* [PATCH 1/3] Move variable function in lsm_audit.h into SMACK private space
@ 2009-07-09 14:00 Thomas Liu
2009-07-09 14:04 ` Eric Paris
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Thomas Liu @ 2009-07-09 14:00 UTC (permalink / raw)
To: linux-security-module, selinux
Cc: chrisw, sds, jmorris, eparis, casey, etienne.basset
Moved variable function in include/linux/lsm_audit.h into the
smack_audit_data struct since it is never used outside of it.
Also removed setting of function in the COMMON_AUDIT_DATA_INIT
macro because that variable is now private to SMACK.
Signed-off-by: Thomas Liu <tliu@redhat.com>
---
include/linux/lsm_audit.h | 4 ++--
security/smack/smack.h | 2 +-
security/smack/smack_access.c | 7 ++++---
3 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index e461b2c..68f7bce 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -66,11 +66,11 @@ struct common_audit_data {
} key_struct;
#endif
} u;
- const char *function;
/* this union contains LSM specific data */
union {
/* SMACK data */
struct smack_audit_data {
+ const char *function;
char *subject;
char *object;
char *request;
@@ -104,7 +104,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
/* Initialize an LSM audit data structure. */
#define COMMON_AUDIT_DATA_INIT(_d, _t) \
{ memset((_d), 0, sizeof(struct common_audit_data)); \
- (_d)->type = LSM_AUDIT_DATA_##_t; (_d)->function = __func__; }
+ (_d)->type = LSM_AUDIT_DATA_##_t; }
void common_lsm_audit(struct common_audit_data *a);
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 243bec1..ff180ed 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -275,7 +275,7 @@ static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
{
memset(a, 0, sizeof(*a));
a->a.type = type;
- a->a.function = func;
+ a->a.lsm_priv.smack_audit_data.function = func;
}
static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 513dc1a..dd84877 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -241,7 +241,8 @@ static void smack_log_callback(struct audit_buffer *ab, void *a)
{
struct common_audit_data *ad = a;
struct smack_audit_data *sad = &ad->lsm_priv.smack_audit_data;
- audit_log_format(ab, "lsm=SMACK fn=%s action=%s", ad->function,
+ audit_log_format(ab, "lsm=SMACK fn=%s action=%s",
+ ad->lsm_priv.smack_audit_data.function,
sad->result ? "denied" : "granted");
audit_log_format(ab, " subject=");
audit_log_untrustedstring(ab, sad->subject);
@@ -274,8 +275,8 @@ void smack_log(char *subject_label, char *object_label, int request,
if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
return;
- if (a->function == NULL)
- a->function = "unknown";
+ if (a->lsm_priv.smack_audit_data.function == NULL)
+ a->lsm_priv.smack_audit_data.function = "unknown";
/* end preparing the audit data */
sad = &a->lsm_priv.smack_audit_data;
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/3] Move variable function in lsm_audit.h into SMACK private space
2009-07-09 14:00 [PATCH 1/3] Move variable function in lsm_audit.h into SMACK private space Thomas Liu
@ 2009-07-09 14:04 ` Eric Paris
2009-07-09 14:17 ` Casey Schaufler
2009-07-09 22:56 ` James Morris
2 siblings, 0 replies; 6+ messages in thread
From: Eric Paris @ 2009-07-09 14:04 UTC (permalink / raw)
To: Thomas Liu
Cc: linux-security-module, selinux, chrisw, sds, jmorris, eparis,
casey, etienne.basset
On Thu, 2009-07-09 at 10:00 -0400, Thomas Liu wrote:
> Moved variable function in include/linux/lsm_audit.h into the
> smack_audit_data struct since it is never used outside of it.
>
> Also removed setting of function in the COMMON_AUDIT_DATA_INIT
> macro because that variable is now private to SMACK.
