diff options
author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-01 21:54:38 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-04-19 09:52:34 +1000 |
commit | 2a862b32f3da5a2120043921ad301322ad526084 (patch) | |
tree | bb97054b2f648504f670e3eaed2626b547c4d081 /kernel/auditfilter.c | |
parent | 713a04aeaba35bb95d442cdeb52055498519be25 (diff) | |
download | linux-stable-2a862b32f3da5a2120043921ad301322ad526084.tar.gz linux-stable-2a862b32f3da5a2120043921ad301322ad526084.tar.bz2 linux-stable-2a862b32f3da5a2120043921ad301322ad526084.zip |
Audit: use new LSM hooks instead of SELinux exports
Stop using the following exported SELinux interfaces:
selinux_get_inode_sid(inode, sid)
selinux_get_ipc_sid(ipcp, sid)
selinux_get_task_sid(tsk, sid)
selinux_sid_to_string(sid, ctx, len)
kfree(ctx)
and use following generic LSM equivalents respectively:
security_inode_getsecid(inode, secid)
security_ipc_getsecid*(ipcp, secid)
security_task_getsecid(tsk, secid)
security_sid_to_secctx(sid, ctx, len)
security_release_secctx(ctx, len)
Call security_release_secctx only if security_secid_to_secctx
succeeded.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Diffstat (limited to 'kernel/auditfilter.c')
-rw-r--r-- | kernel/auditfilter.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 2f2914b7cc30..35e58a146eff 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -28,6 +28,7 @@ #include <linux/netlink.h> #include <linux/sched.h> #include <linux/inotify.h> +#include <linux/security.h> #include <linux/selinux.h> #include "audit.h" @@ -1515,11 +1516,12 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action, if (sid) { char *ctx = NULL; u32 len; - if (selinux_sid_to_string(sid, &ctx, &len)) + if (security_secid_to_secctx(sid, &ctx, &len)) audit_log_format(ab, " ssid=%u", sid); - else + else { audit_log_format(ab, " subj=%s", ctx); - kfree(ctx); + security_release_secctx(ctx, len); + } } audit_log_format(ab, " op=%s rule key=", action); if (rule->filterkey) |