aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditfilter.c40
-rw-r--r--kernel/auditsc.c12
2 files changed, 26 insertions, 26 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 7c69cb5e44fb..28fef6bf8534 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -139,8 +139,8 @@ static inline void audit_free_rule(struct audit_entry *e)
139 if (e->rule.fields) 139 if (e->rule.fields)
140 for (i = 0; i < e->rule.field_count; i++) { 140 for (i = 0; i < e->rule.field_count; i++) {
141 struct audit_field *f = &e->rule.fields[i]; 141 struct audit_field *f = &e->rule.fields[i];
142 kfree(f->se_str); 142 kfree(f->lsm_str);
143 security_audit_rule_free(f->se_rule); 143 security_audit_rule_free(f->lsm_rule);
144 } 144 }
145 kfree(e->rule.fields); 145 kfree(e->rule.fields);
146 kfree(e->rule.filterkey); 146 kfree(e->rule.filterkey);
@@ -554,8 +554,8 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
554 f->op = data->fieldflags[i] & AUDIT_OPERATORS; 554 f->op = data->fieldflags[i] & AUDIT_OPERATORS;
555 f->type = data->fields[i]; 555 f->type = data->fields[i];
556 f->val = data->values[i]; 556 f->val = data->values[i];
557 f->se_str = NULL; 557 f->lsm_str = NULL;
558 f->se_rule = NULL; 558 f->lsm_rule = NULL;
559 switch(f->type) { 559 switch(f->type) {
560 case AUDIT_PID: 560 case AUDIT_PID:
561 case AUDIT_UID: 561 case AUDIT_UID:
@@ -598,7 +598,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
598 entry->rule.buflen += f->val; 598 entry->rule.buflen += f->val;
599 599
600 err = security_audit_rule_init(f->type, f->op, str, 600 err = security_audit_rule_init(f->type, f->op, str,
601 (void **)&f->se_rule); 601 (void **)&f->lsm_rule);
602 /* Keep currently invalid fields around in case they 602 /* Keep currently invalid fields around in case they
603 * become valid after a policy reload. */ 603 * become valid after a policy reload. */
604 if (err == -EINVAL) { 604 if (err == -EINVAL) {
@@ -610,7 +610,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
610 kfree(str); 610 kfree(str);
611 goto exit_free; 611 goto exit_free;
612 } else 612 } else
613 f->se_str = str; 613 f->lsm_str = str;
614 break; 614 break;
615 case AUDIT_WATCH: 615 case AUDIT_WATCH:
616 str = audit_unpack_string(&bufp, &remain, f->val); 616 str = audit_unpack_string(&bufp, &remain, f->val);
@@ -754,7 +754,7 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
754 case AUDIT_OBJ_LEV_LOW: 754 case AUDIT_OBJ_LEV_LOW:
755 case AUDIT_OBJ_LEV_HIGH: 755 case AUDIT_OBJ_LEV_HIGH:
756 data->buflen += data->values[i] = 756 data->buflen += data->values[i] =
757 audit_pack_string(&bufp, f->se_str); 757 audit_pack_string(&bufp, f->lsm_str);
758 break; 758 break;
759 case AUDIT_WATCH: 759 case AUDIT_WATCH:
760 data->buflen += data->values[i] = 760 data->buflen += data->values[i] =
@@ -806,7 +806,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
806 case AUDIT_OBJ_TYPE: 806 case AUDIT_OBJ_TYPE:
807 case AUDIT_OBJ_LEV_LOW: 807 case AUDIT_OBJ_LEV_LOW:
808 case AUDIT_OBJ_LEV_HIGH: 808 case AUDIT_OBJ_LEV_HIGH:
809 if (strcmp(a->fields[i].se_str, b->fields[i].se_str)) 809 if (strcmp(a->fields[i].lsm_str, b->fields[i].lsm_str))
810 return 1; 810 return 1;
811 break; 811 break;
812 case AUDIT_WATCH: 812 case AUDIT_WATCH:
@@ -862,28 +862,28 @@ out:
862 return new; 862 return new;
863} 863}
864 864
865/* Duplicate LSM field information. The se_rule is opaque, so must be 865/* Duplicate LSM field information. The lsm_rule is opaque, so must be
866 * re-initialized. */ 866 * re-initialized. */
867static inline int audit_dupe_lsm_field(struct audit_field *df, 867static inline int audit_dupe_lsm_field(struct audit_field *df,
868 struct audit_field *sf) 868 struct audit_field *sf)
869{ 869{
870 int ret = 0; 870 int ret = 0;
871 char *se_str; 871 char *lsm_str;
872 872
873 /* our own copy of se_str */ 873 /* our own copy of lsm_str */
874 se_str = kstrdup(sf->se_str, GFP_KERNEL); 874 lsm_str = kstrdup(sf->lsm_str, GFP_KERNEL);
875 if (unlikely(!se_str)) 875 if (unlikely(!lsm_str))
876 return -ENOMEM; 876 return -ENOMEM;
877 df->se_str = se_str; 877 df->lsm_str = lsm_str;
878 878
879 /* our own (refreshed) copy of se_rule */ 879 /* our own (refreshed) copy of lsm_rule */
880 ret = security_audit_rule_init(df->type, df->op, df->se_str, 880 ret = security_audit_rule_init(df->type, df->op, df->lsm_str,
881 (void **)&df->se_rule); 881 (void **)&df->lsm_rule);
