Commit f1d9b23c authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Paul Moore

audit: purge audit_log_string from the intra-kernel audit API

audit_log_string() was inteded to be an internal audit function and
since there are only two internal uses, remove them.  Purge all external
uses of it by restructuring code to use an existing audit_log_format()
or using audit_log_format().

Please see the upstream issue
https://github.com/linux-audit/audit-kernel/issues/84Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent d7481b24
...@@ -694,9 +694,4 @@ static inline bool audit_loginuid_set(struct task_struct *tsk) ...@@ -694,9 +694,4 @@ static inline bool audit_loginuid_set(struct task_struct *tsk)
return uid_valid(audit_get_loginuid(tsk)); return uid_valid(audit_get_loginuid(tsk));
} }
static inline void audit_log_string(struct audit_buffer *ab, const char *buf)
{
audit_log_n_string(ab, buf, strlen(buf));
}
#endif #endif
...@@ -2080,13 +2080,13 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix, ...@@ -2080,13 +2080,13 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
/* We will allow 11 spaces for ' (deleted)' to be appended */ /* We will allow 11 spaces for ' (deleted)' to be appended */
pathname = kmalloc(PATH_MAX+11, ab->gfp_mask); pathname = kmalloc(PATH_MAX+11, ab->gfp_mask);
if (!pathname) { if (!pathname) {
audit_log_string(ab, "<no_memory>"); audit_log_format(ab, "\"<no_memory>\"");
return; return;
} }
p = d_path(path, pathname, PATH_MAX+11); p = d_path(path, pathname, PATH_MAX+11);
if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */ if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
/* FIXME: can we save some information here? */ /* FIXME: can we save some information here? */
audit_log_string(ab, "<too_long>"); audit_log_format(ab, "\"<too_long>\"");
} else } else
audit_log_untrustedstring(ab, p); audit_log_untrustedstring(ab, p);
kfree(pathname); kfree(pathname);
......
...@@ -57,18 +57,16 @@ static void audit_pre(struct audit_buffer *ab, void *ca) ...@@ -57,18 +57,16 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
struct common_audit_data *sa = ca; struct common_audit_data *sa = ca;
if (aa_g_audit_header) { if (aa_g_audit_header) {
audit_log_format(ab, "apparmor="); audit_log_format(ab, "apparmor=\"%s\"",
audit_log_string(ab, aa_audit_type[aad(sa)->type]); aa_audit_type[aad(sa)->type]);
} }
if (aad(sa)->op) { if (aad(sa)->op) {
audit_log_format(ab, " operation="); audit_log_format(ab, " operation=\"%s\"", aad(sa)->op);
audit_log_string(ab, aad(sa)->op);
} }
if (aad(sa)->info) { if (aad(sa)->info) {
audit_log_format(ab, " info="); audit_log_format(ab, " info=\"%s\"", aad(sa)->info);
audit_log_string(ab, aad(sa)->info);
if (aad(sa)->error) if (aad(sa)->error)
audit_log_format(ab, " error=%d", aad(sa)->error); audit_log_format(ab, " error=%d", aad(sa)->error);
} }
......
