1 files changed, 1 insertions, 62 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 8ee42b2a5f19..1a04247e3a17 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -458,7 +458,7 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 }
 /* This is the slow part of avc audit with big stack footprint */
-static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
+noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
                u32 requested, u32 audited, u32 denied,
                struct common_audit_data *a,
                unsigned flags)
@@ -497,67 +497,6 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
 }
 /**
- * avc_audit - Audit the granting or denial of permissions.
- * @ssid: source security identifier
- * @tsid: target security identifier
- * @tclass: target security class
- * @requested: requested permissions
- * @avd: access vector decisions
- * @result: result from avc_has_perm_noaudit
- * @a:  auxiliary audit data
- * @flags: VFS walk flags
- *
- * Audit the granting or denial of permissions in accordance
- * with the policy.  This function is typically called by
- * avc_has_perm() after a permission check, but can also be
- * called directly by callers who use avc_has_perm_noaudit()
- * in order to separate the permission check from the auditing.
- * For example, this separation is useful when the permission check must
- * be performed under a lock, to allow the lock to be released
- * before calling the auditing code.
- */
-inline int avc_audit(u32 ssid, u32 tsid,
-               u16 tclass, u32 requested,
-               struct av_decision *avd, int result, struct common_audit_data *a,
-               unsigned flags)
-{
-        u32 denied, audited;
-        denied = requested & ~avd->allowed;
-        if (unlikely(denied)) {
-                audited = denied & avd->auditdeny;
-                /*
-                 * a->selinux_audit_data->auditdeny is TRICKY!  Setting a bit in
-                 * this field means that ANY denials should NOT be audited if
-                 * the policy contains an explicit dontaudit rule for that
-                 * permission.  Take notice that this is unrelated to the
-                 * actual permissions that were denied.  As an example lets
-                 * assume:
-                 *
-                 * denied == READ
-                 * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
-                 * selinux_audit_data->auditdeny & ACCESS == 1
-                 *
-                 * We will NOT audit the denial even though the denied
-                 * permission was READ and the auditdeny checks were for
-                 * ACCESS
-                 */
-                if (a &&
-                    a->selinux_audit_data->auditdeny &&
-                    !(a->selinux_audit_data->auditdeny & avd->auditdeny))
-                        audited = 0;
-        } else if (result)
-                audited = denied = requested;
-        else
-                audited = requested & avd->auditallow;
-        if (likely(!audited))
-                return 0;
-        return slow_avc_audit(ssid, tsid, tclass,
-                requested, audited, denied,
-                a, flags);
-}
-/**
 * avc_add_callback - Register a callback for security events.
 * @callback: callback function
 * @events: security events

diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 8ee42b2a5f19..1a04247e3a17 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c
@@ -458,7 +458,7 @@ static void avc_audit_post_callback(struct audit_buffer ab, void a)
458	}	458	}
459		459
460	/* This is the slow part of avc audit with big stack footprint */	460	/* This is the slow part of avc audit with big stack footprint */
461	static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,	461	noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
462	u32 requested, u32 audited, u32 denied,	462	u32 requested, u32 audited, u32 denied,
463	struct common_audit_data *a,	463	struct common_audit_data *a,
464	unsigned flags)	464	unsigned flags)
@@ -497,67 +497,6 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
497	}	497	}
498		498
499	/**	499	/**
500	* avc_audit - Audit the granting or denial of permissions.
501	* @ssid: source security identifier
502	* @tsid: target security identifier
503	* @tclass: target security class
504	* @requested: requested permissions
505	* @avd: access vector decisions
506	* @result: result from avc_has_perm_noaudit
507	* @a: auxiliary audit data
508	* @flags: VFS walk flags
509	*
510	* Audit the granting or denial of permissions in accordance
511	* with the policy. This function is typically called by
512	* avc_has_perm() after a permission check, but can also be
513	* called directly by callers who use avc_has_perm_noaudit()
514	* in order to separate the permission check from the auditing.
515	* For example, this separation is useful when the permission check must
516	* be performed under a lock, to allow the lock to be released
517	* before calling the auditing code.
518	*/
519	inline int avc_audit(u32 ssid, u32 tsid,
520	u16 tclass, u32 requested,
521	struct av_decision avd, int result, struct common_audit_data a,
522	unsigned flags)
523	{
524	u32 denied, audited;
525	denied = requested & ~avd->allowed;
526	if (unlikely(denied)) {
527	audited = denied & avd->auditdeny;
528	/*
529	* a->selinux_audit_data->auditdeny is TRICKY! Setting a bit in
530	* this field means that ANY denials should NOT be audited if
531	* the policy contains an explicit dontaudit rule for that
532	* permission. Take notice that this is unrelated to the
533	* actual permissions that were denied. As an example lets
534	* assume:
535	*
536	* denied == READ
537	* avd.auditdeny & ACCESS == 0 (not set means explicit rule)
538	* selinux_audit_data->auditdeny & ACCESS == 1
539	*
540	* We will NOT audit the denial even though the denied
541	* permission was READ and the auditdeny checks were for
542	* ACCESS
543	*/
544	if (a &&
545	a->selinux_audit_data->auditdeny &&
546	!(a->selinux_audit_data->auditdeny & avd->auditdeny))
547	audited = 0;
548	} else if (result)
549	audited = denied = requested;
550	else
551	audited = requested & avd->auditallow;
552	if (likely(!audited))
553	return 0;
554
555	return slow_avc_audit(ssid, tsid, tclass,
556	requested, audited, denied,
557	a, flags);
558	}
559
560	/**
561	* avc_add_callback - Register a callback for security events.	500	* avc_add_callback - Register a callback for security events.
562	* @callback: callback function	501	* @callback: callback function
563	* @events: security events	502	* @events: security events