summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-04-04 21:01:43 +0200
committerEric Paris <eparis@redhat.com>2012-04-09 18:23:04 +0200
commit50c205f5e5c2e2af002fd4ef537ded79b90b1b56 (patch)
tree9965a7746aa8c5e982357d5b8c46850f3283206c /security
parentLSM: BUILD_BUG_ON if the common_audit_data union ever grows (diff)
downloadlinux-50c205f5e5c2e2af002fd4ef537ded79b90b1b56.tar.xz
linux-50c205f5e5c2e2af002fd4ef537ded79b90b1b56.zip
LSM: do not initialize common_audit_data to 0
It isn't needed. If you don't set the type of the data associated with that type it is a pretty obvious programming bug. So why waste the cycles? Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/capability.c2
-rw-r--r--security/apparmor/file.c2
-rw-r--r--security/apparmor/ipc.c2
-rw-r--r--security/apparmor/lib.c2
-rw-r--r--security/apparmor/lsm.c2
-rw-r--r--security/apparmor/policy.c2
-rw-r--r--security/apparmor/policy_unpack.c2
-rw-r--r--security/apparmor/resource.c2
-rw-r--r--security/selinux/avc.c2
-rw-r--r--security/selinux/hooks.c68
-rw-r--r--security/smack/smack.h2
11 files changed, 44 insertions, 44 deletions
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index b66a0e4a5693..887a5e948945 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -65,7 +65,7 @@ static int audit_caps(struct aa_profile *profile, struct task_struct *task,
int type = AUDIT_APPARMOR_AUTO;
struct common_audit_data sa;
struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_CAP);
+ sa.type = LSM_AUDIT_DATA_CAP;
sa.aad = &aad;
sa.u.cap = cap;
sa.aad->tsk = task;
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 6ab264ca85cc..cf19d4093ca4 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -108,7 +108,7 @@ int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
int type = AUDIT_APPARMOR_AUTO;
struct common_audit_data sa;
struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE);
+ sa.type = LSM_AUDIT_DATA_NONE;
sa.aad = &aad;
aad.op = op,
aad.fs.request = request;
diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c
index dba449b74db3..cf1071b14232 100644
--- a/security/apparmor/ipc.c
+++ b/security/apparmor/ipc.c
@@ -42,7 +42,7 @@ static int aa_audit_ptrace(struct aa_profile *profile,
{
struct common_audit_data sa;
struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE);
+ sa.type = LSM_AUDIT_DATA_NONE;
sa.aad = &aad;
aad.op = OP_PTRACE;
aad.target = target;
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index b11a2652f541..7430298116d6 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -66,7 +66,7 @@ void aa_info_message(const char *str)
if (audit_enabled) {
struct common_audit_data sa;
struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE);
+ sa.type = LSM_AUDIT_DATA_NONE;
sa.aad = &aad;
aad.info = str;
aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 4f7bc07b2dce..032daab449b0 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -589,7 +589,7 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
} else {
struct common_audit_data sa;
struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE);
+ sa.type = LSM_AUDIT_DATA_NONE;
sa.aad = &aad;
aad.op = OP_SETPROCATTR;
aad.info = name;
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 03dbaef2f8e3..421681c7c346 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -965,7 +965,7 @@ static int audit_policy(int op, gfp_t gfp, const char *name, const char *info,
{
struct common_audit_data sa;
struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE);
+ sa.type = LSM_AUDIT_DATA_NONE;
sa.aad = &aad;
aad.op = op;
aad.name = name;
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 504ba4015aa2..329b1fd30749 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -95,7 +95,7 @@ static int audit_iface(struct aa_profile *new, const char *name,
struct aa_profile *profile = __aa_current_profile();
struct common_audit_data sa;
struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE);
+ sa.type = LSM_AUDIT_DATA_NONE;
sa.aad = &aad;
if (e)
aad.iface.pos = e->pos - e->start;
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index d06f57b74f77..e1f3d7ef2c54 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -52,7 +52,7 @@ static int audit_resource(struct aa_profile *profile, unsigned int resource,
struct common_audit_data sa;
struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE);
+ sa.type = LSM_AUDIT_DATA_NONE;
sa.aad = &aad;
aad.op = OP_SETRLIMIT,
aad.rlim.rlim = resource;
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index c04eea2bdb0a..cd91e25667d1 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -469,7 +469,7 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
