[PATCH] audit: use session_info helper

Fri, 16 Nov 2018 14:25:05 -0800 

There are still a couple of places (mark and watch config changes) that
open code auid and ses fields in sequence in records instead of using
the audit_log_session_info() helper.  Use the helper.  Adjust the helper
to accomodate being the first fields.  Passes audit-testsuite.

Signed-off-by: Richard Guy Briggs <[email protected]>
---
 kernel/audit.c          | 6 +++---
 kernel/audit_fsnotify.c | 5 ++---
 kernel/audit_watch.c    | 5 ++---
 3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 2a8058764aa6..6c53e373b828 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -400,7 +400,7 @@ static int audit_log_config_change(char *function_name, u32 
new, u32 old,
        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
        if (unlikely(!ab))
                return rc;
-       audit_log_format(ab, "%s=%u old=%u", function_name, new, old);
+       audit_log_format(ab, "%s=%u old=%u ", function_name, new, old);
        audit_log_session_info(ab);
        rc = audit_log_task_context(ab);
        if (rc)
@@ -1067,7 +1067,7 @@ static void audit_log_common_recv_msg(struct audit_buffer 
**ab, u16 msg_type)
        *ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
        if (unlikely(!*ab))
                return;
-       audit_log_format(*ab, "pid=%d uid=%u", pid, uid);
+       audit_log_format(*ab, "pid=%d uid=%u ", pid, uid);
        audit_log_session_info(*ab);
        audit_log_task_context(*ab);
 }
@@ -2042,7 +2042,7 @@ void audit_log_session_info(struct audit_buffer *ab)
        unsigned int sessionid = audit_get_sessionid(current);
        uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));
 
-       audit_log_format(ab, " auid=%u ses=%u", auid, sessionid);
+       audit_log_format(ab, "auid=%u ses=%u", auid, sessionid);
 }
 
 void audit_log_key(struct audit_buffer *ab, char *key)
diff --git a/kernel/audit_fsnotify.c b/kernel/audit_fsnotify.c
index fba78047fb37..f90ffa699e5b 100644
--- a/kernel/audit_fsnotify.c
+++ b/kernel/audit_fsnotify.c
@@ -130,9 +130,8 @@ static void audit_mark_log_rule_change(struct 
audit_fsnotify_mark *audit_mark, c
        ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
        if (unlikely(!ab))
                return;
-       audit_log_format(ab, "auid=%u ses=%u op=%s",
-                        from_kuid(&init_user_ns, audit_get_loginuid(current)),
-                        audit_get_sessionid(current), op);
+       audit_log_session_info(ab);
+       audit_log_format(ab, " op=%s", op);
        audit_log_format(ab, " path=");
        audit_log_untrustedstring(ab, audit_mark->path);
        audit_log_key(ab, rule->filterkey);
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 787c7afdf829..568e48d1d0ab 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -245,9 +245,8 @@ static void audit_watch_log_rule_change(struct audit_krule 
*r, struct audit_watc
        ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
        if (!ab)
                return;
-       audit_log_format(ab, "auid=%u ses=%u op=%s",
-                        from_kuid(&init_user_ns, audit_get_loginuid(current)),
-                        audit_get_sessionid(current), op);
+       audit_log_session_info(ab);
+       audit_log_format(ab, "op=%s", op);
        audit_log_format(ab, " path=");
        audit_log_untrustedstring(ab, w->path);
        audit_log_key(ab, r->filterkey);
-- 
1.8.3.1

--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to