[PATCH RFC 44/48] Audit: rename audit_log_start_ns to audit_log_start

Gao feng gaofeng at cn.fujitsu.com
Tue May 7 02:21:05 UTC 2013


Now all of the audit caller have been namespace aware,
we can rename audit_log_start_ns to audit_log_start,
we just need a namespace awared audit interface.

Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
---
 drivers/tty/tty_audit.c             |  4 +-
 include/linux/audit.h               | 28 ++++-------
 include/net/xfrm.h                  |  4 +-
 kernel/audit.c                      | 94 ++++++++++++++++---------------------
 kernel/audit_tree.c                 |  4 +-
 kernel/audit_watch.c                |  4 +-
 kernel/auditfilter.c                |  4 +-
 kernel/auditsc.c                    | 56 +++++++++++-----------
 net/ipv4/cipso_ipv4.c               |  4 +-
 net/netfilter/x_tables.c            |  4 +-
 net/netfilter/xt_AUDIT.c            |  4 +-
 net/netlabel/netlabel_domainhash.c  |  4 +-
 net/netlabel/netlabel_unlabeled.c   |  8 ++--
 net/netlabel/netlabel_user.c        |  4 +-
 net/xfrm/xfrm_policy.c              |  4 +-
 net/xfrm/xfrm_state.c               | 14 +++---
 security/integrity/ima/ima_api.c    |  6 +--
 security/integrity/ima/ima_audit.c  |  6 +--
 security/integrity/ima/ima_policy.c |  4 +-
 security/lsm_audit.c                |  6 +--
 security/selinux/hooks.c            | 16 +++----
 security/selinux/ss/services.c      |  6 +--
 22 files changed, 131 insertions(+), 157 deletions(-)

diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index b20ef14..7dfa931 100644
--- a/drivers/tty/tty_audit.c
+++ b/drivers/tty/tty_audit.c
@@ -67,7 +67,7 @@ static void tty_audit_log(const char *description, struct task_struct *tsk,
 	struct audit_buffer *ab;
 	struct user_namespace *ns = task_cred_xxx(tsk, user_ns);
 
-	ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_TTY);
+	ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_TTY);
 	if (ab) {
 		char name[sizeof(tsk->comm)];
 		kuid_t uid = task_uid(tsk);
@@ -83,7 +83,7 @@ static void tty_audit_log(const char *description, struct task_struct *tsk,
 		audit_log_untrustedstring(ab, name);
 		audit_log_format(ab, " data=");
 		audit_log_n_hex(ab, data, size);
-		audit_log_end_ns(ns, ab);
+		audit_log_end(ns, ab);
 	}
 }
 
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 885e842..a46efa3 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -400,17 +400,13 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
 	       const char *fmt, ...);
 
 extern struct audit_buffer *
-audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
-
-extern struct audit_buffer *
-audit_log_start_ns(struct user_namespace *ns, struct audit_context *ctx,
-		   gfp_t gfp_mask, int type);
+audit_log_start(struct user_namespace *ns, struct audit_context *ctx,
+		gfp_t gfp_mask, int type);
 
 extern __printf(2, 3)
 void audit_log_format(struct audit_buffer *ab, const char *fmt, ...);
-extern void		    audit_log_end(struct audit_buffer *ab);
-extern void		    audit_log_end_ns(struct user_namespace *ns,
-					     struct audit_buffer *ab);
+extern void		    audit_log_end(struct user_namespace *ns,
+					  struct audit_buffer *ab);
 extern int		    audit_string_contains_control(const char *string,
 							  size_t len);
 extern void		    audit_log_n_hex(struct audit_buffer *ab,
@@ -458,25 +454,17 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
 	       const char *fmt, ...)
 { }
 static inline
-struct audit_buffer *audit_log_start(struct audit_context *ctx,
+struct audit_buffer *audit_log_start(struct user_namespace *ns,
+				     struct audit_context *ctx,
 				     gfp_t gfp_mask, int type)
 {
 	return NULL;
 }
-static inline
-struct audit_buffer *audit_log_start_ns(struct user_namespace *ns,
-					struct audit_context *ctx,
-					gfp_t gfp_mask, int type)
-{
-	return NULL;
-}
 static inline __printf(2, 3)
 void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
 { }
-static inline void audit_log_end(struct audit_buffer *ab)
-{ }
-static inline void audit_log_end_ns(struct user_namespace *ns,
-				    struct audit_buffer *ab)
+static inline void audit_log_end(struct user_namespace *ns,
+				 struct audit_buffer *ab)
 { }
 static inline void audit_log_n_hex(struct audit_buffer *ab,
 				   const unsigned char *buf, size_t len)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 1a99744..bb4d6b2 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -687,8 +687,8 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op)
 
