audit: update shutdown LSM data

The audit process LSM information is changed from a secid audit_sig_sid
to an lsm_prop in audit_sig_lsm. Update the users of this data
appropriately. Calls to security_secid_to_secctx() are changed to use
security_lsmprop_to_secctx() instead. security_current_getsecid_subj()
is scaffolded. It will be updated in a subsequent patch.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/kernel/audit.c b/kernel/audit.c
index 1edaa4846a470b2a16c4979a0945a1c1160e2d9b..47c41e6f9ea99b5a507343c227c768581d6f7a0a 100644 (file)
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -123,7 +123,7 @@ static u32  audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
 /* The identity of the user shutting down the audit system. */
 static kuid_t          audit_sig_uid = INVALID_UID;
 static pid_t           audit_sig_pid = -1;
-static u32             audit_sig_sid;
+static struct lsm_prop audit_sig_lsm;
 
 /* Records can be lost in several ways:
    0) [suppressed in audit_alloc]
@@ -1473,20 +1473,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
        }
        case AUDIT_SIGNAL_INFO:
                len = 0;
-               if (audit_sig_sid) {
-                       err = security_secid_to_secctx(audit_sig_sid, &ctx, &len);
+               if (lsmprop_is_set(&audit_sig_lsm)) {
+                       err = security_lsmprop_to_secctx(&audit_sig_lsm, &ctx,
+                                                        &len);
                        if (err)
                                return err;
                }
                sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL);
                if (!sig_data) {
-                       if (audit_sig_sid)
+                       if (lsmprop_is_set(&audit_sig_lsm))
                                security_release_secctx(ctx, len);
                        return -ENOMEM;
                }
                sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
                sig_data->pid = audit_sig_pid;
-               if (audit_sig_sid) {
+               if (lsmprop_is_set(&audit_sig_lsm)) {
                        memcpy(sig_data->ctx, ctx, len);
                        security_release_secctx(ctx, len);
                }
@@ -2404,7 +2405,8 @@ int audit_signal_info(int sig, struct task_struct *t)
                        audit_sig_uid = auid;
                else
                        audit_sig_uid = uid;
-               security_current_getsecid_subj(&audit_sig_sid);
+               /* scaffolding */
+               security_current_getsecid_subj(&audit_sig_lsm.scaffold.secid);
        }
 
        return audit_signal_info_syscall(t);