aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/avc.c31
-rw-r--r--security/selinux/hooks.c67
-rw-r--r--security/selinux/include/avc.h9
3 files changed, 16 insertions, 91 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index cd91e25667d1..c03a964ffde2 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -436,9 +436,9 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
436{ 436{
437 struct common_audit_data *ad = a; 437 struct common_audit_data *ad = a;
438 audit_log_format(ab, "avc: %s ", 438 audit_log_format(ab, "avc: %s ",
439 ad->selinux_audit_data->slad->denied ? "denied" : "granted"); 439 ad->selinux_audit_data->denied ? "denied" : "granted");
440 avc_dump_av(ab, ad->selinux_audit_data->slad->tclass, 440 avc_dump_av(ab, ad->selinux_audit_data->tclass,
441 ad->selinux_audit_data->slad->audited); 441 ad->selinux_audit_data->audited);
442 audit_log_format(ab, " for "); 442 audit_log_format(ab, " for ");
443} 443}
444 444
@@ -452,9 +452,9 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
452{ 452{
453 struct common_audit_data *ad = a; 453 struct common_audit_data *ad = a;
454 audit_log_format(ab, " "); 454 audit_log_format(ab, " ");
455 avc_dump_query(ab, ad->selinux_audit_data->slad->ssid, 455 avc_dump_query(ab, ad->selinux_audit_data->ssid,
456 ad->selinux_audit_data->slad->tsid, 456 ad->selinux_audit_data->tsid,
457 ad->selinux_audit_data->slad->tclass); 457 ad->selinux_audit_data->tclass);
458} 458}
459 459
460/* This is the slow part of avc audit with big stack footprint */ 460/* This is the slow part of avc audit with big stack footprint */
@@ -464,13 +464,11 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
464 unsigned flags) 464 unsigned flags)
465{ 465{
466 struct common_audit_data stack_data; 466 struct common_audit_data stack_data;
467 struct selinux_audit_data sad = {0,}; 467 struct selinux_audit_data sad;
468 struct selinux_late_audit_data slad;
469 468
470 if (!a) { 469 if (!a) {
471 a = &stack_data; 470 a = &stack_data;
472 a->type = LSM_AUDIT_DATA_NONE; 471 a->type = LSM_AUDIT_DATA_NONE;
473 a->selinux_audit_data = &sad;
474 } 472 }
475 473
476 /* 474 /*
@@ -484,14 +482,15 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
484 (flags & MAY_NOT_BLOCK)) 482 (flags & MAY_NOT_BLOCK))
485 return -ECHILD; 483 return -ECHILD;
486 484
487 slad.tclass = tclass; 485 sad.tclass = tclass;
488 slad.requested = requested; 486 sad.requested = requested;
489 slad.ssid = ssid; 487 sad.ssid = ssid;
490 slad.tsid = tsid; 488 sad.tsid = tsid;
491 slad.audited = audited; 489 sad.audited = audited;
492 slad.denied = denied; 490 sad.denied = denied;
491
492 a->selinux_audit_data = &sad;
493 493
494 a->selinux_audit_data->slad = &slad;
495 common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback); 494 common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
496 return 0; 495 return 0;
497} 496}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d9fa2489a551..2578de549ad7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1420,7 +1420,6 @@ static int cred_has_capability(const struct cred *cred,
1420 int cap, int audit) 1420 int cap, int audit)
1421{ 1421{
1422 struct common_audit_data ad; 1422 struct common_audit_data ad;
1423 struct selinux_audit_data sad = {0,};
1424 struct av_decision avd; 1423 struct av_decision avd;
1425 u16 sclass; 1424 u16 sclass;
1426 u32 sid = cred_sid(cred); 1425 u32 sid = cred_sid(cred);
@@ -1428,7 +1427,6 @@ static int cred_has_capability(const struct cred *cred,
1428 int rc; 1427 int rc;
1429 1428
1430 ad.type = LSM_AUDIT_DATA_CAP; 1429 ad.type = LSM_AUDIT_DATA_CAP;
1431 ad.selinux_audit_data = &sad;
1432 ad.u.cap = cap; 1430 ad.u.cap = cap;
1433 1431
1434 switch (CAP_TO_INDEX(cap)) { 1432 switch (CAP_TO_INDEX(cap)) {
@@ -1496,11 +1494,9 @@ static inline int dentry_has_perm(const struct cred *cred,
1496{ 1494{
