diff options
-rw-r--r-- | include/linux/lsm_audit.h | 7 | ||||
-rw-r--r-- | security/apparmor/audit.c | 4 | ||||
-rw-r--r-- | security/lsm_audit.c | 14 | ||||
-rw-r--r-- | security/selinux/avc.c | 4 | ||||
-rw-r--r-- | security/smack/smack_access.c | 3 |
5 files changed, 15 insertions, 17 deletions
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h index d1b073ffec24..fad48aab893b 100644 --- a/include/linux/lsm_audit.h +++ b/include/linux/lsm_audit.h | |||
@@ -82,9 +82,6 @@ struct common_audit_data { | |||
82 | struct apparmor_audit_data *apparmor_audit_data; | 82 | struct apparmor_audit_data *apparmor_audit_data; |
83 | #endif | 83 | #endif |
84 | }; /* per LSM data pointer union */ | 84 | }; /* per LSM data pointer union */ |
85 | /* these callback will be implemented by a specific LSM */ | ||
86 | void (*lsm_pre_audit)(struct audit_buffer *, void *); | ||
87 | void (*lsm_post_audit)(struct audit_buffer *, void *); | ||
88 | }; | 85 | }; |
89 | 86 | ||
90 | #define v4info fam.v4 | 87 | #define v4info fam.v4 |
@@ -101,6 +98,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb, | |||
101 | { memset((_d), 0, sizeof(struct common_audit_data)); \ | 98 | { memset((_d), 0, sizeof(struct common_audit_data)); \ |
102 | (_d)->type = LSM_AUDIT_DATA_##_t; } | 99 | (_d)->type = LSM_AUDIT_DATA_##_t; } |
103 | 100 | ||
104 | void common_lsm_audit(struct common_audit_data *a); | 101 | void common_lsm_audit(struct common_audit_data *a, |
102 | void (*pre_audit)(struct audit_buffer *, void *), | ||
103 | void (*post_audit)(struct audit_buffer *, void *)); | ||
105 | 104 | ||
106 | #endif | 105 | #endif |
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 23f7eb658d9c..cc3520d39a78 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c | |||
@@ -160,9 +160,7 @@ void aa_audit_msg(int type, struct common_audit_data *sa, | |||
160 | void (*cb) (struct audit_buffer *, void *)) | 160 | void (*cb) (struct audit_buffer *, void *)) |
161 | { | 161 | { |
162 | sa->aad->type = type; | 162 | sa->aad->type = type; |
163 | sa->lsm_pre_audit = audit_pre; | 163 | common_lsm_audit(sa, audit_pre, cb); |
164 | sa->lsm_post_audit = cb; | ||
165 | common_lsm_audit(sa); | ||
166 | } | 164 | } |
167 | 165 | ||
168 | /** | 166 | /** |
diff --git a/security/lsm_audit.c b/security/lsm_audit.c index e96c6aa17bb0..90c129b0102f 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c | |||
@@ -378,11 +378,15 @@ static void dump_common_audit_data(struct audit_buffer *ab, | |||
378 | /** | 378 | /** |
379 | * common_lsm_audit - generic LSM auditing function | 379 | * common_lsm_audit - generic LSM auditing function |
380 | * @a: auxiliary audit data | 380 | * @a: auxiliary audit data |
381 | * @pre_audit: lsm-specific pre-audit callback | ||
382 | * @post_audit: lsm-specific post-audit callback | ||
381 | * | 383 | * |
382 | * setup the audit buffer for common security information | 384 | * setup the audit buffer for common security information |
383 | * uses callback to print LSM specific information | 385 | * uses callback to print LSM specific information |
384 | */ | 386 | */ |
385 | void common_lsm_audit(struct common_audit_data *a) | 387 | void common_lsm_audit(struct common_audit_data *a, |
388 | void (*pre_audit)(struct audit_buffer *, void *), | ||
389 | void (*post_audit)(struct audit_buffer *, void *)) | ||
386 | { | 390 | { |
387 | struct audit_buffer *ab; | 391 | struct audit_buffer *ab; |
388 | 392 | ||
@@ -394,13 +398,13 @@ void common_lsm_audit(struct common_audit_data *a) | |||
394 | if (ab == NULL) | 398 | if (ab == NULL) |
395 | return; | 399 | return; |
396 | 400 | ||
397 | if (a->lsm_pre_audit) | 401 | if (pre_audit) |
398 | a->lsm_pre_audit(ab, a); | 402 | pre_audit(ab, a); |
399 | 403 | ||
400 | dump_common_audit_data(ab, a); | 404 | dump_common_audit_data(ab, a); |
401 | 405 | ||
402 | if (a->lsm_post_audit) | 406 | if (post_audit) |
403 | a->lsm_post_audit(ab, a); | 407 | post_audit(ab, a); |
404 | 408 | ||
405 | audit_log_end(ab); | 409 | audit_log_end(ab); |
406 | } | 410 | } |
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 36c42bb52d81..8ee42b2a5f19 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -492,9 +492,7 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, | |||
492 | slad.denied = denied; | 492 | slad.denied = denied; |
493 | 493 | ||
494 | a->selinux_audit_data->slad = &slad; | 494 | a->selinux_audit_data->slad = &slad; |
495 | a->lsm_pre_audit = avc_audit_pre_callback; | 495 | common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback); |
496 | a->lsm_post_audit = avc_audit_post_callback; | ||
497 | common_lsm_audit(a); | ||
498 | return 0; | 496 | return 0; |
499 | } | 497 | } |
500 | 498 | ||
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 2af7fcc98a71..c8115f7308f8 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
@@ -321,9 +321,8 @@ void smack_log(char *subject_label, char *object_label, int request, | |||
321 | sad->object = object_label; | 321 | sad->object = object_label; |
322 | sad->request = request_buffer; | 322 | sad->request = request_buffer; |
323 | sad->result = result; | 323 | sad->result = result; |
324 | a->lsm_pre_audit = smack_log_callback; | ||
325 | 324 | ||
326 | common_lsm_audit(a); | 325 | common_lsm_audit(a, smack_log_callback, NULL); |
327 | } | 326 | } |
328 | #else /* #ifdef CONFIG_AUDIT */ | 327 | #else /* #ifdef CONFIG_AUDIT */ |
329 | void smack_log(char *subject_label, char *object_label, int request, | 328 | void smack_log(char *subject_label, char *object_label, int request, |