Now all of the audit caller have been namespace aware,
we can rename audit_log_start_ns to audit_log_start,
we just need a namespace awared audit interface.
Signed-off-by: Gao feng <gaof...@cn.fujitsu.com>
---
drivers/tty/tty_audit.c | 4 +-
include/linux/audit.h | 28 ++++-------
include/net/xfrm.h | 4 +-
kernel/audit.c | 94 ++++++++++++++++---------------------
kernel/audit_tree.c | 4 +-
kernel/audit_watch.c | 4 +-
kernel/auditfilter.c | 4 +-
kernel/auditsc.c | 56 +++++++++++-----------
net/ipv4/cipso_ipv4.c | 4 +-
net/netfilter/x_tables.c | 4 +-
net/netfilter/xt_AUDIT.c | 4 +-
net/netlabel/netlabel_domainhash.c | 4 +-
net/netlabel/netlabel_unlabeled.c | 8 ++--
net/netlabel/netlabel_user.c | 4 +-
net/xfrm/xfrm_policy.c | 4 +-
net/xfrm/xfrm_state.c | 14 +++---
security/integrity/ima/ima_api.c | 6 +--
security/integrity/ima/ima_audit.c | 6 +--
security/integrity/ima/ima_policy.c | 4 +-
security/lsm_audit.c | 6 +--
security/selinux/hooks.c | 16 +++----
security/selinux/ss/services.c | 6 +--
22 files changed, 131 insertions(+), 157 deletions(-)
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index b20ef14..7dfa931 100644
--- a/drivers/tty/tty_audit.c
+++ b/drivers/tty/tty_audit.c
@@ -67,7 +67,7 @@ static void tty_audit_log(const char *description, struct
task_struct *tsk,
struct audit_buffer *ab;
struct user_namespace *ns = task_cred_xxx(tsk, user_ns);
- ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_TTY);
+ ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_TTY);
if (ab) {
char name[sizeof(tsk->comm)];
kuid_t uid = task_uid(tsk);
@@ -83,7 +83,7 @@ static void tty_audit_log(const char *description, struct
task_struct *tsk,
audit_log_untrustedstring(ab, name);
audit_log_format(ab, " data=");
audit_log_n_hex(ab, data, size);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
}
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 885e842..a46efa3 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -400,17 +400,13 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask,
int type,
const char *fmt, ...);
extern struct audit_buffer *
-audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
-
-extern struct audit_buffer *
-audit_log_start_ns(struct user_namespace *ns, struct audit_context *ctx,
- gfp_t gfp_mask, int type);
+audit_log_start(struct user_namespace *ns, struct audit_context *ctx,
+ gfp_t gfp_mask, int type);
extern __printf(2, 3)
void audit_log_format(struct audit_buffer *ab, const char *fmt, ...);
-extern void audit_log_end(struct audit_buffer *ab);
-extern void audit_log_end_ns(struct user_namespace *ns,
- struct audit_buffer *ab);
+extern void audit_log_end(struct user_namespace *ns,
+ struct audit_buffer *ab);
extern int audit_string_contains_control(const char *string,
size_t len);
extern void audit_log_n_hex(struct audit_buffer *ab,
@@ -458,25 +454,17 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask,
int type,
const char *fmt, ...)
