diff options
author | Ingo Molnar <mingo@elte.hu> | 2011-08-05 10:32:54 +0200 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2011-08-05 10:33:55 +0200 |
commit | 3272cab4063467410802367a8d69f06c65b2a866 (patch) | |
tree | 1c665f8572b0aab2a5343d32b5eaa6713669b04f /kernel/audit.c | |
parent | f629299b544b6cc12b4e3e85fec96f4ce5809482 (diff) | |
parent | 140d0b2108faebc77c6523296e211e509cb9f5f9 (diff) |
Merge branch 'linus' into perf/urgent
Merge reason: Include most of the merge window trees, to do fixes on top.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 939500317066..0a1355ca3d79 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -43,7 +43,7 @@ #include <linux/init.h> #include <asm/types.h> -#include <asm/atomic.h> +#include <linux/atomic.h> #include <linux/mm.h> #include <linux/module.h> #include <linux/slab.h> @@ -55,6 +55,9 @@ #include <net/sock.h> #include <net/netlink.h> #include <linux/skbuff.h> +#ifdef CONFIG_SECURITY +#include <linux/security.h> +#endif #include <linux/netlink.h> #include <linux/freezer.h> #include <linux/tty.h> @@ -1502,6 +1505,32 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, } } +#ifdef CONFIG_SECURITY +/** + * audit_log_secctx - Converts and logs SELinux context + * @ab: audit_buffer + * @secid: security number + * + * This is a helper function that calls security_secid_to_secctx to convert + * secid to secctx and then adds the (converted) SELinux context to the audit + * log by calling audit_log_format, thus also preventing leak of internal secid + * to userspace. If secid cannot be converted audit_panic is called. + */ +void audit_log_secctx(struct audit_buffer *ab, u32 secid) +{ + u32 len; + char *secctx; + + if (security_secid_to_secctx(secid, &secctx, &len)) { + audit_panic("Cannot convert secid to context"); + } else { + audit_log_format(ab, " obj=%s", secctx); + security_release_secctx(secctx, len); + } +} +EXPORT_SYMBOL(audit_log_secctx); +#endif + EXPORT_SYMBOL(audit_log_start); EXPORT_SYMBOL(audit_log_end); EXPORT_SYMBOL(audit_log_format); |