audit: remove unused actx param from audit_rule_match
The audit_rule_match() struct audit_context *actx parameter is not used
by any in-tree consumers (selinux, apparmour, integrity, smack).
The audit context is an internal audit structure that should only be
accessed by audit accessor functions.
It was part of commit 03d37d25e0
("LSM/Audit: Introduce generic
Audit LSM hooks") but appears to have never been used.
Remove it.
Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/107
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: fixed the referenced commit title]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
57d4657716
commit
90462a5bd3
|
@ -1344,7 +1344,6 @@
|
|||
* @field contains the field which relates to current LSM.
|
||||
* @op contains the operator that will be used for matching.
|
||||
* @rule points to the audit rule that will be checked against.
|
||||
* @actx points to the audit context associated with the check.
|
||||
* Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure.
|
||||
*
|
||||
* @audit_rule_free:
|
||||
|
@ -1764,8 +1763,7 @@ union security_list_options {
|
|||
int (*audit_rule_init)(u32 field, u32 op, char *rulestr,
|
||||
void **lsmrule);
|
||||
int (*audit_rule_known)(struct audit_krule *krule);
|
||||
int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule,
|
||||
struct audit_context *actx);
|
||||
int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule);
|
||||
void (*audit_rule_free)(void *lsmrule);
|
||||
#endif /* CONFIG_AUDIT */
|
||||
|
||||
|
|
|
@ -1674,8 +1674,7 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
|
|||
#ifdef CONFIG_SECURITY
|
||||
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
|
||||
int security_audit_rule_known(struct audit_krule *krule);
|
||||
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
|
||||
struct audit_context *actx);
|
||||
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
|
||||
void security_audit_rule_free(void *lsmrule);
|
||||
|
||||
#else
|
||||
|
@ -1692,7 +1691,7 @@ static inline int security_audit_rule_known(struct audit_krule *krule)
|
|||
}
|
||||
|
||||
static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
|
||||
void *lsmrule, struct audit_context *actx)
|
||||
void *lsmrule)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1355,7 +1355,7 @@ int audit_filter(int msgtype, unsigned int listtype)
|
|||
if (f->lsm_rule) {
|
||||
security_task_getsecid(current, &sid);
|
||||
result = security_audit_rule_match(sid,
|
||||
f->type, f->op, f->lsm_rule, NULL);
|
||||
f->type, f->op, f->lsm_rule);
|
||||
}
|
||||
break;
|
||||
case AUDIT_EXE:
|
||||
|
|
|
@ -632,8 +632,7 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
}
|
||||
result = security_audit_rule_match(sid, f->type,
|
||||
f->op,
|
||||
f->lsm_rule,
|
||||
ctx);
|
||||
f->lsm_rule);
|
||||
}
|
||||
break;
|
||||
case AUDIT_OBJ_USER:
|
||||
|
@ -647,13 +646,17 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
/* Find files that match */
|
||||
if (name) {
|
||||
result = security_audit_rule_match(
|
||||
name->osid, f->type, f->op,
|
||||
f->lsm_rule, ctx);
|
||||
name->osid,
|
||||
f->type,
|
||||
f->op,
|
||||
f->lsm_rule);
|
||||
} else if (ctx) {
|
||||
list_for_each_entry(n, &ctx->names_list, list) {
|
||||
if (security_audit_rule_match(n->osid, f->type,
|
||||
f->op, f->lsm_rule,
|
||||
ctx)) {
|
||||
if (security_audit_rule_match(
|
||||
n->osid,
|
||||
f->type,
|
||||
f->op,
|
||||
f->lsm_rule)) {
|
||||
++result;
|
||||
break;
|
||||
}
|
||||
|
@ -664,7 +667,7 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
break;
|
||||
if (security_audit_rule_match(ctx->ipc.osid,
|
||||
f->type, f->op,
|
||||
f->lsm_rule, ctx))
|
||||
f->lsm_rule))
|
||||
++result;
|
||||
}
|
||||
break;
|
||||
|
|
|
@ -225,8 +225,7 @@ int aa_audit_rule_known(struct audit_krule *rule)
