[apparmor] [PATCH 21/24] apparmor: rework auditing to use the label

[John Johansen]

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 security/apparmor/audit.c         |   23 +++++++++++++++--------
 security/apparmor/include/audit.h |    5 ++---
 security/apparmor/lsm.c           |    2 +-
 3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 7ffb818..796752f 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -130,19 +130,26 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
 			audit_log_format(ab, " error=%d", sa->aad->error);
 	}
 
-	if (sa->aad->profile) {
-		struct aa_profile *profile = sa->aad->profile;
+	if (sa->aad->label) {
+		struct aa_label *label = sa->aad->label;
 		pid_t pid;
 		rcu_read_lock();
 		pid = rcu_dereference(tsk->real_parent)->pid;
 		rcu_read_unlock();
 		audit_log_format(ab, " parent=%d", pid);
-		if (profile->ns != root_ns) {
-			audit_log_format(ab, " namespace=");
-			audit_log_untrustedstring(ab, profile->ns->base.hname);
+		if (label_isprofile(label)) {
+			struct aa_profile *profile = labels_profile(label);
+			if (profile->ns != root_ns) {
+				audit_log_format(ab, " namespace=");
+				audit_log_untrustedstring(ab,
+							  profile->ns->base.hname);
+			}
+			audit_log_format(ab, " profile=");
+			audit_log_untrustedstring(ab, profile->base.hname);
+		} else {
+			audit_log_format(ab, " label=");
+			aa_label_audit(ab, root_ns, label, false, GFP_ATOMIC);
 		}
-		audit_log_format(ab, " profile=");
-		audit_log_untrustedstring(ab, profile->base.hname);
 	}
 
 	if (sa->aad->name) {
@@ -206,7 +213,7 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
 		type = AUDIT_APPARMOR_KILL;
 
 	if (!profile_unconfined(profile))
-		sa->aad->profile = profile;
+		sa->aad->label = &profile->label;
 
 	aa_audit_msg(type, sa, cb);
 
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 30e8d76..4bd6b8a 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -22,8 +22,7 @@
 #include <linux/slab.h>
 
 #include "file.h"
-
-struct aa_profile;
+#include "label.h"
 
 extern const char *const audit_mode_names[];
 #define AUDIT_MAX_INDEX 5
@@ -106,7 +105,7 @@ struct apparmor_audit_data {
 	int error;
 	int op;
 	int type;
-	void *profile;
+	struct aa_label *label;
 	const char *name;
 	const char *info;
 	struct task_struct *tsk;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 55f76d9..c4eb445 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -595,7 +595,7 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
 fail:
 	sa.type = LSM_AUDIT_DATA_NONE;
 	sa.aad = &aad;
-	aad.profile = labels_profile(aa_current_label());
+	aad.label = aa_current_label();
 	aad.op = OP_SETPROCATTR;
 	aad.info = name;
 	aad.error = -EINVAL;
-- 
1.7.10.4