mirror of
https://github.com/torvalds/linux.git
synced 2024-11-26 06:02:05 +00:00
apparmor: move task from common_audit_data to apparmor_audit_data
apparmor is the only LSM that uses the common_audit_data tsk field. Instead of making all LSMs pay for the stack space move the aa usage into the apparmor_audit_data. Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
bd5e50f9c1
commit
0972c74ecb
@ -111,7 +111,7 @@ static const char *const aa_audit_type[] = {
|
||||
static void audit_pre(struct audit_buffer *ab, void *ca)
|
||||
{
|
||||
struct common_audit_data *sa = ca;
|
||||
struct task_struct *tsk = sa->tsk ? sa->tsk : current;
|
||||
struct task_struct *tsk = sa->aad->tsk ? sa->aad->tsk : current;
|
||||
|
||||
if (aa_g_audit_header) {
|
||||
audit_log_format(ab, "apparmor=");
|
||||
@ -149,6 +149,12 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
|
||||
audit_log_format(ab, " name=");
|
||||
audit_log_untrustedstring(ab, sa->aad->name);
|
||||
}
|
||||
|
||||
if (sa->aad->tsk) {
|
||||
audit_log_format(ab, " pid=%d comm=", tsk->pid);
|
||||
audit_log_untrustedstring(ab, tsk->comm);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -205,7 +211,8 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
|
||||
aa_audit_msg(type, sa, cb);
|
||||
|
||||
if (sa->aad->type == AUDIT_APPARMOR_KILL)
|
||||
(void)send_sig_info(SIGKILL, NULL, sa->tsk ? sa->tsk : current);
|
||||
(void)send_sig_info(SIGKILL, NULL,
|
||||
sa->aad->tsk ? sa->aad->tsk : current);
|
||||
|
||||
if (sa->aad->type == AUDIT_APPARMOR_ALLOWED)
|
||||
return complain_error(sa->aad->error);
|
||||
|
@ -67,8 +67,8 @@ static int audit_caps(struct aa_profile *profile, struct task_struct *task,
|
||||
struct apparmor_audit_data aad = {0,};
|
||||
COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_CAP);
|
||||
sa.aad = &aad;
|
||||
sa.tsk = task;
|
||||
sa.u.cap = cap;
|
||||
sa.aad->tsk = task;
|
||||
sa.aad->op = OP_CAPABLE;
|
||||
sa.aad->error = error;
|
||||
|
||||
|
@ -110,6 +110,7 @@ struct apparmor_audit_data {
|
||||
void *profile;
|
||||
const char *name;
|
||||
const char *info;
|
||||
struct task_struct *tsk;
|
||||
union {
|
||||
void *target;
|
||||
struct {
|
||||
|
Loading…
Reference in New Issue
Block a user