path: root/security
diff options
authorAl Viro <viro@zeniv.linux.org.uk>2007-06-07 11:13:31 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2007-07-22 09:57:02 -0400
commit4259fa01a2d2aa3e589b34ba7624080232d9c1ff (patch)
tree3aa83d784c4db22f3b62e4d963757497555c5e5c /security
parent74f2345b6be1410f824cb7dd638d2c10a9709379 (diff)
[PATCH] get rid of AVC_PATH postponed treatment
Selinux folks had been complaining about the lack of AVC_PATH records when audit is disabled. I must admit my stupidity - I assumed that avc_audit() really couldn't use audit_log_d_path() because of deadlocks (== could be called with dcache_lock or vfsmount_lock held). Shouldn't have made that assumption - it never gets called that way. It _is_ called under spinlocks, but not those. Since audit_log_d_path() uses ab->gfp_mask for allocations, kmalloc() in there is not a problem. IOW, the simple fix is sufficient: let's rip AUDIT_AVC_PATH out and simply generate pathname as part of main record. It's trivial to do. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
1 files changed, 8 insertions, 7 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index ecd06738453..0e69adf63bd 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -570,10 +570,12 @@ void avc_audit(u32 ssid, u32 tsid,
if (a->u.fs.dentry) {
struct dentry *dentry = a->u.fs.dentry;
- if (a->u.fs.mnt)
- audit_avc_path(dentry, a->u.fs.mnt);
- audit_log_format(ab, " name=");
- audit_log_untrustedstring(ab, dentry->d_name.name);
+ if (a->u.fs.mnt) {
+ audit_log_d_path(ab, "path=", dentry, a->u.fs.mnt);
+ } else {
+ audit_log_format(ab, " name=");
+ audit_log_untrustedstring(ab, dentry->d_name.name);
+ }
inode = dentry->d_inode;
} else if (a->u.fs.inode) {
struct dentry *dentry;
@@ -624,9 +626,8 @@ void avc_audit(u32 ssid, u32 tsid,
case AF_UNIX:
u = unix_sk(sk);
if (u->dentry) {
- audit_avc_path(u->dentry, u->mnt);
- audit_log_format(ab, " name=");
- audit_log_untrustedstring(ab, u->dentry->d_name.name);
+ audit_log_d_path(ab, "path=",
+ u->dentry, u->mnt);
if (!u->addr)