summaryrefslogtreecommitdiff
path: root/security/apparmor/audit.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-01-16 11:43:02 +0300
committerJohn Johansen <john.johansen@canonical.com>2017-01-16 12:18:47 +0300
commitef88a7ac55fdd3bf6ac3942b83aa29311b45339b (patch)
tree54c6b15e2101650dd169caf745bdb17521db899c /security/apparmor/audit.c
parent47f6e5cc7355e4ff2fd7ace919aa9e291077c26b (diff)
downloadlinux-ef88a7ac55fdd3bf6ac3942b83aa29311b45339b.tar.xz
apparmor: change aad apparmor_audit_data macro to a fn macro
The aad macro can replace aad strings when it is not intended to. Switch to a fn macro so it is only applied when intended. Also at the same time cleanup audit_data initialization by putting common boiler plate behind a macro, and dropping the gfp_t parameter which will become useless. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/audit.c')
-rw-r--r--security/apparmor/audit.c42
1 files changed, 20 insertions, 22 deletions
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index bcd28d88df7b..0c81ff64993b 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -62,23 +62,23 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
if (aa_g_audit_header) {
audit_log_format(ab, "apparmor=");
- audit_log_string(ab, aa_audit_type[sa->aad->type]);
+ audit_log_string(ab, aa_audit_type[aad(sa)->type]);
}
- if (sa->aad->op) {
+ if (aad(sa)->op) {
audit_log_format(ab, " operation=");
- audit_log_string(ab, sa->aad->op);
+ audit_log_string(ab, aad(sa)->op);
}
- if (sa->aad->info) {
+ if (aad(sa)->info) {
audit_log_format(ab, " info=");
- audit_log_string(ab, sa->aad->info);
- if (sa->aad->error)
- audit_log_format(ab, " error=%d", sa->aad->error);
+ audit_log_string(ab, aad(sa)->info);
+ if (aad(sa)->error)
+ audit_log_format(ab, " error=%d", aad(sa)->error);
}
- if (sa->aad->profile) {
- struct aa_profile *profile = sa->aad->profile;
+ if (aad(sa)->profile) {
+ struct aa_profile *profile = aad(sa)->profile;
if (profile->ns != root_ns) {
audit_log_format(ab, " namespace=");
audit_log_untrustedstring(ab, profile->ns->base.hname);
@@ -87,9 +87,9 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
audit_log_untrustedstring(ab, profile->base.hname);
}
- if (sa->aad->name) {
+ if (aad(sa)->name) {
audit_log_format(ab, " name=");
- audit_log_untrustedstring(ab, sa->aad->name);
+ audit_log_untrustedstring(ab, aad(sa)->name);
}
}
@@ -101,7 +101,7 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
void aa_audit_msg(int type, struct common_audit_data *sa,
void (*cb) (struct audit_buffer *, void *))
{
- sa->aad->type = type;
+ aad(sa)->type = type;
common_lsm_audit(sa, audit_pre, cb);
}
@@ -109,7 +109,6 @@ void aa_audit_msg(int type, struct common_audit_data *sa,
* aa_audit - Log a profile based audit event to the audit subsystem
* @type: audit type for the message
* @profile: profile to check against (NOT NULL)
- * @gfp: allocation flags to use
* @sa: audit event (NOT NULL)
* @cb: optional callback fn for type specific fields (MAYBE NULL)
*
@@ -117,14 +116,13 @@ void aa_audit_msg(int type, struct common_audit_data *sa,
*
* Returns: error on failure
*/
-int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
- struct common_audit_data *sa,
+int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
void (*cb) (struct audit_buffer *, void *))
{
BUG_ON(!profile);
if (type == AUDIT_APPARMOR_AUTO) {
- if (likely(!sa->aad->error)) {
+ if (likely(!aad(sa)->error)) {
if (AUDIT_MODE(profile) != AUDIT_ALL)
return 0;
type = AUDIT_APPARMOR_AUDIT;
@@ -136,23 +134,23 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
if (AUDIT_MODE(profile) == AUDIT_QUIET ||
(type == AUDIT_APPARMOR_DENIED &&
AUDIT_MODE(profile) == AUDIT_QUIET))
- return sa->aad->error;
+ return aad(sa)->error;
if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
type = AUDIT_APPARMOR_KILL;
if (!unconfined(profile))
- sa->aad->profile = profile;
+ aad(sa)->profile = profile;
aa_audit_msg(type, sa, cb);
- if (sa->aad->type == AUDIT_APPARMOR_KILL)
+ if (aad(sa)->type == AUDIT_APPARMOR_KILL)
(void)send_sig_info(SIGKILL, NULL,
sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ?
sa->u.tsk : current);
- if (sa->aad->type == AUDIT_APPARMOR_ALLOWED)
- return complain_error(sa->aad->error);
+ if (aad(sa)->type == AUDIT_APPARMOR_ALLOWED)
+ return complain_error(aad(sa)->error);
- return sa->aad->error;
+ return aad(sa)->error;
}