{ }
static inline
-struct audit_buffer *audit_log_start(struct audit_context *ctx,
+struct audit_buffer *audit_log_start(struct user_namespace *ns,
+ struct audit_context *ctx,
gfp_t gfp_mask, int type)
{
return NULL;
}
-static inline
-struct audit_buffer *audit_log_start_ns(struct user_namespace *ns,
- struct audit_context *ctx,
- gfp_t gfp_mask, int type)
-{
- return NULL;
-}
static inline __printf(2, 3)
void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
{ }
-static inline void audit_log_end(struct audit_buffer *ab)
-{ }
-static inline void audit_log_end_ns(struct user_namespace *ns,
- struct audit_buffer *ab)
+static inline void audit_log_end(struct user_namespace *ns,
+ struct audit_buffer *ab)
{ }
static inline void audit_log_n_hex(struct audit_buffer *ab,
const unsigned char *buf, size_t len)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 1a99744..bb4d6b2 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -687,8 +687,8 @@ static inline struct audit_buffer *xfrm_audit_start(const
char *op)
if (audit_enabled_ns(ns) == 0)
return NULL;
- audit_buf = audit_log_start_ns(ns, current->audit_context,
- GFP_ATOMIC, AUDIT_MAC_IPSEC_EVENT);
+ audit_buf = audit_log_start(ns, current->audit_context,
+ GFP_ATOMIC, AUDIT_MAC_IPSEC_EVENT);
if (audit_buf == NULL)
return NULL;
audit_log_format(audit_buf, "op=%s", op);
diff --git a/kernel/audit.c b/kernel/audit.c
index 926d59b..da1c0ad 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -249,7 +249,7 @@ static int audit_log_config_change(char *function_name, int
new, int old,
struct user_namespace *ns = current_user_ns();
int rc = 0;
- ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
+ ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
if (unlikely(!ab))
return rc;
audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
@@ -268,7 +268,7 @@ static int audit_log_config_change(char *function_name, int
new, int old,
}
}
audit_log_format(ab, " res=%d", allow_changes);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
return rc;
}
@@ -619,7 +619,7 @@ static int audit_log_common_recv_msg(struct user_namespace
*ns,
return rc;
}
- *ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, msg_type);
+ *ab = audit_log_start(ns, NULL, GFP_KERNEL, msg_type);
if (unlikely(!*ab))
return rc;
audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
@@ -759,7 +759,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct
nlmsghdr *nlh)
audit_log_n_untrustedstring(ab, data, size);
}
audit_set_pid(ab, NETLINK_CB(skb).portid);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
break;
case AUDIT_ADD:
@@ -772,7 +772,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct
nlmsghdr *nlh)
audit_log_format(ab, " audit_enabled=%d res=0",
ns->audit.enabled);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
return -EPERM;
}
/* fallthrough */
@@ -791,7 +791,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct
nlmsghdr *nlh)
audit_log_format(ab, " audit_enabled=%d res=0",
ns->audit.enabled);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
return -EPERM;
}
/* fallthrough */
@@ -807,7 +807,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct
nlmsghdr *nlh)
loginuid, sessionid, sid);
audit_log_format(ab, " op=trim res=1");
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
break;
case AUDIT_MAKE_EQUIV: {
void *bufp = data;
@@ -843,7 +843,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct
nlmsghdr *nlh)
audit_log_format(ab, " new=");
audit_log_untrustedstring(ab, new);
audit_log_format(ab, " res=%d", !err);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
kfree(old);
kfree(new);
break;
@@ -1153,10 +1153,24 @@ static void wait_for_auditd(struct user_namespace *ns,
remove_wait_queue(&ns->audit.backlog_wait, &wait);
}
-struct audit_buffer *audit_log_start_ns(struct user_namespace *ns,
- struct audit_context *ctx,
- gfp_t gfp_mask,
- int type)
+/**
+ * audit_log_start - obtain an audit buffer
+ * @ctx: audit_context (may be NULL)
+ * @gfp_mask: type of allocation
+ * @type: audit message type
+ *
+ * Returns audit_buffer pointer on success or NULL on error.
+ *
+ * Obtain an audit buffer. This routine does locking to obtain the
+ * audit buffer, but then no locking is required for calls to
+ * audit_log_*format. If the task (ctx) is a task that is currently in a
+ * syscall, then the syscall is marked as auditable and an audit record
+ * will be written at syscall exit. If there is no associated task, then
+ * task context (ctx) should be NULL.
+ */
+struct audit_buffer *audit_log_start(struct user_namespace *ns,
+ struct audit_context *ctx,
+ gfp_t gfp_mask, int type)
{
struct audit_buffer *ab = NULL;
struct timespec t;
@@ -1215,27 +1229,6 @@ struct audit_buffer *audit_log_start_ns(struct
user_namespace *ns,
/**
- * audit_log_start - obtain an audit buffer
- * @ctx: audit_context (may be NULL)
- * @gfp_mask: type of allocation
- * @type: audit message type
- *
- * Returns audit_buffer pointer on success or NULL on error.
- *
- * Obtain an audit buffer. This routine does locking to obtain the
- * audit buffer, but then no locking is required for calls to
- * audit_log_*format. If the task (ctx) is a task that is currently in a
- * syscall, then the syscall is marked as auditable and an audit record
- * will be written at syscall exit. If there is no associated task, then
- * task context (ctx) should be NULL.
