diff options
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 46 |
1 files changed, 14 insertions, 32 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index e63f242ae03e..a8ef5108e0d8 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -769,7 +769,7 @@ EXPORT_SYMBOL(xfrm_policy_byid); | |||
769 | 769 | ||
770 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 770 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
771 | static inline int | 771 | static inline int |
772 | xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info) | 772 | xfrm_policy_flush_secctx_check(struct net *net, u8 type, bool task_valid) |
773 | { | 773 | { |
774 | int dir, err = 0; | 774 | int dir, err = 0; |
775 | 775 | ||
@@ -783,10 +783,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi | |||
783 | continue; | 783 | continue; |
784 | err = security_xfrm_policy_delete(pol->security); | 784 | err = security_xfrm_policy_delete(pol->security); |
785 | if (err) { | 785 | if (err) { |
786 | xfrm_audit_policy_delete(pol, 0, | 786 | xfrm_audit_policy_delete(pol, 0, task_valid); |
787 | audit_info->loginuid, | ||
788 | audit_info->sessionid, | ||
789 | audit_info->secid); | ||
790 | return err; | 787 | return err; |
791 | } | 788 | } |
792 | } | 789 | } |
@@ -800,9 +797,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi | |||
800 | pol->security); | 797 | pol->security); |
801 | if (err) { | 798 | if (err) { |
802 | xfrm_audit_policy_delete(pol, 0, | 799 | xfrm_audit_policy_delete(pol, 0, |
803 | audit_info->loginuid, | 800 | task_valid); |
804 | audit_info->sessionid, | ||
805 | audit_info->secid); | ||
806 | return err; | 801 | return err; |
807 | } | 802 | } |
808 | } | 803 | } |
@@ -812,19 +807,19 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi | |||
812 | } | 807 | } |
813 | #else | 808 | #else |
814 | static inline int | 809 | static inline int |
815 | xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info) | 810 | xfrm_policy_flush_secctx_check(struct net *net, u8 type, bool task_valid) |
816 | { | 811 | { |
817 | return 0; | 812 | return 0; |
818 | } | 813 | } |
819 | #endif | 814 | #endif |
820 | 815 | ||
821 | int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | 816 | int xfrm_policy_flush(struct net *net, u8 type, bool task_valid) |
822 | { | 817 | { |
823 | int dir, err = 0, cnt = 0; | 818 | int dir, err = 0, cnt = 0; |
824 | 819 | ||
825 | write_lock_bh(&net->xfrm.xfrm_policy_lock); | 820 | write_lock_bh(&net->xfrm.xfrm_policy_lock); |
826 | 821 | ||
827 | err = xfrm_policy_flush_secctx_check(net, type, audit_info); | 822 | err = xfrm_policy_flush_secctx_check(net, type, task_valid); |
828 | if (err) | 823 | if (err) |
829 | goto out; | 824 | goto out; |
830 | 825 | ||
@@ -841,9 +836,7 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | |||
841 | write_unlock_bh(&net->xfrm.xfrm_policy_lock); | 836 | write_unlock_bh(&net->xfrm.xfrm_policy_lock); |
842 | cnt++; | 837 | cnt++; |
843 | 838 | ||
844 | xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, | 839 | xfrm_audit_policy_delete(pol, 1, task_valid); |
845 | audit_info->sessionid, | ||
846 | audit_info->secid); | ||
847 | 840 | ||
848 | xfrm_policy_kill(pol); | 841 | xfrm_policy_kill(pol); |
849 | 842 | ||
@@ -862,10 +855,7 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | |||
862 | write_unlock_bh(&net->xfrm.xfrm_policy_lock); | 855 | write_unlock_bh(&net->xfrm.xfrm_policy_lock); |
863 | cnt++; | 856 | cnt++; |
864 | 857 | ||
865 | xfrm_audit_policy_delete(pol, 1, | 858 | xfrm_audit_policy_delete(pol, 1, task_valid); |
866 | audit_info->loginuid, | ||
867 | audit_info->sessionid, | ||
868 | audit_info->secid); | ||
