projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3f0882c)
lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data'
authorLinus Torvalds <torvalds@linux-foundation.org>
Mon, 2 Apr 2012 22:48:12 +0000 (15:48 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 3 Apr 2012 16:49:59 +0000 (09:49 -0700)
It just bloats the audit data structure for no good reason, since the
only time those fields are filled are just before calling the
common_lsm_audit() function, which is also the only user of those
fields.

So just make them be the arguments to common_lsm_audit(), rather than
bloating that structure that is passed around everywhere, and is
initialized in hot paths.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
include/linux/lsm_audit.h patch | blob | blame | history
security/apparmor/audit.c patch | blob | blame | history
security/lsm_audit.c patch | blob | blame | history
security/selinux/avc.c patch | blob | blame | history
security/smack/smack_access.c patch | blob | blame | history

diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index d1b073ffec240ca0a818fe4f9d387faaad2049e8..fad48aab893b846c293046dfdc3991a5e2e26d10 100644 (file)
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -82,9 +82,6 @@ struct common_audit_data {
                struct apparmor_audit_data *apparmor_audit_data;
 #endif
        }; /* per LSM data pointer union */
-       /* these callback will be implemented by a specific LSM */
-       void (*lsm_pre_audit)(struct audit_buffer *, void *);
-       void (*lsm_post_audit)(struct audit_buffer *, void *);
 };
 
 #define v4info fam.v4
@@ -101,6 +98,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
        { memset((_d), 0, sizeof(struct common_audit_data)); \
         (_d)->type = LSM_AUDIT_DATA_##_t; }
 
-void common_lsm_audit(struct common_audit_data *a);
+void common_lsm_audit(struct common_audit_data *a,
+       void (*pre_audit)(struct audit_buffer *, void *),
+       void (*post_audit)(struct audit_buffer *, void *));
 
 #endif
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 23f7eb658d9c408965c31a566eb5476cc204d623..cc3520d39a78dbc3b8283fa195138ad6786f6071 100644 (file)
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -160,9 +160,7 @@ void aa_audit_msg(int type, struct common_audit_data *sa,
                  void (*cb) (struct audit_buffer *, void *))
 {
        sa->aad->type = type;
-       sa->lsm_pre_audit = audit_pre;
-       sa->lsm_post_audit = cb;
-       common_lsm_audit(sa);
+       common_lsm_audit(sa, audit_pre, cb);
 }
 
 /**
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index e96c6aa17bb01ad147388a6270e4b1a6f3250841..90c129b0102f5cbe43129695bde3c3b924b84987 100644 (file)
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -378,11 +378,15 @@ static void dump_common_audit_data(struct audit_buffer *ab,
 /**
  * common_lsm_audit - generic LSM auditing function
  * @a:  auxiliary audit data
+ * @pre_audit: lsm-specific pre-audit callback
+ * @post_audit: lsm-specific post-audit callback
  *
  * setup the audit buffer for common security information
  * uses callback to print LSM specific information
  */
-void common_lsm_audit(struct common_audit_data *a)
+void common_lsm_audit(struct common_audit_data *a,
+       void (*pre_audit)(struct audit_buffer *, void *),
+       void (*post_audit)(struct audit_buffer *, void *))
 {
        struct audit_buffer *ab;
 
@@ -394,13 +398,13 @@ void common_lsm_audit(struct common_audit_data *a)
        if (ab == NULL)
                return;
 
-       if (a->lsm_pre_audit)
-               a->lsm_pre_audit(ab, a);
+       if (pre_audit)
+               pre_audit(ab, a);
 
        dump_common_audit_data(ab, a);
 
-       if (a->lsm_post_audit)
-               a->lsm_post_audit(ab, a);
+       if (post_audit)
+               post_audit(ab, a);
 
        audit_log_end(ab);
 }
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 36c42bb52d816fffcc29e1ed32e1571f7340184b..8ee42b2a5f19d0b93c1d6fe4fbe3cdda3670376c 100644 (file)
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -492,9 +492,7 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
        slad.denied = denied;
 
        a->selinux_audit_data->slad = &slad;
-       a->lsm_pre_audit = avc_audit_pre_callback;
-       a->lsm_post_audit = avc_audit_post_callback;
-       common_lsm_audit(a);
+       common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
        return 0;
 }
 
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 2af7fcc98a71e619de75e46474492aba52dc1bbd..c8115f7308f843969ce60d5b1be16f71166eaebf 100644 (file)
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -321,9 +321,8 @@ void smack_log(char *subject_label, char *object_label, int request,
        sad->object  = object_label;
        sad->request = request_buffer;
        sad->result  = result;
-       a->lsm_pre_audit = smack_log_callback;
 
-       common_lsm_audit(a);
+       common_lsm_audit(a, smack_log_callback, NULL);
 }
 #else /* #ifdef CONFIG_AUDIT */
 void smack_log(char *subject_label, char *object_label, int request,