#ifdef CONFIG_SECURITY
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
int security_audit_rule_known(struct audit_krule *krule);
-int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
- void **lsmrule);
+int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule);
void security_audit_rule_free(void **lsmrule);
#else
return 0;
}
-static inline int security_audit_rule_match(struct lsmblob *blob, u32 field,
- u32 op, void **lsmrule)
+static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
+ void **lsmrule)
{
return 0;
}
struct audit_field *f = &e->rule.fields[i];
pid_t pid;
u32 sid;
- struct lsmblob blob;
switch (f->type) {
case AUDIT_PID:
case AUDIT_SUBJ_CLR:
if (f->lsm_isset) {
security_current_getsecid_subj(&sid);
- lsmblob_init(&blob, sid);
- result = security_audit_rule_match(
- &blob, f->type, f->op,
+ result = security_audit_rule_match(sid,
+ f->type, f->op,
f->lsm_rules);
}
break;
const struct cred *cred;
int i, need_sid = 1;
u32 sid;
- struct lsmblob blob;
unsigned int sessionid;
if (ctx && rule->prio <= ctx->prio)
security_current_getsecid_subj(&sid);
need_sid = 0;
}
- lsmblob_init(&blob, sid);
- result = security_audit_rule_match(&blob,
- f->type,
+ result = security_audit_rule_match(sid, f->type,
f->op,
f->lsm_rules);
}
if (f->lsm_isset) {
/* Find files that match */
if (name) {
- lsmblob_init(&blob, name->osid);
result = security_audit_rule_match(
- &blob,
+ name->osid,
f->type,
f->op,
f->lsm_rules);
} else if (ctx) {
list_for_each_entry(n, &ctx->names_list, list) {
- lsmblob_init(&blob, name->osid);
if (security_audit_rule_match(
- &blob,
+ n->osid,
f->type,
f->op,
f->lsm_rules)) {
/* Find ipc objects that match */
if (!ctx || ctx->type != AUDIT_IPC)
break;
- lsmblob_init(&blob, ctx->ipc.osid);
- if (security_audit_rule_match(&blob,
+ if (security_audit_rule_match(ctx->ipc.osid,
f->type, f->op,
f->lsm_rules))
++result;
{
}
-static inline int ima_filter_rule_match(strcut lsmblob *blob, u32 field, u32 op,
+static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op,
void *lsmrule)
{
return -EINVAL;
for (i = 0; i < MAX_LSM_RULES; i++) {
int rc = 0;
u32 osid;
- struct lsmblob lsmdata;
if (!ima_lsm_isset(lsm_rule->lsm[i].rules)) {
if (!lsm_rule->lsm[i].args_p)
case LSM_OBJ_ROLE:
case LSM_OBJ_TYPE:
security_inode_getsecid(inode, &osid);
- lsmblob_init(&lsmdata, osid);
- rc = ima_filter_rule_match(&lsmdata, lsm_rule->lsm[i].type,
+ rc = ima_filter_rule_match(osid, lsm_rule->lsm[i].type,
Audit_equal,
lsm_rule->lsm[i].rules);
break;
case LSM_SUBJ_USER:
case LSM_SUBJ_ROLE:
case LSM_SUBJ_TYPE:
- lsmblob_init(&lsmdata, secid);
- rc = ima_filter_rule_match(&lsmdata, lsm_rule->lsm[i].type,
+ rc = ima_filter_rule_match(secid, lsm_rule->lsm[i].type,
Audit_equal,
lsm_rule->lsm[i].rules);
break;
hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) {
if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
continue;
- if (lsmrule[hp->lsmid->slot] == NULL)
- continue;
hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]);
}
}
-int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
- void **lsmrule)
+int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule)
{
struct security_hook_list *hp;
int rc;
hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) {
if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
continue;
- if (lsmrule[hp->lsmid->slot] == NULL)
- continue;
- rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot],
- field, op,
+ rc = hp->hook.audit_rule_match(secid, field, op,
&lsmrule[hp->lsmid->slot]);
if (rc)
return rc;