lsm: use lsm_prop in security_audit_rule_match

LSM_HOOK(int, 0, audit_rule_init, u32 field, u32 op, char *rulestr,

	 void **lsmrule, gfp_t gfp)

LSM_HOOK(int, 0, audit_rule_known, struct audit_krule *krule)

LSM_HOOK(int, 0, audit_rule_match, u32 secid, u32 field, u32 op, void *lsmrule)

LSM_HOOK(int, 0, audit_rule_match, struct lsm_prop *prop, u32 field, u32 op,

	 void *lsmrule)

LSM_HOOK(void, LSM_RET_VOID, audit_rule_free, void *lsmrule)

#endif /* CONFIG_AUDIT */

int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule,

			     gfp_t gfp);

int security_audit_rule_known(struct audit_krule *krule);

int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);

int security_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,

			      void *lsmrule);

void security_audit_rule_free(void *lsmrule);

#else

	return 0;

}

static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,

					    void *lsmrule)

static inline int security_audit_rule_match(struct lsm_prop *prop, u32 field,

					    u32 op, void *lsmrule)

{

	return 0;

}

		for (i = 0; i < e->rule.field_count; i++) {

			struct audit_field *f = &e->rule.fields[i];

			struct lsm_prop prop = { };

			pid_t pid;

			u32 sid;

			switch (f->type) {

			case AUDIT_PID:

			case AUDIT_SUBJ_SEN:

			case AUDIT_SUBJ_CLR:

				if (f->lsm_rule) {

					security_current_getsecid_subj(&sid);

					result = security_audit_rule_match(sid,

						   f->type, f->op, f->lsm_rule);

					/* scaffolding */

					security_current_getsecid_subj(

							&prop.scaffold.secid);

					result = security_audit_rule_match(

						   &prop, f->type, f->op,

						   f->lsm_rule);

				}

				break;

			case AUDIT_EXE:

	const struct cred *cred;

	int i, need_sid = 1;

	u32 sid;

	struct lsm_prop prop = { };

	unsigned int sessionid;

	if (ctx && rule->prio <= ctx->prio)

					security_current_getsecid_subj(&sid);

					need_sid = 0;

				}

				result = security_audit_rule_match(sid, f->type,

				/* scaffolding */

				prop.scaffold.secid = sid;

				result = security_audit_rule_match(&prop,

								   f->type,

								   f->op,

								   f->lsm_rule);

			}

			if (f->lsm_rule) {

				/* Find files that match */

				if (name) {

					/* scaffolding */

					prop.scaffold.secid = name->osid;

					result = security_audit_rule_match(

								name->osid,

								&prop,

								f->type,

								f->op,

								f->lsm_rule);

				} else if (ctx) {

					list_for_each_entry(n, &ctx->names_list, list) {

						/* scaffolding */

						prop.scaffold.secid = n->osid;

						if (security_audit_rule_match(

								n->osid,

								&prop,

								f->type,

								f->op,

								f->lsm_rule)) {

				/* Find ipc objects that match */

				if (!ctx || ctx->type != AUDIT_IPC)

					break;

				if (security_audit_rule_match(ctx->ipc.osid,

				/* scaffolding */

				prop.scaffold.secid = ctx->ipc.osid;

				if (security_audit_rule_match(&prop,

							      f->type, f->op,

							      f->lsm_rule))

					++result;

	return 0;

}

int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)

int aa_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op, void *vrule)

{

	struct aa_audit_rule *rule = vrule;

	struct aa_label *label;

	int found = 0;

	label = aa_secid_to_label(sid);

	/* scaffolding */

	if (!prop->apparmor.label && prop->scaffold.secid)

		label = aa_secid_to_label(prop->scaffold.secid);

	else

		label = prop->apparmor.label;

	if (!label)

		return -ENOENT;