>
> Signed-off-by: Thomas Liu <tliu@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
> ---
>
> include/linux/lsm_audit.h | 4 ++--
> security/smack/smack.h | 2 +-
> security/smack/smack_access.c | 7 ++++---
> 3 files changed, 7 insertions(+), 6 deletions(-)
>
>
> diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
> index e461b2c..68f7bce 100644
> --- a/include/linux/lsm_audit.h
> +++ b/include/linux/lsm_audit.h
> @@ -66,11 +66,11 @@ struct common_audit_data {
> } key_struct;
> #endif
> } u;
> - const char *function;
> /* this union contains LSM specific data */
> union {
> /* SMACK data */
> struct smack_audit_data {
> + const char *function;
> char *subject;
> char *object;
> char *request;
> @@ -104,7 +104,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
> /* Initialize an LSM audit data structure. */
> #define COMMON_AUDIT_DATA_INIT(_d, _t) \
> { memset((_d), 0, sizeof(struct common_audit_data)); \
> - (_d)->type = LSM_AUDIT_DATA_##_t; (_d)->function = __func__; }
> + (_d)->type = LSM_AUDIT_DATA_##_t; }
>
> void common_lsm_audit(struct common_audit_data *a);
>
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index 243bec1..ff180ed 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -275,7 +275,7 @@ static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
> {
> memset(a, 0, sizeof(*a));
> a->a.type = type;
> - a->a.function = func;
> + a->a.lsm_priv.smack_audit_data.function = func;
> }
>
> static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
> diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
> index 513dc1a..dd84877 100644
> --- a/security/smack/smack_access.c
> +++ b/security/smack/smack_access.c
> @@ -241,7 +241,8 @@ static void smack_log_callback(struct audit_buffer *ab, void *a)
> {
> struct common_audit_data *ad = a;
> struct smack_audit_data *sad = &ad->lsm_priv.smack_audit_data;
> - audit_log_format(ab, "lsm=SMACK fn=%s action=%s", ad->function,
> + audit_log_format(ab, "lsm=SMACK fn=%s action=%s",
> + ad->lsm_priv.smack_audit_data.function,
> sad->result ? "denied" : "granted");
> audit_log_format(ab, " subject=");
> audit_log_untrustedstring(ab, sad->subject);
> @@ -274,8 +275,8 @@ void smack_log(char *subject_label, char *object_label, int request,
> if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
> return;
>
> - if (a->function == NULL)
> - a->function = "unknown";
> + if (a->lsm_priv.smack_audit_data.function == NULL)
> + a->lsm_priv.smack_audit_data.function = "unknown";
>
> /* end preparing the audit data */
> sad = &a->lsm_priv.smack_audit_data;
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/3] Move variable function in lsm_audit.h into SMACK private space
2009-07-09 14:00 [PATCH 1/3] Move variable function in lsm_audit.h into SMACK private space Thomas Liu
2009-07-09 14:04 ` Eric Paris
@ 2009-07-09 14:17 ` Casey Schaufler
2009-07-09 14:23 ` Eric Paris
2009-07-09 22:56 ` James Morris
2 siblings, 1 reply; 6+ messages in thread
From: Casey Schaufler @ 2009-07-09 14:17 UTC (permalink / raw)
To: Thomas Liu
Cc: linux-security-module, selinux, chrisw, sds, jmorris, eparis,
etienne.basset
Thomas Liu wrote:
> Moved variable function in include/linux/lsm_audit.h into the
> smack_audit_data struct since it is never used outside of it.
>
What value does this change provide?
> Also removed setting of function in the COMMON_AUDIT_DATA_INIT
> macro because that variable is now private to SMACK.
>
> Signed-off-by: Thomas Liu <tliu@redhat.com>
> ---
>
> include/linux/lsm_audit.h | 4 ++--
> security/smack/smack.h | 2 +-
> security/smack/smack_access.c | 7 ++++---
> 3 files changed, 7 insertions(+), 6 deletions(-)
>
>
> diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
> index e461b2c..68f7bce 100644
> --- a/include/linux/lsm_audit.h
> +++ b/include/linux/lsm_audit.h
> @@ -66,11 +66,11 @@ struct common_audit_data {
> } key_struct;
> #endif
> } u;
> - const char *function;
> /* this union contains LSM specific data */
> union {
> /* SMACK data */
> struct smack_audit_data {
> + const char *function;
> char *subject;
> char *object;
> char *request;
> @@ -104,7 +104,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
> /* Initialize an LSM audit data structure. */
> #define COMMON_AUDIT_DATA_INIT(_d, _t) \
> { memset((_d), 0, sizeof(struct common_audit_data)); \
> - (_d)->type = LSM_AUDIT_DATA_##_t; (_d)->function = __func__; }
> + (_d)->type = LSM_AUDIT_DATA_##_t; }
>
> void common_lsm_audit(struct common_audit_data *a);
>
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index 243bec1..ff180ed 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -275,7 +275,7 @@ static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
