From 8113a8d80f4c6a3dc3724b39b470f3fee9c426b6 Mon Sep 17 00:00:00 2001
From: Thomas Liu <tliu@redhat.com>
Date: Fri, 10 Jul 2009 10:31:04 -0400
Subject: SELinux: Convert avc_audit to use lsm_audit.h

Convert avc_audit in security/selinux/avc.c to use lsm_audit.h,
for better maintainability and for less code duplication.

 - changed selinux to use common_audit_data instead of
   avc_audit_data
 - eliminated code in avc.c and used code from lsm_audit.h instead.

I have tested to make sure that the avcs look the same before and
after this patch.

Signed-off-by: Thomas Liu <tliu@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/selinux/xfrm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'security/selinux/xfrm.c')

diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 72b18452e1a..f3cb9ed731a 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -401,7 +401,7 @@ int selinux_xfrm_state_delete(struct xfrm_state *x)
  * gone thru the IPSec process.
  */
 int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
-				struct avc_audit_data *ad)
+				struct common_audit_data *ad)
 {
 	int i, rc = 0;
 	struct sec_path *sp;
@@ -442,7 +442,7 @@ int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
  * checked in the selinux_xfrm_state_pol_flow_match hook above.
  */
 int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
-					struct avc_audit_data *ad, u8 proto)
+					struct common_audit_data *ad, u8 proto)
 {
 	struct dst_entry *dst;
 	int rc = 0;
-- 
cgit v1.2.3


From be940d6279c30a2d7c4e8d1d5435f957f594d66d Mon Sep 17 00:00:00 2001
From: James Morris <jmorris@namei.org>
Date: Mon, 13 Jul 2009 10:39:36 +1000
Subject: Revert "SELinux: Convert avc_audit to use lsm_audit.h"

This reverts commit 8113a8d80f4c6a3dc3724b39b470f3fee9c426b6.

The patch causes a stack overflow on my system during boot.

Signed-off-by: James Morris <jmorris@namei.org>
---
 security/selinux/xfrm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'security/selinux/xfrm.c')

diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index f3cb9ed731a..72b18452e1a 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -401,7 +401,7 @@ int selinux_xfrm_state_delete(struct xfrm_state *x)
  * gone thru the IPSec process.
  */
 int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
-				struct common_audit_data *ad)
+				struct avc_audit_data *ad)
 {
 	int i, rc = 0;
 	struct sec_path *sp;
@@ -442,7 +442,7 @@ int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
  * checked in the selinux_xfrm_state_pol_flow_match hook above.
  */
 int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
-					struct common_audit_data *ad, u8 proto)
+					struct avc_audit_data *ad, u8 proto)
 {
 	struct dst_entry *dst;
 	int rc = 0;
-- 
cgit v1.2.3


From 2bf49690325b62480a42f7afed5e9f164173c570 Mon Sep 17 00:00:00 2001
From: Thomas Liu <tliu@redhat.com>
Date: Tue, 14 Jul 2009 12:14:09 -0400
Subject: SELinux: Convert avc_audit to use lsm_audit.h

Convert avc_audit in security/selinux/avc.c to use lsm_audit.h,
for better maintainability.

 - changed selinux to use common_audit_data instead of
    avc_audit_data
 - eliminated code in avc.c and used code from lsm_audit.h instead.

Had to add a LSM_AUDIT_NO_AUDIT to lsm_audit.h so that avc_audit
can call common_lsm_audit and do the pre and post callbacks without
doing the actual dump.  This makes it so that the patched version
behaves the same way as the unpatched version.

Also added a denied field to the selinux_audit_data private space,
once again to make it so that the patched version behaves like the
unpatched.

I've tested and confirmed that AVCs look the same before and after
this patch.

Signed-off-by: Thomas Liu <tliu@redhat.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/selinux/xfrm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'security/selinux/xfrm.c')

diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 72b18452e1a..f3cb9ed731a 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -401,7 +401,7 @@ int selinux_xfrm_state_delete(struct xfrm_state *x)
  * gone thru the IPSec process.
  */
 int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
-				struct avc_audit_data *ad)
+				struct common_audit_data *ad)
 {
 	int i, rc = 0;
 	struct sec_path *sp;
@@ -442,7 +442,7 @@ int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
  * checked in the selinux_xfrm_state_pol_flow_match hook above.
  */
 int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
-					struct avc_audit_data *ad, u8 proto)
+					struct common_audit_data *ad, u8 proto)
 {
 	struct dst_entry *dst;
 	int rc = 0;
-- 
cgit v1.2.3