2004-04-05 13:51:14

by James Morris

Subject: [SELINUX] 1/2 Make IPv6 code work with audit framework

This patch against 2.6.5-mm1 makes the IPv6 code work with the audit
framework, following the merge of both into -mm.

Please apply.


diff -urN -X dontdiff linux-2.6.5-mm1.p/security/selinux/avc.c linux-2.6.5-mm1.w/security/selinux/avc.c
--- linux-2.6.5-mm1.p/security/selinux/avc.c 2004-04-05 09:20:26.000000000 -0400
+++ linux-2.6.5-mm1.w/security/selinux/avc.c 2004-04-05 09:36:25.008751944 -0400
@@ -416,14 +416,15 @@
return rc;
}

-static inline void avc_print_ipv6_addr(struct in6_addr *addr, u16 port,
+static inline void avc_print_ipv6_addr(struct audit_buffer *ab,
+ struct in6_addr *addr, u16 port,
char *name1, char *name2)
{
if (!ipv6_addr_any(addr))
- printk(" %s=%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
- name1, NIP6(*addr));
+ audit_log_format(ab, " %s=%04x:%04x:%04x:%04x:%04x:"
+ "%04x:%04x:%04x", name1, NIP6(*addr));
if (port)
- printk(" %s=%d", name2, ntohs(port));
+ audit_log_format(ab, " %s=%d", name2, ntohs(port));
}

static inline void avc_print_ipv4_addr(struct audit_buffer *ab, u32 addr,
@@ -570,10 +571,10 @@
struct inet_opt *inet = inet_sk(sk);
struct ipv6_pinfo *inet6 = inet6_sk(sk);

- avc_print_ipv6_addr(&inet6->rcv_saddr,
+ avc_print_ipv6_addr(ab, &inet6->rcv_saddr,
inet->sport,
"laddr", "lport");
- avc_print_ipv6_addr(&inet6->daddr,
+ avc_print_ipv6_addr(ab, &inet6->daddr,
inet->dport,
"faddr", "fport");
break;
@@ -611,10 +612,10 @@
"daddr", "dest");
break;
case AF_INET6:
- avc_print_ipv6_addr(&a->u.net.v6info.saddr,
+ avc_print_ipv6_addr(ab, &a->u.net.v6info.saddr,
a->u.net.sport,
"saddr", "src");
- avc_print_ipv6_addr(&a->u.net.v6info.daddr,
+ avc_print_ipv6_addr(ab, &a->u.net.v6info.daddr,
a->u.net.dport,
"daddr", "dest");
break;

2004-04-05 13:52:34

by James Morris

Subject: [SELINUX] 2/2 Remove duplicate assignment

This patch removes a harmless duplicate assignment from the IPv6 code.

Please apply.


diff -urN -X dontdiff linux-2.6.5-mm1.p/security/selinux/hooks.c linux-2.6.5-mm1.w/security/selinux/hooks.c
--- linux-2.6.5-mm1.p/security/selinux/hooks.c 2004-04-05 09:20:26.000000000 -0400
+++ linux-2.6.5-mm1.w/security/selinux/hooks.c 2004-04-05 09:49:17.060382256 -0400
@@ -2712,7 +2712,7 @@
static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad)
{
u8 nexthdr;
- int ret, offset = skb->nh.raw - skb->data;
+ int ret, offset;
struct ipv6hdr ipv6h;

offset = skb->nh.raw - skb->data;