aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/lsm_audit.h7
-rw-r--r--security/apparmor/audit.c4
-rw-r--r--security/lsm_audit.c14
-rw-r--r--security/selinux/avc.c4
-rw-r--r--security/smack/smack_access.c3
5 files changed, 15 insertions, 17 deletions
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index d1b073ffec24..fad48aab893b 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -82,9 +82,6 @@ struct common_audit_data {
82 struct apparmor_audit_data *apparmor_audit_data; 82 struct apparmor_audit_data *apparmor_audit_data;
83#endif 83#endif
84 }; /* per LSM data pointer union */ 84 }; /* per LSM data pointer union */
85 /* these callback will be implemented by a specific LSM */
86 void (*lsm_pre_audit)(struct audit_buffer *, void *);
87 void (*lsm_post_audit)(struct audit_buffer *, void *);
88}; 85};
89 86
90#define v4info fam.v4 87#define v4info fam.v4
@@ -101,6 +98,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
101 { memset((_d), 0, sizeof(struct common_audit_data)); \ 98 { memset((_d), 0, sizeof(struct common_audit_data)); \
102 (_d)->type = LSM_AUDIT_DATA_##_t; } 99 (_d)->type = LSM_AUDIT_DATA_##_t; }
103 100
104void common_lsm_audit(struct common_audit_data *a); 101void common_lsm_audit(struct common_audit_data *a,
102 void (*pre_audit)(struct audit_buffer *, void *),
103 void (*post_audit)(struct audit_buffer *, void *));
105 104
106#endif 105#endif
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 23f7eb658d9c..cc3520d39a78 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -160,9 +160,7 @@ void aa_audit_msg(int type, struct common_audit_data *sa,
160 void (*cb) (struct audit_buffer *, void *)) 160 void (*cb) (struct audit_buffer *, void *))
161{ 161{
162 sa->aad->type = type; 162 sa->aad->type = type;
163 sa->lsm_pre_audit = audit_pre; 163 common_lsm_audit(sa, audit_pre, cb);
164 sa->lsm_post_audit = cb;
165 common_lsm_audit(sa);
166} 164}
167 165
168/** 166/**
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index e96c6aa17bb0..90c129b0102f 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -378,11 +378,15 @@ static void dump_common_audit_data(struct audit_buffer *ab,
378/** 378/**
379 * common_lsm_audit - generic LSM auditing function 379 * common_lsm_audit - generic LSM auditing function
380 * @a: auxiliary audit data 380 * @a: auxiliary audit data
381 * @pre_audit: lsm-specific pre-audit callback
382 * @post_audit: lsm-specific post-audit callback
381 * 383 *
382 * setup the audit buffer for common security information 384 * setup the audit buffer for common security information
383 * uses callback to print LSM specific information 385 * uses callback to print LSM specific information
384 */ 386 */
385void common_lsm_audit(struct common_audit_data *a) 387void common_lsm_audit(struct common_audit_data *a,
388 void (*pre_audit)(struct audit_buffer *, void *),
389 void (*post_audit)(struct audit_buffer *, void *))
386{ 390{
387 struct audit_buffer *ab; 391 struct audit_buffer *ab;
388 392
@@ -394,13 +398,13 @@ void common_lsm_audit(struct common_audit_data *a)
394 if (ab == NULL) 398 if (ab == NULL)
395 return; 399 return;
396 400
397 if (a->lsm_pre_audit) 401 if (pre_audit)
398 a->lsm_pre_audit(ab, a); 402 pre_audit(ab, a);
399 403
400 dump_common_audit_data(ab, a); 404 dump_common_audit_data(ab, a);
401 405
402 if (a->lsm_post_audit) 406 if (post_audit)
403 a->lsm_post_audit(ab, a); 407 post_audit(ab, a);
404 408
405 audit_log_end(ab); 409 audit_log_end(ab);
406} 410}
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 36c42bb52d81..8ee42b2a5f19 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -492,9 +492,7 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
492 slad.denied = denied; 492 slad.denied = denied;
493 493
494 a->selinux_audit_data->slad = &slad; 494 a->selinux_audit_data->slad = &slad;
495 a->lsm_pre_audit = avc_audit_pre_callback; 495 common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
496 a->lsm_post_audit = avc_audit_post_callback;
497 common_lsm_audit(a);
498 return 0; 496 return 0;
499} 497}
500 498
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 2af7fcc98a71..c8115f7308f8 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -321,9 +321,8 @@ void smack_log(char *subject_label, char *object_label, int request,
321 sad->object = object_label; 321 sad->object = object_label;
322 sad->request = request_buffer; 322 sad->request = request_buffer;
323 sad->result = result; 323 sad->result = result;
324 a->lsm_pre_audit = smack_log_callback;
325 324
326 common_lsm_audit(a); 325 common_lsm_audit(a, smack_log_callback, NULL);
327} 326}
328#else /* #ifdef CONFIG_AUDIT */ 327#else /* #ifdef CONFIG_AUDIT */
329void smack_log(char *subject_label, char *object_label, int request, 328void smack_log(char *subject_label, char *object_label, int request,