diff options
author | Eric Paris <eparis@redhat.com> | 2012-04-04 21:01:42 +0200 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2012-04-09 18:23:02 +0200 |
commit | 0972c74ecba4878baa5f97bb78b242c0eefacfb6 (patch) | |
tree | 1ea472908798d38ab940f617a494786efe75f380 /security | |
parent | LSM: remove the COMMON_AUDIT_DATA_INIT type expansion (diff) | |
download | linux-0972c74ecba4878baa5f97bb78b242c0eefacfb6.tar.xz linux-0972c74ecba4878baa5f97bb78b242c0eefacfb6.zip |
apparmor: move task from common_audit_data to apparmor_audit_data
apparmor is the only LSM that uses the common_audit_data tsk field.
Instead of making all LSMs pay for the stack space move the aa usage into
the apparmor_audit_data.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/audit.c | 11 | ||||
-rw-r--r-- | security/apparmor/capability.c | 2 | ||||
-rw-r--r-- | security/apparmor/include/audit.h | 1 |
3 files changed, 11 insertions, 3 deletions
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index cc3520d39a78..3ae28db5a64f 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -111,7 +111,7 @@ static const char *const aa_audit_type[] = { static void audit_pre(struct audit_buffer *ab, void *ca) { struct common_audit_data *sa = ca; - struct task_struct *tsk = sa->tsk ? sa->tsk : current; + struct task_struct *tsk = sa->aad->tsk ? sa->aad->tsk : current; if (aa_g_audit_header) { audit_log_format(ab, "apparmor="); @@ -149,6 +149,12 @@ static void audit_pre(struct audit_buffer *ab, void *ca) audit_log_format(ab, " name="); audit_log_untrustedstring(ab, sa->aad->name); } + + if (sa->aad->tsk) { + audit_log_format(ab, " pid=%d comm=", tsk->pid); + audit_log_untrustedstring(ab, tsk->comm); + } + } /** @@ -205,7 +211,8 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, aa_audit_msg(type, sa, cb); if (sa->aad->type == AUDIT_APPARMOR_KILL) - (void)send_sig_info(SIGKILL, NULL, sa->tsk ? sa->tsk : current); + (void)send_sig_info(SIGKILL, NULL, + sa->aad->tsk ? sa->aad->tsk : current); if (sa->aad->type == AUDIT_APPARMOR_ALLOWED) return complain_error(sa->aad->error); diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index 3ecb8b7d8502..b66a0e4a5693 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c @@ -67,8 +67,8 @@ static int audit_caps(struct aa_profile *profile, struct task_struct *task, struct apparmor_audit_data aad = {0,}; COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_CAP); sa.aad = &aad; - sa.tsk = task; sa.u.cap = cap; + sa.aad->tsk = task; sa.aad->op = OP_CAPABLE; sa.aad->error = error; diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 3868b1e5d5ba..4b7e18951aea 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -110,6 +110,7 @@ struct apparmor_audit_data { void *profile; const char *name; const char *info; + struct task_struct *tsk; union { void *target; struct { |