1 files changed, 23 insertions, 11 deletions
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index ab36675fee8c..1833ad233b39 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -70,18 +70,25 @@ static struct nla_policy netlbl_unlabel_genl_policy[NLBL_UNLABEL_A_MAX + 1] = {
 /**
 * netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag
 * @value: desired value
- * @audit_secid: the LSM secid to use in the audit message
+ * @audit_info: NetLabel audit information
 *
 * Description:
 * Set the value of the unlabeled accept flag to @value.
 *
 */
-static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
+static void netlbl_unlabel_acceptflg_set(u8 value,
+                                         struct netlbl_audit *audit_info)
 {
+        struct audit_buffer *audit_buf;
+        u8 old_val;
+        old_val = atomic_read(&netlabel_unlabel_accept_flg);
        atomic_set(&netlabel_unlabel_accept_flg, value);
-        netlbl_audit_nomsg((value ?
-                            AUDIT_MAC_UNLBL_ACCEPT : AUDIT_MAC_UNLBL_DENY),
+        audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_ALLOW,
-                           audit_secid);
+                                              audit_info);
+        audit_log_format(audit_buf, " unlbl_accept=%u old=%u", value, old_val);
+        audit_log_end(audit_buf);
 }
 /*
@@ -101,12 +108,13 @@ static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
 static int netlbl_unlabel_accept(struct sk_buff *skb, struct genl_info *info)
 {
        u8 value;
+        struct netlbl_audit audit_info;
        if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) {
                value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]);
                if (value == 1 || value == 0) {
-                        netlbl_unlabel_acceptflg_set(value,
+                        netlbl_netlink_auditinfo(skb, &audit_info);
-                                                     NETLINK_CB(skb).sid);
+                        netlbl_unlabel_acceptflg_set(value, &audit_info);
                        return 0;
                }
        }
@@ -250,19 +258,23 @@ int netlbl_unlabel_defconf(void)
 {
        int ret_val;
        struct netlbl_dom_map *entry;
-        u32 secid;
+        struct netlbl_audit audit_info;
-        security_task_getsecid(current, &secid);
+        /* Only the kernel is allowed to call this function and the only time
+         * it is called is at bootup before the audit subsystem is reporting
+         * messages so don't worry to much about these values. */
+        security_task_getsecid(current, &audit_info.secid);
+        audit_info.loginuid = 0;
        entry = kzalloc(sizeof(*entry), GFP_KERNEL);
        if (entry == NULL)
                return -ENOMEM;
        entry->type = NETLBL_NLTYPE_UNLABELED;
-        ret_val = netlbl_domhsh_add_default(entry, secid);
+        ret_val = netlbl_domhsh_add_default(entry, &audit_info);
        if (ret_val != 0)
                return ret_val;
-        netlbl_unlabel_acceptflg_set(1, secid);
+        netlbl_unlabel_acceptflg_set(1, &audit_info);
        return 0;
 }

diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index ab36675fee8c..1833ad233b39 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c
@@ -70,18 +70,25 @@ static struct nla_policy netlbl_unlabel_genl_policy[NLBL_UNLABEL_A_MAX + 1] = {
70	/**	70	/**
71	* netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag	71	* netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag
72	* @value: desired value	72	* @value: desired value
73	* @audit_secid: the LSM secid to use in the audit message	73	* @audit_info: NetLabel audit information
74	*	74	*
75	* Description:	75	* Description:
76	* Set the value of the unlabeled accept flag to @value.	76	* Set the value of the unlabeled accept flag to @value.
77	*	77	*
78	*/	78	*/
79	static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)	79	static void netlbl_unlabel_acceptflg_set(u8 value,
		80	struct netlbl_audit *audit_info)
80	{	81	{
		82	struct audit_buffer *audit_buf;
		83	u8 old_val;
		84
		85	old_val = atomic_read(&netlabel_unlabel_accept_flg);
81	atomic_set(&netlabel_unlabel_accept_flg, value);	86	atomic_set(&netlabel_unlabel_accept_flg, value);
82	netlbl_audit_nomsg((value ?	87
83	AUDIT_MAC_UNLBL_ACCEPT : AUDIT_MAC_UNLBL_DENY),	88	audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_ALLOW,
84	audit_secid);	89	audit_info);
		90	audit_log_format(audit_buf, " unlbl_accept=%u old=%u", value, old_val);
		91	audit_log_end(audit_buf);
85	}	92	}
86		93
87	/*	94	/*
@@ -101,12 +108,13 @@ static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
101	static int netlbl_unlabel_accept(struct sk_buff skb, struct genl_info info)	108	static int netlbl_unlabel_accept(struct sk_buff skb, struct genl_info info)
102	{	109	{
103	u8 value;	110	u8 value;
		111	struct netlbl_audit audit_info;
104		112
105	if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) {	113	if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) {
106	value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]);	114	value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]);
107	if (value == 1 \|\| value == 0) {	115	if (value == 1 \|\| value == 0) {
108	netlbl_unlabel_acceptflg_set(value,	116	netlbl_netlink_auditinfo(skb, &audit_info);
109	NETLINK_CB(skb).sid);	117	netlbl_unlabel_acceptflg_set(value, &audit_info);
110	return 0;	118	return 0;
111	}	119	}
112	}	120	}
@@ -250,19 +258,23 @@ int netlbl_unlabel_defconf(void)
250	{	258	{
251	int ret_val;	259	int ret_val;
252	struct netlbl_dom_map *entry;	260	struct netlbl_dom_map *entry;
253	u32 secid;	261	struct netlbl_audit audit_info;
254		262
255	security_task_getsecid(current, &secid);	263	/* Only the kernel is allowed to call this function and the only time
		264	* it is called is at bootup before the audit subsystem is reporting
		265	* messages so don't worry to much about these values. */
		266	security_task_getsecid(current, &audit_info.secid);
		267	audit_info.loginuid = 0;
256		268
257	entry = kzalloc(sizeof(*entry), GFP_KERNEL);	269	entry = kzalloc(sizeof(*entry), GFP_KERNEL);
258	if (entry == NULL)	270	if (entry == NULL)
259	return -ENOMEM;	271	return -ENOMEM;
260	entry->type = NETLBL_NLTYPE_UNLABELED;	272	entry->type = NETLBL_NLTYPE_UNLABELED;
261	ret_val = netlbl_domhsh_add_default(entry, secid);	273	ret_val = netlbl_domhsh_add_default(entry, &audit_info);
262	if (ret_val != 0)	274	if (ret_val != 0)
263	return ret_val;	275	return ret_val;
264		276
265	netlbl_unlabel_acceptflg_set(1, secid);	277	netlbl_unlabel_acceptflg_set(1, &audit_info);
266		278
267	return 0;	279	return 0;
268	}	280	}