 	if (audit_enabled_ns(ns) == 0)
 		return NULL;
-	audit_buf = audit_log_start_ns(ns, current->audit_context,
-				       GFP_ATOMIC, AUDIT_MAC_IPSEC_EVENT);
+	audit_buf = audit_log_start(ns, current->audit_context,
+				    GFP_ATOMIC, AUDIT_MAC_IPSEC_EVENT);
 	if (audit_buf == NULL)
 		return NULL;
 	audit_log_format(audit_buf, "op=%s", op);
diff --git a/kernel/audit.c b/kernel/audit.c
index 926d59b..da1c0ad 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -249,7 +249,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
 	struct user_namespace *ns = current_user_ns();
 	int rc = 0;
 
-	ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
+	ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
 	if (unlikely(!ab))
 		return rc;
 	audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
@@ -268,7 +268,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
 		}
 	}
 	audit_log_format(ab, " res=%d", allow_changes);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 	return rc;
 }
 
@@ -619,7 +619,7 @@ static int audit_log_common_recv_msg(struct user_namespace *ns,
 		return rc;
 	}
 
-	*ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, msg_type);
+	*ab = audit_log_start(ns, NULL, GFP_KERNEL, msg_type);
 	if (unlikely(!*ab))
 		return rc;
 	audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
@@ -759,7 +759,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 				audit_log_n_untrustedstring(ab, data, size);
 			}
 			audit_set_pid(ab, NETLINK_CB(skb).portid);
-			audit_log_end_ns(ns, ab);
+			audit_log_end(ns, ab);
 		}
 		break;
 	case AUDIT_ADD:
@@ -772,7 +772,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 
 			audit_log_format(ab, " audit_enabled=%d res=0",
 					 ns->audit.enabled);
-			audit_log_end_ns(ns, ab);
+			audit_log_end(ns, ab);
 			return -EPERM;
 		}
 		/* fallthrough */
@@ -791,7 +791,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 
 			audit_log_format(ab, " audit_enabled=%d res=0",
 					 ns->audit.enabled);
-			audit_log_end_ns(ns, ab);
+			audit_log_end(ns, ab);
 			return -EPERM;
 		}
 		/* fallthrough */
@@ -807,7 +807,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 					  loginuid, sessionid, sid);
 
 		audit_log_format(ab, " op=trim res=1");
-		audit_log_end_ns(ns, ab);
+		audit_log_end(ns, ab);
 		break;
 	case AUDIT_MAKE_EQUIV: {
 		void *bufp = data;
@@ -843,7 +843,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 		audit_log_format(ab, " new=");
 		audit_log_untrustedstring(ab, new);
 		audit_log_format(ab, " res=%d", !err);
-		audit_log_end_ns(ns, ab);
+		audit_log_end(ns, ab);
 		kfree(old);
 		kfree(new);
 		break;
@@ -1153,10 +1153,24 @@ static void wait_for_auditd(struct user_namespace *ns,
 	remove_wait_queue(&ns->audit.backlog_wait, &wait);
 }
 
-struct audit_buffer *audit_log_start_ns(struct user_namespace *ns,
-					struct audit_context *ctx,
-					gfp_t gfp_mask,
-					int type)
+/**
+ * audit_log_start - obtain an audit buffer
+ * @ctx: audit_context (may be NULL)
+ * @gfp_mask: type of allocation
+ * @type: audit message type
+ *
+ * Returns audit_buffer pointer on success or NULL on error.
+ *
+ * Obtain an audit buffer.  This routine does locking to obtain the
+ * audit buffer, but then no locking is required for calls to
+ * audit_log_*format.  If the task (ctx) is a task that is currently in a
+ * syscall, then the syscall is marked as auditable and an audit record
+ * will be written at syscall exit.  If there is no associated task, then
+ * task context (ctx) should be NULL.
+ */
+struct audit_buffer *audit_log_start(struct user_namespace *ns,
+				     struct audit_context *ctx,
+				     gfp_t gfp_mask, int type)
 {
 	struct audit_buffer	*ab	= NULL;
 	struct timespec		t;
@@ -1215,27 +1229,6 @@ struct audit_buffer *audit_log_start_ns(struct user_namespace *ns,
 