- */
-struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
- int type)
-{
- return audit_log_start_ns(&init_user_ns, ctx, gfp_mask, type);
-}
-
-/**
* audit_expand - expand skb in the audit buffer
* @ab: audit_buffer
* @extra: space to add at tail of the skb
@@ -1491,7 +1484,7 @@ void audit_log_link_denied(const char *operation, struct
path *link)
struct audit_buffer *ab;
struct user_namespace *ns = current_user_ns();
- ab = audit_log_start_ns(ns, current->audit_context, GFP_KERNEL,
+ ab = audit_log_start(ns, current->audit_context, GFP_KERNEL,
AUDIT_ANOM_LINK);
if (!ab)
return;
@@ -1502,10 +1495,19 @@ void audit_log_link_denied(const char *operation,
struct path *link)
audit_log_format(ab, " dev=");
audit_log_untrustedstring(ab, link->dentry->d_inode->i_sb->s_id);
audit_log_format(ab, " ino=%lu", link->dentry->d_inode->i_ino);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
-void audit_log_end_ns(struct user_namespace *ns, struct audit_buffer *ab)
+/**
+ * audit_log_end - end one audit record
+ * @ab: the audit_buffer
+ *
+ * The netlink_* functions cannot be called inside an irq context, so
+ * the audit buffer is placed on a queue and a tasklet is scheduled to
+ * remove them from the queue outside the irq context. May be called in
+ * any context.
+ */
+void audit_log_end(struct user_namespace *ns, struct audit_buffer *ab)
{
if (!ab)
return;
@@ -1528,20 +1530,6 @@ void audit_log_end_ns(struct user_namespace *ns, struct
audit_buffer *ab)
}
/**
- * audit_log_end - end one audit record
- * @ab: the audit_buffer
- *
- * The netlink_* functions cannot be called inside an irq context, so
- * the audit buffer is placed on a queue and a tasklet is scheduled to
- * remove them from the queue outside the irq context. May be called in
- * any context.
- */
-void audit_log_end(struct audit_buffer *ab)
-{
- audit_log_end_ns(&init_user_ns, ab);
-}
-
-/**
* audit_log - Log an audit record
* @ctx: audit context
* @gfp_mask: type of allocation
@@ -1559,12 +1547,12 @@ void audit_log(struct audit_context *ctx, gfp_t
gfp_mask, int type,
struct audit_buffer *ab;
va_list args;
- ab = audit_log_start_ns(&init_user_ns, ctx, gfp_mask, type);
+ ab = audit_log_start(&init_user_ns, ctx, gfp_mask, type);
if (ab) {
va_start(args, fmt);
audit_log_vformat(ab, fmt, args);
va_end(args);
- audit_log_end_ns(&init_user_ns, ab);
+ audit_log_end(&init_user_ns, ab);
}
}
@@ -1639,9 +1627,7 @@ void audit_free_user_ns(struct user_namespace *ns)
}
EXPORT_SYMBOL(audit_log_start);
-EXPORT_SYMBOL(audit_log_start_ns);
EXPORT_SYMBOL(audit_log_end);
-EXPORT_SYMBOL(audit_log_end_ns);
EXPORT_SYMBOL(audit_log_format);
EXPORT_SYMBOL(audit_log);
EXPORT_SYMBOL(audit_set_user_ns);
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 521766d..20ffef8 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -453,7 +453,7 @@ static void audit_log_remove_rule(struct user_namespace *ns,
{
struct audit_buffer *ab;
- ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
+ ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
if (unlikely(!ab))
return;
audit_log_format(ab, "op=");
@@ -462,7 +462,7 @@ static void audit_log_remove_rule(struct user_namespace *ns,
audit_log_untrustedstring(ab, rule->tree->pathname);
audit_log_key(ab, rule->filterkey);
audit_log_format(ab, " list=%d res=1", rule->listnr);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
static void kill_rules(struct user_namespace *ns, struct audit_tree *tree)
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 1bac505..4dcc331 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -242,7 +242,7 @@ static void audit_watch_log_rule_change(struct audit_krule
*r,
if (audit_enabled_ns(ns)) {
struct audit_buffer *ab;
- ab = audit_log_start_ns(ns, NULL, GFP_NOFS,
+ ab = audit_log_start(ns, NULL, GFP_NOFS,
AUDIT_CONFIG_CHANGE);
if (unlikely(!ab))
return;
@@ -254,7 +254,7 @@ static void audit_watch_log_rule_change(struct audit_krule
*r,
audit_log_untrustedstring(ab, w->path);
audit_log_key(ab, r->filterkey);
audit_log_format(ab, " list=%d res=1", r->listnr);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
}
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 8af148b..6052f57 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1125,7 +1125,7 @@ static void audit_log_rule_change(kuid_t loginuid, u32
sessionid, u32 sid,
if (!ns->audit.enabled)
return;
- ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
+ ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
if (!ab)