1497 struct inode *inode = dentry->d_inode; 1495 struct inode *inode = dentry->d_inode;
1498 struct common_audit_data ad; 1496 struct common_audit_data ad;
1499 struct selinux_audit_data sad = {0,};
1500 1497
1501 ad.type = LSM_AUDIT_DATA_DENTRY; 1498 ad.type = LSM_AUDIT_DATA_DENTRY;
1502 ad.u.dentry = dentry; 1499 ad.u.dentry = dentry;
1503 ad.selinux_audit_data = &sad;
1504 return inode_has_perm(cred, inode, av, &ad, 0); 1500 return inode_has_perm(cred, inode, av, &ad, 0);
1505} 1501}
1506 1502
@@ -1513,11 +1509,9 @@ static inline int path_has_perm(const struct cred *cred,
1513{ 1509{
1514 struct inode *inode = path->dentry->d_inode; 1510 struct inode *inode = path->dentry->d_inode;
1515 struct common_audit_data ad; 1511 struct common_audit_data ad;
1516 struct selinux_audit_data sad = {0,};
1517 1512
1518 ad.type = LSM_AUDIT_DATA_PATH; 1513 ad.type = LSM_AUDIT_DATA_PATH;
1519 ad.u.path = *path; 1514 ad.u.path = *path;
1520 ad.selinux_audit_data = &sad;
1521 return inode_has_perm(cred, inode, av, &ad, 0); 1515 return inode_has_perm(cred, inode, av, &ad, 0);
1522} 1516}
1523 1517
@@ -1536,13 +1530,11 @@ static int file_has_perm(const struct cred *cred,
1536 struct file_security_struct *fsec = file->f_security; 1530 struct file_security_struct *fsec = file->f_security;
1537 struct inode *inode = file->f_path.dentry->d_inode; 1531 struct inode *inode = file->f_path.dentry->d_inode;
1538 struct common_audit_data ad; 1532 struct common_audit_data ad;
1539 struct selinux_audit_data sad = {0,};
1540 u32 sid = cred_sid(cred); 1533 u32 sid = cred_sid(cred);
1541 int rc; 1534 int rc;
1542 1535
1543 ad.type = LSM_AUDIT_DATA_PATH; 1536 ad.type = LSM_AUDIT_DATA_PATH;
1544 ad.u.path = file->f_path; 1537 ad.u.path = file->f_path;
1545 ad.selinux_audit_data = &sad;
1546 1538
1547 if (sid != fsec->sid) { 1539 if (sid != fsec->sid) {
1548 rc = avc_has_perm(sid, fsec->sid, 1540 rc = avc_has_perm(sid, fsec->sid,
@@ -1572,7 +1564,6 @@ static int may_create(struct inode *dir,
1572 struct superblock_security_struct *sbsec; 1564 struct superblock_security_struct *sbsec;
1573 u32 sid, newsid; 1565 u32 sid, newsid;
1574 struct common_audit_data ad; 1566 struct common_audit_data ad;
1575 struct selinux_audit_data sad = {0,};
1576 int rc; 1567 int rc;
1577 1568
1578 dsec = dir->i_security; 1569 dsec = dir->i_security;
@@ -1583,7 +1574,6 @@ static int may_create(struct inode *dir,
1583 1574
1584 ad.type = LSM_AUDIT_DATA_DENTRY; 1575 ad.type = LSM_AUDIT_DATA_DENTRY;
1585 ad.u.dentry = dentry; 1576 ad.u.dentry = dentry;
1586 ad.selinux_audit_data = &sad;
1587 1577
1588 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, 1578 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1589 DIR__ADD_NAME | DIR__SEARCH, 1579 DIR__ADD_NAME | DIR__SEARCH,
@@ -1628,7 +1618,6 @@ static int may_link(struct inode *dir,
1628{ 1618{
1629 struct inode_security_struct *dsec, *isec; 1619 struct inode_security_struct *dsec, *isec;
1630 struct common_audit_data ad; 1620 struct common_audit_data ad;
1631 struct selinux_audit_data sad = {0,};
1632 u32 sid = current_sid(); 1621 u32 sid = current_sid();
1633 u32 av; 1622 u32 av;
1634 int rc; 1623 int rc;
@@ -1638,7 +1627,6 @@ static int may_link(struct inode *dir,
1638 1627
1639 ad.type = LSM_AUDIT_DATA_DENTRY; 1628 ad.type = LSM_AUDIT_DATA_DENTRY;
1640 ad.u.dentry = dentry; 1629 ad.u.dentry = dentry;
1641 ad.selinux_audit_data = &sad;
1642 1630
1643 av = DIR__SEARCH; 1631 av = DIR__SEARCH;
1644 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); 1632 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
@@ -1673,7 +1661,6 @@ static inline int may_rename(struct inode *old_dir,
1673{ 1661{
1674 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; 1662 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1675 struct common_audit_data ad; 1663 struct common_audit_data ad;
1676 struct selinux_audit_data sad = {0,};
