Audit: Final renamings and cleanup

Rename the se_str and se_rule audit fields elements to
lsm_str and lsm_rule to avoid confusion.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
This commit is contained in:
Ahmed S. Darwish 2008-04-19 09:59:43 +10:00 committed by James Morris
parent 9d57a7f9e2
commit 04305e4aff
4 changed files with 93 additions and 28 deletions

View file

@ -377,8 +377,8 @@ struct audit_field {
u32 type;
u32 val;
u32 op;
char *se_str;
void *se_rule;
char *lsm_str;
void *lsm_rule;
};
#define AUDITSC_INVALID 0

View file

@ -139,8 +139,8 @@ static inline void audit_free_rule(struct audit_entry *e)
if (e->rule.fields)
for (i = 0; i < e->rule.field_count; i++) {
struct audit_field *f = &e->rule.fields[i];
kfree(f->se_str);
security_audit_rule_free(f->se_rule);
kfree(f->lsm_str);
security_audit_rule_free(f->lsm_rule);
}
kfree(e->rule.fields);
kfree(e->rule.filterkey);
@ -554,8 +554,8 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
f->op = data->fieldflags[i] & AUDIT_OPERATORS;
f->type = data->fields[i];
f->val = data->values[i];
f->se_str = NULL;
f->se_rule = NULL;
f->lsm_str = NULL;
f->lsm_rule = NULL;
switch(f->type) {
case AUDIT_PID:
case AUDIT_UID:
@ -598,7 +598,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
entry->rule.buflen += f->val;
err = security_audit_rule_init(f->type, f->op, str,
(void **)&f->se_rule);
(void **)&f->lsm_rule);
/* Keep currently invalid fields around in case they
* become valid after a policy reload. */
if (err == -EINVAL) {
@ -610,7 +610,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
kfree(str);
goto exit_free;
} else
f->se_str = str;
f->lsm_str = str;
break;
case AUDIT_WATCH:
str = audit_unpack_string(&bufp, &remain, f->val);
@ -754,7 +754,7 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
case AUDIT_OBJ_LEV_LOW:
case AUDIT_OBJ_LEV_HIGH:
data->buflen += data->values[i] =
audit_pack_string(&bufp, f->se_str);
audit_pack_string(&bufp, f->lsm_str);
break;
case AUDIT_WATCH:
data->buflen += data->values[i] =
@ -806,7 +806,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
case AUDIT_OBJ_TYPE:
case AUDIT_OBJ_LEV_LOW:
case AUDIT_OBJ_LEV_HIGH:
if (strcmp(a->fields[i].se_str, b->fields[i].se_str))
if (strcmp(a->fields[i].lsm_str, b->fields[i].lsm_str))
return 1;
break;
case AUDIT_WATCH:
@ -862,28 +862,28 @@ out:
return new;
}
/* Duplicate LSM field information. The se_rule is opaque, so must be
/* Duplicate LSM field information. The lsm_rule is opaque, so must be
* re-initialized. */
static inline int audit_dupe_lsm_field(struct audit_field *df,
struct audit_field *sf)
{
int ret = 0;
char *se_str;
char *lsm_str;
/* our own copy of se_str */
se_str = kstrdup(sf->se_str, GFP_KERNEL);
if (unlikely(!se_str))
/* our own copy of lsm_str */
lsm_str = kstrdup(sf->lsm_str, GFP_KERNEL);
if (unlikely(!lsm_str))
return -ENOMEM;
df->se_str = se_str;
df->lsm_str = lsm_str;
/* our own (refreshed) copy of se_rule */
ret = security_audit_rule_init(df->type, df->op, df->se_str,
(void **)&df->se_rule);
/* our own (refreshed) copy of lsm_rule */
ret = security_audit_rule_init(df->type, df->op, df->lsm_str,
(void **)&df->lsm_rule);
/* Keep currently invalid fields around in case they
* become valid after a policy reload. */
if (ret == -EINVAL) {
printk(KERN_WARNING "audit rule for LSM \'%s\' is "
"invalid\n", df->se_str);
"invalid\n", df->lsm_str);
ret = 0;
}
@ -930,7 +930,7 @@ static struct audit_entry *audit_dupe_rule(struct audit_krule *old,
new->tree = old->tree;
memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount);
/* deep copy this information, updating the se_rule fields, because
/* deep copy this information, updating the lsm_rule fields, because
* the originals will all be freed when the old rule is freed. */
for (i = 0; i < fcount; i++) {
switch (new->fields[i].type) {
@ -1762,7 +1762,7 @@ unlock_and_return:
return result;
}
/* This function will re-initialize the se_rule field of all applicable rules.
/* This function will re-initialize the lsm_rule field of all applicable rules.
* It will traverse the filter lists serarching for rules that contain LSM
* specific filter fields. When such a rule is found, it is copied, the
* LSM field is re-initialized, and the old rule is replaced with the

