diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2024-10-09 10:32:17 -0700 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2024-10-11 14:34:15 -0400 |
| commit | e0a8dcbd53b646d8535acd9fec95540275231b13 (patch) | |
| tree | 69303d7c19f5a593b6b56d61671278615f3f56b4 | |
| parent | 07f9d2c1132c9b838538b606dfcdab2506cd2ae4 (diff) | |
| download | lwn-e0a8dcbd53b646d8535acd9fec95540275231b13.tar.gz lwn-e0a8dcbd53b646d8535acd9fec95540275231b13.zip | |
audit: use an lsm_prop in audit_names
Replace the osid field in the audit_names structure with a
lsm_prop structure. This accommodates the use of an lsm_prop in
security_audit_rule_match() and security_inode_getsecid().
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subj line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
| -rw-r--r-- | kernel/audit.h | 2 | ||||
| -rw-r--r-- | kernel/auditsc.c | 20 |
2 files changed, 6 insertions, 16 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index d14924a887c9..8e6f886a83a4 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -82,7 +82,7 @@ struct audit_names { kuid_t uid; kgid_t gid; dev_t rdev; - u32 osid; + struct lsm_prop oprop; struct audit_cap_data fcap; unsigned int fcap_ver; unsigned char type; /* record type */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 372302f0528b..53fbd2e5d934 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -698,19 +698,15 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_rule) { /* Find files that match */ if (name) { - /* scaffolding */ - prop.scaffold.secid = name->osid; result = security_audit_rule_match( - &prop, + &name->oprop, f->type, f->op, f->lsm_rule); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { - /* scaffolding */ - prop.scaffold.secid = n->osid; if (security_audit_rule_match( - &prop, + &n->oprop, f->type, f->op, f->lsm_rule)) { @@ -1562,13 +1558,11 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (n->osid != 0) { + if (lsmprop_is_set(&n->oprop)) { char *ctx = NULL; u32 len; - if (security_secid_to_secctx( - n->osid, &ctx, &len)) { - audit_log_format(ab, " osid=%u", n->osid); + if (security_lsmprop_to_secctx(&n->oprop, &ctx, &len)) { if (call_panic) *call_panic = 2; } else { @@ -2276,17 +2270,13 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { - struct lsm_prop prop; - name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getlsmprop(inode, &prop); - /* scaffolding */ - name->osid = prop.scaffold.secid; + security_inode_getlsmprop(inode, &name->oprop); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; |