From 50c205f5e5c2e2af002fd4ef537ded79b90b1b56 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 4 Apr 2012 15:01:43 -0400 Subject: LSM: do not initialize common_audit_data to 0 It isn't needed. If you don't set the type of the data associated with that type it is a pretty obvious programming bug. So why waste the cycles? Signed-off-by: Eric Paris --- security/apparmor/capability.c | 2 +- security/apparmor/file.c | 2 +- security/apparmor/ipc.c | 2 +- security/apparmor/lib.c | 2 +- security/apparmor/lsm.c | 2 +- security/apparmor/policy.c | 2 +- security/apparmor/policy_unpack.c | 2 +- security/apparmor/resource.c | 2 +- security/selinux/avc.c | 2 +- security/selinux/hooks.c | 68 +++++++++++++++++++-------------------- security/smack/smack.h | 2 +- 11 files changed, 44 insertions(+), 44 deletions(-) (limited to 'security') diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index b66a0e4a5693..887a5e948945 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c @@ -65,7 +65,7 @@ static int audit_caps(struct aa_profile *profile, struct task_struct *task, int type = AUDIT_APPARMOR_AUTO; struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_CAP); + sa.type = LSM_AUDIT_DATA_CAP; sa.aad = &aad; sa.u.cap = cap; sa.aad->tsk = task; diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 6ab264ca85cc..cf19d4093ca4 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -108,7 +108,7 @@ int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, int type = AUDIT_APPARMOR_AUTO; struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.op = op, aad.fs.request = request; diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c index dba449b74db3..cf1071b14232 100644 --- a/security/apparmor/ipc.c +++ b/security/apparmor/ipc.c @@ -42,7 +42,7 @@ static int aa_audit_ptrace(struct aa_profile *profile, { struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.op = OP_PTRACE; aad.target = target; diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index b11a2652f541..7430298116d6 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -66,7 +66,7 @@ void aa_info_message(const char *str) if (audit_enabled) { struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.info = str; aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL); diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 4f7bc07b2dce..032daab449b0 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -589,7 +589,7 @@ static int apparmor_setprocattr(struct task_struct *task, char *name, } else { struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.op = OP_SETPROCATTR; aad.info = name; diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 03dbaef2f8e3..421681c7c346 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -965,7 +965,7 @@ static int audit_policy(int op, gfp_t gfp, const char *name, const char *info, { struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.op = op; aad.name = name; diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 504ba4015aa2..329b1fd30749 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -95,7 +95,7 @@ static int audit_iface(struct aa_profile *new, const char *name, struct aa_profile *profile = __aa_current_profile(); struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; if (e) aad.iface.pos = e->pos - e->start; diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index d06f57b74f77..e1f3d7ef2c54 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c @@ -52,7 +52,7 @@ static int audit_resource(struct aa_profile *profile, unsigned int resource, struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - COMMON_AUDIT_DATA_INIT(&sa, LSM_AUDIT_DATA_NONE); + sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.op = OP_SETRLIMIT, aad.rlim.rlim = resource; diff --git a/security/selinux/avc.c b/security/selinux/avc.c index c04eea2bdb0a..cd91e25667d1 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -469,7 +469,7 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, if (!a) { a = &stack_data; - COMMON_AUDIT_DATA_INIT(a, LSM_AUDIT_DATA_NONE); + a->type = LSM_AUDIT_DATA_NONE; a->selinux_audit_data = &sad; } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d79762946c6e..d9fa2489a551 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1427,7 +1427,7 @@ static int cred_has_capability(const struct cred *cred, u32 av = CAP_TO_MASK(cap); int rc; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_CAP); + ad.type = LSM_AUDIT_DATA_CAP; ad.selinux_audit_data = &sad; ad.u.cap = cap; @@ -1498,7 +1498,7 @@ static inline int dentry_has_perm(const struct cred *cred, struct common_audit_data ad; struct selinux_audit_data sad = {0,}; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); + ad.type = LSM_AUDIT_DATA_DENTRY; ad.u.dentry = dentry; ad.selinux_audit_data = &sad; return inode_has_perm(cred, inode, av, &ad, 0); @@ -1515,7 +1515,7 @@ static inline int path_has_perm(const struct cred *cred, struct common_audit_data ad; struct selinux_audit_data sad = {0,}; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_PATH); + ad.type = LSM_AUDIT_DATA_PATH; ad.u.path = *path; ad.selinux_audit_data = &sad; return inode_has_perm(cred, inode, av, &ad, 0); @@ -1540,7 +1540,7 @@ static int file_has_perm(const struct cred *cred, u32 sid = cred_sid(cred); int rc; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_PATH); + ad.type = LSM_AUDIT_DATA_PATH; ad.u.path = file->f_path; ad.selinux_audit_data = &sad; @@ -1581,7 +1581,7 @@ static int may_create(struct inode *dir, sid = tsec->sid; newsid = tsec->create_sid; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); + ad.type = LSM_AUDIT_DATA_DENTRY; ad.u.dentry = dentry; ad.selinux_audit_data = &sad; @@ -1636,7 +1636,7 @@ static int may_link(struct inode *dir, dsec = dir->i_security; isec = dentry->d_inode->i_security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); + ad.type = LSM_AUDIT_DATA_DENTRY; ad.u.dentry = dentry; ad.selinux_audit_data = &sad; @@ -1684,7 +1684,7 @@ static inline int may_rename(struct inode *old_dir, old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); new_dsec = new_dir->i_security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); + ad.type = LSM_AUDIT_DATA_DENTRY; ad.selinux_audit_data = &sad; ad.u.dentry = old_dentry; @@ -2010,7 +2010,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) return rc; } - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_PATH); + ad.type = LSM_AUDIT_DATA_PATH; ad.selinux_audit_data = &sad; ad.u.path = bprm->file->f_path; @@ -2134,7 +2134,7 @@ static inline void flush_unauthorized_files(const struct cred *cred, /* Revalidate access to inherited open files. */ - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_INODE); + ad.type = LSM_AUDIT_DATA_INODE; ad.selinux_audit_data = &sad; spin_lock(&files->file_lock); @@ -2484,7 +2484,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) if (flags & MS_KERNMOUNT) return 0; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); + ad.type = LSM_AUDIT_DATA_DENTRY; ad.selinux_audit_data = &sad; ad.u.dentry = sb->s_root; return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); @@ -2496,7 +2496,7 @@ static int selinux_sb_statfs(struct dentry *dentry) struct common_audit_data ad; struct selinux_audit_data sad = {0,}; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); + ad.type = LSM_AUDIT_DATA_DENTRY; ad.selinux_audit_data = &sad; ad.u.dentry = dentry->d_sb->s_root; return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); @@ -2666,7 +2666,7 @@ static noinline int audit_inode_permission(struct inode *inode, struct inode_security_struct *isec = inode->i_security; int rc; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_INODE); + ad.type = LSM_AUDIT_DATA_INODE; ad.selinux_audit_data = &sad; ad.u.inode = inode; @@ -2796,7 +2796,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, if (!inode_owner_or_capable(inode)) return -EPERM; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_DENTRY); + ad.type = LSM_AUDIT_DATA_DENTRY; ad.selinux_audit_data = &sad; ad.u.dentry = dentry; @@ -3411,7 +3411,7 @@ static int selinux_kernel_module_request(char *kmod_name) sid = task_sid(current); - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_KMOD); + ad.type = LSM_AUDIT_DATA_KMOD; ad.selinux_audit_data = &sad; ad.u.kmod_name = kmod_name; @@ -3792,7 +3792,7 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms) if (sksec->sid == SECINITSID_KERNEL) return 0; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->sk = sk; @@ -3900,7 +3900,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in snum, &sid); if (err) goto out; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->sport = htons(snum); @@ -3935,7 +3935,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in if (err) goto out; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->sport = htons(snum); @@ -3997,7 +3997,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ? TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->dport = htons(snum); @@ -4094,7 +4094,7 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, struct lsm_network_audit net = {0,}; int err; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->sk = other; @@ -4127,7 +4127,7 @@ static int selinux_socket_unix_may_send(struct socket *sock, struct selinux_audit_data sad = {0,}; struct lsm_network_audit net = {0,}; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->sk = other->sk; @@ -4170,7 +4170,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, struct lsm_network_audit net = {0,}; char *addrp; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->netif = skb->skb_iif; @@ -4226,7 +4226,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) if (!secmark_active && !peerlbl_active) return 0; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->netif = skb->skb_iif; @@ -4583,7 +4583,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex, if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) return NF_DROP; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->netif = ifindex; @@ -4683,7 +4683,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, return NF_ACCEPT; sksec = sk->sk_security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->netif = ifindex; @@ -4756,7 +4756,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, secmark_perm = PACKET__SEND; } - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_NET); + ad.type = LSM_AUDIT_DATA_NET; ad.selinux_audit_data = &sad; ad.u.net = &net; ad.u.net->netif = ifindex; @@ -4880,7 +4880,7 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, isec = ipc_perms->security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); + ad.type = LSM_AUDIT_DATA_IPC; ad.selinux_audit_data = &sad; ad.u.ipc_id = ipc_perms->key; @@ -4912,7 +4912,7 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq) isec = msq->q_perm.security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); + ad.type = LSM_AUDIT_DATA_IPC; ad.selinux_audit_data = &sad; ad.u.ipc_id = msq->q_perm.key; @@ -4939,7 +4939,7 @@ static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) isec = msq->q_perm.security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); + ad.type = LSM_AUDIT_DATA_IPC; ad.selinux_audit_data = &sad; ad.u.ipc_id = msq->q_perm.key; @@ -5001,7 +5001,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, return rc; } - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); + ad.type = LSM_AUDIT_DATA_IPC; ad.selinux_audit_data = &sad; ad.u.ipc_id = msq->q_perm.key; @@ -5034,7 +5034,7 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, isec = msq->q_perm.security; msec = msg->security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); + ad.type = LSM_AUDIT_DATA_IPC; ad.selinux_audit_data = &sad; ad.u.ipc_id = msq->q_perm.key; @@ -5061,7 +5061,7 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp) isec = shp->shm_perm.security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); + ad.type = LSM_AUDIT_DATA_IPC; ad.selinux_audit_data = &sad; ad.u.ipc_id = shp->shm_perm.key; @@ -5088,7 +5088,7 @@ static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) isec = shp->shm_perm.security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); + ad.type = LSM_AUDIT_DATA_IPC; ad.selinux_audit_data = &sad; ad.u.ipc_id = shp->shm_perm.key; @@ -5157,7 +5157,7 @@ static int selinux_sem_alloc_security(struct sem_array *sma) isec = sma->sem_perm.security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); + ad.type = LSM_AUDIT_DATA_IPC; ad.selinux_audit_data = &sad; ad.u.ipc_id = sma->sem_perm.key; @@ -5184,7 +5184,7 @@ static int selinux_sem_associate(struct sem_array *sma, int semflg) isec = sma->sem_perm.security; - COMMON_AUDIT_DATA_INIT(&ad, LSM_AUDIT_DATA_IPC); + ad.type = LSM_AUDIT_DATA_IPC; ad.selinux_audit_data = &sad; ad.u.ipc_id = sma->sem_perm.key; diff --git a/security/smack/smack.h b/security/smack/smack.h index 4ede719922ed..b61e75f224d4 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -319,7 +319,7 @@ void smack_log(char *subject_label, char *object_label, static inline void smk_ad_init(struct smk_audit_info *a, const char *func, char type) { - memset(a, 0, sizeof(*a)); + memset(&a->sad, 0, sizeof(a->sad)); a->a.type = type; a->a.smack_audit_data = &a->sad; a->a.smack_audit_data->function = func; -- cgit v1.2.3-59-g8ed1b