Audit: Final renamings and cleanup
Ahmed S. Darwish [Fri, 18 Apr 2008 23:59:43 +0000 (09:59 +1000)]
Rename the se_str and se_rule audit fields elements to
lsm_str and lsm_rule to avoid confusion.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>

include/linux/audit.h
kernel/auditfilter.c
kernel/auditsc.c
security/selinux/include/audit.h [new file with mode: 0644]

index 04869c9..4ccb048 100644 (file)
@@ -377,8 +377,8 @@ struct audit_field {
        u32                             type;
        u32                             val;
        u32                             op;
-       char                            *se_str;
-       void                            *se_rule;
+       char                            *lsm_str;
+       void                            *lsm_rule;
 };
 
 #define AUDITSC_INVALID 0
index 7c69cb5..28fef6b 100644 (file)
@@ -139,8 +139,8 @@ static inline void audit_free_rule(struct audit_entry *e)
        if (e->rule.fields)
                for (i = 0; i < e->rule.field_count; i++) {
                        struct audit_field *f = &e->rule.fields[i];
-                       kfree(f->se_str);
-                       security_audit_rule_free(f->se_rule);
+                       kfree(f->lsm_str);
+                       security_audit_rule_free(f->lsm_rule);
                }
        kfree(e->rule.fields);
        kfree(e->rule.filterkey);
@@ -554,8 +554,8 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
                f->op = data->fieldflags[i] & AUDIT_OPERATORS;
                f->type = data->fields[i];
                f->val = data->values[i];
-               f->se_str = NULL;
-               f->se_rule = NULL;
+               f->lsm_str = NULL;
+               f->lsm_rule = NULL;
                switch(f->type) {
                case AUDIT_PID:
                case AUDIT_UID:
@@ -598,7 +598,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
                        entry->rule.buflen += f->val;
 
                        err = security_audit_rule_init(f->type, f->op, str,
-                                                      (void **)&f->se_rule);
+                                                      (void **)&f->lsm_rule);
                        /* Keep currently invalid fields around in case they
                         * become valid after a policy reload. */
                        if (err == -EINVAL) {
@@ -610,7 +610,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
                                kfree(str);
                                goto exit_free;
                        } else
-                               f->se_str = str;
+                               f->lsm_str = str;
                        break;
                case AUDIT_WATCH:
                        str = audit_unpack_string(&bufp, &remain, f->val);
@@ -754,7 +754,7 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
                case AUDIT_OBJ_LEV_LOW:
                case AUDIT_OBJ_LEV_HIGH:
                        data->buflen += data->values[i] =
-                               audit_pack_string(&bufp, f->se_str);
+                               audit_pack_string(&bufp, f->lsm_str);
                        break;
                case AUDIT_WATCH:
                        data->buflen += data->values[i] =
@@ -806,7 +806,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
                case AUDIT_OBJ_TYPE:
                case AUDIT_OBJ_LEV_LOW:
                case AUDIT_OBJ_LEV_HIGH:
-                       if (strcmp(a->fields[i].se_str, b->fields[i].se_str))
+                       if (strcmp(a->fields[i].lsm_str, b->fields[i].lsm_str))
                                return 1;
                        break;
                case AUDIT_WATCH:
@@ -862,28 +862,28 @@ out:
        return new;
 }
 
-/* Duplicate LSM field information.  The se_rule is opaque, so must be
+/* Duplicate LSM field information.  The lsm_rule is opaque, so must be
  * re-initialized. */
 static inline int audit_dupe_lsm_field(struct audit_field *df,
                                           struct audit_field *sf)
 {
        int ret = 0;
-       char *se_str;
+       char *lsm_str;
 
-       /* our own copy of se_str */
-       se_str = kstrdup(sf->se_str, GFP_KERNEL);
-       if (unlikely(!se_str))
+       /* our own copy of lsm_str */
+       lsm_str = kstrdup(sf->lsm_str, GFP_KERNEL);
+       if (unlikely(!lsm_str))
                return -ENOMEM;
-       df->se_str = se_str;
+       df->lsm_str = lsm_str;
 
-       /* our own (refreshed) copy of se_rule */
-       ret = security_audit_rule_init(df->type, df->op, df->se_str,
-                                      (void **)&df->se_rule);
+       /* our own (refreshed) copy of lsm_rule */
+       ret = security_audit_rule_init(df->type, df->op, df->lsm_str,
+                                      (void **)&df->lsm_rule);
        /* Keep currently invalid fields around in case they
         * become valid after a policy reload. */
        if (ret == -EINVAL) {
                printk(KERN_WARNING "audit rule for LSM \'%s\' is "
-                      "invalid\n", df->se_str);
+                      "invalid\n", df->lsm_str);
                ret = 0;
        }
 
