diff options
author | James Morris <james.l.morris@oracle.com> | 2012-05-22 11:21:06 +1000 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-05-22 11:21:06 +1000 |
commit | ff2bb047c4bce9742e94911eeb44b4d6ff4734ab (patch) | |
tree | 9d9b1cfa3fc17f0cc13f34ca697306cb1f46b05f /security/apparmor | |
parent | cffee16e8b997ab947de661e8820e486b0830c94 (diff) | |
parent | c737f8284cac91428f8fcc8281e69117fa16e887 (diff) | |
download | op-kernel-dev-ff2bb047c4bce9742e94911eeb44b4d6ff4734ab.zip op-kernel-dev-ff2bb047c4bce9742e94911eeb44b4d6ff4734ab.tar.gz |
Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into next
Per pull request, for 3.5.
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/audit.c | 11 | ||||
-rw-r--r-- | security/apparmor/capability.c | 4 | ||||
-rw-r--r-- | security/apparmor/file.c | 2 | ||||
-rw-r--r-- | security/apparmor/include/audit.h | 1 | ||||
-rw-r--r-- | security/apparmor/ipc.c | 2 | ||||
-rw-r--r-- | security/apparmor/lib.c | 2 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 6 | ||||
-rw-r--r-- | security/apparmor/policy.c | 2 | ||||
-rw-r--r-- | security/apparmor/policy_unpack.c | 2 | ||||
-rw-r--r-- | security/apparmor/resource.c | 2 |
10 files changed, 21 insertions, 13 deletions
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index cc3520d..3ae28db 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -111,7 +111,7 @@ static const char *const aa_audit_type[] = { static void audit_pre(struct audit_buffer *ab, void *ca) { struct common_audit_data *sa = ca; - struct task_struct *tsk = sa->tsk ? sa->tsk : current; + struct task_struct *tsk = sa->aad->tsk ? sa->aad->tsk : current; if (aa_g_audit_header) { audit_log_format(ab, "apparmor="); @@ -149,6 +149,12 @@ static void audit_pre(struct audit_buffer *ab, void *ca) audit_log_format(ab, " name="); audit_log_untrustedstring(ab, sa->aad->name); } + + if (sa->aad->tsk) { + audit_log_format(ab, " pid=%d comm=", tsk->pid); + audit_log_untrustedstring(ab, tsk->comm); + } + } /** @@ -205,7 +211,8 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, aa_audit_msg(type, sa, cb); if (sa->aad->type == AUDIT_APPARMOR_KILL) - (void)send_sig_info(SIGKILL, NULL, sa->tsk ? sa->tsk : current); + (void)send_sig_info(SIGKILL, NULL, + sa->aad->tsk ? sa->aad->tsk : current); if (sa->aad->type == AUDIT_APPARMOR_ALLOWED) return complain_error(sa->aad->error); diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index 088dba3..887a5e9 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c @@ -65,10 +65,10 @@ static int audit_caps(struct aa_profile *profile, struct task_struct *task, int type = AUDIT_APPARMOR_AUTO; struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, CAP); + sa.type = LSM_AUDIT_DATA_CAP; sa.aad = &aad; - sa.tsk = task; sa.u.cap = cap; + sa.aad->tsk = task; sa.aad->op = OP_CAPABLE; sa.aad->error = error; diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 2f8fcba..cf19d40 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -108,7 +108,7 @@ int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, int type = AUDIT_APPARMOR_AUTO; struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.op = op, aad.fs.request = request; diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 3868b1e..4b7e189 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -110,6 +110,7 @@ struct apparmor_audit_data { void *profile; const char *name; const char *info; + struct task_struct *tsk; union { void *target; struct { diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c index c3da93a..cf1071b 100644 --- a/security/apparmor/ipc.c +++ b/security/apparmor/ipc.c @@ -42,7 +42,7 @@ static int aa_audit_ptrace(struct aa_profile *profile, { struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.op = OP_PTRACE; aad.target = target; diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index e75829b..7430298 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -66,7 +66,7 @@ void aa_info_message(const char *str) if (audit_enabled) { struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.info = str; aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL); diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ad05d39..032daab 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -373,7 +373,7 @@ static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) AA_MAY_META_READ); } -static int apparmor_dentry_open(struct file *file, const struct cred *cred) +static int apparmor_file_open(struct file *file, const struct cred *cred) { struct aa_file_cxt *fcxt = file->f_security; struct aa_profile *profile; @@ -589,7 +589,7 @@ static int apparmor_setprocattr(struct task_struct *task, char *name, } else { struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.op = OP_SETPROCATTR; aad.info = name; @@ -640,9 +640,9 @@ static struct security_operations apparmor_ops = { .path_chmod = apparmor_path_chmod, .path_chown = apparmor_path_chown, .path_truncate = apparmor_path_truncate, - .dentry_open = apparmor_dentry_open, .inode_getattr = apparmor_inode_getattr, + .file_open = apparmor_file_open, .file_permission = apparmor_file_permission, .file_alloc_security = apparmor_file_alloc_security, .file_free_security = apparmor_file_free_security, diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 7f3f455..cf5fd22 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -969,7 +969,7 @@ static int audit_policy(int op, gfp_t gfp, const char *name, const char *info, { struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.op = op; aad.name = name; diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index deab7c7..329b1fd 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -95,7 +95,7 @@ static int audit_iface(struct aa_profile *new, const char *name, struct aa_profile *profile = __aa_current_profile(); struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; if (e) aad.iface.pos = e->pos - e->start; diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index 2fe8613..e1f3d7e 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c @@ -52,7 +52,7 @@ static int audit_resource(struct aa_profile *profile, unsigned int resource, struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.op = OP_SETRLIMIT, aad.rlim.rlim = resource; |