case AUDIT_OBJ_LEV_LOW:
case AUDIT_OBJ_LEV_HIGH:
kfree(f->lsm_str);
- security_audit_rule_free(f->lsm_rule);
+ security_audit_rule_free(f->lsm_rules);
}
}
goto exit_free;
}
entry->rule.buflen += f_val;
+ f->lsm_isset = true;
f->lsm_str = str;
err = security_audit_rule_init(f->type, f->op, str,
- (void **)&f->lsm_rule);
+ f->lsm_rules);
/* Keep currently invalid fields around in case they
* become valid after a policy reload. */
if (err == -EINVAL) {
return 0;
}
-/* Duplicate LSM field information. The lsm_rule is opaque, so must be
+/* Duplicate LSM field information. The lsm_rules is opaque, so must be
* re-initialized. */
static inline int audit_dupe_lsm_field(struct audit_field *df,
struct audit_field *sf)
return -ENOMEM;
df->lsm_str = lsm_str;
- /* our own (refreshed) copy of lsm_rule */
+ /* our own (refreshed) copy of lsm_rules */
ret = security_audit_rule_init(df->type, df->op, df->lsm_str,
- (void **)&df->lsm_rule);
+ df->lsm_rules);
/* Keep currently invalid fields around in case they
* become valid after a policy reload. */
if (ret == -EINVAL) {
new->tree = old->tree;
memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount);
- /* deep copy this information, updating the lsm_rule fields, because
+ /* deep copy this information, updating the lsm_rules fields, because
* the originals will all be freed when the old rule is freed. */
for (i = 0; i < fcount; i++) {
switch (new->fields[i].type) {
if (!ab)
return;
audit_log_session_info(ab);
- audit_log_task_context(ab);
+ audit_log_task_context(ab, NULL);
audit_log_format(ab, " op=%s", action);
audit_log_key(ab, rule->filterkey);
audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
for (i = 0; i < e->rule.field_count; i++) {
struct audit_field *f = &e->rule.fields[i];
pid_t pid;
- u32 sid;
+ struct lsmblob blob;
switch (f->type) {
case AUDIT_PID:
case AUDIT_SUBJ_TYPE:
case AUDIT_SUBJ_SEN:
case AUDIT_SUBJ_CLR:
- if (f->lsm_rule) {
- security_task_getsecid_subj(current,
- &sid);
- result = security_audit_rule_match(sid,
- f->type, f->op, f->lsm_rule);
+ if (f->lsm_isset) {
+ security_task_getsecid_subj(current, &blob);
+ result = security_audit_rule_match(
+ &blob, f->type, f->op,
+ f->lsm_rules);
}
break;
case AUDIT_EXE:
return ret;
}
-static int update_lsm_rule(struct audit_krule *r)
+static int update_lsm_rules(struct audit_krule *r)
{
struct audit_entry *entry = container_of(r, struct audit_entry, rule);
struct audit_entry *nentry;
return err;
}
-/* This function will re-initialize the lsm_rule field of all applicable rules.
+/* This function will re-initialize the lsm_rules field of all applicable rules.
* It will traverse the filter lists serarching for rules that contain LSM
* specific filter fields. When such a rule is found, it is copied, the
* LSM field is re-initialized, and the old rule is replaced with the
for (i = 0; i < AUDIT_NR_FILTERS; i++) {
list_for_each_entry_safe(r, n, &audit_rules_list[i], list) {
- int res = update_lsm_rule(r);
+ int res = update_lsm_rules(r);
if (!err)
err = res;
}