@@ -930,7 +930,7 @@ static struct audit_entry *audit_dupe_rule(struct audit_krule *old,
        new->tree = old->tree;
        memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount);
 
-       /* deep copy this information, updating the se_rule fields, because
+       /* deep copy this information, updating the lsm_rule fields, because
         * the originals will all be freed when the old rule is freed. */
        for (i = 0; i < fcount; i++) {
                switch (new->fields[i].type) {
@@ -1762,7 +1762,7 @@ unlock_and_return:
        return result;
 }
 
-/* This function will re-initialize the se_rule field of all applicable rules.
+/* This function will re-initialize the lsm_rule field of all applicable rules.
  * It will traverse the filter lists serarching for rules that contain LSM
  * specific filter fields.  When such a rule is found, it is copied, the
  * LSM field is re-initialized, and the old rule is replaced with the
index c070053..56e56ed 100644 (file)
@@ -527,14 +527,14 @@ static int audit_filter_rules(struct task_struct *tsk,
                           match for now to avoid losing information that
                           may be wanted.   An error message will also be
                           logged upon error */
-                       if (f->se_rule) {
+                       if (f->lsm_rule) {
                                if (need_sid) {
                                        security_task_getsecid(tsk, &sid);
                                        need_sid = 0;
                                }
                                result = security_audit_rule_match(sid, f->type,
                                                                  f->op,
-                                                                 f->se_rule,
+                                                                 f->lsm_rule,
                                                                  ctx);
                        }
                        break;
@@ -545,18 +545,18 @@ static int audit_filter_rules(struct task_struct *tsk,
                case AUDIT_OBJ_LEV_HIGH:
                        /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR
                           also applies here */
-                       if (f->se_rule) {
+                       if (f->lsm_rule) {
                                /* Find files that match */
                                if (name) {
                                        result = security_audit_rule_match(
                                                   name->osid, f->type, f->op,
-                                                  f->se_rule, ctx);
+                                                  f->lsm_rule, ctx);
                                } else if (ctx) {
                                        for (j = 0; j < ctx->name_count; j++) {
                                                if (security_audit_rule_match(
                                                      ctx->names[j].osid,
                                                      f->type, f->op,
-                                                     f->se_rule, ctx)) {
+                                                     f->lsm_rule, ctx)) {
                                                        ++result;
                                                        break;
                                                }
@@ -569,7 +569,7 @@ static int audit_filter_rules(struct task_struct *tsk,
                                             aux = aux->next) {
                                                if (aux->type == AUDIT_IPC) {
                                                        struct audit_aux_data_ipcctl *axi = (void *)aux;
-                                                       if (security_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) {
+                                                       if (security_audit_rule_match(axi->osid, f->type, f->op, f->lsm_rule, ctx)) {
                                                                ++result;
                                                                break;
                                                        }
diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h
new file mode 100644 (file)
index 0000000..6c8b9ef
--- /dev/null
@@ -0,0 +1,65 @@
+/*
+ * SELinux support for the Audit LSM hooks
+ *
+ * Most of below header was moved from include/linux/selinux.h which 
+ * is released under below copyrights:
+ *
+ * Author: James Morris <jmorris@redhat.com>
+ *
+ * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ */
+
+#ifndef _SELINUX_AUDIT_H
+#define _SELINUX_AUDIT_H
+
+/**
+ *     selinux_audit_rule_init - alloc/init an selinux audit rule structure.
+ *     @field: the field this rule refers to
+ *     @op: the operater the rule uses
+ *     @rulestr: the text "target" of the rule
+ *     @rule: pointer to the new rule structure returned via this
+ *
+ *     Returns 0 if successful, -errno if not.  On success, the rule structure
+ *     will be allocated internally.  The caller must free this structure with
+ *     selinux_audit_rule_free() after use.
+ */
+int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule);
+
+/**
+ *     selinux_audit_rule_free - free an selinux audit rule structure.
+ *     @rule: pointer to the audit rule to be freed
+ *
+ *     This will free all memory associated with the given rule.
+ *     If @rule is NULL, no operation is performed.
+ */
+void selinux_audit_rule_free(void *rule);
+
+/**
+ *     selinux_audit_rule_match - determine if a context ID matches a rule.
+ *     @sid: the context ID to check
+ *     @field: the field this rule refers to
+ *     @op: the operater the rule uses
+ *     @rule: pointer to the audit rule to check against
+ *     @actx: the audit context (can be NULL) associated with the check
+ *
+ *     Returns 1 if the context id matches the rule, 0 if it does not, and
+ *     -errno on failure.
+ */
+int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,
+                             struct audit_context *actx);
+
+/**
+ *     selinux_audit_rule_known - check to see if rule contains selinux fields.
+ *     @rule: rule to be checked
+ *     Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
+ */
+int selinux_audit_rule_known(struct audit_krule *krule);
+
+#endif /* _SELINUX_AUDIT_H */
+