lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data'
It just bloats the audit data structure for no good reason, since the only time those fields are filled are just before calling the common_lsm_audit() function, which is also the only user of those fields. So just make them be the arguments to common_lsm_audit(), rather than bloating that structure that is passed around everywhere, and is initialized in hot paths. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
3f0882c482
commit
b61c37f579
|
@ -82,9 +82,6 @@ struct common_audit_data {
|
||||||
struct apparmor_audit_data *apparmor_audit_data;
|
struct apparmor_audit_data *apparmor_audit_data;
|
||||||
#endif
|
#endif
|
||||||
}; /* per LSM data pointer union */
|
}; /* per LSM data pointer union */
|
||||||
/* these callback will be implemented by a specific LSM */
|
|
||||||
void (*lsm_pre_audit)(struct audit_buffer *, void *);
|
|
||||||
void (*lsm_post_audit)(struct audit_buffer *, void *);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
#define v4info fam.v4
|
#define v4info fam.v4
|
||||||
|
@ -101,6 +98,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
|
||||||
{ memset((_d), 0, sizeof(struct common_audit_data)); \
|
{ memset((_d), 0, sizeof(struct common_audit_data)); \
|
||||||
(_d)->type = LSM_AUDIT_DATA_##_t; }
|
(_d)->type = LSM_AUDIT_DATA_##_t; }
|
||||||
|
|
||||||
void common_lsm_audit(struct common_audit_data *a);
|
void common_lsm_audit(struct common_audit_data *a,
|
||||||
|
void (*pre_audit)(struct audit_buffer *, void *),
|
||||||
|
void (*post_audit)(struct audit_buffer *, void *));
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -160,9 +160,7 @@ void aa_audit_msg(int type, struct common_audit_data *sa,
|
||||||
void (*cb) (struct audit_buffer *, void *))
|
void (*cb) (struct audit_buffer *, void *))
|
||||||
{
|
{
|
||||||
sa->aad->type = type;
|
sa->aad->type = type;
|
||||||
sa->lsm_pre_audit = audit_pre;
|
common_lsm_audit(sa, audit_pre, cb);
|
||||||
sa->lsm_post_audit = cb;
|
|
||||||
common_lsm_audit(sa);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -378,11 +378,15 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
||||||
/**
|
/**
|
||||||
* common_lsm_audit - generic LSM auditing function
|
* common_lsm_audit - generic LSM auditing function
|
||||||
* @a: auxiliary audit data
|
* @a: auxiliary audit data
|
||||||
|
* @pre_audit: lsm-specific pre-audit callback
|
||||||
|
* @post_audit: lsm-specific post-audit callback
|
||||||
*
|
*
|
||||||
* setup the audit buffer for common security information
|
* setup the audit buffer for common security information
|
||||||
* uses callback to print LSM specific information
|
* uses callback to print LSM specific information
|
||||||
*/
|
*/
|
||||||
void common_lsm_audit(struct common_audit_data *a)
|
void common_lsm_audit(struct common_audit_data *a,
|
||||||
|
void (*pre_audit)(struct audit_buffer *, void *),
|
||||||
|
void (*post_audit)(struct audit_buffer *, void *))
|
||||||
{
|
{
|
||||||
struct audit_buffer *ab;
|
struct audit_buffer *ab;
|
||||||
|
|
||||||
|
@ -394,13 +398,13 @@ void common_lsm_audit(struct common_audit_data *a)
|
||||||
if (ab == NULL)
|
if (ab == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (a->lsm_pre_audit)
|
if (pre_audit)
|
||||||
a->lsm_pre_audit(ab, a);
|
pre_audit(ab, a);
|
||||||
|
|
||||||
dump_common_audit_data(ab, a);
|
dump_common_audit_data(ab, a);
|
||||||
|
|
||||||
if (a->lsm_post_audit)
|
if (post_audit)
|
||||||
a->lsm_post_audit(ab, a);
|
post_audit(ab, a);
|
||||||
|
|
||||||
audit_log_end(ab);
|
audit_log_end(ab);
|
||||||
}
|
}
|
||||||
|
|
|
@ -492,9 +492,7 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
|
||||||
slad.denied = denied;
|
slad.denied = denied;
|
||||||
|
|
||||||
a->selinux_audit_data->slad = &slad;
|
a->selinux_audit_data->slad = &slad;
|
||||||
a->lsm_pre_audit = avc_audit_pre_callback;
|
common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
|
||||||
a->lsm_post_audit = avc_audit_post_callback;
|
|
||||||
common_lsm_audit(a);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -321,9 +321,8 @@ void smack_log(char *subject_label, char *object_label, int request,
|
||||||
sad->object = object_label;
|
sad->object = object_label;
|
||||||
sad->request = request_buffer;
|
sad->request = request_buffer;
|
||||||
sad->result = result;
|
sad->result = result;
|
||||||
a->lsm_pre_audit = smack_log_callback;
|
|
||||||
|
|
||||||
common_lsm_audit(a);
|
common_lsm_audit(a, smack_log_callback, NULL);
|
||||||
}
|
}
|
||||||
#else /* #ifdef CONFIG_AUDIT */
|
#else /* #ifdef CONFIG_AUDIT */
|
||||||
void smack_log(char *subject_label, char *object_label, int request,
|
void smack_log(char *subject_label, char *object_label, int request,
|
||||||
|
|
Loading…
Reference in New Issue