diff options
author | John Johansen <john.johansen@canonical.com> | 2017-01-16 00:43:02 -0800 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-01-16 01:18:47 -0800 |
commit | ef88a7ac55fdd3bf6ac3942b83aa29311b45339b (patch) | |
tree | 54c6b15e2101650dd169caf745bdb17521db899c /security/apparmor/include | |
parent | 47f6e5cc7355e4ff2fd7ace919aa9e291077c26b (diff) | |
download | talos-obmc-linux-ef88a7ac55fdd3bf6ac3942b83aa29311b45339b.tar.gz talos-obmc-linux-ef88a7ac55fdd3bf6ac3942b83aa29311b45339b.zip |
apparmor: change aad apparmor_audit_data macro to a fn macro
The aad macro can replace aad strings when it is not intended to. Switch
to a fn macro so it is only applied when intended.
Also at the same time cleanup audit_data initialization by putting
common boiler plate behind a macro, and dropping the gfp_t parameter
which will become useless.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include')
-rw-r--r-- | security/apparmor/include/audit.h | 43 | ||||
-rw-r--r-- | security/apparmor/include/file.h | 2 |
2 files changed, 32 insertions, 13 deletions
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 956c0b16a30f..fdc4774318ba 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -108,34 +108,53 @@ struct apparmor_audit_data { const char *name; const char *info; union { - void *target; + /* these entries require a custom callback fn */ struct { + struct aa_profile *peer; + struct { + const char *target; + u32 request; + u32 denied; + kuid_t ouid; + } fs; + }; + struct { + const char *name; long pos; const char *ns; - void *target; } iface; struct { int rlim; unsigned long max; } rlim; - struct { - const char *target; - u32 request; - u32 denied; - kuid_t ouid; - } fs; }; }; -/* define a short hand for apparmor_audit_data structure */ -#define aad apparmor_audit_data +/* macros for dealing with apparmor_audit_data structure */ +#define aad(SA) ((SA)->apparmor_audit_data) +#define DEFINE_AUDIT_DATA(NAME, T, X) \ + /* TODO: cleanup audit init so we don't need _aad = {0,} */ \ + struct apparmor_audit_data NAME ## _aad = { .op = (X), }; \ + struct common_audit_data NAME = \ + { \ + .type = (T), \ + .u.tsk = NULL, \ + }; \ + NAME.apparmor_audit_data = &(NAME ## _aad) void aa_audit_msg(int type, struct common_audit_data *sa, void (*cb) (struct audit_buffer *, void *)); -int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, - struct common_audit_data *sa, +int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, void (*cb) (struct audit_buffer *, void *)); +#define aa_audit_error(ERROR, SA, CB) \ +({ \ + aad((SA))->error = (ERROR); \ + aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB)); \ + aad((SA))->error; \ +}) + + static inline int complain_error(int error) { if (error == -EPERM || error == -EACCES) diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index 0eb54363e033..38f821bf49b6 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -145,7 +145,7 @@ static inline u16 dfa_map_xindex(u16 mask) dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff) int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, - gfp_t gfp, const char *op, u32 request, const char *name, + const char *op, u32 request, const char *name, const char *target, kuid_t ouid, const char *info, int error); /** |