Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / b122c3767c1d89763b4babca062c3171a71ed97c^! / .
commitb122c3767c1d89763b4babca062c3171a71ed97c[log] [tgz]
authorEric Paris <eparis@redhat.com>Fri Apr 19 15:00:33 2013 -0400
committerEric Paris <eparis@redhat.com>Tue Apr 30 15:31:28 2013 -0400
tree6d11cbca5af63bd1ac4089895d8751f09af28823
parent152f497b9b5940f81de3205465840a5eb316458e [diff]
audit: use a consistent audit helper to log lsm information

We have a number of places we were reimplementing the same code to write
out lsm labels.  Just do it one darn place.

Signed-off-by: Eric Paris <eparis@redhat.com>

diff --git a/include/linux/audit.h b/include/linux/audit.h
index a3a50cc..e2dd9c1 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h

@@ -188,7 +188,7 @@
 	return tsk->sessionid;
 }
 
-extern void audit_log_task_context(struct audit_buffer *ab);
+extern int audit_log_task_context(struct audit_buffer *ab);
 extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk);
 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
@@ -344,8 +344,10 @@
 {
 	return -1;
 }
-static inline void audit_log_task_context(struct audit_buffer *ab)
-{ }
+static int void audit_log_task_context(struct audit_buffer *ab)
+{
+	return 0;
+}
 static inline void audit_log_task_info(struct audit_buffer *ab,
 				       struct task_struct *tsk)
 { }

diff --git a/kernel/audit.c b/kernel/audit.c
index 79b42fd..a3c77b9 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c

@@ -271,29 +271,15 @@
 	int rc = 0;
 	u32 sessionid = audit_get_sessionid(current);
 	uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));
-	u32 sid;
-
 
 	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
 	if (unlikely(!ab))
 		return rc;
 	audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
 			 old, auid, sessionid);
-
-	security_task_getsecid(current, &sid);
-	if (sid) {
-		char *ctx = NULL;
-		u32 len;
-
-		rc = security_secid_to_secctx(sid, &ctx, &len);
-		if (rc) {
-			audit_log_format(ab, " sid=%u", sid);
-			allow_changes = 0; /* Something weird, deny request */
-		} else {
-			audit_log_format(ab, " subj=%s", ctx);
-			security_release_secctx(ctx, len);
-		}
-	}
+	rc = audit_log_task_context(ab);
+	if (rc)
+		allow_changes = 0; /* Something weird, deny request */
 	audit_log_format(ab, " res=%d", allow_changes);
 	audit_log_end(ab);
 	return rc;
@@ -625,12 +611,9 @@
 static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
 {
 	int rc = 0;
-	char *ctx = NULL;
-	u32 len;
 	u32 sessionid = audit_get_sessionid(current);
 	uid_t uid = from_kuid(&init_user_ns, current_uid());
 	uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));
-	u32 sid;
 
 	if (!audit_enabled) {
 		*ab = NULL;
@@ -642,16 +625,7 @@
 		return rc;
 	audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
 			 task_tgid_vnr(current), uid, auid, sessionid);
-	security_task_getsecid(current, &sid);
-	if (sid) {
-		rc = security_secid_to_secctx(sid, &ctx, &len);
-		if (rc)
-			audit_log_format(*ab, " ssid=%u", sid);
-		else {
-			audit_log_format(*ab, " subj=%s", ctx);
-			security_release_secctx(ctx, len);
-		}
-	}
+	audit_log_task_context(*ab);
 
 	return rc;
 }

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index f952234..478f460 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c

@@ -985,7 +985,6 @@
 	struct audit_buffer *ab;
 	uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(current));
 	u32 sessionid = audit_get_sessionid(current);
-	u32 sid;
 
 	if (!audit_enabled)
 		return;
@@ -994,17 +993,7 @@
 	if (!ab)
 		return;
 	audit_log_format(ab, "auid=%u ses=%u" ,loginuid, sessionid);
-	security_task_getsecid(current, &sid);
-	if (sid) {
-		char *ctx = NULL;
-		u32 len;
-		if (security_secid_to_secctx(sid, &ctx, &len))
-			audit_log_format(ab, " ssid=%u", sid);
-		else {
-			audit_log_format(ab, " subj=%s", ctx);
-			security_release_secctx(ctx, len);
-		}
-	}
+	audit_log_task_context(ab);
 	audit_log_format(ab, " op=");
 	audit_log_string(ab, action);
 	audit_log_key(ab, rule->filterkey);

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4baf61d..17e9a26 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c

@@ -1109,7 +1109,7 @@
 	kfree(context);
 }
 
-void audit_log_task_context(struct audit_buffer *ab)
+int audit_log_task_context(struct audit_buffer *ab)
 {
 	char *ctx = NULL;
 	unsigned len;
@@ -1118,22 +1118,22 @@
 
 	security_task_getsecid(current, &sid);
 	if (!sid)
-		return;
+		return 0;
 
 	error = security_secid_to_secctx(sid, &ctx, &len);
 	if (error) {
 		if (error != -EINVAL)
 			goto error_path;
-		return;
+		return 0;
 	}
 
 	audit_log_format(ab, " subj=%s", ctx);
 	security_release_secctx(ctx, len);
-	return;
+	return 0;
 
 error_path:
 	audit_panic("error in audit_log_task_context");
-	return;
+	return error;
 }
 
 EXPORT_SYMBOL(audit_log_task_context);