1677 u32 sid = current_sid(); 1664 u32 sid = current_sid();
1678 u32 av; 1665 u32 av;
1679 int old_is_dir, new_is_dir; 1666 int old_is_dir, new_is_dir;
@@ -1685,7 +1672,6 @@ static inline int may_rename(struct inode *old_dir,
1685 new_dsec = new_dir->i_security; 1672 new_dsec = new_dir->i_security;
1686 1673
1687 ad.type = LSM_AUDIT_DATA_DENTRY; 1674 ad.type = LSM_AUDIT_DATA_DENTRY;
1688 ad.selinux_audit_data = &sad;
1689 1675
1690 ad.u.dentry = old_dentry; 1676 ad.u.dentry = old_dentry;
1691 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, 1677 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
@@ -1971,7 +1957,6 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1971 struct task_security_struct *new_tsec; 1957 struct task_security_struct *new_tsec;
1972 struct inode_security_struct *isec; 1958 struct inode_security_struct *isec;
1973 struct common_audit_data ad; 1959 struct common_audit_data ad;
1974 struct selinux_audit_data sad = {0,};
1975 struct inode *inode = bprm->file->f_path.dentry->d_inode; 1960 struct inode *inode = bprm->file->f_path.dentry->d_inode;
1976 int rc; 1961 int rc;
1977 1962
@@ -2011,7 +1996,6 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2011 } 1996 }
2012 1997
2013 ad.type = LSM_AUDIT_DATA_PATH; 1998 ad.type = LSM_AUDIT_DATA_PATH;
2014 ad.selinux_audit_data = &sad;
2015 ad.u.path = bprm->file->f_path; 1999 ad.u.path = bprm->file->f_path;
2016 2000
2017 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) 2001 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
@@ -2101,7 +2085,6 @@ static inline void flush_unauthorized_files(const struct cred *cred,
2101 struct files_struct *files) 2085 struct files_struct *files)
2102{ 2086{
2103 struct common_audit_data ad; 2087 struct common_audit_data ad;
2104 struct selinux_audit_data sad = {0,};
2105 struct file *file, *devnull = NULL; 2088 struct file *file, *devnull = NULL;
2106 struct tty_struct *tty; 2089 struct tty_struct *tty;
2107 struct fdtable *fdt; 2090 struct fdtable *fdt;
@@ -2135,7 +2118,6 @@ static inline void flush_unauthorized_files(const struct cred *cred,
2135 /* Revalidate access to inherited open files. */ 2118 /* Revalidate access to inherited open files. */
2136 2119
2137 ad.type = LSM_AUDIT_DATA_INODE; 2120 ad.type = LSM_AUDIT_DATA_INODE;
2138 ad.selinux_audit_data = &sad;
2139 2121
2140 spin_lock(&files->file_lock); 2122 spin_lock(&files->file_lock);
2141 for (;;) { 2123 for (;;) {
@@ -2473,7 +2455,6 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2473{ 2455{
2474 const struct cred *cred = current_cred(); 2456 const struct cred *cred = current_cred();
2475 struct common_audit_data ad; 2457 struct common_audit_data ad;
2476 struct selinux_audit_data sad = {0,};
2477 int rc; 2458 int rc;
2478 2459
2479 rc = superblock_doinit(sb, data); 2460 rc = superblock_doinit(sb, data);
@@ -2485,7 +2466,6 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2485 return 0; 2466 return 0;
2486 2467
2487 ad.type = LSM_AUDIT_DATA_DENTRY; 2468 ad.type = LSM_AUDIT_DATA_DENTRY;
2488 ad.selinux_audit_data = &sad;
2489 ad.u.dentry = sb->s_root; 2469 ad.u.dentry = sb->s_root;
2490 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); 2470 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2491} 2471}
@@ -2494,10 +2474,8 @@ static int selinux_sb_statfs(struct dentry *dentry)
2494{ 2474{
2495 const struct cred *cred = current_cred(); 2475 const struct cred *cred = current_cred();
2496 struct common_audit_data ad; 2476 struct common_audit_data ad;
2497 struct selinux_audit_data sad = {0,};
2498 2477
2499 ad.type = LSM_AUDIT_DATA_DENTRY; 2478 ad.type = LSM_AUDIT_DATA_DENTRY;
2500 ad.selinux_audit_data = &sad;
2501 ad.u.dentry = dentry->d_sb->s_root; 2479 ad.u.dentry = dentry->d_sb->s_root;
2502 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); 2480 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2503} 2481}
