@@ -90,6 +90,13 @@ static inline void lsm_export_init(struct lsm_export *l)
memset(l, 0, sizeof(*l));
}
+static inline bool lsm_export_any(struct lsm_export *l)
+{
+ return (((l->flags & LSM_EXPORT_SELINUX) && l->selinux) ||
+ ((l->flags & LSM_EXPORT_SMACK) && l->smack) ||
+ ((l->flags & LSM_EXPORT_APPARMOR) && l->apparmor));
+}
+
/**
* lsm_export_secid - pull the useful secid out of a lsm_export
* @data: the containing data structure
@@ -135,9 +135,9 @@ static u32 audit_backlog_limit = 64;
static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
/* The identity of the user shutting down the audit system. */
-kuid_t audit_sig_uid = INVALID_UID;
-pid_t audit_sig_pid = -1;
-u32 audit_sig_sid = 0;
+kuid_t audit_sig_uid = INVALID_UID;
+pid_t audit_sig_pid = -1;
+struct lsm_export audit_sig_lsm;
/* Records can be lost in several ways:
0) [suppressed in audit_alloc]
@@ -1417,23 +1417,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
}
case AUDIT_SIGNAL_INFO:
len = 0;
- if (audit_sig_sid) {
- struct lsm_export le;
-
- lsm_export_to_all(&le, audit_sig_sid);
- err = security_secid_to_secctx(&le, &ctx, &len);
+ if (lsm_export_any(&audit_sig_lsm)) {
+ err = security_secid_to_secctx(&audit_sig_lsm, &ctx,
+ &len);
if (err)
return err;
}
sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
if (!sig_data) {
- if (audit_sig_sid)
+ if (lsm_export_any(&audit_sig_lsm))
security_release_secctx(ctx, len);
return -ENOMEM;
}
sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
sig_data->pid = audit_sig_pid;
- if (audit_sig_sid) {
+ if (lsm_export_any(&audit_sig_lsm)) {
memcpy(sig_data->ctx, ctx, len);
security_release_secctx(ctx, len);
}
@@ -330,7 +330,7 @@ extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len);
extern pid_t audit_sig_pid;
extern kuid_t audit_sig_uid;
-extern u32 audit_sig_sid;
+extern struct lsm_export audit_sig_lsm;
extern int audit_filter(int msgtype, unsigned int listtype);
@@ -2295,8 +2295,7 @@ int audit_signal_info(int sig, struct task_struct *t)
audit_sig_uid = auid;
else
audit_sig_uid = uid;
- security_task_getsecid(current, &le);
- lsm_export_secid(&le, &audit_sig_sid);
+ security_task_getsecid(current, &audit_sig_lsm);
}
if (!audit_signals || audit_dummy_context())
Remove lsm_export scaffolding around audit_sig_sid by changing the u32 secid into an lsm_export structure named audit_sig_lsm. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- include/linux/security.h | 7 +++++++ kernel/audit.c | 18 ++++++++---------- kernel/audit.h | 2 +- kernel/auditsc.c | 3 +-- 4 files changed, 17 insertions(+), 13 deletions(-)