 
 /**
- * audit_log_start - obtain an audit buffer
- * @ctx: audit_context (may be NULL)
- * @gfp_mask: type of allocation
- * @type: audit message type
- *
- * Returns audit_buffer pointer on success or NULL on error.
- *
- * Obtain an audit buffer.  This routine does locking to obtain the
- * audit buffer, but then no locking is required for calls to
- * audit_log_*format.  If the task (ctx) is a task that is currently in a
- * syscall, then the syscall is marked as auditable and an audit record
- * will be written at syscall exit.  If there is no associated task, then
- * task context (ctx) should be NULL.
- */
-struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
-				     int type)
-{
-	return audit_log_start_ns(&init_user_ns, ctx, gfp_mask, type);
-}
-
-/**
  * audit_expand - expand skb in the audit buffer
  * @ab: audit_buffer
  * @extra: space to add at tail of the skb
@@ -1491,7 +1484,7 @@ void audit_log_link_denied(const char *operation, struct path *link)
 	struct audit_buffer *ab;
 	struct user_namespace *ns = current_user_ns();
 
-	ab = audit_log_start_ns(ns, current->audit_context, GFP_KERNEL,
+	ab = audit_log_start(ns, current->audit_context, GFP_KERNEL,
 				AUDIT_ANOM_LINK);
 	if (!ab)
 		return;
@@ -1502,10 +1495,19 @@ void audit_log_link_denied(const char *operation, struct path *link)
 	audit_log_format(ab, " dev=");
 	audit_log_untrustedstring(ab, link->dentry->d_inode->i_sb->s_id);
 	audit_log_format(ab, " ino=%lu", link->dentry->d_inode->i_ino);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 }
 
-void audit_log_end_ns(struct user_namespace *ns, struct audit_buffer *ab)
+/**
+ * audit_log_end - end one audit record
+ * @ab: the audit_buffer
+ *
+ * The netlink_* functions cannot be called inside an irq context, so
+ * the audit buffer is placed on a queue and a tasklet is scheduled to
+ * remove them from the queue outside the irq context.  May be called in
+ * any context.
+ */
+void audit_log_end(struct user_namespace *ns, struct audit_buffer *ab)
 {
 	if (!ab)
 		return;
@@ -1528,20 +1530,6 @@ void audit_log_end_ns(struct user_namespace *ns, struct audit_buffer *ab)
 }
 
 /**
- * audit_log_end - end one audit record
- * @ab: the audit_buffer
- *
- * The netlink_* functions cannot be called inside an irq context, so
- * the audit buffer is placed on a queue and a tasklet is scheduled to
- * remove them from the queue outside the irq context.  May be called in
- * any context.
- */
-void audit_log_end(struct audit_buffer *ab)
-{
-	audit_log_end_ns(&init_user_ns, ab);
-}
-
-/**
  * audit_log - Log an audit record
  * @ctx: audit context
  * @gfp_mask: type of allocation
@@ -1559,12 +1547,12 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
 	struct audit_buffer *ab;
 	va_list args;
 
-	ab = audit_log_start_ns(&init_user_ns, ctx, gfp_mask, type);
+	ab = audit_log_start(&init_user_ns, ctx, gfp_mask, type);
 	if (ab) {
 		va_start(args, fmt);
 		audit_log_vformat(ab, fmt, args);
 		va_end(args);
-		audit_log_end_ns(&init_user_ns, ab);
+		audit_log_end(&init_user_ns, ab);
 	}
 }
 
