bluetooth: Properly clone LSM attributes to newly created child connections
[linux-2.6.git] / security / lsm_audit.c
index 94b8684..893af8a 100644 (file)
@@ -14,6 +14,7 @@
 #include <linux/types.h>
 #include <linux/stddef.h>
 #include <linux/kernel.h>
+#include <linux/gfp.h>
 #include <linux/fs.h>
 #include <linux/init.h>
 #include <net/sock.h>
@@ -187,7 +188,7 @@ static inline void print_ipv6_addr(struct audit_buffer *ab,
                                   char *name1, char *name2)
 {
        if (!ipv6_addr_any(addr))
-               audit_log_format(ab, " %s=%pI6", name1, addr);
+               audit_log_format(ab, " %s=%pI6c", name1, addr);
        if (port)
                audit_log_format(ab, " %s=%d", name2, ntohs(port));
 }
@@ -209,7 +210,6 @@ static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
 static void dump_common_audit_data(struct audit_buffer *ab,
                                   struct common_audit_data *a)
 {
-       struct inode *inode = NULL;
        struct task_struct *tsk = current;
 
        if (a->tsk)
@@ -220,39 +220,55 @@ static void dump_common_audit_data(struct audit_buffer *ab,
        }
 
        switch (a->type) {
+       case LSM_AUDIT_DATA_NONE:
+               return;
        case LSM_AUDIT_DATA_IPC:
                audit_log_format(ab, " key=%d ", a->u.ipc_id);
                break;
        case LSM_AUDIT_DATA_CAP:
                audit_log_format(ab, " capability=%d ", a->u.cap);
                break;
-       case LSM_AUDIT_DATA_FS:
-               if (a->u.fs.path.dentry) {
-                       struct dentry *dentry = a->u.fs.path.dentry;
-                       if (a->u.fs.path.mnt) {
-                               audit_log_d_path(ab, "path=", &a->u.fs.path);
-                       } else {
-                               audit_log_format(ab, " name=");
-                               audit_log_untrustedstring(ab,
-                                                dentry->d_name.name);
-                       }
-                       inode = dentry->d_inode;
-               } else if (a->u.fs.inode) {
-                       struct dentry *dentry;
-                       inode = a->u.fs.inode;
-                       dentry = d_find_alias(inode);
-                       if (dentry) {
-                               audit_log_format(ab, " name=");
-                               audit_log_untrustedstring(ab,
-                                                dentry->d_name.name);
-                               dput(dentry);
-                       }
-               }
+       case LSM_AUDIT_DATA_PATH: {
+               struct inode *inode;
+
+               audit_log_d_path(ab, "path=", &a->u.path);
+
+               inode = a->u.path.dentry->d_inode;
                if (inode)
                        audit_log_format(ab, " dev=%s ino=%lu",
                                        inode->i_sb->s_id,
                                        inode->i_ino);
                break;
+       }
+       case LSM_AUDIT_DATA_DENTRY: {
+               struct inode *inode;
+
+               audit_log_format(ab, " name=");
+               audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
+
+               inode = a->u.dentry->d_inode;
+               if (inode)
+                       audit_log_format(ab, " dev=%s ino=%lu",
+                                       inode->i_sb->s_id,
+                                       inode->i_ino);
+               break;
+       }
+       case LSM_AUDIT_DATA_INODE: {
+               struct dentry *dentry;
+               struct inode *inode;
+
+               inode = a->u.inode;
+               dentry = d_find_alias(inode);
+               if (dentry) {
+                       audit_log_format(ab, " name=");
+                       audit_log_untrustedstring(ab,
+                                        dentry->d_name.name);
+                       dput(dentry);
+               }
+               audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id,
+                                inode->i_ino);
+               break;
+       }
        case LSM_AUDIT_DATA_TASK:
                tsk = a->u.tsk;
                if (tsk && tsk->pid) {
@@ -271,11 +287,11 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                        case AF_INET: {
                                struct inet_sock *inet = inet_sk(sk);
 
-                               print_ipv4_addr(ab, inet->rcv_saddr,
-                                               inet->sport,
+                               print_ipv4_addr(ab, inet->inet_rcv_saddr,
+                                               inet->inet_sport,
                                                "laddr", "lport");
-                               print_ipv4_addr(ab, inet->daddr,
-                                               inet->dport,
+                               print_ipv4_addr(ab, inet->inet_daddr,
+                                               inet->inet_dport,
                                                "faddr", "fport");
                                break;
                        }
@@ -284,10 +300,10 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                                struct ipv6_pinfo *inet6 = inet6_sk(sk);
 
                                print_ipv6_addr(ab, &inet6->rcv_saddr,
-                                               inet->sport,
+                                               inet->inet_sport,
                                                "laddr", "lport");
                                print_ipv6_addr(ab, &inet6->daddr,
-                                               inet->dport,
+                                               inet->inet_dport,
                                                "faddr", "fport");
                                break;
                        }
@@ -352,6 +368,10 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                }
                break;
 #endif
+       case LSM_AUDIT_DATA_KMOD:
+               audit_log_format(ab, " kmod=");
+               audit_log_untrustedstring(ab, a->u.kmod_name);
+               break;
        } /* switch (a->type) */
 }