@@ -2662,12 +2640,10 @@ static noinline int audit_inode_permission(struct inode *inode,
2662 unsigned flags) 2640 unsigned flags)
2663{ 2641{
2664 struct common_audit_data ad; 2642 struct common_audit_data ad;
2665 struct selinux_audit_data sad = {0,};
2666 struct inode_security_struct *isec = inode->i_security; 2643 struct inode_security_struct *isec = inode->i_security;
2667 int rc; 2644 int rc;
2668 2645
2669 ad.type = LSM_AUDIT_DATA_INODE; 2646 ad.type = LSM_AUDIT_DATA_INODE;
2670 ad.selinux_audit_data = &sad;
2671 ad.u.inode = inode; 2647 ad.u.inode = inode;
2672 2648
2673 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, 2649 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
@@ -2782,7 +2758,6 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2782 struct inode_security_struct *isec = inode->i_security; 2758 struct inode_security_struct *isec = inode->i_security;
2783 struct superblock_security_struct *sbsec; 2759 struct superblock_security_struct *sbsec;
2784 struct common_audit_data ad; 2760 struct common_audit_data ad;
2785 struct selinux_audit_data sad = {0,};
2786 u32 newsid, sid = current_sid(); 2761 u32 newsid, sid = current_sid();
2787 int rc = 0; 2762 int rc = 0;
2788 2763
@@ -2797,7 +2772,6 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2797 return -EPERM; 2772 return -EPERM;
2798 2773
2799 ad.type = LSM_AUDIT_DATA_DENTRY; 2774 ad.type = LSM_AUDIT_DATA_DENTRY;
2800 ad.selinux_audit_data = &sad;
2801 ad.u.dentry = dentry; 2775 ad.u.dentry = dentry;
2802 2776
2803 rc = avc_has_perm(sid, isec->sid, isec->sclass, 2777 rc = avc_has_perm(sid, isec->sid, isec->sclass,
@@ -3407,12 +3381,10 @@ static int selinux_kernel_module_request(char *kmod_name)
3407{ 3381{
3408 u32 sid; 3382 u32 sid;
3409 struct common_audit_data ad; 3383 struct common_audit_data ad;
3410 struct selinux_audit_data sad = {0,};
3411 3384
3412 sid = task_sid(current); 3385 sid = task_sid(current);
3413 3386
3414 ad.type = LSM_AUDIT_DATA_KMOD; 3387 ad.type = LSM_AUDIT_DATA_KMOD;
3415 ad.selinux_audit_data = &sad;
3416 ad.u.kmod_name = kmod_name; 3388 ad.u.kmod_name = kmod_name;
3417 3389
3418 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM, 3390 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
@@ -3785,7 +3757,6 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3785{ 3757{
3786 struct sk_security_struct *sksec = sk->sk_security; 3758 struct sk_security_struct *sksec = sk->sk_security;
3787 struct common_audit_data ad; 3759 struct common_audit_data ad;
3788 struct selinux_audit_data sad = {0,};
3789 struct lsm_network_audit net = {0,}; 3760 struct lsm_network_audit net = {0,};
3790 u32 tsid = task_sid(task); 3761 u32 tsid = task_sid(task);
3791 3762
@@ -3793,7 +3764,6 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3793 return 0; 3764 return 0;
3794 3765
3795 ad.type = LSM_AUDIT_DATA_NET; 3766 ad.type = LSM_AUDIT_DATA_NET;
3796 ad.selinux_audit_data = &sad;
3797 ad.u.net = &net; 3767 ad.u.net = &net;
3798 ad.u.net->sk = sk; 3768 ad.u.net->sk = sk;
3799 3769
@@ -3873,7 +3843,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3873 char *addrp; 3843 char *addrp;
3874 struct sk_security_struct *sksec = sk->sk_security; 3844 struct sk_security_struct *sksec = sk->sk_security;
3875 struct common_audit_data ad; 3845 struct common_audit_data ad;
3876 struct selinux_audit_data sad = {0,};
3877 struct lsm_network_audit net = {0,}; 3846 struct lsm_network_audit net = {0,};
3878 struct sockaddr_in *addr4 = NULL; 3847 struct sockaddr_in *addr4 = NULL;
3879 struct sockaddr_in6 *addr6 = NULL; 3848 struct sockaddr_in6 *addr6 = NULL;
@@ -3901,7 +3870,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3901 if (err) 3870 if (err)
3902 goto out; 3871 goto out;
3903 ad.type = LSM_AUDIT_DATA_NET; 3872 ad.type = LSM_AUDIT_DATA_NET;
