audit: purge audit_log_string from the intra-kernel audit API (f1d9b23c) · Commits · 戴 / test

include/linux/audit.h

+0 −5

Original line number	Diff line number	Diff line
		@@ -694,9 +694,4 @@ static inline bool audit_loginuid_set(struct task_struct *tsk)
		return uid_valid(audit_get_loginuid(tsk));
		}

		static inline void audit_log_string(struct audit_buffer ab, const char buf)
		{
		audit_log_n_string(ab, buf, strlen(buf));
		}

		#endif

kernel/audit.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -2080,13 +2080,13 @@ void audit_log_d_path(struct audit_buffer ab, const char prefix,
		/* We will allow 11 spaces for ' (deleted)' to be appended */
		pathname = kmalloc(PATH_MAX+11, ab->gfp_mask);
		if (!pathname) {
		audit_log_string(ab, "<no_memory>");
		audit_log_format(ab, "\"<no_memory>\"");
		return;
		}
		p = d_path(path, pathname, PATH_MAX+11);
		if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
		/* FIXME: can we save some information here? */
		audit_log_string(ab, "<too_long>");
		audit_log_format(ab, "\"<too_long>\"");
		} else
		audit_log_untrustedstring(ab, p);
		kfree(pathname);

security/apparmor/audit.c

+4 −6

Original line number	Diff line number	Diff line
		@@ -57,18 +57,16 @@ static void audit_pre(struct audit_buffer ab, void ca)
		struct common_audit_data *sa = ca;

		if (aa_g_audit_header) {
		audit_log_format(ab, "apparmor=");
		audit_log_string(ab, aa_audit_type[aad(sa)->type]);
		audit_log_format(ab, "apparmor=\"%s\"",
		aa_audit_type[aad(sa)->type]);
		}

		if (aad(sa)->op) {
		audit_log_format(ab, " operation=");
		audit_log_string(ab, aad(sa)->op);
		audit_log_format(ab, " operation=\"%s\"", aad(sa)->op);
		}

		if (aad(sa)->info) {
		audit_log_format(ab, " info=");
		audit_log_string(ab, aad(sa)->info);
		audit_log_format(ab, " info=\"%s\"", aad(sa)->info);
		if (aad(sa)->error)
		audit_log_format(ab, " error=%d", aad(sa)->error);
		}

security/apparmor/file.c

+7 −18

Original line number	Diff line number	Diff line
		@@ -34,20 +34,6 @@ static u32 map_mask_to_chr_mask(u32 mask)
		return m;
		}

		/**
		* audit_file_mask - convert mask to permission string
		* @buffer: buffer to write string to (NOT NULL)
		* @mask: permission mask to convert
		*/
		static void audit_file_mask(struct audit_buffer *ab, u32 mask)
		{
		char str[10];

		aa_perm_mask_to_str(str, sizeof(str), aa_file_perm_chrs,
		map_mask_to_chr_mask(mask));
		audit_log_string(ab, str);
		}

		/**
		* file_audit_cb - call back for file specific audit fields
		* @ab: audit_buffer (NOT NULL)
		@@ -57,14 +43,17 @@ static void file_audit_cb(struct audit_buffer ab, void va)
		{
		struct common_audit_data *sa = va;
		kuid_t fsuid = current_fsuid();
		char str[10];

		if (aad(sa)->request & AA_AUDIT_FILE_MASK) {
		audit_log_format(ab, " requested_mask=");
		audit_file_mask(ab, aad(sa)->request);
		aa_perm_mask_to_str(str, sizeof(str), aa_file_perm_chrs,
		map_mask_to_chr_mask(aad(sa)->request));
		audit_log_format(ab, " requested_mask=\"%s\"", str);
		}
		if (aad(sa)->denied & AA_AUDIT_FILE_MASK) {
		audit_log_format(ab, " denied_mask=");
		audit_file_mask(ab, aad(sa)->denied);
		aa_perm_mask_to_str(str, sizeof(str), aa_file_perm_chrs,
		map_mask_to_chr_mask(aad(sa)->denied));
		audit_log_format(ab, " denied_mask=\"%s\"", str);
		}
		if (aad(sa)->request & AA_AUDIT_FILE_MASK) {
		audit_log_format(ab, " fsuid=%d",

security/apparmor/ipc.c

+23 −23

Original line number	Diff line number	Diff line
		@@ -20,25 +20,23 @@

		/**
		* audit_ptrace_mask - convert mask to permission string
		* @buffer: buffer to write string to (NOT NULL)
		* @mask: permission mask to convert
		*
		* Returns: pointer to static string
		*/
		static void audit_ptrace_mask(struct audit_buffer *ab, u32 mask)
		static const char *audit_ptrace_mask(u32 mask)
		{
		switch (mask) {
		case MAY_READ:
		audit_log_string(ab, "read");
		break;
		return "read";
		case MAY_WRITE:
		audit_log_string(ab, "trace");
		break;
		return "trace";
		case AA_MAY_BE_READ:
		audit_log_string(ab, "readby");
		break;
		return "readby";
		case AA_MAY_BE_TRACED:
		audit_log_string(ab, "tracedby");
		break;
		return "tracedby";
		}
		return "";
		}

		/* call back to audit ptrace fields */
		@@ -47,12 +45,12 @@ static void audit_ptrace_cb(struct audit_buffer ab, void va)
		struct common_audit_data *sa = va;

		if (aad(sa)->request & AA_PTRACE_PERM_MASK) {
		audit_log_format(ab, " requested_mask=");
		audit_ptrace_mask(ab, aad(sa)->request);
		audit_log_format(ab, " requested_mask=\"%s\"",
		audit_ptrace_mask(aad(sa)->request));

		if (aad(sa)->denied & AA_PTRACE_PERM_MASK) {
		audit_log_format(ab, " denied_mask=");
		audit_ptrace_mask(ab, aad(sa)->denied);
		audit_log_format(ab, " denied_mask=\"%s\"",
		audit_ptrace_mask(aad(sa)->denied));
		}
		}
		audit_log_format(ab, " peer=");
		@@ -142,16 +140,18 @@ static inline int map_signal_num(int sig)
		}

		/**
		* audit_file_mask - convert mask to permission string
		* @buffer: buffer to write string to (NOT NULL)
		* audit_signal_mask - convert mask to permission string
		* @mask: permission mask to convert
		*
		* Returns: pointer to static string
		*/
		static void audit_signal_mask(struct audit_buffer *ab, u32 mask)
		static const char *audit_signal_mask(u32 mask)
		{
		if (mask & MAY_READ)
		audit_log_string(ab, "receive");
		return "receive";
		if (mask & MAY_WRITE)
		audit_log_string(ab, "send");
		return "send";
		return "";
		}

		/**
		@@ -164,11 +164,11 @@ static void audit_signal_cb(struct audit_buffer ab, void va)
		struct common_audit_data *sa = va;

		if (aad(sa)->request & AA_SIGNAL_PERM_MASK) {
		audit_log_format(ab, " requested_mask=");
		audit_signal_mask(ab, aad(sa)->request);
		audit_log_format(ab, " requested_mask=\"%s\"",
		audit_signal_mask(aad(sa)->request));
		if (aad(sa)->denied & AA_SIGNAL_PERM_MASK) {
		audit_log_format(ab, " denied_mask=");
		audit_signal_mask(ab, aad(sa)->denied);
		audit_log_format(ab, " denied_mask=\"%s\"",
		audit_signal_mask(aad(sa)->denied));
		}
		}
		if (aad(sa)->signal == SIGUNKNOWN)

Admin message