diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2019-01-31 11:52:11 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2019-01-31 23:00:15 -0500 |
| commit | 90462a5bd30c6ed91c6758e59537d047d7878ff9 (patch) | |
| tree | 19dac5d6a368d626695ee639c29a2ac18490043e /security/selinux | |
| parent | 57d4657716aca81ef4d7ec23e8123d26e3d28954 (diff) | |
| download | talos-op-linux-90462a5bd30c6ed91c6758e59537d047d7878ff9.tar.gz talos-op-linux-90462a5bd30c6ed91c6758e59537d047d7878ff9.zip | |
audit: remove unused actx param from audit_rule_match
The audit_rule_match() struct audit_context *actx parameter is not used
by any in-tree consumers (selinux, apparmour, integrity, smack).
The audit context is an internal audit structure that should only be
accessed by audit accessor functions.
It was part of commit 03d37d25e0f9 ("LSM/Audit: Introduce generic
Audit LSM hooks") but appears to have never been used.
Remove it.
Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/107
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: fixed the referenced commit title]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/include/audit.h | 4 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 3 |
2 files changed, 2 insertions, 5 deletions
diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index 1bdf973433cc..e51a81ffb8c9 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h @@ -46,13 +46,11 @@ void selinux_audit_rule_free(void *rule); * @field: the field this rule refers to * @op: the operater the rule uses * @rule: pointer to the audit rule to check against - * @actx: the audit context (can be NULL) associated with the check * * Returns 1 if the context id matches the rule, 0 if it does not, and * -errno on failure. */ -int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule, - struct audit_context *actx); +int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule); /** * selinux_audit_rule_known - check to see if rule contains selinux fields. diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index dd44126c8d14..0b7e33f6aa59 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3376,8 +3376,7 @@ int selinux_audit_rule_known(struct audit_krule *rule) return 0; } -int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, - struct audit_context *actx) +int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule) { struct selinux_state *state = &selinux_state; struct context *ctxt; |