|
|||
return 0;
|
||||
}
|
||||
|
||||
int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
|
||||
struct audit_context *actx)
|
||||
int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
|
||||
{
|
||||
struct aa_audit_rule *rule = vrule;
|
||||
struct aa_label *label;
|
||||
|
|
|
@ -192,7 +192,6 @@ static inline int complain_error(int error)
|
|||
void aa_audit_rule_free(void *vrule);
|
||||
int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
|
||||
int aa_audit_rule_known(struct audit_krule *rule);
|
||||
int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
|
||||
struct audit_context *actx);
|
||||
int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule);
|
||||
|
||||
#endif /* __AA_AUDIT_H */
|
||||
|
|
|
@ -307,8 +307,7 @@ static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr,
|
|||
}
|
||||
|
||||
static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,
|
||||
void *lsmrule,
|
||||
struct audit_context *actx)
|
||||
void *lsmrule)
|
||||
{
|
||||
return -EINVAL;
|
||||
}
|
||||
|
|
|
@ -340,8 +340,7 @@ retry:
|
|||
rc = security_filter_rule_match(osid,
|
||||
rule->lsm[i].type,
|
||||
Audit_equal,
|
||||
rule->lsm[i].rule,
|
||||
NULL);
|
||||
rule->lsm[i].rule);
|
||||
break;
|
||||
case LSM_SUBJ_USER:
|
||||
case LSM_SUBJ_ROLE:
|
||||
|
@ -349,8 +348,7 @@ retry:
|
|||
rc = security_filter_rule_match(secid,
|
||||
rule->lsm[i].type,
|
||||
Audit_equal,
|
||||
rule->lsm[i].rule,
|
||||
NULL);
|
||||
rule->lsm[i].rule);
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -1783,11 +1783,9 @@ void security_audit_rule_free(void *lsmrule)
|
|||
call_void_hook(audit_rule_free, lsmrule);
|
||||
}
|
||||
|
||||
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
|
||||
struct audit_context *actx)
|
||||
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
|
||||
{
|
||||
return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule,
|
||||
actx);
|
||||
return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule);
|
||||
}
|
||||
#endif /* CONFIG_AUDIT */
|
||||
|
||||
|
|
|
@ -46,13 +46,11 @@ void selinux_audit_rule_free(void *rule);
|
|||
* @field: the field this rule refers to
|
||||
* @op: the operater the rule uses
|
||||
* @rule: pointer to the audit rule to check against
|
||||
* @actx: the audit context (can be NULL) associated with the check
|
||||
*
|
||||
* Returns 1 if the context id matches the rule, 0 if it does not, and
|
||||
* -errno on failure.
|
||||
*/
|
||||
int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,
|
||||
struct audit_context *actx);
|
||||
int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule);
|
||||
|
||||
/**
|
||||
* selinux_audit_rule_known - check to see if rule contains selinux fields.
|
||||
|
|
|
@ -3376,8 +3376,7 @@ int selinux_audit_rule_known(struct audit_krule *rule)
|
|||
return 0;
|
||||
}
|
||||
|
||||
int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
|
||||
struct audit_context *actx)
|
||||
int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
|
||||
{
|
||||
struct selinux_state *state = &selinux_state;
|
||||
struct context *ctxt;
|
||||
|
|
|
@ -4393,13 +4393,11 @@ static int smack_audit_rule_known(struct audit_krule *krule)
|
|||
* @field: audit rule flags given from user-space
|
||||
* @op: required testing operator
|
||||
* @vrule: smack internal rule presentation
|
||||
* @actx: audit context associated with the check
|
||||
*
|
||||
* The core Audit hook. It's used to take the decision of
|
||||
* whether to audit or not to audit a given object.
|
||||
*/
|
||||
static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
|
||||
struct audit_context *actx)
|
||||
static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
|
||||
{
|
||||
struct smack_known *skp;
|
||||
char *rule = vrule;
|
||||
|
|
Loading…
Reference in New Issue