diff options
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 7 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 6 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 12 |
3 files changed, 14 insertions, 11 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4cafe6a19167..713c1648014f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3294,7 +3294,8 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, } else { audit_size = 0; } - ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR); + ab = audit_log_start(audit_context(), + GFP_ATOMIC, AUDIT_SELINUX_ERR); audit_log_format(ab, "op=setxattr invalid_context="); audit_log_n_untrustedstring(ab, value, audit_size); audit_log_end(ab); @@ -6431,7 +6432,9 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) audit_size = size - 1; else audit_size = size; - ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR); + ab = audit_log_start(audit_context(), + GFP_ATOMIC, + AUDIT_SELINUX_ERR); audit_log_format(ab, "op=fscreate invalid_context="); audit_log_n_untrustedstring(ab, value, audit_size); audit_log_end(ab); diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 245160373dab..35fd77737c59 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -167,7 +167,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, NULL); if (length) goto out; - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, + audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS, "enforcing=%d old_enforcing=%d auid=%u ses=%u", new_value, old_value, from_kuid(&init_user_ns, audit_get_loginuid(current)), @@ -299,7 +299,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf, length = selinux_disable(fsi->state); if (length) goto out; - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, + audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS, "selinux=0 auid=%u ses=%u", from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); @@ -575,7 +575,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, length = count; out1: - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, + audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, "policy loaded auid=%u ses=%u", from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 8057e19dc15f..0fd8ad955a38 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -501,7 +501,7 @@ static void security_dump_masked_av(struct policydb *policydb, goto out; /* audit a message */ - ab = audit_log_start(current->audit_context, + ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR); if (!ab) goto out; @@ -743,7 +743,7 @@ static int security_validtrans_handle_fail(struct selinux_state *state, goto out; if (context_struct_to_string(p, tcontext, &t, &tlen)) goto out; - audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, + audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR, "op=security_validate_transition seresult=denied" " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", o, n, t, sym_name(p, SYM_CLASSES, tclass-1)); @@ -929,7 +929,7 @@ int security_bounded_transition(struct selinux_state *state, &old_name, &length) && !context_struct_to_string(policydb, new_context, &new_name, &length)) { - audit_log(current->audit_context, + audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR, "op=security_bounded_transition " "seresult=denied " @@ -1586,7 +1586,7 @@ static int compute_sid_handle_invalid_context( goto out; if (context_struct_to_string(policydb, newcontext, &n, &nlen)) goto out; - audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, + audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR, "op=security_compute_sid invalid_context=%s" " scontext=%s" " tcontext=%s" @@ -2882,7 +2882,7 @@ int security_set_bools(struct selinux_state *state, int len, int *values) for (i = 0; i < len; i++) { if (!!values[i] != policydb->bool_val_to_struct[i]->state) { - audit_log(current->audit_context, GFP_ATOMIC, + audit_log(audit_context(), GFP_ATOMIC, AUDIT_MAC_CONFIG_CHANGE, "bool=%s val=%d old_val=%d auid=%u ses=%u", sym_name(policydb, SYM_BOOLS, i), @@ -3025,7 +3025,7 @@ int security_sid_mls_copy(struct selinux_state *state, if (rc) { if (!context_struct_to_string(policydb, &newcon, &s, &len)) { - audit_log(current->audit_context, + audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR, "op=security_sid_mls_copy " "invalid_context=%s", s); |