@@ -1639,9 +1627,7 @@ void audit_free_user_ns(struct user_namespace *ns)
 }
 
 EXPORT_SYMBOL(audit_log_start);
-EXPORT_SYMBOL(audit_log_start_ns);
 EXPORT_SYMBOL(audit_log_end);
-EXPORT_SYMBOL(audit_log_end_ns);
 EXPORT_SYMBOL(audit_log_format);
 EXPORT_SYMBOL(audit_log);
 EXPORT_SYMBOL(audit_set_user_ns);
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 521766d..20ffef8 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -453,7 +453,7 @@ static void audit_log_remove_rule(struct user_namespace *ns,
 {
 	struct audit_buffer *ab;
 
-	ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
+	ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
 	if (unlikely(!ab))
 		return;
 	audit_log_format(ab, "op=");
@@ -462,7 +462,7 @@ static void audit_log_remove_rule(struct user_namespace *ns,
 	audit_log_untrustedstring(ab, rule->tree->pathname);
 	audit_log_key(ab, rule->filterkey);
 	audit_log_format(ab, " list=%d res=1", rule->listnr);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 }
 
 static void kill_rules(struct user_namespace *ns, struct audit_tree *tree)
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 1bac505..4dcc331 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -242,7 +242,7 @@ static void audit_watch_log_rule_change(struct audit_krule *r,
 
 	if (audit_enabled_ns(ns)) {
 		struct audit_buffer *ab;
-		ab = audit_log_start_ns(ns, NULL, GFP_NOFS,
+		ab = audit_log_start(ns, NULL, GFP_NOFS,
 					AUDIT_CONFIG_CHANGE);
 		if (unlikely(!ab))
 			return;
@@ -254,7 +254,7 @@ static void audit_watch_log_rule_change(struct audit_krule *r,
 		audit_log_untrustedstring(ab, w->path);
 		audit_log_key(ab, r->filterkey);
 		audit_log_format(ab, " list=%d res=1", r->listnr);
-		audit_log_end_ns(ns, ab);
+		audit_log_end(ns, ab);
 	}
 }
 
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 8af148b..6052f57 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1125,7 +1125,7 @@ static void audit_log_rule_change(kuid_t loginuid, u32 sessionid, u32 sid,
 	if (!ns->audit.enabled)
 		return;
 
-	ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
+	ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
 	if (!ab)
 		return;
 	audit_log_format(ab, "auid=%u ses=%u",
@@ -1144,7 +1144,7 @@ static void audit_log_rule_change(kuid_t loginuid, u32 sessionid, u32 sid,
 	audit_log_string(ab, action);
 	audit_log_key(ab, rule->filterkey);
 	audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 }
 
 /**
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 3c5ced9..a65020a 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1195,7 +1195,7 @@ static int audit_log_pid_context(struct user_namespace *ns,
 	u32 len;
 	int rc = 0;
 
-	ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_OBJ_PID);
+	ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_OBJ_PID);
 	if (!ab)
 		return rc;
 
@@ -1211,7 +1211,7 @@ static int audit_log_pid_context(struct user_namespace *ns,
 	}
 	audit_log_format(ab, " ocomm=");
 	audit_log_untrustedstring(ab, comm);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 
 	return rc;
 }
@@ -1313,8 +1313,8 @@ static int audit_log_single_execve_arg(struct audit_context *context,
 			room_left -= to_send;
 		if (room_left < 0) {
 			*len_sent = 0;
-			audit_log_end_ns(ns, *ab);
-			*ab = audit_log_start_ns(ns, context,
+			audit_log_end(ns, *ab);
+			*ab = audit_log_start(ns, context,
 						 GFP_KERNEL, AUDIT_EXECVE);
 			if (!*ab)
 				return 0;
@@ -1439,7 +1439,7 @@ static void show_special(struct user_namespace *ns,
 	struct audit_buffer *ab;
 	int i;
 
-	ab = audit_log_start_ns(ns, context, GFP_KERNEL, context->type);
+	ab = audit_log_start(ns, context, GFP_KERNEL, context->type);
 	if (!ab)
 		return;
 