...@@ -34,20 +34,6 @@ static u32 map_mask_to_chr_mask(u32 mask) ...@@ -34,20 +34,6 @@ static u32 map_mask_to_chr_mask(u32 mask)
return m; return m;
} }
/**
* audit_file_mask - convert mask to permission string
* @buffer: buffer to write string to (NOT NULL)
* @mask: permission mask to convert
*/
static void audit_file_mask(struct audit_buffer *ab, u32 mask)
{
char str[10];
aa_perm_mask_to_str(str, sizeof(str), aa_file_perm_chrs,
map_mask_to_chr_mask(mask));
audit_log_string(ab, str);
}
/** /**
* file_audit_cb - call back for file specific audit fields * file_audit_cb - call back for file specific audit fields
* @ab: audit_buffer (NOT NULL) * @ab: audit_buffer (NOT NULL)
...@@ -57,14 +43,17 @@ static void file_audit_cb(struct audit_buffer *ab, void *va) ...@@ -57,14 +43,17 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
{ {
struct common_audit_data *sa = va; struct common_audit_data *sa = va;
kuid_t fsuid = current_fsuid(); kuid_t fsuid = current_fsuid();
char str[10];
if (aad(sa)->request & AA_AUDIT_FILE_MASK) { if (aad(sa)->request & AA_AUDIT_FILE_MASK) {
audit_log_format(ab, " requested_mask="); aa_perm_mask_to_str(str, sizeof(str), aa_file_perm_chrs,
audit_file_mask(ab, aad(sa)->request); map_mask_to_chr_mask(aad(sa)->request));
audit_log_format(ab, " requested_mask=\"%s\"", str);
} }
if (aad(sa)->denied & AA_AUDIT_FILE_MASK) { if (aad(sa)->denied & AA_AUDIT_FILE_MASK) {
audit_log_format(ab, " denied_mask="); aa_perm_mask_to_str(str, sizeof(str), aa_file_perm_chrs,
audit_file_mask(ab, aad(sa)->denied); map_mask_to_chr_mask(aad(sa)->denied));
audit_log_format(ab, " denied_mask=\"%s\"", str);
} }
if (aad(sa)->request & AA_AUDIT_FILE_MASK) { if (aad(sa)->request & AA_AUDIT_FILE_MASK) {
audit_log_format(ab, " fsuid=%d", audit_log_format(ab, " fsuid=%d",
......
...@@ -20,25 +20,23 @@ ...@@ -20,25 +20,23 @@
/** /**
* audit_ptrace_mask - convert mask to permission string * audit_ptrace_mask - convert mask to permission string
* @buffer: buffer to write string to (NOT NULL)
* @mask: permission mask to convert * @mask: permission mask to convert
*
* Returns: pointer to static string
*/ */
static void audit_ptrace_mask(struct audit_buffer *ab, u32 mask) static const char *audit_ptrace_mask(u32 mask)
{ {
switch (mask) { switch (mask) {
case MAY_READ: case MAY_READ:
audit_log_string(ab, "read"); return "read";
break;
case MAY_WRITE: case MAY_WRITE:
audit_log_string(ab, "trace"); return "trace";
break;
case AA_MAY_BE_READ: case AA_MAY_BE_READ:
audit_log_string(ab, "readby"); return "readby";
break;
case AA_MAY_BE_TRACED: case AA_MAY_BE_TRACED:
audit_log_string(ab, "tracedby"); return "tracedby";
break;
} }
return "";
} }
/* call back to audit ptrace fields */ /* call back to audit ptrace fields */
...@@ -47,12 +45,12 @@ static void audit_ptrace_cb(struct audit_buffer *ab, void *va) ...@@ -47,12 +45,12 @@ static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
struct common_audit_data *sa = va; struct common_audit_data *sa = va;
if (aad(sa)->request & AA_PTRACE_PERM_MASK) { if (aad(sa)->request & AA_PTRACE_PERM_MASK) {
audit_log_format(ab, " requested_mask="); audit_log_format(ab, " requested_mask=\"%s\"",
audit_ptrace_mask(ab, aad(sa)->request); audit_ptrace_mask(aad(sa)->request));
if (aad(sa)->denied & AA_PTRACE_PERM_MASK) { if (aad(sa)->denied & AA_PTRACE_PERM_MASK) {
audit_log_format(ab, " denied_mask="); audit_log_format(ab, " denied_mask=\"%s\"",
audit_ptrace_mask(ab, aad(sa)->denied); audit_ptrace_mask(aad(sa)->denied));
