audit: use an lsm_prop in audit_names

Replace the osid field in the audit_names structure with a
lsm_prop structure. This accommodates the use of an lsm_prop in
security_audit_rule_match() and security_inode_getsecid().

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subj line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/kernel/audit.h b/kernel/audit.h
index d14924a887c9a9d66c6174f1dd2d9c2fe5a642df..8e6f886a83a4af79aee11e7ced0f61c7d1311fb2 100644 (file)
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -82,7 +82,7 @@ struct audit_names {
        kuid_t                  uid;
        kgid_t                  gid;
        dev_t                   rdev;
-       u32                     osid;
+       struct lsm_prop         oprop;
        struct audit_cap_data   fcap;
        unsigned int            fcap_ver;
        unsigned char           type;           /* record type */

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 372302f0528b21a833c76216fd118a3aa763618d..53fbd2e5d93441cc92ef242eea89abf0039e6118 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -698,19 +698,15 @@ static int audit_filter_rules(struct task_struct *tsk,
                        if (f->lsm_rule) {
                                /* Find files that match */
                                if (name) {
-                                       /* scaffolding */
-                                       prop.scaffold.secid = name->osid;
                                        result = security_audit_rule_match(
-                                                               &prop,
+                                                               &name->oprop,
                                                                f->type,
                                                                f->op,
                                                                f->lsm_rule);
                                } else if (ctx) {
                                        list_for_each_entry(n, &ctx->names_list, list) {
-                                               /* scaffolding */
-                                               prop.scaffold.secid = n->osid;
                                                if (security_audit_rule_match(
-                                                               &prop,
+                                                               &n->oprop,
                                                                f->type,
                                                                f->op,
                                                                f->lsm_rule)) {
@@ -1562,13 +1558,11 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
                                 from_kgid(&init_user_ns, n->gid),
                                 MAJOR(n->rdev),
                                 MINOR(n->rdev));
-       if (n->osid != 0) {
+       if (lsmprop_is_set(&n->oprop)) {
                char *ctx = NULL;
                u32 len;
 
-               if (security_secid_to_secctx(
-                       n->osid, &ctx, &len)) {
-                       audit_log_format(ab, " osid=%u", n->osid);
+               if (security_lsmprop_to_secctx(&n->oprop, &ctx, &len)) {
                        if (call_panic)
                                *call_panic = 2;
                } else {
@@ -2276,17 +2270,13 @@ static void audit_copy_inode(struct audit_names *name,
                             const struct dentry *dentry,
                             struct inode *inode, unsigned int flags)
 {
-       struct lsm_prop prop;
-
        name->ino   = inode->i_ino;
        name->dev   = inode->i_sb->s_dev;
        name->mode  = inode->i_mode;
        name->uid   = inode->i_uid;
        name->gid   = inode->i_gid;
        name->rdev  = inode->i_rdev;
-       security_inode_getlsmprop(inode, &prop);
-       /* scaffolding */
-       name->osid = prop.scaffold.secid;
+       security_inode_getlsmprop(inode, &name->oprop);
        if (flags & AUDIT_INODE_NOEVAL) {
                name->fcap_ver = -1;
                return;