Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b61c37f5 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data' 



It just bloats the audit data structure for no good reason, since the
only time those fields are filled are just before calling the
common_lsm_audit() function, which is also the only user of those
fields.

So just make them be the arguments to common_lsm_audit(), rather than
bloating that structure that is passed around everywhere, and is
initialized in hot paths.

Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 3f0882c4

include/linux/lsm_audit.h

+3 −4
Original line number Diff line number Diff line
@@ -82,9 +82,6 @@ struct common_audit_data { 
		struct apparmor_audit_data *apparmor_audit_data;

#endif

	}; /* per LSM data pointer union */

	/* these callback will be implemented by a specific LSM */

	void (*lsm_pre_audit)(struct audit_buffer *, void *);

	void (*lsm_post_audit)(struct audit_buffer *, void *);

};



#define v4info fam.v4
@@ -101,6 +98,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb, 
	{ memset((_d), 0, sizeof(struct common_audit_data)); \

	 (_d)->type = LSM_AUDIT_DATA_##_t; }



void common_lsm_audit(struct common_audit_data *a);

void common_lsm_audit(struct common_audit_data *a,

	void (*pre_audit)(struct audit_buffer *, void *),

	void (*post_audit)(struct audit_buffer *, void *));



#endif

security/apparmor/audit.c

+1 −3
Original line number Diff line number Diff line
@@ -160,9 +160,7 @@ void aa_audit_msg(int type, struct common_audit_data *sa, 
		  void (*cb) (struct audit_buffer *, void *))

{

	sa->aad->type = type;

	sa->lsm_pre_audit = audit_pre;

	sa->lsm_post_audit = cb;

	common_lsm_audit(sa);

	common_lsm_audit(sa, audit_pre, cb);

}



/**

security/lsm_audit.c

+9 −5
Original line number Diff line number Diff line
@@ -378,11 +378,15 @@ static void dump_common_audit_data(struct audit_buffer *ab, 
/**

 * common_lsm_audit - generic LSM auditing function

 * @a:  auxiliary audit data

 * @pre_audit: lsm-specific pre-audit callback

 * @post_audit: lsm-specific post-audit callback

 *

 * setup the audit buffer for common security information

 * uses callback to print LSM specific information

 */

void common_lsm_audit(struct common_audit_data *a)

void common_lsm_audit(struct common_audit_data *a,

	void (*pre_audit)(struct audit_buffer *, void *),

	void (*post_audit)(struct audit_buffer *, void *))

{

	struct audit_buffer *ab;
@@ -394,13 +398,13 @@ void common_lsm_audit(struct common_audit_data *a) 
	if (ab == NULL)

		return;



	if (a->lsm_pre_audit)

		a->lsm_pre_audit(ab, a);

	if (pre_audit)

		pre_audit(ab, a);



	dump_common_audit_data(ab, a);



	if (a->lsm_post_audit)

		a->lsm_post_audit(ab, a);

	if (post_audit)

		post_audit(ab, a);



	audit_log_end(ab);

}

security/selinux/avc.c

+1 −3
Original line number Diff line number Diff line
@@ -492,9 +492,7 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, 
	slad.denied = denied;



	a->selinux_audit_data->slad = &slad;

	a->lsm_pre_audit = avc_audit_pre_callback;

	a->lsm_post_audit = avc_audit_post_callback;

	common_lsm_audit(a);

	common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);

	return 0;

}

security/smack/smack_access.c

+1 −2
Original line number Diff line number Diff line
@@ -321,9 +321,8 @@ void smack_log(char *subject_label, char *object_label, int request, 
	sad->object  = object_label;

	sad->request = request_buffer;

	sad->result  = result;

	a->lsm_pre_audit = smack_log_callback;



	common_lsm_audit(a);

	common_lsm_audit(a, smack_log_callback, NULL);

}

#else /* #ifdef CONFIG_AUDIT */

void smack_log(char *subject_label, char *object_label, int request,