[PATCH] change lspp ipc auditing

 *	@ipcp contains the kernel IPC permission structure

 *	@flag contains the desired (requested) permission set

 *	Return 0 if permission is granted.

 * @ipc_getsecurity:

 *      Copy the security label associated with the ipc object into

 *      @buffer.  @buffer may be NULL to request the size of the buffer 

 *      required.  @size indicates the size of @buffer in bytes. Return 

 *      number of bytes used/required on success.

 *

 * Security hooks for individual messages held in System V IPC message queues

 * @msg_msg_alloc_security:

	void (*task_to_inode)(struct task_struct *p, struct inode *inode);

	int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);

	int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size);

	int (*msg_msg_alloc_security) (struct msg_msg * msg);

	void (*msg_msg_free_security) (struct msg_msg * msg);

	return security_ops->ipc_permission (ipcp, flag);

}

static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)

{

	return security_ops->ipc_getsecurity(ipcp, buffer, size);

}

static inline int security_msg_msg_alloc (struct msg_msg * msg)

{

	return security_ops->msg_msg_alloc_security (msg);

	return 0;

}

static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)

{

	return -EOPNOTSUPP;

}

static inline int security_msg_msg_alloc (struct msg_msg * msg)

{

	return 0;

struct selinux_audit_rule;

struct audit_context;

struct inode;

struct kern_ipc_perm;

#ifdef CONFIG_SECURITY_SELINUX

 */

void selinux_get_inode_sid(const struct inode *inode, u32 *sid);

/**

 *     selinux_get_ipc_sid - get the ipc security context ID

 *     @ipcp: ipc structure to get the sid from.

 *     @sid: pointer to security context ID to be filled in.

 *

 *     Returns nothing

 */

void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);

#else

static inline int selinux_audit_rule_init(u32 field, u32 op,

	*sid = 0;

}

static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)

{

	*sid = 0;

}

#endif	/* CONFIG_SECURITY_SELINUX */

#endif /* _LINUX_SELINUX_H */

	uid_t			uid;

	gid_t			gid;

	mode_t			mode;

	char 			*ctx;

	u32			osid;

};

struct audit_aux_data_socketcall {

			dput(axi->dentry);

			mntput(axi->mnt);

		}

		if ( aux->type == AUDIT_IPC ) {

			struct audit_aux_data_ipcctl *axi = (void *)aux;

			if (axi->ctx)

				kfree(axi->ctx);

		}

		context->aux = aux->next;

		kfree(aux);

static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)

{

	int i;

	int i, call_panic = 0;

	struct audit_buffer *ab;

	struct audit_aux_data *aux;

	const char *tty;

		case AUDIT_IPC: {

			struct audit_aux_data_ipcctl *axi = (void *)aux;

			audit_log_format(ab, 

					 " qbytes=%lx iuid=%u igid=%u mode=%x obj=%s",

					 axi->qbytes, axi->uid, axi->gid, axi->mode, axi->ctx);

				 " qbytes=%lx iuid=%u igid=%u mode=%x",

				 axi->qbytes, axi->uid, axi->gid, axi->mode);

			if (axi->osid != 0) {

				char *ctx = NULL;

				u32 len;

				if (selinux_ctxid_to_string(

						axi->osid, &ctx, &len)) {

					audit_log_format(ab, " obj=%u",

							axi->osid);

					call_panic = 1;

				} else

					audit_log_format(ab, " obj=%s", ctx);

				kfree(ctx);

			}

			break; }

		case AUDIT_SOCKETCALL: {

		}

	}

	for (i = 0; i < context->name_count; i++) {

		int call_panic = 0;

		unsigned long ino  = context->names[i].ino;

		unsigned long pino = context->names[i].pino;

				context->names[i].osid, &ctx, &len)) {

				audit_log_format(ab, " obj=%u",

						context->names[i].osid);

				call_panic = 1;

				call_panic = 2;

			} else

				audit_log_format(ab, " obj=%s", ctx);

			kfree(ctx);

		}

		audit_log_end(ab);

	}

	if (call_panic)

		audit_panic("error converting sid to string");

}

}

/**

 * audit_free - free a per-task audit context

#endif

}

void audit_inode_context(int idx, const struct inode *inode)

static void audit_inode_context(int idx, const struct inode *inode)

{

	struct audit_context *context = current->audit_context;

	return ctx ? ctx->loginuid : -1;

}

static char *audit_ipc_context(struct kern_ipc_perm *ipcp)

{

	struct audit_context *context = current->audit_context;

	char *ctx = NULL;

	int len = 0;

	if (likely(!context))

		return NULL;

	len = security_ipc_getsecurity(ipcp, NULL, 0);

	if (len == -EOPNOTSUPP)

		goto ret;

	if (len < 0)

		goto error_path;

	ctx = kmalloc(len, GFP_ATOMIC);

	if (!ctx)

		goto error_path;

	len = security_ipc_getsecurity(ipcp, ctx, len);

	if (len < 0)

		goto error_path;

	return ctx;

error_path:

	kfree(ctx);

	audit_panic("error in audit_ipc_context");

ret:

	return NULL;

}

/**

 * audit_ipc_perms - record audit data for ipc

 * @qbytes: msgq bytes

	ax->uid = uid;

	ax->gid = gid;

	ax->mode = mode;

	ax->ctx = audit_ipc_context(ipcp);

	selinux_get_ipc_sid(ipcp, &ax->osid);

	ax->d.type = AUDIT_IPC;

	ax->d.next = context->aux;

	return 0;

}

static int dummy_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)

{

	return -EOPNOTSUPP;

}

static int dummy_msg_msg_alloc_security (struct msg_msg *msg)

{

	return 0;

	set_to_dummy_if_null(ops, task_reparent_to_init);

 	set_to_dummy_if_null(ops, task_to_inode);

	set_to_dummy_if_null(ops, ipc_permission);

	set_to_dummy_if_null(ops, ipc_getsecurity);

	set_to_dummy_if_null(ops, msg_msg_alloc_security);

	set_to_dummy_if_null(ops, msg_msg_free_security);

	set_to_dummy_if_null(ops, msg_queue_alloc_security);

#include <linux/module.h>

#include <linux/selinux.h>

#include <linux/fs.h>

#include <linux/ipc.h>

#include "security.h"

#include "objsec.h"

	*sid = 0;

}

void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)

{

	if (selinux_enabled) {

		struct ipc_security_struct *isec = ipcp->security;

		*sid = isec->sid;

		return;

	}

	*sid = 0;

}