View file

@ -527,14 +527,14 @@ static int audit_filter_rules(struct task_struct *tsk,
match for now to avoid losing information that
may be wanted. An error message will also be
logged upon error */
if (f->se_rule) {
if (f->lsm_rule) {
if (need_sid) {
security_task_getsecid(tsk, &sid);
need_sid = 0;
}
result = security_audit_rule_match(sid, f->type,
f->op,
f->se_rule,
f->lsm_rule,
ctx);
}
break;
@ -545,18 +545,18 @@ static int audit_filter_rules(struct task_struct *tsk,
case AUDIT_OBJ_LEV_HIGH:
/* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR
also applies here */
if (f->se_rule) {
if (f->lsm_rule) {
/* Find files that match */
if (name) {
result = security_audit_rule_match(
name->osid, f->type, f->op,
f->se_rule, ctx);
f->lsm_rule, ctx);
} else if (ctx) {
for (j = 0; j < ctx->name_count; j++) {
if (security_audit_rule_match(
ctx->names[j].osid,
f->type, f->op,
f->se_rule, ctx)) {
f->lsm_rule, ctx)) {
++result;
break;
}
@ -569,7 +569,7 @@ static int audit_filter_rules(struct task_struct *tsk,
aux = aux->next) {
if (aux->type == AUDIT_IPC) {
struct audit_aux_data_ipcctl *axi = (void *)aux;
if (security_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) {
if (security_audit_rule_match(axi->osid, f->type, f->op, f->lsm_rule, ctx)) {
++result;
break;
}

View file

@ -0,0 +1,65 @@
/*
* SELinux support for the Audit LSM hooks
*
* Most of below header was moved from include/linux/selinux.h which
* is released under below copyrights:
*
* Author: James Morris <jmorris@redhat.com>
*
* Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
* Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
* Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
#ifndef _SELINUX_AUDIT_H
#define _SELINUX_AUDIT_H
/**
* selinux_audit_rule_init - alloc/init an selinux audit rule structure.
* @field: the field this rule refers to
* @op: the operater the rule uses
* @rulestr: the text "target" of the rule
* @rule: pointer to the new rule structure returned via this
*
* Returns 0 if successful, -errno if not. On success, the rule structure
* will be allocated internally. The caller must free this structure with
* selinux_audit_rule_free() after use.
*/
int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule);
/**
* selinux_audit_rule_free - free an selinux audit rule structure.
* @rule: pointer to the audit rule to be freed
*
* This will free all memory associated with the given rule.
* If @rule is NULL, no operation is performed.
*/
void selinux_audit_rule_free(void *rule);
/**
* selinux_audit_rule_match - determine if a context ID matches a rule.
* @sid: the context ID to check
* @field: the field this rule refers to
* @op: the operater the rule uses
* @rule: pointer to the audit rule to check against
* @actx: the audit context (can be NULL) associated with the check
*
* Returns 1 if the context id matches the rule, 0 if it does not, and
* -errno on failure.
*/
int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,
struct audit_context *actx);
/**
* selinux_audit_rule_known - check to see if rule contains selinux fields.
* @rule: rule to be checked
* Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
*/
int selinux_audit_rule_known(struct audit_krule *krule);
#endif /* _SELINUX_AUDIT_H */