return;
audit_log_format(ab, "auid=%u ses=%u",
@@ -1144,7 +1144,7 @@ static void audit_log_rule_change(kuid_t loginuid, u32
sessionid, u32 sid,
audit_log_string(ab, action);
audit_log_key(ab, rule->filterkey);
audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
/**
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 3c5ced9..a65020a 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1195,7 +1195,7 @@ static int audit_log_pid_context(struct user_namespace
*ns,
u32 len;
int rc = 0;
- ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_OBJ_PID);
+ ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_OBJ_PID);
if (!ab)
return rc;
@@ -1211,7 +1211,7 @@ static int audit_log_pid_context(struct user_namespace
*ns,
}
audit_log_format(ab, " ocomm=");
audit_log_untrustedstring(ab, comm);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
return rc;
}
@@ -1313,8 +1313,8 @@ static int audit_log_single_execve_arg(struct
audit_context *context,
room_left -= to_send;
if (room_left < 0) {
*len_sent = 0;
- audit_log_end_ns(ns, *ab);
- *ab = audit_log_start_ns(ns, context,
+ audit_log_end(ns, *ab);
+ *ab = audit_log_start(ns, context,
GFP_KERNEL, AUDIT_EXECVE);
if (!*ab)
return 0;
@@ -1439,7 +1439,7 @@ static void show_special(struct user_namespace *ns,
struct audit_buffer *ab;
int i;
- ab = audit_log_start_ns(ns, context, GFP_KERNEL, context->type);
+ ab = audit_log_start(ns, context, GFP_KERNEL, context->type);
if (!ab)
return;
@@ -1470,8 +1470,8 @@ static void show_special(struct user_namespace *ns,
}
}
if (context->ipc.has_perm) {
- audit_log_end_ns(ns, ab);
- ab = audit_log_start_ns(ns, context, GFP_KERNEL,
+ audit_log_end(ns, ab);
+ ab = audit_log_start(ns, context, GFP_KERNEL,
AUDIT_IPC_SET_PERM);
if (unlikely(!ab))
return;
@@ -1528,7 +1528,7 @@ static void show_special(struct user_namespace *ns,
context->mmap.flags);
break; }
}
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
static void audit_log_name(struct user_namespace *ns,
@@ -1536,7 +1536,7 @@ static void audit_log_name(struct user_namespace *ns,
int record_num, int *call_panic)
{
struct audit_buffer *ab;
- ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_PATH);
+ ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_PATH);
if (!ab)
return; /* audit_panic has been called */
@@ -1591,7 +1591,7 @@ static void audit_log_name(struct user_namespace *ns,
audit_log_fcaps(ab, n);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
static void audit_log_exit(struct audit_context *context, struct task_struct
*tsk)
@@ -1605,7 +1605,7 @@ static void audit_log_exit(struct audit_context *context,
struct task_struct *ts
/* tsk == current */
context->personality = tsk->personality;
- ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_SYSCALL);
+ ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_SYSCALL);
if (!ab)
return; /* audit_panic has been called */
audit_log_format(ab, "arch=%x syscall=%d",
@@ -1627,11 +1627,11 @@ static void audit_log_exit(struct audit_context
*context, struct task_struct *ts
audit_log_task_info(ab, tsk);
audit_log_key(ab, context->filterkey);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
for (aux = context->aux; aux; aux = aux->next) {
- ab = audit_log_start_ns(ns, context, GFP_KERNEL, aux->type);
+ ab = audit_log_start(ns, context, GFP_KERNEL, aux->type);
if (!ab)
continue; /* audit_panic has been called */
@@ -1657,28 +1657,28 @@ static void audit_log_exit(struct audit_context
*context, struct task_struct *ts
break; }
}
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
if (context->type)
show_special(ns, context, &call_panic);
if (context->fds[0] >= 0) {
- ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_FD_PAIR);
+ ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_FD_PAIR);
if (ab) {
audit_log_format(ab, "fd0=%d fd1=%d",
context->fds[0], context->fds[1]);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
}
if (context->sockaddr_len) {
- ab = audit_log_start_ns(ns, context, GFP_KERNEL,
AUDIT_SOCKADDR);
+ ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_SOCKADDR);
if (ab) {
audit_log_format(ab, "saddr=");
audit_log_n_hex(ab, (void *)context->sockaddr,
context->sockaddr_len);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
}
@@ -1704,10 +1704,10 @@ static void audit_log_exit(struct audit_context
*context, struct task_struct *ts
call_panic = 1;
if (context->pwd.dentry && context->pwd.mnt) {
- ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_CWD);
+ ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_CWD);
if (ab) {
audit_log_d_path(ab, " cwd=", &context->pwd);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
}
@@ -1716,9 +1716,9 @@ static void audit_log_exit(struct audit_context *context,
struct task_struct *ts
audit_log_name(ns, context, n, i++, &call_panic);
/* Send end of event record to help user space know we are finished */
- ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_EOE);
+ ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_EOE);
if (ab)
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
if (call_panic)
audit_panic("error converting sid to string");
}
@@ -2337,7 +2337,7 @@ int audit_set_loginuid(kuid_t loginuid)
struct audit_buffer *ab;
struct user_namespace *ns = current_user_ns();
- ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_LOGIN);
+ ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_LOGIN);
if (ab) {
audit_log_format(ab, "login pid=%d uid=%u "
"old auid=%u new auid=%u"
@@ -2347,7 +2347,7 @@ int audit_set_loginuid(kuid_t loginuid)
from_kuid(&init_user_ns, task->loginuid),
from_kuid(&init_user_ns, loginuid),
task->sessionid, sessionid);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
}
task->sessionid = sessionid;
@@ -2740,11 +2740,11 @@ void audit_core_dumps(long signr)
if (signr == SIGQUIT) /* don't care for those */
return;
- ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
+ ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
if (unlikely(!ab))
return;
audit_log_abend(ns, ab, "memory violation", signr);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
void __audit_seccomp(unsigned long syscall, long signr, int code)
@@ -2752,7 +2752,7 @@ void __audit_seccomp(unsigned long syscall, long signr,
int code)
struct audit_buffer *ab;
struct user_namespace *ns = current_user_ns();
- ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_SECCOMP);
+ ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_SECCOMP);
if (unlikely(!ab))
return;
audit_log_task(ns, ab);
@@ -2761,7 +2761,7 @@ void __audit_seccomp(unsigned long syscall, long signr,
int code)
audit_log_format(ab, " compat=%d", is_compat_task());
audit_log_format(ab, " ip=0x%lx", KSTK_EIP(current));
audit_log_format(ab, " code=0x%x", code);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
struct list_head *audit_killed_trees(void)
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index b021445..d365d84 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -532,7 +532,7 @@ doi_add_return:
audit_log_format(audit_buf,
" cipso_doi=%u cipso_type=%s res=%u",
doi, type_str, ret_val == 0 ? 1 : 0);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
return ret_val;
@@ -622,7 +622,7 @@ doi_remove_return:
audit_log_format(audit_buf,
" cipso_doi=%u res=%u",
doi, ret_val == 0 ? 1 : 0);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
return ret_val;
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index ba90a1b..8be219e 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -861,13 +861,13 @@ xt_replace_table(struct xt_table *table,
if (audit_enabled_ns(ns)) {
struct audit_buffer *ab;
- ab = audit_log_start_ns(ns, current->audit_context,
+ ab = audit_log_start(ns, current->audit_context,
GFP_KERNEL, AUDIT_NETFILTER_CFG);
if (ab) {
audit_log_format(ab, "table=%s family=%u entries=%u",
table->name, table->af,
private->number);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
}
#endif
diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
index b1ffba2..a0b102a 100644
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@ -129,7 +129,7 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param
*par)
if (audit_enabled_ns(ns) == 0)
goto errout;
- ab = audit_log_start_ns(ns, NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
+ ab = audit_log_start(ns, NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
if (ab == NULL)
goto errout;
@@ -174,7 +174,7 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param
*par)
audit_log_secctx(ab, skb->secmark);
#endif
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
errout:
return XT_CONTINUE;
diff --git a/net/netlabel/netlabel_domainhash.c
b/net/netlabel/netlabel_domainhash.c
index 7fab4b8..7c5d381 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -241,7 +241,7 @@ static void netlbl_domhsh_audit_add(struct netlbl_dom_map
*entry,
break;
}
audit_log_format(audit_buf, " res=%u", result == 0 ? 1 : 0);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
}
