Commit b61c37f5 authored by Linus Torvalds's avatar Linus Torvalds

lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data'

It just bloats the audit data structure for no good reason, since the
only time those fields are filled are just before calling the
common_lsm_audit() function, which is also the only user of those
fields.

So just make them be the arguments to common_lsm_audit(), rather than
bloating that structure that is passed around everywhere, and is
initialized in hot paths.
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 3f0882c4
...@@ -82,9 +82,6 @@ struct common_audit_data { ...@@ -82,9 +82,6 @@ struct common_audit_data {
struct apparmor_audit_data *apparmor_audit_data; struct apparmor_audit_data *apparmor_audit_data;
#endif #endif
}; /* per LSM data pointer union */ }; /* per LSM data pointer union */
/* these callback will be implemented by a specific LSM */
void (*lsm_pre_audit)(struct audit_buffer *, void *);
void (*lsm_post_audit)(struct audit_buffer *, void *);
}; };
#define v4info fam.v4 #define v4info fam.v4
...@@ -101,6 +98,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb, ...@@ -101,6 +98,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
{ memset((_d), 0, sizeof(struct common_audit_data)); \ { memset((_d), 0, sizeof(struct common_audit_data)); \
(_d)->type = LSM_AUDIT_DATA_##_t; } (_d)->type = LSM_AUDIT_DATA_##_t; }
void common_lsm_audit(struct common_audit_data *a); void common_lsm_audit(struct common_audit_data *a,
void (*pre_audit)(struct audit_buffer *, void *),
void (*post_audit)(struct audit_buffer *, void *));
#endif #endif
...@@ -160,9 +160,7 @@ void aa_audit_msg(int type, struct common_audit_data *sa, ...@@ -160,9 +160,7 @@ void aa_audit_msg(int type, struct common_audit_data *sa,
void (*cb) (struct audit_buffer *, void *)) void (*cb) (struct audit_buffer *, void *))
{ {
sa->aad->type = type; sa->aad->type = type;
sa->lsm_pre_audit = audit_pre; common_lsm_audit(sa, audit_pre, cb);
sa->lsm_post_audit = cb;
common_lsm_audit(sa);
} }
/** /**
......
...@@ -378,11 +378,15 @@ static void dump_common_audit_data(struct audit_buffer *ab, ...@@ -378,11 +378,15 @@ static void dump_common_audit_data(struct audit_buffer *ab,
/** /**
* common_lsm_audit - generic LSM auditing function * common_lsm_audit - generic LSM auditing function
* @a: auxiliary audit data * @a: auxiliary audit data
* @pre_audit: lsm-specific pre-audit callback
* @post_audit: lsm-specific post-audit callback
* *
* setup the audit buffer for common security information * setup the audit buffer for common security information
* uses callback to print LSM specific information * uses callback to print LSM specific information
*/ */
void common_lsm_audit(struct common_audit_data *a) void common_lsm_audit(struct common_audit_data *a,
void (*pre_audit)(struct audit_buffer *, void *),
void (*post_audit)(struct audit_buffer *, void *))
{ {
struct audit_buffer *ab; struct audit_buffer *ab;
...@@ -394,13 +398,13 @@ void common_lsm_audit(struct common_audit_data *a) ...@@ -394,13 +398,13 @@ void common_lsm_audit(struct common_audit_data *a)
if (ab == NULL) if (ab == NULL)
return; return;
if (a->lsm_pre_audit) if (pre_audit)
a->lsm_pre_audit(ab, a); pre_audit(ab, a);
dump_common_audit_data(ab, a); dump_common_audit_data(ab, a);
if (a->lsm_post_audit) if (post_audit)
a->lsm_post_audit(ab, a); post_audit(ab, a);
audit_log_end(ab); audit_log_end(ab);
} }
...@@ -492,9 +492,7 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, ...@@ -492,9 +492,7 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
slad.denied = denied; slad.denied = denied;
a->selinux_audit_data->slad = &slad; a->selinux_audit_data->slad = &slad;
a->lsm_pre_audit = avc_audit_pre_callback; common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
a->lsm_post_audit = avc_audit_post_callback;
common_lsm_audit(a);
return 0; return 0;
} }
......
...@@ -321,9 +321,8 @@ void smack_log(char *subject_label, char *object_label, int request, ...@@ -321,9 +321,8 @@ void smack_log(char *subject_label, char *object_label, int request,
sad->object = object_label; sad->object = object_label;
sad->request = request_buffer; sad->request = request_buffer;
sad->result = result; sad->result = result;
a->lsm_pre_audit = smack_log_callback;
common_lsm_audit(a); common_lsm_audit(a, smack_log_callback, NULL);
} }
#else /* #ifdef CONFIG_AUDIT */ #else /* #ifdef CONFIG_AUDIT */
void smack_log(char *subject_label, char *object_label, int request, void smack_log(char *subject_label, char *object_label, int request,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment