Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history 
yaml
---
r: 298599
b: refs/heads/master
c: 3f0882c
h: refs/heads/master
i:
  298597: 8cdc920
  298595: 4c3e688
  298591: 2c228a2
v: v3
  • Loading branch information
Eric Paris authored and Linus Torvalds committed Apr 3, 2012
1 parent 3498c21 commit 4315733
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 15 deletions.
2 changes: 1 addition & 1 deletion [refs]
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: f8294f1144ad0630075918df4bf94075f5384604
refs/heads/master: 3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09
27 changes: 15 additions & 12 deletions trunk/security/selinux/avc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -436,9 +436,9 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
{
struct common_audit_data *ad = a;
audit_log_format(ab, "avc: %s ",
ad->selinux_audit_data->denied ? "denied" : "granted");
avc_dump_av(ab, ad->selinux_audit_data->tclass,
ad->selinux_audit_data->audited);
ad->selinux_audit_data->slad->denied ? "denied" : "granted");
avc_dump_av(ab, ad->selinux_audit_data->slad->tclass,
ad->selinux_audit_data->slad->audited);
audit_log_format(ab, " for ");
}

Expand All @@ -452,9 +452,9 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
{
struct common_audit_data *ad = a;
audit_log_format(ab, " ");
avc_dump_query(ab, ad->selinux_audit_data->ssid,
ad->selinux_audit_data->tsid,
ad->selinux_audit_data->tclass);
avc_dump_query(ab, ad->selinux_audit_data->slad->ssid,
ad->selinux_audit_data->slad->tsid,
ad->selinux_audit_data->slad->tclass);
}

/* This is the slow part of avc audit with big stack footprint */
Expand All @@ -465,6 +465,7 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
{
struct common_audit_data stack_data;
struct selinux_audit_data sad = {0,};
struct selinux_late_audit_data slad;

if (!a) {
a = &stack_data;
Expand All @@ -483,12 +484,14 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
(flags & MAY_NOT_BLOCK))
return -ECHILD;

a->selinux_audit_data->tclass = tclass;
a->selinux_audit_data->requested = requested;
a->selinux_audit_data->ssid = ssid;
a->selinux_audit_data->tsid = tsid;
a->selinux_audit_data->audited = audited;
a->selinux_audit_data->denied = denied;
slad.tclass = tclass;
slad.requested = requested;
slad.ssid = ssid;
slad.tsid = tsid;
slad.audited = audited;
slad.denied = denied;

a->selinux_audit_data->slad = &slad;
a->lsm_pre_audit = avc_audit_pre_callback;
a->lsm_post_audit = avc_audit_post_callback;
common_lsm_audit(a);
Expand Down
14 changes: 12 additions & 2 deletions trunk/security/selinux/include/avc.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,19 +46,29 @@ struct avc_cache_stats {
unsigned int frees;
};

struct selinux_audit_data {
/*
* We only need this data after we have decided to send an audit message.
*/
struct selinux_late_audit_data {
u32 ssid;
u32 tsid;
u16 tclass;
u32 requested;
u32 audited;
u32 denied;
int result;
};

/*
* We collect this at the beginning or during an selinux security operation
*/
struct selinux_audit_data {
/*
* auditdeny is a bit tricky and unintuitive. See the
* comments in avc.c for it's meaning and usage.
*/
u32 auditdeny;
int result;
struct selinux_late_audit_data *slad;
};

/*
Expand Down

0 comments on commit 4315733

Please sign in to comment.