summaryrefslogtreecommitdiffstats
path: root/kernel/auditfilter.c
diff options
context:
space:
mode:
authorAhmed S. Darwish <darwish.07@gmail.com>2008-03-01 21:54:38 +0200
committerJames Morris <jmorris@namei.org>2008-04-19 09:52:34 +1000
commit2a862b32f3da5a2120043921ad301322ad526084 (patch)
treebb97054b2f648504f670e3eaed2626b547c4d081 /kernel/auditfilter.c
parent713a04aeaba35bb95d442cdeb52055498519be25 (diff)
downloadlinux-stable-2a862b32f3da5a2120043921ad301322ad526084.tar.gz
linux-stable-2a862b32f3da5a2120043921ad301322ad526084.tar.bz2
linux-stable-2a862b32f3da5a2120043921ad301322ad526084.zip
Audit: use new LSM hooks instead of SELinux exports
Stop using the following exported SELinux interfaces: selinux_get_inode_sid(inode, sid) selinux_get_ipc_sid(ipcp, sid) selinux_get_task_sid(tsk, sid) selinux_sid_to_string(sid, ctx, len) kfree(ctx) and use following generic LSM equivalents respectively: security_inode_getsecid(inode, secid) security_ipc_getsecid*(ipcp, secid) security_task_getsecid(tsk, secid) security_sid_to_secctx(sid, ctx, len) security_release_secctx(ctx, len) Call security_release_secctx only if security_secid_to_secctx succeeded. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
Diffstat (limited to 'kernel/auditfilter.c')
-rw-r--r--kernel/auditfilter.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 2f2914b7cc30..35e58a146eff 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -28,6 +28,7 @@
#include <linux/netlink.h>
#include <linux/sched.h>
#include <linux/inotify.h>
+#include <linux/security.h>
#include <linux/selinux.h>
#include "audit.h"
@@ -1515,11 +1516,12 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
if (sid) {
char *ctx = NULL;
u32 len;
- if (selinux_sid_to_string(sid, &ctx, &len))
+ if (security_secid_to_secctx(sid, &ctx, &len))
audit_log_format(ab, " ssid=%u", sid);
- else
+ else {
audit_log_format(ab, " subj=%s", ctx);
- kfree(ctx);
+ security_release_secctx(ctx, len);
+ }
}
audit_log_format(ab, " op=%s rule key=", action);
if (rule->filterkey)