audit: use an lsm_prop in audit_names (e0a8dcbd) · Commits · git / linux-nf

kernel/audit.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -82,7 +82,7 @@ struct audit_names {
		kuid_t uid;
		kgid_t gid;
		dev_t rdev;
		u32 osid;
		struct lsm_prop oprop;
		struct audit_cap_data fcap;
		unsigned int fcap_ver;
		unsigned char type; /* record type */

+5 −15

Original line number	Diff line number	Diff line
		@@ -698,19 +698,15 @@ static int audit_filter_rules(struct task_struct *tsk,
		if (f->lsm_rule) {
		/* Find files that match */
		if (name) {
		/* scaffolding */
		prop.scaffold.secid = name->osid;
		result = security_audit_rule_match(
		&prop,
		&name->oprop,
		f->type,
		f->op,
		f->lsm_rule);
		} else if (ctx) {
		list_for_each_entry(n, &ctx->names_list, list) {
		/* scaffolding */
		prop.scaffold.secid = n->osid;
		if (security_audit_rule_match(
		&prop,
		&n->oprop,
		f->type,
		f->op,
		f->lsm_rule)) {
		@@ -1562,13 +1558,11 @@ static void audit_log_name(struct audit_context context, struct audit_names n,
		from_kgid(&init_user_ns, n->gid),
		MAJOR(n->rdev),
		MINOR(n->rdev));
		if (n->osid != 0) {
		if (lsmprop_is_set(&n->oprop)) {
		char *ctx = NULL;
		u32 len;

		if (security_secid_to_secctx(
		n->osid, &ctx, &len)) {
		audit_log_format(ab, " osid=%u", n->osid);
		if (security_lsmprop_to_secctx(&n->oprop, &ctx, &len)) {
		if (call_panic)
		*call_panic = 2;
		} else {
		@@ -2276,17 +2270,13 @@ static void audit_copy_inode(struct audit_names *name,
		const struct dentry *dentry,
		struct inode *inode, unsigned int flags)
		{
		struct lsm_prop prop;

		name->ino = inode->i_ino;
		name->dev = inode->i_sb->s_dev;
		name->mode = inode->i_mode;
		name->uid = inode->i_uid;
		name->gid = inode->i_gid;
		name->rdev = inode->i_rdev;
		security_inode_getlsmprop(inode, &prop);
		/* scaffolding */
		name->osid = prop.scaffold.secid;
		security_inode_getlsmprop(inode, &name->oprop);
		if (flags & AUDIT_INODE_NOEVAL) {
		name->fcap_ver = -1;
		return;