3904 ad.selinux_audit_data = &sad;
3905 ad.u.net = &net; 3873 ad.u.net = &net;
3906 ad.u.net->sport = htons(snum); 3874 ad.u.net->sport = htons(snum);
3907 ad.u.net->family = family; 3875 ad.u.net->family = family;
@@ -3936,7 +3904,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3936 goto out; 3904 goto out;
3937 3905
3938 ad.type = LSM_AUDIT_DATA_NET; 3906 ad.type = LSM_AUDIT_DATA_NET;
3939 ad.selinux_audit_data = &sad;
3940 ad.u.net = &net; 3907 ad.u.net = &net;
3941 ad.u.net->sport = htons(snum); 3908 ad.u.net->sport = htons(snum);
3942 ad.u.net->family = family; 3909 ad.u.net->family = family;
@@ -3971,7 +3938,6 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3971 if (sksec->sclass == SECCLASS_TCP_SOCKET || 3938 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
3972 sksec->sclass == SECCLASS_DCCP_SOCKET) { 3939 sksec->sclass == SECCLASS_DCCP_SOCKET) {
3973 struct common_audit_data ad; 3940 struct common_audit_data ad;
3974 struct selinux_audit_data sad = {0,};
3975 struct lsm_network_audit net = {0,}; 3941 struct lsm_network_audit net = {0,};
3976 struct sockaddr_in *addr4 = NULL; 3942 struct sockaddr_in *addr4 = NULL;
3977 struct sockaddr_in6 *addr6 = NULL; 3943 struct sockaddr_in6 *addr6 = NULL;
@@ -3998,7 +3964,6 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3998 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; 3964 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3999 3965
4000 ad.type = LSM_AUDIT_DATA_NET; 3966 ad.type = LSM_AUDIT_DATA_NET;
4001 ad.selinux_audit_data = &sad;
4002 ad.u.net = &net; 3967 ad.u.net = &net;
4003 ad.u.net->dport = htons(snum); 3968 ad.u.net->dport = htons(snum);
4004 ad.u.net->family = sk->sk_family; 3969 ad.u.net->family = sk->sk_family;
@@ -4090,12 +4055,10 @@ static int selinux_socket_unix_stream_connect(struct sock *sock,
4090 struct sk_security_struct *sksec_other = other->sk_security; 4055 struct sk_security_struct *sksec_other = other->sk_security;
4091 struct sk_security_struct *sksec_new = newsk->sk_security; 4056 struct sk_security_struct *sksec_new = newsk->sk_security;
4092 struct common_audit_data ad; 4057 struct common_audit_data ad;
4093 struct selinux_audit_data sad = {0,};
4094 struct lsm_network_audit net = {0,}; 4058 struct lsm_network_audit net = {0,};
4095 int err; 4059 int err;
4096 4060
4097 ad.type = LSM_AUDIT_DATA_NET; 4061 ad.type = LSM_AUDIT_DATA_NET;
4098 ad.selinux_audit_data = &sad;
4099 ad.u.net = &net; 4062 ad.u.net = &net;
4100 ad.u.net->sk = other; 4063 ad.u.net->sk = other;
4101 4064
@@ -4124,11 +4087,9 @@ static int selinux_socket_unix_may_send(struct socket *sock,
4124 struct sk_security_struct *ssec = sock->sk->sk_security; 4087 struct sk_security_struct *ssec = sock->sk->sk_security;
4125 struct sk_security_struct *osec = other->sk->sk_security; 4088 struct sk_security_struct *osec = other->sk->sk_security;
4126 struct common_audit_data ad; 4089 struct common_audit_data ad;
4127 struct selinux_audit_data sad = {0,};
4128 struct lsm_network_audit net = {0,}; 4090 struct lsm_network_audit net = {0,};
4129 4091
4130 ad.type = LSM_AUDIT_DATA_NET; 4092 ad.type = LSM_AUDIT_DATA_NET;
4131 ad.selinux_audit_data = &sad;
4132 ad.u.net = &net; 4093 ad.u.net = &net;
4133 ad.u.net->sk = other->sk; 4094 ad.u.net->sk = other->sk;
4134 4095
@@ -4166,12 +4127,10 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4166 struct sk_security_struct *sksec = sk->sk_security; 4127 struct sk_security_struct *sksec = sk->sk_security;
4167 u32 sk_sid = sksec->sid; 4128 u32 sk_sid = sksec->sid;
4168 struct common_audit_data ad; 4129 struct common_audit_data ad;
4169 struct selinux_audit_data sad = {0,};
4170 struct lsm_network_audit net = {0,}; 4130 struct lsm_network_audit net = {0,};
4171 char *addrp; 4131 char *addrp;
4172 4132
4173 ad.type = LSM_AUDIT_DATA_NET; 4133 ad.type = LSM_AUDIT_DATA_NET;
4174 ad.selinux_audit_data = &sad;
