diff options
author | James Morris <jmorris@namei.org> | 2009-07-13 10:39:36 +1000 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-07-13 10:39:36 +1000 |
commit | be940d6279c30a2d7c4e8d1d5435f957f594d66d (patch) | |
tree | 965805d563cb756879fd3595230c3ca205da76d1 /security/selinux/include | |
parent | b3a633c8527ef155b1a4e22e8f5abc58f7af54c9 (diff) | |
download | op-kernel-dev-be940d6279c30a2d7c4e8d1d5435f957f594d66d.zip op-kernel-dev-be940d6279c30a2d7c4e8d1d5435f957f594d66d.tar.gz |
Revert "SELinux: Convert avc_audit to use lsm_audit.h"
This reverts commit 8113a8d80f4c6a3dc3724b39b470f3fee9c426b6.
The patch causes a stack overflow on my system during boot.
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/avc.h | 49 | ||||
-rw-r--r-- | security/selinux/include/netlabel.h | 4 | ||||
-rw-r--r-- | security/selinux/include/xfrm.h | 8 |
3 files changed, 50 insertions, 11 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index e94e82f..ae4c3a0 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -13,7 +13,6 @@ #include <linux/spinlock.h> #include <linux/init.h> #include <linux/audit.h> -#include <linux/lsm_audit.h> #include <linux/in6.h> #include <linux/path.h> #include <asm/system.h> @@ -37,6 +36,48 @@ struct inode; struct sock; struct sk_buff; +/* Auxiliary data to use in generating the audit record. */ +struct avc_audit_data { + char type; +#define AVC_AUDIT_DATA_FS 1 +#define AVC_AUDIT_DATA_NET 2 +#define AVC_AUDIT_DATA_CAP 3 +#define AVC_AUDIT_DATA_IPC 4 + struct task_struct *tsk; + union { + struct { + struct path path; + struct inode *inode; + } fs; + struct { + int netif; + struct sock *sk; + u16 family; + __be16 dport; + __be16 sport; + union { + struct { + __be32 daddr; + __be32 saddr; + } v4; + struct { + struct in6_addr daddr; + struct in6_addr saddr; + } v6; + } fam; + } net; + int cap; + int ipc_id; + } u; +}; + +#define v4info fam.v4 +#define v6info fam.v6 + +/* Initialize an AVC audit data structure. */ +#define AVC_AUDIT_DATA_INIT(_d,_t) \ + { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } + /* * AVC statistics */ @@ -57,9 +98,7 @@ void __init avc_init(void); void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested, - struct av_decision *avd, - int result, - struct common_audit_data *a); + struct av_decision *avd, int result, struct avc_audit_data *auditdata); #define AVC_STRICT 1 /* Ignore permissive mode. */ int avc_has_perm_noaudit(u32 ssid, u32 tsid, @@ -69,7 +108,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested, - struct common_audit_data *auditdata); + struct avc_audit_data *auditdata); u32 avc_policy_seqno(void); diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h index 8d73842..b4b5b9b 100644 --- a/security/selinux/include/netlabel.h +++ b/security/selinux/include/netlabel.h @@ -59,7 +59,7 @@ int selinux_netlbl_socket_post_create(struct sock *sk, u16 family); int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, struct sk_buff *skb, u16 family, - struct common_audit_data *ad); + struct avc_audit_data *ad); int selinux_netlbl_socket_setsockopt(struct socket *sock, int level, int optname); @@ -129,7 +129,7 @@ static inline int selinux_netlbl_socket_post_create(struct sock *sk, static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, struct sk_buff *skb, u16 family, - struct common_audit_data *ad) + struct avc_audit_data *ad) { return 0; } diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index 13128f9..289e24b 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h @@ -41,9 +41,9 @@ static inline int selinux_xfrm_enabled(void) } int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb, - struct common_audit_data *ad); + struct avc_audit_data *ad); int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, - struct common_audit_data *ad, u8 proto); + struct avc_audit_data *ad, u8 proto); int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); static inline void selinux_xfrm_notify_policyload(void) @@ -57,13 +57,13 @@ static inline int selinux_xfrm_enabled(void) } static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, - struct common_audit_data *ad) + struct avc_audit_data *ad) { return 0; } static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, - struct common_audit_data *ad, u8 proto) + struct avc_audit_data *ad, u8 proto) { return 0; } |