Audit: Final renamings and cleanup

	u32				type;

	u32				val;

	u32				op;

	char				*se_str;

	void				*se_rule;

	char				*lsm_str;

	void				*lsm_rule;

};

#define AUDITSC_INVALID 0

	if (e->rule.fields)

		for (i = 0; i < e->rule.field_count; i++) {

			struct audit_field *f = &e->rule.fields[i];

			kfree(f->se_str);

			security_audit_rule_free(f->se_rule);

			kfree(f->lsm_str);

			security_audit_rule_free(f->lsm_rule);

		}

	kfree(e->rule.fields);

	kfree(e->rule.filterkey);

		f->op = data->fieldflags[i] & AUDIT_OPERATORS;

		f->type = data->fields[i];

		f->val = data->values[i];

		f->se_str = NULL;

		f->se_rule = NULL;

		f->lsm_str = NULL;

		f->lsm_rule = NULL;

		switch(f->type) {

		case AUDIT_PID:

		case AUDIT_UID:

			entry->rule.buflen += f->val;

			err = security_audit_rule_init(f->type, f->op, str,

						       (void **)&f->se_rule);

						       (void **)&f->lsm_rule);

			/* Keep currently invalid fields around in case they

			 * become valid after a policy reload. */

			if (err == -EINVAL) {

				kfree(str);

				goto exit_free;

			} else

				f->se_str = str;

				f->lsm_str = str;

			break;

		case AUDIT_WATCH:

			str = audit_unpack_string(&bufp, &remain, f->val);

		case AUDIT_OBJ_LEV_LOW:

		case AUDIT_OBJ_LEV_HIGH:

			data->buflen += data->values[i] =

				audit_pack_string(&bufp, f->se_str);

				audit_pack_string(&bufp, f->lsm_str);

			break;

		case AUDIT_WATCH:

			data->buflen += data->values[i] =

		case AUDIT_OBJ_TYPE:

		case AUDIT_OBJ_LEV_LOW:

		case AUDIT_OBJ_LEV_HIGH:

			if (strcmp(a->fields[i].se_str, b->fields[i].se_str))

			if (strcmp(a->fields[i].lsm_str, b->fields[i].lsm_str))

				return 1;

			break;

		case AUDIT_WATCH:

	return new;

}

/* Duplicate LSM field information.  The se_rule is opaque, so must be

/* Duplicate LSM field information.  The lsm_rule is opaque, so must be

 * re-initialized. */

static inline int audit_dupe_lsm_field(struct audit_field *df,

					   struct audit_field *sf)

{

	int ret = 0;

	char *se_str;

	char *lsm_str;

	/* our own copy of se_str */

	se_str = kstrdup(sf->se_str, GFP_KERNEL);

	if (unlikely(!se_str))

	/* our own copy of lsm_str */

	lsm_str = kstrdup(sf->lsm_str, GFP_KERNEL);

	if (unlikely(!lsm_str))

		return -ENOMEM;

	df->se_str = se_str;

	df->lsm_str = lsm_str;

	/* our own (refreshed) copy of se_rule */

	ret = security_audit_rule_init(df->type, df->op, df->se_str,

				       (void **)&df->se_rule);

	/* our own (refreshed) copy of lsm_rule */

	ret = security_audit_rule_init(df->type, df->op, df->lsm_str,

				       (void **)&df->lsm_rule);

	/* Keep currently invalid fields around in case they

	 * become valid after a policy reload. */

	if (ret == -EINVAL) {

		printk(KERN_WARNING "audit rule for LSM \'%s\' is "

		       "invalid\n", df->se_str);

		       "invalid\n", df->lsm_str);

		ret = 0;

	}

	new->tree = old->tree;

	memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount);

	/* deep copy this information, updating the se_rule fields, because

	/* deep copy this information, updating the lsm_rule fields, because

	 * the originals will all be freed when the old rule is freed. */

	for (i = 0; i < fcount; i++) {

		switch (new->fields[i].type) {

	return result;

}

/* This function will re-initialize the se_rule field of all applicable rules.

/* This function will re-initialize the lsm_rule field of all applicable rules.

 * It will traverse the filter lists serarching for rules that contain LSM

 * specific filter fields.  When such a rule is found, it is copied, the

 * LSM field is re-initialized, and the old rule is replaced with the

			   match for now to avoid losing information that

			   may be wanted.   An error message will also be

			   logged upon error */

			if (f->se_rule) {

			if (f->lsm_rule) {

				if (need_sid) {

					security_task_getsecid(tsk, &sid);

					need_sid = 0;

				}

				result = security_audit_rule_match(sid, f->type,

				                                  f->op,

				                                  f->se_rule,

				                                  f->lsm_rule,

				                                  ctx);

			}

			break;

		case AUDIT_OBJ_LEV_HIGH:

			/* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR

			   also applies here */

			if (f->se_rule) {

			if (f->lsm_rule) {

				/* Find files that match */

				if (name) {

					result = security_audit_rule_match(

					           name->osid, f->type, f->op,

					           f->se_rule, ctx);

					           f->lsm_rule, ctx);

				} else if (ctx) {

					for (j = 0; j < ctx->name_count; j++) {

						if (security_audit_rule_match(

						      ctx->names[j].osid,

						      f->type, f->op,

						      f->se_rule, ctx)) {

						      f->lsm_rule, ctx)) {

							++result;

							break;

						}

					     aux = aux->next) {

						if (aux->type == AUDIT_IPC) {

							struct audit_aux_data_ipcctl *axi = (void *)aux;

							if (security_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) {

							if (security_audit_rule_match(axi->osid, f->type, f->op, f->lsm_rule, ctx)) {

								++result;

								break;

							}

/*

 * SELinux support for the Audit LSM hooks

 *

 * Most of below header was moved from include/linux/selinux.h which 

 * is released under below copyrights:

 *

 * Author: James Morris <jmorris@redhat.com>

 *

 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>

 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>

 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2,

 * as published by the Free Software Foundation.

 */

#ifndef _SELINUX_AUDIT_H

#define _SELINUX_AUDIT_H

/**

 *	selinux_audit_rule_init - alloc/init an selinux audit rule structure.

 *	@field: the field this rule refers to

 *	@op: the operater the rule uses

 *	@rulestr: the text "target" of the rule

 *	@rule: pointer to the new rule structure returned via this

 *

 *	Returns 0 if successful, -errno if not.  On success, the rule structure

 *	will be allocated internally.  The caller must free this structure with

 *	selinux_audit_rule_free() after use.

 */

int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule);

/**

 *	selinux_audit_rule_free - free an selinux audit rule structure.

 *	@rule: pointer to the audit rule to be freed

 *

 *	This will free all memory associated with the given rule.

 *	If @rule is NULL, no operation is performed.

 */

void selinux_audit_rule_free(void *rule);

/**

 *	selinux_audit_rule_match - determine if a context ID matches a rule.

 *	@sid: the context ID to check

 *	@field: the field this rule refers to

 *	@op: the operater the rule uses

 *	@rule: pointer to the audit rule to check against

 *	@actx: the audit context (can be NULL) associated with the check

 *

 *	Returns 1 if the context id matches the rule, 0 if it does not, and

 *	-errno on failure.

 */

int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,

                             struct audit_context *actx);

/**

 *	selinux_audit_rule_known - check to see if rule contains selinux fields.

 *	@rule: rule to be checked

 *	Returns 1 if there are selinux fields specified in the rule, 0 otherwise.

 */

int selinux_audit_rule_known(struct audit_krule *krule);

#endif /* _SELINUX_AUDIT_H */