if (!a) {
a = &stack_data;
- COMMON_AUDIT_DATA_INIT(a, LSM_AUDIT_DATA_NONE);
+ a->type = LSM_AUDIT_DATA_NONE;
a->selinux_audit_data = &sad;
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d79762946c6e..d9fa2489a551 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1427,7 +1427,7 @@ static int cred_has_capability(const struct cred *cred,
u32 av = CAP_TO_MASK(cap);
int rc;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_CAP);
+ ad.type = LSM_AUDIT_DATA_CAP;
ad.selinux_audit_data = &sad;
ad.u.cap = cap;
@@ -1498,7 +1498,7 @@ static inline int dentry_has_perm(const struct cred *cred,
struct common_audit_data ad;
struct selinux_audit_data sad = {0,};
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY);
+ ad.type = LSM_AUDIT_DATA_DENTRY;
ad.u.dentry = dentry;
ad.selinux_audit_data = &sad;
return inode_has_perm(cred, inode, av, &ad, 0);
@@ -1515,7 +1515,7 @@ static inline int path_has_perm(const struct cred *cred,
struct common_audit_data ad;
struct selinux_audit_data sad = {0,};
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_PATH);
+ ad.type = LSM_AUDIT_DATA_PATH;
ad.u.path = *path;
ad.selinux_audit_data = &sad;
return inode_has_perm(cred, inode, av, &ad, 0);
@@ -1540,7 +1540,7 @@ static int file_has_perm(const struct cred *cred,
u32 sid = cred_sid(cred);
int rc;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_PATH);
+ ad.type = LSM_AUDIT_DATA_PATH;
ad.u.path = file->f_path;
ad.selinux_audit_data = &sad;
@@ -1581,7 +1581,7 @@ static int may_create(struct inode *dir,
sid = tsec->sid;
newsid = tsec->create_sid;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY);
+ ad.type = LSM_AUDIT_DATA_DENTRY;
ad.u.dentry = dentry;
ad.selinux_audit_data = &sad;
@@ -1636,7 +1636,7 @@ static int may_link(struct inode *dir,
dsec = dir->i_security;
isec = dentry->d_inode->i_security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY);
+ ad.type = LSM_AUDIT_DATA_DENTRY;
ad.u.dentry = dentry;
ad.selinux_audit_data = &sad;
@@ -1684,7 +1684,7 @@ static inline int may_rename(struct inode *old_dir,
old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
new_dsec = new_dir->i_security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY);
+ ad.type = LSM_AUDIT_DATA_DENTRY;
ad.selinux_audit_data = &sad;
ad.u.dentry = old_dentry;
@@ -2010,7 +2010,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
return rc;
}
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_PATH);
+ ad.type = LSM_AUDIT_DATA_PATH;
ad.selinux_audit_data = &sad;
ad.u.path = bprm->file->f_path;
@@ -2134,7 +2134,7 @@ static inline void flush_unauthorized_files(const struct cred *cred,
/* Revalidate access to inherited open files. */
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_INODE);
+ ad.type = LSM_AUDIT_DATA_INODE;
ad.selinux_audit_data = &sad;
spin_lock(&files->file_lock);
@@ -2484,7 +2484,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
if (flags & MS_KERNMOUNT)
return 0;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY);
+ ad.type = LSM_AUDIT_DATA_DENTRY;
ad.selinux_audit_data = &sad;
ad.u.dentry = sb->s_root;
return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
@@ -2496,7 +2496,7 @@ static int selinux_sb_statfs(struct dentry *dentry)
struct common_audit_data ad;
struct selinux_audit_data sad = {0,};
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY);
+ ad.type = LSM_AUDIT_DATA_DENTRY;
ad.selinux_audit_data = &sad;
ad.u.dentry = dentry->d_sb->s_root;
return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
@@ -2666,7 +2666,7 @@ static noinline int audit_inode_permission(struct inode *inode,
struct inode_security_struct *isec = inode->i_security;
int rc;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_INODE);
+ ad.type = LSM_AUDIT_DATA_INODE;
ad.selinux_audit_data = &sad;
ad.u.inode = inode;
@@ -2796,7 +2796,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
if (!inode_owner_or_capable(inode))
return -EPERM;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY);
+ ad.type = LSM_AUDIT_DATA_DENTRY;
ad.selinux_audit_data = &sad;
ad.u.dentry = dentry;
@@ -3411,7 +3411,7 @@ static int selinux_kernel_module_request(char *kmod_name)
sid = task_sid(current);
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_KMOD);
+ ad.type = LSM_AUDIT_DATA_KMOD;
ad.selinux_audit_data = &sad;
ad.u.kmod_name = kmod_name;
@@ -3792,7 +3792,7 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
if (sksec->sid == SECINITSID_KERNEL)
return 0;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->sk = sk;
@@ -3900,7 +3900,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
