summaryrefslogtreecommitdiff
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorIngo Molnar <mingo@elte.hu>2011-08-05 10:32:54 +0200
committerIngo Molnar <mingo@elte.hu>2011-08-05 10:33:55 +0200
commit3272cab4063467410802367a8d69f06c65b2a866 (patch)
tree1c665f8572b0aab2a5343d32b5eaa6713669b04f /kernel/audit.c
parentf629299b544b6cc12b4e3e85fec96f4ce5809482 (diff)
parent140d0b2108faebc77c6523296e211e509cb9f5f9 (diff)
Merge branch 'linus' into perf/urgent
Merge reason: Include most of the merge window trees, to do fixes on top. Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c31
1 files changed, 30 insertions, 1 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 939500317066..0a1355ca3d79 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -43,7 +43,7 @@
#include <linux/init.h>
#include <asm/types.h>
-#include <asm/atomic.h>
+#include <linux/atomic.h>
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/slab.h>
@@ -55,6 +55,9 @@
#include <net/sock.h>
#include <net/netlink.h>
#include <linux/skbuff.h>
+#ifdef CONFIG_SECURITY
+#include <linux/security.h>
+#endif
#include <linux/netlink.h>
#include <linux/freezer.h>
#include <linux/tty.h>
@@ -1502,6 +1505,32 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
}
}
+#ifdef CONFIG_SECURITY
+/**
+ * audit_log_secctx - Converts and logs SELinux context
+ * @ab: audit_buffer
+ * @secid: security number
+ *
+ * This is a helper function that calls security_secid_to_secctx to convert
+ * secid to secctx and then adds the (converted) SELinux context to the audit
+ * log by calling audit_log_format, thus also preventing leak of internal secid
+ * to userspace. If secid cannot be converted audit_panic is called.
+ */
+void audit_log_secctx(struct audit_buffer *ab, u32 secid)
+{
+ u32 len;
+ char *secctx;
+
+ if (security_secid_to_secctx(secid, &secctx, &len)) {
+ audit_panic("Cannot convert secid to context");
+ } else {
+ audit_log_format(ab, " obj=%s", secctx);
+ security_release_secctx(secctx, len);
+ }
+}
+EXPORT_SYMBOL(audit_log_secctx);
+#endif
+
EXPORT_SYMBOL(audit_log_start);
EXPORT_SYMBOL(audit_log_end);
EXPORT_SYMBOL(audit_log_format);