882 /* Keep currently invalid fields around in case they 882 /* Keep currently invalid fields around in case they
883 * become valid after a policy reload. */ 883 * become valid after a policy reload. */
884 if (ret == -EINVAL) { 884 if (ret == -EINVAL) {
885 printk(KERN_WARNING "audit rule for LSM \'%s\' is " 885 printk(KERN_WARNING "audit rule for LSM \'%s\' is "
886 "invalid\n", df->se_str); 886 "invalid\n", df->lsm_str);
887 ret = 0; 887 ret = 0;
888 } 888 }
889 889
@@ -930,7 +930,7 @@ static struct audit_entry *audit_dupe_rule(struct audit_krule *old,
930 new->tree = old->tree; 930 new->tree = old->tree;
931 memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount); 931 memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount);
932 932
933 /* deep copy this information, updating the se_rule fields, because 933 /* deep copy this information, updating the lsm_rule fields, because
934 * the originals will all be freed when the old rule is freed. */ 934 * the originals will all be freed when the old rule is freed. */
935 for (i = 0; i < fcount; i++) { 935 for (i = 0; i < fcount; i++) {
936 switch (new->fields[i].type) { 936 switch (new->fields[i].type) {
@@ -1762,7 +1762,7 @@ unlock_and_return:
1762 return result; 1762 return result;
1763} 1763}
1764 1764
1765/* This function will re-initialize the se_rule field of all applicable rules. 1765/* This function will re-initialize the lsm_rule field of all applicable rules.
1766 * It will traverse the filter lists serarching for rules that contain LSM 1766 * It will traverse the filter lists serarching for rules that contain LSM
1767 * specific filter fields. When such a rule is found, it is copied, the 1767 * specific filter fields. When such a rule is found, it is copied, the
1768 * LSM field is re-initialized, and the old rule is replaced with the 1768 * LSM field is re-initialized, and the old rule is replaced with the
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index c0700535e5c5..56e56ed594a8 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -527,14 +527,14 @@ static int audit_filter_rules(struct task_struct *tsk,
527 match for now to avoid losing information that 527 match for now to avoid losing information that
528 may be wanted. An error message will also be 528 may be wanted. An error message will also be
529 logged upon error */ 529 logged upon error */
530 if (f->se_rule) { 530 if (f->lsm_rule) {
531 if (need_sid) { 531 if (need_sid) {
532 security_task_getsecid(tsk, &sid); 532 security_task_getsecid(tsk, &sid);
533 need_sid = 0; 533 need_sid = 0;
534 } 534 }
535 result = security_audit_rule_match(sid, f->type, 535 result = security_audit_rule_match(sid, f->type,
536 f->op, 536 f->op,
537 f->se_rule, 537 f->lsm_rule,
538 ctx); 538 ctx);
539 } 539 }
540 break; 540 break;
@@ -545,18 +545,18 @@ static int audit_filter_rules(struct task_struct *tsk,
545 case AUDIT_OBJ_LEV_HIGH: 545 case AUDIT_OBJ_LEV_HIGH:
546 /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR 546 /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR
547 also applies here */ 547 also applies here */
548 if (f->se_rule) { 548 if (f->lsm_rule) {
549 /* Find files that match */ 549 /* Find files that match */
550 if (name) { 550 if (name) {
551 result = security_audit_rule_match( 551 result = security_audit_rule_match(
552 name->osid, f->type, f->op, 552 name->osid, f->type, f->op,
553 f->se_rule, ctx); 553 f->lsm_rule, ctx);
554 } else if (ctx) { 554 } else if (ctx) {
555 for (j = 0; j < ctx->name_count; j++) { 555 for (j = 0; j < ctx->name_count; j++) {
556 if (security_audit_rule_match( 556 if (security_audit_rule_match(
557 ctx->names[j].osid, 557 ctx->names[j].osid,
558 f->type, f->op, 558 f->type, f->op,
559 f->se_rule, ctx)) { 559 f->lsm_rule, ctx)) {
560 ++result; 560 ++result;
561 break; 561 break;
562 } 562 }
@@ -569,7 +569,7 @@ static int audit_filter_rules(struct task_struct *tsk,
569 aux = aux->next) { 569 aux = aux->next) {
570 if (aux->type == AUDIT_IPC) { 570 if (aux->type == AUDIT_IPC) {
571 struct audit_aux_data_ipcctl *axi = (void *)aux; 571 struct audit_aux_data_ipcctl *axi = (void *)aux;
572 if (security_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) { 572 if (security_audit_rule_match(axi->osid, f->type, f->op, f->lsm_rule, ctx)) {
573 ++result; 573 ++result;
574 break; 574 break;
575 } 575 }