SELinux: unify the selinux_audit_data and selinux_late_audit_data

We no longer need the distinction. We only need data after we decide to do an audit. So turn the "late" audit data into just "data" and remove what we currently have as "data". Signed-off-by: Eric Paris <eparis@redhat.com>

SELinux: unify the selinux_audit_data and selinux_late_audit_data
We no longer need the distinction. We only need data after we decide to do an audit. So turn the "late" audit data into just "data" and remove what we currently have as "data". Signed-off-by: Eric Paris <eparis@redhat.com>
899838b2 · Eric Paris · 1d349292 · 899838b2 · 899838b2 · 899838b2
Commit 899838b2 authored Apr 04, 2012 by Eric Paris
Showing with 16 additions and 91 deletions

security/selinux/avc.c security/selinux/avc.c +15 -16

security/selinux/hooks.c security/selinux/hooks.c +0 -67

security/selinux/include/avc.h security/selinux/include/avc.h +1 -8

No files found.
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -436,9 +436,9 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
 {
 	struct common_audit_data *ad = a;
 	audit_log_format(ab, "avc:  %s ",
-			 ad->selinux_audit_data->slad->denied ? "denied" : "granted");
+			 ad->selinux_audit_data->denied ? "denied" : "granted");
-	avc_dump_av(ab, ad->selinux_audit_data->slad->tclass,
+	avc_dump_av(ab, ad->selinux_audit_data->tclass,
-			ad->selinux_audit_data->slad->audited);
+			ad->selinux_audit_data->audited);
 	audit_log_format(ab, " for ");
 }
@@ -452,9 +452,9 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 {
 	struct common_audit_data *ad = a;
 	audit_log_format(ab, " ");
-	avc_dump_query(ab, ad->selinux_audit_data->slad->ssid,
+	avc_dump_query(ab, ad->selinux_audit_data->ssid,
-			   ad->selinux_audit_data->slad->tsid,
+			   ad->selinux_audit_data->tsid,
-			   ad->selinux_audit_data->slad->tclass);
+			   ad->selinux_audit_data->tclass);
 }
 /* This is the slow part of avc audit with big stack footprint */
@@ -464,13 +464,11 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
 		unsigned flags)
 {
 	struct common_audit_data stack_data;
-	struct selinux_audit_data sad = {0,};
+	struct selinux_audit_data sad;
-	struct selinux_late_audit_data slad;
 	if (!a) {
 		a = &stack_data;
 		a->type = LSM_AUDIT_DATA_NONE;
-		a->selinux_audit_data = &sad;
 	}
 	/*
@@ -484,14 +482,15 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
 	    (flags & MAY_NOT_BLOCK))
 		return -ECHILD;
-	slad.tclass = tclass;
+	sad.tclass = tclass;
-	slad.requested = requested;
+	sad.requested = requested;
-	slad.ssid = ssid;
+	sad.ssid = ssid;
-	slad.tsid = tsid;
+	sad.tsid = tsid;
-	slad.audited = audited;
+	sad.audited = audited;
-	slad.denied = denied;
+	sad.denied = denied;
+	a->selinux_audit_data = &sad;
-	a->selinux_audit_data->slad = &slad;
 	common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
 	return 0;
 }

--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -49,7 +49,7 @@ struct avc_cache_stats {
 /*
 * We only need this data after we have decided to send an audit message.
 */
-struct selinux_late_audit_data {
+struct selinux_audit_data {
 	u32 ssid;
 	u32 tsid;
 	u16 tclass;
@@ -59,13 +59,6 @@ struct selinux_late_audit_data {
 	int result;
 };
-/*
- * We collect this at the beginning or during an selinux security operation
- */
-struct selinux_audit_data {
-	struct selinux_late_audit_data *slad;
-};
 /*
 * AVC operations
 */