} }
} }
audit_log_format(ab, " peer="); audit_log_format(ab, " peer=");
...@@ -142,16 +140,18 @@ static inline int map_signal_num(int sig) ...@@ -142,16 +140,18 @@ static inline int map_signal_num(int sig)
} }
/** /**
* audit_file_mask - convert mask to permission string * audit_signal_mask - convert mask to permission string
* @buffer: buffer to write string to (NOT NULL)
* @mask: permission mask to convert * @mask: permission mask to convert
*
* Returns: pointer to static string
*/ */
static void audit_signal_mask(struct audit_buffer *ab, u32 mask) static const char *audit_signal_mask(u32 mask)
{ {
if (mask & MAY_READ) if (mask & MAY_READ)
audit_log_string(ab, "receive"); return "receive";
if (mask & MAY_WRITE) if (mask & MAY_WRITE)
audit_log_string(ab, "send"); return "send";
return "";
} }
/** /**
...@@ -164,11 +164,11 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va) ...@@ -164,11 +164,11 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va)
struct common_audit_data *sa = va; struct common_audit_data *sa = va;
if (aad(sa)->request & AA_SIGNAL_PERM_MASK) { if (aad(sa)->request & AA_SIGNAL_PERM_MASK) {
audit_log_format(ab, " requested_mask="); audit_log_format(ab, " requested_mask=\"%s\"",
audit_signal_mask(ab, aad(sa)->request); audit_signal_mask(aad(sa)->request));
if (aad(sa)->denied & AA_SIGNAL_PERM_MASK) { if (aad(sa)->denied & AA_SIGNAL_PERM_MASK) {
audit_log_format(ab, " denied_mask="); audit_log_format(ab, " denied_mask=\"%s\"",
audit_signal_mask(ab, aad(sa)->denied); audit_signal_mask(aad(sa)->denied));
} }
} }
if (aad(sa)->signal == SIGUNKNOWN) if (aad(sa)->signal == SIGUNKNOWN)
......
...@@ -72,16 +72,18 @@ void audit_net_cb(struct audit_buffer *ab, void *va) ...@@ -72,16 +72,18 @@ void audit_net_cb(struct audit_buffer *ab, void *va)
{ {
struct common_audit_data *sa = va; struct common_audit_data *sa = va;
audit_log_format(ab, " family=");
if (address_family_names[sa->u.net->family]) if (address_family_names[sa->u.net->family])
audit_log_string(ab, address_family_names[sa->u.net->family]); audit_log_format(ab, " family=\"%s\"",
address_family_names[sa->u.net->family]);
else else
audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family); audit_log_format(ab, " family=\"unknown(%d)\"",
audit_log_format(ab, " sock_type="); sa->u.net->family);
if (sock_type_names[aad(sa)->net.type]) if (sock_type_names[aad(sa)->net.type])
audit_log_string(ab, sock_type_names[aad(sa)->net.type]); audit_log_format(ab, " sock_type=\"%s\"",
sock_type_names[aad(sa)->net.type]);
else else
audit_log_format(ab, "\"unknown(%d)\"", aad(sa)->net.type); audit_log_format(ab, " sock_type=\"unknown(%d)\"",
aad(sa)->net.type);
audit_log_format(ab, " protocol=%d", aad(sa)->net.protocol); audit_log_format(ab, " protocol=%d", aad(sa)->net.protocol);
if (aad(sa)->request & NET_PERMS_MASK) { if (aad(sa)->request & NET_PERMS_MASK) {
......
...@@ -432,8 +432,8 @@ static void dump_common_audit_data(struct audit_buffer *ab, ...@@ -432,8 +432,8 @@ static void dump_common_audit_data(struct audit_buffer *ab,
a->u.ibendport->port); a->u.ibendport->port);
break; break;
case LSM_AUDIT_DATA_LOCKDOWN: case LSM_AUDIT_DATA_LOCKDOWN:
audit_log_format(ab, " lockdown_reason="); audit_log_format(ab, " lockdown_reason=\"%s\"",
audit_log_string(ab, lockdown_reasons[a->u.reason]); lockdown_reasons[a->u.reason]);
break; break;
} /* switch (a->type) */ } /* switch (a->type) */
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment