diff options
| author | James Morris <jmorris@namei.org> | 2009-07-13 10:39:36 +1000 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-07-13 10:39:36 +1000 |
| commit | be940d6279c30a2d7c4e8d1d5435f957f594d66d (patch) | |
| tree | 965805d563cb756879fd3595230c3ca205da76d1 /security/selinux/include/avc.h | |
| parent | b3a633c8527ef155b1a4e22e8f5abc58f7af54c9 (diff) | |
| download | olio-linux-3.10-be940d6279c30a2d7c4e8d1d5435f957f594d66d.tar.xz olio-linux-3.10-be940d6279c30a2d7c4e8d1d5435f957f594d66d.zip | |
Revert "SELinux: Convert avc_audit to use lsm_audit.h"
This reverts commit 8113a8d80f4c6a3dc3724b39b470f3fee9c426b6.
The patch causes a stack overflow on my system during boot.
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include/avc.h')
| -rw-r--r-- | security/selinux/include/avc.h | 49 |
1 files changed, 44 insertions, 5 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index e94e82f7381..ae4c3a0e2c1 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -13,7 +13,6 @@ #include <linux/spinlock.h> #include <linux/init.h> #include <linux/audit.h> -#include <linux/lsm_audit.h> #include <linux/in6.h> #include <linux/path.h> #include <asm/system.h> @@ -37,6 +36,48 @@ struct inode; struct sock; struct sk_buff; +/* Auxiliary data to use in generating the audit record. */ +struct avc_audit_data { + char type; +#define AVC_AUDIT_DATA_FS 1 +#define AVC_AUDIT_DATA_NET 2 +#define AVC_AUDIT_DATA_CAP 3 +#define AVC_AUDIT_DATA_IPC 4 + struct task_struct *tsk; + union { + struct { + struct path path; + struct inode *inode; + } fs; + struct { + int netif; + struct sock *sk; + u16 family; + __be16 dport; + __be16 sport; + union { + struct { + __be32 daddr; + __be32 saddr; + } v4; + struct { + struct in6_addr daddr; + struct in6_addr saddr; + } v6; + } fam; + } net; + int cap; + int ipc_id; + } u; +}; + +#define v4info fam.v4 +#define v6info fam.v6 + +/* Initialize an AVC audit data structure. */ +#define AVC_AUDIT_DATA_INIT(_d,_t) \ + { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } + /* * AVC statistics */ @@ -57,9 +98,7 @@ void __init avc_init(void); void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested, - struct av_decision *avd, - int result, - struct common_audit_data *a); + struct av_decision *avd, int result, struct avc_audit_data *auditdata); #define AVC_STRICT 1 /* Ignore permissive mode. */ int avc_has_perm_noaudit(u32 ssid, u32 tsid, @@ -69,7 +108,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested, - struct common_audit_data *auditdata); + struct avc_audit_data *auditdata); u32 avc_policy_seqno(void); |