@@ -1470,8 +1470,8 @@ static void show_special(struct user_namespace *ns,
 			}
 		}
 		if (context->ipc.has_perm) {
-			audit_log_end_ns(ns, ab);
-			ab = audit_log_start_ns(ns, context, GFP_KERNEL,
+			audit_log_end(ns, ab);
+			ab = audit_log_start(ns, context, GFP_KERNEL,
 						AUDIT_IPC_SET_PERM);
 			if (unlikely(!ab))
 				return;
@@ -1528,7 +1528,7 @@ static void show_special(struct user_namespace *ns,
 				 context->mmap.flags);
 		break; }
 	}
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 }
 
 static void audit_log_name(struct user_namespace *ns,
@@ -1536,7 +1536,7 @@ static void audit_log_name(struct user_namespace *ns,
 			   int record_num, int *call_panic)
 {
 	struct audit_buffer *ab;
-	ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_PATH);
+	ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_PATH);
 	if (!ab)
 		return; /* audit_panic has been called */
 
@@ -1591,7 +1591,7 @@ static void audit_log_name(struct user_namespace *ns,
 
 	audit_log_fcaps(ab, n);
 
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 }
 
 static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
@@ -1605,7 +1605,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
 	/* tsk == current */
 	context->personality = tsk->personality;
 
-	ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_SYSCALL);
+	ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_SYSCALL);
 	if (!ab)
 		return;		/* audit_panic has been called */
 	audit_log_format(ab, "arch=%x syscall=%d",
@@ -1627,11 +1627,11 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
 
 	audit_log_task_info(ab, tsk);
 	audit_log_key(ab, context->filterkey);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 
 	for (aux = context->aux; aux; aux = aux->next) {
 
-		ab = audit_log_start_ns(ns, context, GFP_KERNEL, aux->type);
+		ab = audit_log_start(ns, context, GFP_KERNEL, aux->type);
 		if (!ab)
 			continue; /* audit_panic has been called */
 
@@ -1657,28 +1657,28 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
 			break; }
 
 		}
-		audit_log_end_ns(ns, ab);
+		audit_log_end(ns, ab);
 	}
 
 	if (context->type)
 		show_special(ns, context, &call_panic);
 
 	if (context->fds[0] >= 0) {
-		ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_FD_PAIR);
+		ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_FD_PAIR);
 		if (ab) {
 			audit_log_format(ab, "fd0=%d fd1=%d",
 					context->fds[0], context->fds[1]);
-			audit_log_end_ns(ns, ab);
+			audit_log_end(ns, ab);
 		}
 	}
 
 	if (context->sockaddr_len) {
-		ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_SOCKADDR);
+		ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_SOCKADDR);
 		if (ab) {
 			audit_log_format(ab, "saddr=");
 			audit_log_n_hex(ab, (void *)context->sockaddr,
 					context->sockaddr_len);
-			audit_log_end_ns(ns, ab);
+			audit_log_end(ns, ab);
 		}
 	}
 
@@ -1704,10 +1704,10 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
 			call_panic = 1;
 
 	if (context->pwd.dentry && context->pwd.mnt) {
-		ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_CWD);
+		ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_CWD);
 		if (ab) {
 			audit_log_d_path(ab, " cwd=", &context->pwd);
-			audit_log_end_ns(ns, ab);
+			audit_log_end(ns, ab);
 		}
 	}
 
@@ -1716,9 +1716,9 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
 		audit_log_name(ns, context, n, i++, &call_panic);
 
 	/* Send end of event record to help user space know we are finished */
-	ab = audit_log_start_ns(ns, context, GFP_KERNEL, AUDIT_EOE);
+	ab = audit_log_start(ns, context, GFP_KERNEL, AUDIT_EOE);
 	if (ab)
-		audit_log_end_ns(ns, ab);
+		audit_log_end(ns, ab);
 	if (call_panic)
 		audit_panic("error converting sid to string");
 }
@@ -2337,7 +2337,7 @@ int audit_set_loginuid(kuid_t loginuid)
 		struct audit_buffer *ab;
 		struct user_namespace *ns = current_user_ns();
 
-		ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_LOGIN);
+		ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_LOGIN);
 		if (ab) {
 			audit_log_format(ab, "login pid=%d uid=%u "
 				"old auid=%u new auid=%u"
@@ -2347,7 +2347,7 @@ int audit_set_loginuid(kuid_t loginuid)
 				from_kuid(&init_user_ns, task->loginuid),
 				from_kuid(&init_user_ns, loginuid),
 				task->sessionid, sessionid);
-			audit_log_end_ns(ns, ab);
+			audit_log_end(ns, ab);
 		}
 	}
 	task->sessionid = sessionid;
@@ -2740,11 +2740,11 @@ void audit_core_dumps(long signr)
 	if (signr == SIGQUIT)	/* don't care for those */
 		return;
 
