7 +4629,6 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4674 struct sock *sk = skb->sk; 4629 struct sock *sk = skb->sk;
4675 struct sk_security_struct *sksec; 4630 struct sk_security_struct *sksec;
4676 struct common_audit_data ad; 4631 struct common_audit_data ad;
4677 struct selinux_audit_data sad = {0,};
4678 struct lsm_network_audit net = {0,}; 4632 struct lsm_network_audit net = {0,};
4679 char *addrp; 4633 char *addrp;
4680 u8 proto; 4634 u8 proto;
@@ -4684,7 +4638,6 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4684 sksec = sk->sk_security; 4638 sksec = sk->sk_security;
4685 4639
4686 ad.type = LSM_AUDIT_DATA_NET; 4640 ad.type = LSM_AUDIT_DATA_NET;
4687 ad.selinux_audit_data = &sad;
4688 ad.u.net = &net; 4641 ad.u.net = &net;
4689 ad.u.net->netif = ifindex; 4642 ad.u.net->netif = ifindex;
4690 ad.u.net->family = family; 4643 ad.u.net->family = family;
@@ -4709,7 +4662,6 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4709 u32 peer_sid; 4662 u32 peer_sid;
4710 struct sock *sk; 4663 struct sock *sk;
4711 struct common_audit_data ad; 4664 struct common_audit_data ad;
4712 struct selinux_audit_data sad = {0,};
4713 struct lsm_network_audit net = {0,}; 4665 struct lsm_network_audit net = {0,};
4714 char *addrp; 4666 char *addrp;
4715 u8 secmark_active; 4667 u8 secmark_active;
@@ -4757,7 +4709,6 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4757 } 4709 }
4758 4710
4759 ad.type = LSM_AUDIT_DATA_NET; 4711 ad.type = LSM_AUDIT_DATA_NET;
4760 ad.selinux_audit_data = &sad;
4761 ad.u.net = &net; 4712 ad.u.net = &net;
4762 ad.u.net->netif = ifindex; 4713 ad.u.net->netif = ifindex;
4763 ad.u.net->family = family; 4714 ad.u.net->family = family;
@@ -4875,13 +4826,11 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4875{ 4826{
4876 struct ipc_security_struct *isec; 4827 struct ipc_security_struct *isec;
4877 struct common_audit_data ad; 4828 struct common_audit_data ad;
4878 struct selinux_audit_data sad = {0,};
4879 u32 sid = current_sid(); 4829 u32 sid = current_sid();
4880 4830
4881 isec = ipc_perms->security; 4831 isec = ipc_perms->security;
4882 4832
4883 ad.type = LSM_AUDIT_DATA_IPC; 4833 ad.type = LSM_AUDIT_DATA_IPC;
4884 ad.selinux_audit_data = &sad;
4885 ad.u.ipc_id = ipc_perms->key; 4834 ad.u.ipc_id = ipc_perms->key;
4886 4835
4887 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); 4836 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
@@ -4902,7 +4851,6 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4902{ 4851{
4903 struct ipc_security_struct *isec; 4852 struct ipc_security_struct *isec;
4904 struct common_audit_data ad; 4853 struct common_audit_data ad;
4905 struct selinux_audit_data sad = {0,};
4906 u32 sid = current_sid(); 4854 u32 sid = current_sid();
4907 int rc; 4855 int rc;
4908 4856
@@ -4913,7 +4861,6 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4913 isec = msq->q_perm.security; 4861 isec = msq->q_perm.security;
4914 4862
4915 ad.type = LSM_AUDIT_DATA_IPC; 4863 ad.type = LSM_AUDIT_DATA_IPC;
4916 ad.selinux_audit_data = &sad;
4917 ad.u.ipc_id = msq->q_perm.key; 4864 ad.u.ipc_id = msq->q_perm.key;
4918 4865
4919 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4866 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
@@ -4934,13 +4881,11 @@ static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4934{ 4881{
4935 struct ipc_security_struct *isec; 4882 struct ipc_security_struct *isec;
4936 struct common_audit_data ad; 4883 struct common_audit_data ad;
4937 struct selinux_audit_data sad = {0,};
4938 u32 sid = current_sid(); 4884 u32 sid = current_sid();
4939 4885
4940 isec = msq->q_perm.security; 4886 isec = msq->q_perm.security;
4941 4887
4942 ad.type = LSM_AUDIT_DATA_IPC; 4888 ad.type = LSM_AUDIT_DATA_IPC;
4943 ad.selinux_audit_data = &sad;
4944 ad.u.ipc_id = msq->q_perm.key; 4889 ad.u.ipc_id = msq->q_perm.key;
4945 4890
4946 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4891 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
@@ -4980,7 +4925,6 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4980 struct ipc_security_struct *isec; 4925 struct ipc_security_struct *isec;
4981 struct msg_security_struct *msec; 4926 struct msg_security_struct *msec;
4982 struct common_audit_data ad; 4927 struct common_audit_data ad;
4983 struct selinux_audit_data sad = {0,};
4984 u32 sid = current_sid(); 4928 u32 sid = current_sid();
4985 int rc; 4929 int rc;
4986 4930
@@ -5002,7 +4946,6 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
5002 } 4946 }
5003 4947
5004 ad.type = LSM_AUDIT_DATA_IPC; 4948 ad.type = LSM_AUDIT_DATA_IPC;
5005 ad.selinux_audit_data = &sad;
5006 ad.u.ipc_id = msq->q_perm.key; 4949 ad.u.ipc_id = msq->q_perm.key;
5007 4950
5008 /* Can this process write to the queue? */ 4951 /* Can this process write to the queue? */