4175 ad.u.net = &net; 4134 ad.u.net = &net;
4176 ad.u.net->netif = skb->skb_iif; 4135 ad.u.net->netif = skb->skb_iif;
4177 ad.u.net->family = family; 4136 ad.u.net->family = family;
@@ -4201,7 +4160,6 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4201 u16 family = sk->sk_family; 4160 u16 family = sk->sk_family;
4202 u32 sk_sid = sksec->sid; 4161 u32 sk_sid = sksec->sid;
4203 struct common_audit_data ad; 4162 struct common_audit_data ad;
4204 struct selinux_audit_data sad = {0,};
4205 struct lsm_network_audit net = {0,}; 4163 struct lsm_network_audit net = {0,};
4206 char *addrp; 4164 char *addrp;
4207 u8 secmark_active; 4165 u8 secmark_active;
@@ -4227,7 +4185,6 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4227 return 0; 4185 return 0;
4228 4186
4229 ad.type = LSM_AUDIT_DATA_NET; 4187 ad.type = LSM_AUDIT_DATA_NET;
4230 ad.selinux_audit_data = &sad;
4231 ad.u.net = &net; 4188 ad.u.net = &net;
4232 ad.u.net->netif = skb->skb_iif; 4189 ad.u.net->netif = skb->skb_iif;
4233 ad.u.net->family = family; 4190 ad.u.net->family = family;
@@ -4565,7 +4522,6 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4565 char *addrp; 4522 char *addrp;
4566 u32 peer_sid; 4523 u32 peer_sid;
4567 struct common_audit_data ad; 4524 struct common_audit_data ad;
4568 struct selinux_audit_data sad = {0,};
4569 struct lsm_network_audit net = {0,}; 4525 struct lsm_network_audit net = {0,};
4570 u8 secmark_active; 4526 u8 secmark_active;
4571 u8 netlbl_active; 4527 u8 netlbl_active;
@@ -4584,7 +4540,6 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4584 return NF_DROP; 4540 return NF_DROP;
4585 4541
4586 ad.type = LSM_AUDIT_DATA_NET; 4542 ad.type = LSM_AUDIT_DATA_NET;
4587 ad.selinux_audit_data = &sad;
4588 ad.u.net = &net; 4543 ad.u.net = &net;
4589 ad.u.net->netif = ifindex; 4544 ad.u.net->netif = ifindex;
4590 ad.u.net->family = family; 4545 ad.u.net->family = family;
@@ -4674,7 +4629,6 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4674 struct sock *sk = skb->sk; 4629 struct sock *sk = skb->sk;
4675 struct sk_security_struct *sksec; 4630 struct sk_security_struct *sksec;
4676 struct common_audit_data ad; 4631 struct common_audit_data ad;
4677 struct selinux_audit_data sad = {0,};
4678 struct lsm_network_audit net = {0,}; 4632 struct lsm_network_audit net = {0,};
4679 char *addrp; 4633 char *addrp;
4680 u8 proto; 4634 u8 proto;
@@ -4684,7 +4638,6 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4684 sksec = sk->sk_security; 4638 sksec = sk->sk_security;
4685 4639
4686 ad.type = LSM_AUDIT_DATA_NET; 4640 ad.type = LSM_AUDIT_DATA_NET;
4687 ad.selinux_audit_data = &sad;
4688 ad.u.net = &net; 4641 ad.u.net = &net;
4689 ad.u.net->netif = ifindex; 4642 ad.u.net->netif = ifindex;
4690 ad.u.net->family = family; 4643 ad.u.net->family = family;
@@ -4709,7 +4662,6 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4709 u32 peer_sid; 4662 u32 peer_sid;
4710 struct sock *sk; 4663 struct sock *sk;
4711 struct common_audit_data ad; 4664 struct common_audit_data ad;
4712 struct selinux_audit_data sad = {0,};
4713 struct lsm_network_audit net = {0,}; 4665 struct lsm_network_audit net = {0,};
4714 char *addrp; 4666 char *addrp;
4715 u8 secmark_active; 4667 u8 secmark_active;
@@ -4757,7 +4709,6 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4757 } 4709 }
4758 4710
4759 ad.type = LSM_AUDIT_DATA_NET; 4711 ad.type = LSM_AUDIT_DATA_NET;
4760 ad.selinux_audit_data = &sad;
4761 ad.u.net = &net; 4712 ad.u.net = &net;
4762 ad.u.net->netif = ifindex; 4713 ad.u.net->netif = ifindex;
4763 ad.u.net->family = family; 4714 ad.u.net->family = family;
@@ -4875,13 +4826,11 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4875{ 4826{
4876 struct ipc_security_struct *isec; 4827 struct ipc_security_struct *isec;
4877 struct common_audit_data ad; 4828 struct common_audit_data ad;