-	ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
+	ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
 	if (unlikely(!ab))
 		return;
 	audit_log_abend(ns, ab, "memory violation", signr);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 }
 
 void __audit_seccomp(unsigned long syscall, long signr, int code)
@@ -2752,7 +2752,7 @@ void __audit_seccomp(unsigned long syscall, long signr, int code)
 	struct audit_buffer *ab;
 	struct user_namespace *ns = current_user_ns();
 
-	ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_SECCOMP);
+	ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_SECCOMP);
 	if (unlikely(!ab))
 		return;
 	audit_log_task(ns, ab);
@@ -2761,7 +2761,7 @@ void __audit_seccomp(unsigned long syscall, long signr, int code)
 	audit_log_format(ab, " compat=%d", is_compat_task());
 	audit_log_format(ab, " ip=0x%lx", KSTK_EIP(current));
 	audit_log_format(ab, " code=0x%x", code);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 }
 
 struct list_head *audit_killed_trees(void)
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index b021445..d365d84 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -532,7 +532,7 @@ doi_add_return:
 		audit_log_format(audit_buf,
 				 " cipso_doi=%u cipso_type=%s res=%u",
 				 doi, type_str, ret_val == 0 ? 1 : 0);
-		audit_log_end_ns(current_user_ns(), audit_buf);
+		audit_log_end(current_user_ns(), audit_buf);
 	}
 
 	return ret_val;
@@ -622,7 +622,7 @@ doi_remove_return:
 		audit_log_format(audit_buf,
 				 " cipso_doi=%u res=%u",
 				 doi, ret_val == 0 ? 1 : 0);
-		audit_log_end_ns(current_user_ns(), audit_buf);
+		audit_log_end(current_user_ns(), audit_buf);
 	}
 
 	return ret_val;
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index ba90a1b..8be219e 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -861,13 +861,13 @@ xt_replace_table(struct xt_table *table,
 	if (audit_enabled_ns(ns)) {
 		struct audit_buffer *ab;
 
-		ab = audit_log_start_ns(ns, current->audit_context,
+		ab = audit_log_start(ns, current->audit_context,
 					GFP_KERNEL, AUDIT_NETFILTER_CFG);
 		if (ab) {
 			audit_log_format(ab, "table=%s family=%u entries=%u",
 					 table->name, table->af,
 					 private->number);
-			audit_log_end_ns(ns, ab);
+			audit_log_end(ns, ab);
 		}
 	}
 #endif
diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
index b1ffba2..a0b102a 100644
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@ -129,7 +129,7 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
 	if (audit_enabled_ns(ns) == 0)
 		goto errout;
 
-	ab = audit_log_start_ns(ns, NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
+	ab = audit_log_start(ns, NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
 	if (ab == NULL)
 		goto errout;
 
@@ -174,7 +174,7 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
 		audit_log_secctx(ab, skb->secmark);
 #endif
 
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 
 errout:
 	return XT_CONTINUE;
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index 7fab4b8..7c5d381 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -241,7 +241,7 @@ static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry,
 			break;
 		}
 		audit_log_format(audit_buf, " res=%u", result == 0 ? 1 : 0);
-		audit_log_end_ns(current_user_ns(), audit_buf);
+		audit_log_end(current_user_ns(), audit_buf);
 	}
 }
 
@@ -462,7 +462,7 @@ int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry,
 				 " nlbl_domain=%s res=%u",
 				 entry->domain ? entry->domain : "(default)",
 				 ret_val == 0 ? 1 : 0);
-		audit_log_end_ns(current_user_ns(), audit_buf);
+		audit_log_end(current_user_ns(), audit_buf);
 	}
 
 	if (ret_val == 0) {
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 7708078..4d62cb7 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -465,7 +465,7 @@ unlhsh_add_return:
 			security_release_secctx(secctx, secctx_len);
 		}
 		audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
-		audit_log_end_ns(current_user_ns(), audit_buf);
+		audit_log_end(current_user_ns(), audit_buf);
 	}
 	return ret_val;
 }
@@ -521,7 +521,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 			security_release_secctx(secctx, secctx_len);
 		}
 		audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
-		audit_log_end_ns(current_user_ns(), audit_buf);
+		audit_log_end(current_user_ns(), audit_buf);
 	}
 