> {
> memset(a, 0, sizeof(*a));
> a->a.type = type;
> - a->a.function = func;
> + a->a.lsm_priv.smack_audit_data.function = func;
> }
>
> static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
> diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
> index 513dc1a..dd84877 100644
> --- a/security/smack/smack_access.c
> +++ b/security/smack/smack_access.c
> @@ -241,7 +241,8 @@ static void smack_log_callback(struct audit_buffer *ab, void *a)
> {
> struct common_audit_data *ad = a;
> struct smack_audit_data *sad = &ad->lsm_priv.smack_audit_data;
> - audit_log_format(ab, "lsm=SMACK fn=%s action=%s", ad->function,
> + audit_log_format(ab, "lsm=SMACK fn=%s action=%s",
> + ad->lsm_priv.smack_audit_data.function,
> sad->result ? "denied" : "granted");
> audit_log_format(ab, " subject=");
> audit_log_untrustedstring(ab, sad->subject);
> @@ -274,8 +275,8 @@ void smack_log(char *subject_label, char *object_label, int request,
> if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
> return;
>
> - if (a->function == NULL)
> - a->function = "unknown";
> + if (a->lsm_priv.smack_audit_data.function == NULL)
> + a->lsm_priv.smack_audit_data.function = "unknown";
>
> /* end preparing the audit data */
> sad = &a->lsm_priv.smack_audit_data;
>
>
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/3] Move variable function in lsm_audit.h into SMACK private space
2009-07-09 14:17 ` Casey Schaufler
@ 2009-07-09 14:23 ` Eric Paris
2009-07-09 14:50 ` Casey Schaufler
0 siblings, 1 reply; 6+ messages in thread
From: Eric Paris @ 2009-07-09 14:23 UTC (permalink / raw)
To: Casey Schaufler
Cc: Thomas Liu, linux-security-module, selinux, chrisw, sds, jmorris,
eparis, etienne.basset
On Thu, 2009-07-09 at 07:17 -0700, Casey Schaufler wrote:
> Thomas Liu wrote:
> > Moved variable function in include/linux/lsm_audit.h into the
> > smack_audit_data struct since it is never used outside of it.
> >
>
> What value does this change provide?
By itself, none other than proper abstracting. ->function is a smack
specific object so it shouldn't be in the generic space. Along with
patch #3 it saves memory on systems that choose to build without SMACK.
-Eric
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/3] Move variable function in lsm_audit.h into SMACK private space
2009-07-09 14:23 ` Eric Paris
@ 2009-07-09 14:50 ` Casey Schaufler
0 siblings, 0 replies; 6+ messages in thread
From: Casey Schaufler @ 2009-07-09 14:50 UTC (permalink / raw)
To: Eric Paris
Cc: Thomas Liu, linux-security-module, selinux, chrisw, sds, jmorris,
eparis, etienne.basset
Eric Paris wrote:
> On Thu, 2009-07-09 at 07:17 -0700, Casey Schaufler wrote:
>
>> Thomas Liu wrote:
>>
>>> Moved variable function in include/linux/lsm_audit.h into the
>>> smack_audit_data struct since it is never used outside of it.
>>>
>>>
>> What value does this change provide?
>>
>
> By itself, none other than proper abstracting. ->function is a smack
> specific object so it shouldn't be in the generic space. Along with
> patch #3 it saves memory on systems that choose to build without SMACK.
>
I don't see any problems with it then.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/3] Move variable function in lsm_audit.h into SMACK private space
2009-07-09 14:00 [PATCH 1/3] Move variable function in lsm_audit.h into SMACK private space Thomas Liu
2009-07-09 14:04 ` Eric Paris
2009-07-09 14:17 ` Casey Schaufler
@ 2009-07-09 22:56 ` James Morris
2 siblings, 0 replies; 6+ messages in thread
From: James Morris @ 2009-07-09 22:56 UTC (permalink / raw)
To: Thomas Liu
Cc: linux-security-module, selinux, chrisw, sds, eparis, casey,
etienne.basset
On Thu, 9 Jul 2009, Thomas Liu wrote:
> Moved variable function in include/linux/lsm_audit.h into the
> smack_audit_data struct since it is never used outside of it.
>
> Also removed setting of function in the COMMON_AUDIT_DATA_INIT
> macro because that variable is now private to SMACK.
>
> Signed-off-by: Thomas Liu <tliu@redhat.com>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
--
James Morris
<jmorris@namei.org>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2009-07-09 22:56 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-07-09 14:00 [PATCH 1/3] Move variable function in lsm_audit.h into SMACK private space Thomas Liu
2009-07-09 14:04 ` Eric Paris
2009-07-09 14:17 ` Casey Schaufler
2009-07-09 14:23 ` Eric Paris
2009-07-09 14:50 ` Casey Schaufler
2009-07-09 22:56 ` James Morris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.