869 | xfrm_policy_kill(pol); | 859 | xfrm_policy_kill(pol); |
870 | 860 | ||
871 | write_lock_bh(&net->xfrm.xfrm_policy_lock); | 861 | write_lock_bh(&net->xfrm.xfrm_policy_lock); |
@@ -2860,21 +2850,14 @@ out_byidx: | |||
2860 | 2850 | ||
2861 | static void xfrm_policy_fini(struct net *net) | 2851 | static void xfrm_policy_fini(struct net *net) |
2862 | { | 2852 | { |
2863 | struct xfrm_audit audit_info; | ||
2864 | unsigned int sz; | 2853 | unsigned int sz; |
2865 | int dir; | 2854 | int dir; |
2866 | 2855 | ||
2867 | flush_work(&net->xfrm.policy_hash_work); | 2856 | flush_work(&net->xfrm.policy_hash_work); |
2868 | #ifdef CONFIG_XFRM_SUB_POLICY | 2857 | #ifdef CONFIG_XFRM_SUB_POLICY |
2869 | audit_info.loginuid = INVALID_UID; | 2858 | xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, false); |
2870 | audit_info.sessionid = (unsigned int)-1; | ||
2871 | audit_info.secid = 0; | ||
2872 | xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, &audit_info); | ||
2873 | #endif | 2859 | #endif |
2874 | audit_info.loginuid = INVALID_UID; | 2860 | xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, false); |
2875 | audit_info.sessionid = (unsigned int)-1; | ||
2876 | audit_info.secid = 0; | ||
2877 | xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info); | ||
2878 | 2861 | ||
2879 | WARN_ON(!list_empty(&net->xfrm.policy_all)); | 2862 | WARN_ON(!list_empty(&net->xfrm.policy_all)); |
2880 | 2863 | ||
@@ -2989,15 +2972,14 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp, | |||
2989 | } | 2972 | } |
2990 | } | 2973 | } |
2991 | 2974 | ||
2992 | void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, | 2975 | void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, bool task_valid) |
2993 | kuid_t auid, unsigned int sessionid, u32 secid) | ||
2994 | { | 2976 | { |
2995 | struct audit_buffer *audit_buf; | 2977 | struct audit_buffer *audit_buf; |
2996 | 2978 | ||
2997 | audit_buf = xfrm_audit_start("SPD-add"); | 2979 | audit_buf = xfrm_audit_start("SPD-add"); |
2998 | if (audit_buf == NULL) | 2980 | if (audit_buf == NULL) |
2999 | return; | 2981 | return; |
3000 | xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); | 2982 | xfrm_audit_helper_usrinfo(task_valid, audit_buf); |
3001 | audit_log_format(audit_buf, " res=%u", result); | 2983 | audit_log_format(audit_buf, " res=%u", result); |
3002 | xfrm_audit_common_policyinfo(xp, audit_buf); | 2984 | xfrm_audit_common_policyinfo(xp, audit_buf); |
3003 | audit_log_end(audit_buf); | 2985 | audit_log_end(audit_buf); |
@@ -3005,14 +2987,14 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, | |||
3005 | EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); | 2987 | EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); |
3006 | 2988 | ||
3007 | void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, | 2989 | void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, |
3008 | kuid_t auid, unsigned int sessionid, u32 secid) | 2990 | bool task_valid) |
3009 | { | 2991 | { |
3010 | struct audit_buffer *audit_buf; | 2992 | struct audit_buffer *audit_buf; |
3011 | 2993 | ||
3012 | audit_buf = xfrm_audit_start("SPD-delete"); | 2994 | audit_buf = xfrm_audit_start("SPD-delete"); |
3013 | if (audit_buf == NULL) | 2995 | if (audit_buf == NULL) |
3014 | return; | 2996 | return; |
3015 | xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); | 2997 | xfrm_audit_helper_usrinfo(task_valid, audit_buf); |
3016 | audit_log_format(audit_buf, " res=%u", result); | 2998 | audit_log_format(audit_buf, " res=%u", result); |
3017 | xfrm_audit_common_policyinfo(xp, audit_buf); | 2999 | xfrm_audit_common_policyinfo(xp, audit_buf); |
3018 | audit_log_end(audit_buf); | 3000 | audit_log_end(audit_buf); |