4878 struct selinux_audit_data sad = {0,};
4879 u32 sid = current_sid(); 4829 u32 sid = current_sid();
4880 4830
4881 isec = ipc_perms->security; 4831 isec = ipc_perms->security;
4882 4832
4883 ad.type = LSM_AUDIT_DATA_IPC; 4833 ad.type = LSM_AUDIT_DATA_IPC;
4884 ad.selinux_audit_data = &sad;
4885 ad.u.ipc_id = ipc_perms->key; 4834 ad.u.ipc_id = ipc_perms->key;
4886 4835
4887 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); 4836 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
@@ -4902,7 +4851,6 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4902{ 4851{
4903 struct ipc_security_struct *isec; 4852 struct ipc_security_struct *isec;
4904 struct common_audit_data ad; 4853 struct common_audit_data ad;
4905 struct selinux_audit_data sad = {0,};
4906 u32 sid = current_sid(); 4854 u32 sid = current_sid();
4907 int rc; 4855 int rc;
4908 4856
@@ -4913,7 +4861,6 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4913 isec = msq->q_perm.security; 4861 isec = msq->q_perm.security;
4914 4862
4915 ad.type = LSM_AUDIT_DATA_IPC; 4863 ad.type = LSM_AUDIT_DATA_IPC;
4916 ad.selinux_audit_data = &sad;
4917 ad.u.ipc_id = msq->q_perm.key; 4864 ad.u.ipc_id = msq->q_perm.key;
4918 4865
4919 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4866 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
@@ -4934,13 +4881,11 @@ static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4934{ 4881{
4935 struct ipc_security_struct *isec; 4882 struct ipc_security_struct *isec;
4936 struct common_audit_data ad; 4883 struct common_audit_data ad;
4937 struct selinux_audit_data sad = {0,};
4938 u32 sid = current_sid(); 4884 u32 sid = current_sid();
4939 4885
4940 isec = msq->q_perm.security; 4886 isec = msq->q_perm.security;
4941 4887
4942 ad.type = LSM_AUDIT_DATA_IPC; 4888 ad.type = LSM_AUDIT_DATA_IPC;
4943 ad.selinux_audit_data = &sad;
4944 ad.u.ipc_id = msq->q_perm.key; 4889 ad.u.ipc_id = msq->q_perm.key;
4945 4890
4946 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4891 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
@@ -4980,7 +4925,6 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4980 struct ipc_security_struct *isec; 4925 struct ipc_security_struct *isec;
4981 struct msg_security_struct *msec; 4926 struct msg_security_struct *msec;
4982 struct common_audit_data ad; 4927 struct common_audit_data ad;
4983 struct selinux_audit_data sad = {0,};
4984 u32 sid = current_sid(); 4928 u32 sid = current_sid();
4985 int rc; 4929 int rc;
4986 4930
@@ -5002,7 +4946,6 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
5002 } 4946 }
5003 4947
5004 ad.type = LSM_AUDIT_DATA_IPC; 4948 ad.type = LSM_AUDIT_DATA_IPC;
5005 ad.selinux_audit_data = &sad;
5006 ad.u.ipc_id = msq->q_perm.key; 4949 ad.u.ipc_id = msq->q_perm.key;
5007 4950
5008 /* Can this process write to the queue? */ 4951 /* Can this process write to the queue? */
@@ -5027,7 +4970,6 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5027 struct ipc_security_struct *isec; 4970 struct ipc_security_struct *isec;
5028 struct msg_security_struct *msec; 4971 struct msg_security_struct *msec;
5029 struct common_audit_data ad; 4972 struct common_audit_data ad;
5030 struct selinux_audit_data sad = {0,};
5031 u32 sid = task_sid(target); 4973 u32 sid = task_sid(target);
5032 int rc; 4974 int rc;
5033 4975
@@ -5035,7 +4977,6 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5035 msec = msg->security; 4977 msec = msg->security;
5036 4978
5037 ad.type = LSM_AUDIT_DATA_IPC; 4979 ad.type = LSM_AUDIT_DATA_IPC;
5038 ad.selinux_audit_data = &sad;
5039 ad.u.ipc_id = msq->q_perm.key; 4980 ad.u.ipc_id = msq->q_perm.key;
5040 4981
5041 rc = avc_has_perm(sid, isec->sid, 4982 rc = avc_has_perm(sid, isec->sid,
@@ -5051,7 +4992,6 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5051{ 4992{
5052 struct ipc_security_struct *isec; 4993 struct ipc_security_struct *isec;