@@ -5027,7 +4970,6 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5027 struct ipc_security_struct *isec; 4970 struct ipc_security_struct *isec;
5028 struct msg_security_struct *msec; 4971 struct msg_security_struct *msec;
5029 struct common_audit_data ad; 4972 struct common_audit_data ad;
5030 struct selinux_audit_data sad = {0,};
5031 u32 sid = task_sid(target); 4973 u32 sid = task_sid(target);
5032 int rc; 4974 int rc;
5033 4975
@@ -5035,7 +4977,6 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5035 msec = msg->security; 4977 msec = msg->security;
5036 4978
5037 ad.type = LSM_AUDIT_DATA_IPC; 4979 ad.type = LSM_AUDIT_DATA_IPC;
5038 ad.selinux_audit_data = &sad;
5039 ad.u.ipc_id = msq->q_perm.key; 4980 ad.u.ipc_id = msq->q_perm.key;
5040 4981
5041 rc = avc_has_perm(sid, isec->sid, 4982 rc = avc_has_perm(sid, isec->sid,
@@ -5051,7 +4992,6 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5051{ 4992{
5052 struct ipc_security_struct *isec; 4993 struct ipc_security_struct *isec;
5053 struct common_audit_data ad; 4994 struct common_audit_data ad;
5054 struct selinux_audit_data sad = {0,};
5055 u32 sid = current_sid(); 4995 u32 sid = current_sid();
5056 int rc; 4996 int rc;
5057 4997
@@ -5062,7 +5002,6 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5062 isec = shp->shm_perm.security; 5002 isec = shp->shm_perm.security;
5063 5003
5064 ad.type = LSM_AUDIT_DATA_IPC; 5004 ad.type = LSM_AUDIT_DATA_IPC;
5065 ad.selinux_audit_data = &sad;
5066 ad.u.ipc_id = shp->shm_perm.key; 5005 ad.u.ipc_id = shp->shm_perm.key;
5067 5006
5068 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, 5007 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
@@ -5083,13 +5022,11 @@ static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5083{ 5022{
5084 struct ipc_security_struct *isec; 5023 struct ipc_security_struct *isec;
5085 struct common_audit_data ad; 5024 struct common_audit_data ad;
5086 struct selinux_audit_data sad = {0,};
5087 u32 sid = current_sid(); 5025 u32 sid = current_sid();
5088 5026
5089 isec = shp->shm_perm.security; 5027 isec = shp->shm_perm.security;
5090 5028
5091 ad.type = LSM_AUDIT_DATA_IPC; 5029 ad.type = LSM_AUDIT_DATA_IPC;
5092 ad.selinux_audit_data = &sad;
5093 ad.u.ipc_id = shp->shm_perm.key; 5030 ad.u.ipc_id = shp->shm_perm.key;
5094 5031
5095 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, 5032 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
@@ -5147,7 +5084,6 @@ static int selinux_sem_alloc_security(struct sem_array *sma)
5147{ 5084{
5148 struct ipc_security_struct *isec; 5085 struct ipc_security_struct *isec;
5149 struct common_audit_data ad; 5086 struct common_audit_data ad;
5150 struct selinux_audit_data sad = {0,};
5151 u32 sid = current_sid(); 5087 u32 sid = current_sid();
5152 int rc; 5088 int rc;
5153 5089
@@ -5158,7 +5094,6 @@ static int selinux_sem_alloc_security(struct sem_array *sma)
5158 isec = sma->sem_perm.security; 5094 isec = sma->sem_perm.security;
5159 5095
5160 ad.type = LSM_AUDIT_DATA_IPC; 5096 ad.type = LSM_AUDIT_DATA_IPC;
5161 ad.selinux_audit_data = &sad;
5162 ad.u.ipc_id = sma->sem_perm.key; 5097 ad.u.ipc_id = sma->sem_perm.key;
5163 5098
5164 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, 5099 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
@@ -5179,13 +5114,11 @@ static int selinux_sem_associate(struct sem_array *sma, int semflg)
5179{ 5114{
5180 struct ipc_security_struct *isec; 5115 struct ipc_security_struct *isec;
5181 struct common_audit_data ad; 5116 struct common_audit_data ad;
5182 struct selinux_audit_data sad = {0,};
5183 u32 sid = current_sid(); 5117 u32 sid = current_sid();
5184 5118
5185 isec = sma->sem_perm.security; 5119 isec = sma->sem_perm.security;
5186 5120
5187 ad.type = LSM_AUDIT_DATA_IPC; 5121 ad.type = LSM_AUDIT_DATA_IPC;
5188 ad.selinux_audit_data = &sad;
5189 ad.u.ipc_id = sma->sem_perm.key; 5122 ad.u.ipc_id = sma->sem_perm.key;
5190 5123
5191 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, 5124 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index faa277729cb4..d97fadc4d963 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -49,7 +49,7 @@ struct avc_cache_stats {
49/* 49/*
50 * We only need this data after we have decided to send an audit message. 50 * We only need this data after we have decided to send an audit message.
51 */ 51 */
52struct selinux_late_audit_data { 52struct selinux_audit_data {
53 u32 ssid; 53 u32 ssid;
54 u32 tsid; 54 u32 tsid;
55 u16 tclass; 55 u16 tclass;
@@ -60,13 +60,6 @@ struct selinux_late_audit_data {
60}; 60};
61 61
62/* 62/*
63 * We collect this at the beginning or during an selinux security operation
64 */
65struct selinux_audit_data {
66 struct selinux_late_audit_data *slad;
67};
68
69/*
70 * AVC operations 63 * AVC operations
71 */ 64 */
72 65