@@ -462,7 +462,7 @@ int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry,
" nlbl_domain=%s res=%u",
entry->domain ? entry->domain : "(default)",
ret_val == 0 ? 1 : 0);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
if (ret_val == 0) {
diff --git a/net/netlabel/netlabel_unlabeled.c
b/net/netlabel/netlabel_unlabeled.c
index 7708078..4d62cb7 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -465,7 +465,7 @@ unlhsh_add_return:
security_release_secctx(secctx, secctx_len);
}
audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
return ret_val;
}
@@ -521,7 +521,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
security_release_secctx(secctx, secctx_len);
}
audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
if (entry == NULL)
@@ -582,7 +582,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
security_release_secctx(secctx, secctx_len);
}
audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
if (entry == NULL)
@@ -766,7 +766,7 @@ static void netlbl_unlabel_acceptflg_set(u8 value,
if (audit_buf != NULL) {
audit_log_format(audit_buf,
" unlbl_accept=%u old=%u", value, old_val);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
}
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index d7550a2..e9e4e84 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -105,8 +105,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
if (audit_enabled_ns(ns) == 0)
return NULL;
- audit_buf = audit_log_start_ns(ns, current->audit_context,
- GFP_ATOMIC, type);
+ audit_buf = audit_log_start(ns, current->audit_context,
+ GFP_ATOMIC, type);
if (audit_buf == NULL)
return NULL;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index f3cc1b9..6aaa5a7 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3008,7 +3008,7 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int
result,
xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
audit_log_format(audit_buf, " res=%u", result);
xfrm_audit_common_policyinfo(xp, audit_buf);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
@@ -3023,7 +3023,7 @@ void xfrm_audit_policy_delete(struct xfrm_policy *xp, int
result,
xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
audit_log_format(audit_buf, " res=%u", result);
xfrm_audit_common_policyinfo(xp, audit_buf);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
EXPORT_SYMBOL_GPL(xfrm_audit_policy_delete);
#endif
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 50115d9..9c824e7 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2119,7 +2119,7 @@ void xfrm_audit_state_add(struct xfrm_state *x, int
result,
xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
xfrm_audit_helper_sainfo(x, audit_buf);
audit_log_format(audit_buf, " res=%u", result);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
@@ -2134,7 +2134,7 @@ void xfrm_audit_state_delete(struct xfrm_state *x, int
result,
xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
xfrm_audit_helper_sainfo(x, audit_buf);
audit_log_format(audit_buf, " res=%u", result);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
@@ -2152,7 +2152,7 @@ void xfrm_audit_state_replay_overflow(struct xfrm_state
*x,
* of audit message */
spi = ntohl(x->id.spi);
audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
@@ -2169,7 +2169,7 @@ void xfrm_audit_state_replay(struct xfrm_state *x,
spi = ntohl(x->id.spi);
audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
spi, spi, ntohl(net_seq));
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
EXPORT_SYMBOL_GPL(xfrm_audit_state_replay);
@@ -2181,7 +2181,7 @@ void xfrm_audit_state_notfound_simple(struct sk_buff
*skb, u16 family)
if (audit_buf == NULL)
return;
xfrm_audit_helper_pktinfo(skb, family, audit_buf);
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
@@ -2198,7 +2198,7 @@ void xfrm_audit_state_notfound(struct sk_buff *skb, u16
family,
spi = ntohl(net_spi);
audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
spi, spi, ntohl(net_seq));
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
@@ -2218,7 +2218,7 @@ void xfrm_audit_state_icvfail(struct xfrm_state *x,
audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
spi, spi, ntohl(net_seq));
}
- audit_log_end_ns(current_user_ns(), audit_buf);
+ audit_log_end(current_user_ns(), audit_buf);
}
EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
#endif /* CONFIG_AUDITSYSCALL */
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index a94b54e..e60147f 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -223,8 +223,8 @@ void ima_audit_measurement(struct integrity_iint_cache
