summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2013-04-19 15:00:33 -0400
committerEric Paris <eparis@redhat.com>2013-04-30 15:31:28 -0400
commitb122c3767c1d89763b4babca062c3171a71ed97c (patch)
tree6d11cbca5af63bd1ac4089895d8751f09af28823
parent152f497b9b5940f81de3205465840a5eb316458e (diff)
downloadlwn-b122c3767c1d89763b4babca062c3171a71ed97c.tar.gz
lwn-b122c3767c1d89763b4babca062c3171a71ed97c.zip
audit: use a consistent audit helper to log lsm information
We have a number of places we were reimplementing the same code to write out lsm labels. Just do it one darn place. Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--include/linux/audit.h8
-rw-r--r--kernel/audit.c34
-rw-r--r--kernel/auditfilter.c13
-rw-r--r--kernel/auditsc.c10
4 files changed, 15 insertions, 50 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index a3a50cca1efb..e2dd9c124140 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -188,7 +188,7 @@ static inline int audit_get_sessionid(struct task_struct *tsk)
return tsk->sessionid;
}
-extern void audit_log_task_context(struct audit_buffer *ab);
+extern int audit_log_task_context(struct audit_buffer *ab);
extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk);
extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
@@ -344,8 +344,10 @@ static inline int audit_get_sessionid(struct task_struct *tsk)
{
return -1;
}
-static inline void audit_log_task_context(struct audit_buffer *ab)
-{ }
+static int void audit_log_task_context(struct audit_buffer *ab)
+{
+ return 0;
+}
static inline void audit_log_task_info(struct audit_buffer *ab,
struct task_struct *tsk)
{ }
diff --git a/kernel/audit.c b/kernel/audit.c
index 79b42fd14c22..a3c77b979b5b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -271,29 +271,15 @@ static int audit_log_config_change(char *function_name, int new, int old,
int rc = 0;
u32 sessionid = audit_get_sessionid(current);
uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));
- u32 sid;
-
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
if (unlikely(!ab))
return rc;
audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
old, auid, sessionid);
-
- security_task_getsecid(current, &sid);
- if (sid) {
- char *ctx = NULL;
- u32 len;
-
- rc = security_secid_to_secctx(sid, &ctx, &len);
- if (rc) {
- audit_log_format(ab, " sid=%u", sid);
- allow_changes = 0; /* Something weird, deny request */
- } else {
- audit_log_format(ab, " subj=%s", ctx);
- security_release_secctx(ctx, len);
- }
- }
+ rc = audit_log_task_context(ab);
+ if (rc)
+ allow_changes = 0; /* Something weird, deny request */
audit_log_format(ab, " res=%d", allow_changes);
audit_log_end(ab);
return rc;
@@ -625,12 +611,9 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
{
int rc = 0;
- char *ctx = NULL;
- u32 len;
u32 sessionid = audit_get_sessionid(current);
uid_t uid = from_kuid(&init_user_ns, current_uid());
uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));
- u32 sid;
if (!audit_enabled) {
*ab = NULL;
@@ -642,16 +625,7 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
return rc;
audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
task_tgid_vnr(current), uid, auid, sessionid);
- security_task_getsecid(current, &sid);
- if (sid) {
- rc = security_secid_to_secctx(sid, &ctx, &len);
- if (rc)
- audit_log_format(*ab, " ssid=%u", sid);
- else {
- audit_log_format(*ab, " subj=%s", ctx);
- security_release_secctx(ctx, len);
- }
- }
+ audit_log_task_context(*ab);
return rc;
}
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index f952234da2ca..478f4602c96b 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -985,7 +985,6 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re
struct audit_buffer *ab;
uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(current));
u32 sessionid = audit_get_sessionid(current);
- u32 sid;
if (!audit_enabled)
return;
@@ -994,17 +993,7 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re
if (!ab)
return;
audit_log_format(ab, "auid=%u ses=%u" ,loginuid, sessionid);
- security_task_getsecid(current, &sid);
- if (sid) {
- char *ctx = NULL;
- u32 len;
- if (security_secid_to_secctx(sid, &ctx, &len))
- audit_log_format(ab, " ssid=%u", sid);
- else {
- audit_log_format(ab, " subj=%s", ctx);
- security_release_secctx(ctx, len);
- }
- }
+ audit_log_task_context(ab);
audit_log_format(ab, " op=");
audit_log_string(ab, action);
audit_log_key(ab, rule->filterkey);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4baf61d39836..17e9a260a545 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1109,7 +1109,7 @@ static inline void audit_free_context(struct audit_context *context)
kfree(context);
}
-void audit_log_task_context(struct audit_buffer *ab)
+int audit_log_task_context(struct audit_buffer *ab)
{
char *ctx = NULL;
unsigned len;
@@ -1118,22 +1118,22 @@ void audit_log_task_context(struct audit_buffer *ab)
security_task_getsecid(current, &sid);
if (!sid)
- return;
+ return 0;
error = security_secid_to_secctx(sid, &ctx, &len);
if (error) {
if (error != -EINVAL)
goto error_path;
- return;
+ return 0;
}
audit_log_format(ab, " subj=%s", ctx);
security_release_secctx(ctx, len);
- return;
+ return 0;
error_path:
audit_panic("error in audit_log_task_context");
- return;
+ return error;
}
EXPORT_SYMBOL(audit_log_task_context);