5053 struct common_audit_data ad; 4994 struct common_audit_data ad;
5054 struct selinux_audit_data sad = {0,};
5055 u32 sid = current_sid(); 4995 u32 sid = current_sid();
5056 int rc; 4996 int rc;
5057 4997
@@ -5062,7 +5002,6 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5062 isec = shp->shm_perm.security; 5002 isec = shp->shm_perm.security;
5063 5003
5064 ad.type = LSM_AUDIT_DATA_IPC; 5004 ad.type = LSM_AUDIT_DATA_IPC;
5065 ad.selinux_audit_data = &sad;
5066 ad.u.ipc_id = shp->shm_perm.key; 5005 ad.u.ipc_id = shp->shm_perm.key;
5067 5006
5068 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, 5007 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
@@ -5083,13 +5022,11 @@ static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5083{ 5022{
5084 struct ipc_security_struct *isec; 5023 struct ipc_security_struct *isec;
5085 struct common_audit_data ad; 5024 struct common_audit_data ad;
5086 struct selinux_audit_data sad = {0,};
5087 u32 sid = current_sid(); 5025 u32 sid = current_sid();
5088 5026
5089 isec = shp->shm_perm.security; 5027 isec = shp->shm_perm.security;
5090 5028
5091 ad.type = LSM_AUDIT_DATA_IPC; 5029 ad.type = LSM_AUDIT_DATA_IPC;
5092 ad.selinux_audit_data = &sad;
5093 ad.u.ipc_id = shp->shm_perm.key; 5030 ad.u.ipc_id = shp->shm_perm.key;
5094 5031
5095 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, 5032 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
@@ -5147,7 +5084,6 @@ static int selinux_sem_alloc_security(struct sem_array *sma)
5147{ 5084{
5148 struct ipc_security_struct *isec; 5085 struct ipc_security_struct *isec;
5149 struct common_audit_data ad; 5086 struct common_audit_data ad;
5150 struct selinux_audit_data sad = {0,};
5151 u32 sid = current_sid(); 5087 u32 sid = current_sid();
5152 int rc; 5088 int rc;
5153 5089
@@ -5158,7 +5094,6 @@ static int selinux_sem_alloc_security(struct sem_array *sma)
5158 isec = sma->sem_perm.security; 5094 isec = sma->sem_perm.security;
5159 5095
5160 ad.type = LSM_AUDIT_DATA_IPC; 5096 ad.type = LSM_AUDIT_DATA_IPC;
5161 ad.selinux_audit_data = &sad;
5162 ad.u.ipc_id = sma->sem_perm.key; 5097 ad.u.ipc_id = sma->sem_perm.key;
5163 5098
5164 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, 5099 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
@@ -5179,13 +5114,11 @@ static int selinux_sem_associate(struct sem_array *sma, int semflg)
5179{ 5114{
5180 struct ipc_security_struct *isec; 5115 struct ipc_security_struct *isec;
5181 struct common_audit_data ad; 5116 struct common_audit_data ad;
5182 struct selinux_audit_data sad = {0,};
5183 u32 sid = current_sid(); 5117 u32 sid = current_sid();
5184 5118
5185 isec = sma->sem_perm.security; 5119 isec = sma->sem_perm.security;
5186 5120
5187 ad.type = LSM_AUDIT_DATA_IPC; 5121 ad.type = LSM_AUDIT_DATA_IPC;
5188 ad.selinux_audit_data = &sad;
5189 ad.u.ipc_id = sma->sem_perm.key; 5122 ad.u.ipc_id = sma->sem_perm.key;
5190 5123
5191 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, 5124 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index faa277729cb4..d97fadc4d963 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -49,7 +49,7 @@ struct avc_cache_stats {
49/* 49/*
50 * We only need this data after we have decided to send an audit message. 50 * We only need this data after we have decided to send an audit message.
51 */ 51 */
52struct selinux_late_audit_data { 52struct selinux_audit_data {
53 u32 ssid; 53 u32 ssid;
54 u32 tsid; 54 u32 tsid;
55 u16 tclass; 55 u16 tclass;
@@ -60,13 +60,6 @@ struct selinux_late_audit_data {
60}; 60};
61 61
62/* 62/*
63 * We collect this at the beginning or during an selinux security operation
64 */
65struct selinux_audit_data {
66 struct selinux_late_audit_data *slad;
67};
68
69/*
70 * AVC operations 63 * AVC operations
71 */ 64 */
72 65
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-17 00:47:41 -0500