*iint,
hex_byte_pack(hash + (i * 2), iint->ima_xattr.digest[i]);
hash[i * 2] = '\0';
- ab = audit_log_start_ns(ns, current->audit_context, GFP_KERNEL,
- AUDIT_INTEGRITY_RULE);
+ ab = audit_log_start(ns, current->audit_context, GFP_KERNEL,
+ AUDIT_INTEGRITY_RULE);
if (!ab)
return;
@@ -234,7 +234,7 @@ void ima_audit_measurement(struct integrity_iint_cache
*iint,
audit_log_untrustedstring(ab, hash);
audit_log_task_info(ab, current);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
iint->flags |= IMA_AUDITED;
}
diff --git a/security/integrity/ima/ima_audit.c
b/security/integrity/ima/ima_audit.c
index e7a205b..91e559e 100644
--- a/security/integrity/ima/ima_audit.c
+++ b/security/integrity/ima/ima_audit.c
@@ -39,8 +39,8 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
return;
ns = current_user_ns();
- ab = audit_log_start_ns(ns, current->audit_context,
- GFP_KERNEL, audit_msgno);
+ ab = audit_log_start(ns, current->audit_context,
+ GFP_KERNEL, audit_msgno);
audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
current->pid,
from_kuid(ns, current_cred()->uid),
@@ -63,5 +63,5 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
audit_log_format(ab, " ino=%lu", inode->i_ino);
}
audit_log_format(ab, " res=%d", !result);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
diff --git a/security/integrity/ima/ima_policy.c
b/security/integrity/ima/ima_policy.c
index c817d35..43e9af6 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -416,7 +416,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry
*entry)
int result = 0;
struct user_namespace *ns = current_user_ns();
- ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
+ ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
entry->uid = INVALID_UID;
entry->fowner = INVALID_UID;
@@ -634,7 +634,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry
*entry)
else if (entry->func == MODULE_CHECK)
ima_appraise |= IMA_APPRAISE_MODULES;
audit_log_format(ab, "res=%d", !result);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
return result;
}
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 90fcd08..ace11d3 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -399,8 +399,8 @@ void common_lsm_audit(struct common_audit_data *a,
ns = current_user_ns();
/* we use GFP_ATOMIC so we won't sleep */
- ab = audit_log_start_ns(ns, current->audit_context,
- GFP_ATOMIC, AUDIT_AVC);
+ ab = audit_log_start(ns, current->audit_context,
+ GFP_ATOMIC, AUDIT_AVC);
if (ab == NULL)
return;
@@ -413,5 +413,5 @@ void common_lsm_audit(struct common_audit_data *a,
if (post_audit)
post_audit(ab, a);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 93b6c72..3e5a906 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2799,11 +2799,11 @@ static int selinux_inode_setxattr(struct dentry
*dentry, const char *name,
str = "";
audit_size = 0;
}
- ab = audit_log_start_ns(ns, current->audit_context,
- GFP_ATOMIC, AUDIT_SELINUX_ERR);
+ ab = audit_log_start(ns, current->audit_context,
+ GFP_ATOMIC, AUDIT_SELINUX_ERR);
audit_log_format(ab, "op=setxattr invalid_context=");
audit_log_n_untrustedstring(ab, value, audit_size);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
return rc;
}
@@ -5338,13 +5338,13 @@ static int selinux_setprocattr(struct task_struct *p,
audit_size = size - 1;
else
audit_size = size;
- ab = audit_log_start_ns(ns,
- current->audit_context,
- GFP_ATOMIC,
- AUDIT_SELINUX_ERR);
+ ab = audit_log_start(ns,
+ current->audit_context,
+ GFP_ATOMIC,
+ AUDIT_SELINUX_ERR);
audit_log_format(ab, "op=fscreate
invalid_context=");
audit_log_n_untrustedstring(ab, value,
audit_size);
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
return error;
}
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 140a383..9cdd1e5 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -503,8 +503,8 @@ static void security_dump_masked_av(struct context
*scontext,
/* audit a message */
ns = current_user_ns();
- ab = audit_log_start_ns(ns, current->audit_context,
- GFP_ATOMIC, AUDIT_SELINUX_ERR);
+ ab = audit_log_start(ns, current->audit_context,
+ GFP_ATOMIC, AUDIT_SELINUX_ERR);
if (!ab)
goto out;
@@ -524,7 +524,7 @@ static void security_dump_masked_av(struct context
*scontext,
? permission_names[index] : "????");
need_comma = true;
}
- audit_log_end_ns(ns, ab);
+ audit_log_end(ns, ab);
out:
/* release scontext/tcontext */
kfree(tcontext_name);
--
1.8.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