snum, &sid);
if (err)
goto out;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->sport = htons(snum);
@@ -3935,7 +3935,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
if (err)
goto out;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->sport = htons(snum);
@@ -3997,7 +3997,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->dport = htons(snum);
@@ -4094,7 +4094,7 @@ static int selinux_socket_unix_stream_connect(struct sock *sock,
struct lsm_network_audit net = {0,};
int err;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->sk = other;
@@ -4127,7 +4127,7 @@ static int selinux_socket_unix_may_send(struct socket *sock,
struct selinux_audit_data sad = {0,};
struct lsm_network_audit net = {0,};
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->sk = other->sk;
@@ -4170,7 +4170,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
struct lsm_network_audit net = {0,};
char *addrp;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->netif = skb->skb_iif;
@@ -4226,7 +4226,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
if (!secmark_active && !peerlbl_active)
return 0;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->netif = skb->skb_iif;
@@ -4583,7 +4583,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
return NF_DROP;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->netif = ifindex;
@@ -4683,7 +4683,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
return NF_ACCEPT;
sksec = sk->sk_security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->netif = ifindex;
@@ -4756,7 +4756,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
secmark_perm = PACKET__SEND;
}
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET);
+ ad.type = LSM_AUDIT_DATA_NET;
ad.selinux_audit_data = &sad;
ad.u.net = &net;
ad.u.net->netif = ifindex;
@@ -4880,7 +4880,7 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
isec = ipc_perms->security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC);
+ ad.type = LSM_AUDIT_DATA_IPC;
ad.selinux_audit_data = &sad;
ad.u.ipc_id = ipc_perms->key;
@@ -4912,7 +4912,7 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
isec = msq->q_perm.security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC);
+ ad.type = LSM_AUDIT_DATA_IPC;
ad.selinux_audit_data = &sad;
ad.u.ipc_id = msq->q_perm.key;
@@ -4939,7 +4939,7 @@ static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
isec = msq->q_perm.security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC);
+ ad.type = LSM_AUDIT_DATA_IPC;
ad.selinux_audit_data = &sad;
ad.u.ipc_id = msq->q_perm.key;
@@ -5001,7 +5001,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
return rc;
}
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC);
+ ad.type = LSM_AUDIT_DATA_IPC;
ad.selinux_audit_data = &sad;
ad.u.ipc_id = msq->q_perm.key;
@@ -5034,7 +5034,7 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
isec = msq->q_perm.security;
msec = msg->security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC);
+ ad.type = LSM_AUDIT_DATA_IPC;
ad.selinux_audit_data = &sad;
ad.u.ipc_id = msq->q_perm.key;
@@ -5061,7 +5061,7 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp)
isec = shp->shm_perm.security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC);
+ ad.type = LSM_AUDIT_DATA_IPC;
ad.selinux_audit_data = &sad;
ad.u.ipc_id = shp->shm_perm.key;
@@ -5088,7 +5088,7 @@ static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
isec = shp->shm_perm.security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC);
+ ad.type = LSM_AUDIT_DATA_IPC;
ad.selinux_audit_data = &sad;
ad.u.ipc_id = shp->shm_perm.key;
@@ -5157,7 +5157,7 @@ static int selinux_sem_alloc_security(struct sem_array *sma)
isec = sma->sem_perm.security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC);
+ ad.type = LSM_AUDIT_DATA_IPC;
ad.selinux_audit_data = &sad;
ad.u.ipc_id = sma->sem_perm.key;
@@ -5184,7 +5184,7 @@ static int selinux_sem_associate(struct sem_array *sma, int semflg)
isec = sma->sem_perm.security;
- COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC);
+ ad.type = LSM_AUDIT_DATA_IPC;
ad.selinux_audit_data = &sad;
ad.u.ipc_id = sma->sem_perm.key;
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 4ede719922ed..b61e75f224d4 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -319,7 +319,7 @@ void smack_log(char *subject_label, char *object_label,
static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
char type)
{
- memset(a, 0, sizeof(*a));
+ memset(&a->sad, 0, sizeof(a->sad));
a->a.type = type;
a->a.smack_audit_data = &a->sad;
a->a.smack_audit_data->function = func;