 	if (entry == NULL)
@@ -582,7 +582,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 			security_release_secctx(secctx, secctx_len);
 		}
 		audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
-		audit_log_end_ns(current_user_ns(), audit_buf);
+		audit_log_end(current_user_ns(), audit_buf);
 	}
 
 	if (entry == NULL)
@@ -766,7 +766,7 @@ static void netlbl_unlabel_acceptflg_set(u8 value,
 	if (audit_buf != NULL) {
 		audit_log_format(audit_buf,
 				 " unlbl_accept=%u old=%u", value, old_val);
-		audit_log_end_ns(current_user_ns(), audit_buf);
+		audit_log_end(current_user_ns(), audit_buf);
 	}
 }
 
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index d7550a2..e9e4e84 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -105,8 +105,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 	if (audit_enabled_ns(ns) == 0)
 		return NULL;
 
-	audit_buf = audit_log_start_ns(ns, current->audit_context,
-				       GFP_ATOMIC, type);
+	audit_buf = audit_log_start(ns, current->audit_context,
+				    GFP_ATOMIC, type);
 	if (audit_buf == NULL)
 		return NULL;
 
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index f3cc1b9..6aaa5a7 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3008,7 +3008,7 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
 	xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
 	audit_log_format(audit_buf, " res=%u", result);
 	xfrm_audit_common_policyinfo(xp, audit_buf);
-	audit_log_end_ns(current_user_ns(), audit_buf);
+	audit_log_end(current_user_ns(), audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
 
@@ -3023,7 +3023,7 @@ void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
 	xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
 	audit_log_format(audit_buf, " res=%u", result);
 	xfrm_audit_common_policyinfo(xp, audit_buf);
-	audit_log_end_ns(current_user_ns(), audit_buf);
+	audit_log_end(current_user_ns(), audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_policy_delete);
 #endif
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 50115d9..9c824e7 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2119,7 +2119,7 @@ void xfrm_audit_state_add(struct xfrm_state *x, int result,
 	xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
 	xfrm_audit_helper_sainfo(x, audit_buf);
 	audit_log_format(audit_buf, " res=%u", result);
-	audit_log_end_ns(current_user_ns(), audit_buf);
+	audit_log_end(current_user_ns(), audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
 
@@ -2134,7 +2134,7 @@ void xfrm_audit_state_delete(struct xfrm_state *x, int result,
 	xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
 	xfrm_audit_helper_sainfo(x, audit_buf);
 	audit_log_format(audit_buf, " res=%u", result);
-	audit_log_end_ns(current_user_ns(), audit_buf);
+	audit_log_end(current_user_ns(), audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
 
@@ -2152,7 +2152,7 @@ void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
 	 * of audit message */
 	spi = ntohl(x->id.spi);
 	audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
-	audit_log_end_ns(current_user_ns(), audit_buf);
+	audit_log_end(current_user_ns(), audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
 
@@ -2169,7 +2169,7 @@ void xfrm_audit_state_replay(struct xfrm_state *x,
 	spi = ntohl(x->id.spi);
 	audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
 			 spi, spi, ntohl(net_seq));
-	audit_log_end_ns(current_user_ns(), audit_buf);
+	audit_log_end(current_user_ns(), audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay);
 
@@ -2181,7 +2181,7 @@ void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
 	if (audit_buf == NULL)
 		return;
 	xfrm_audit_helper_pktinfo(skb, family, audit_buf);
-	audit_log_end_ns(current_user_ns(), audit_buf);
+	audit_log_end(current_user_ns(), audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
 
@@ -2198,7 +2198,7 @@ void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
 	spi = ntohl(net_spi);
 	audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
 			 spi, spi, ntohl(net_seq));
-	audit_log_end_ns(current_user_ns(), audit_buf);
+	audit_log_end(current_user_ns(), audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
 
@@ -2218,7 +2218,7 @@ void xfrm_audit_state_icvfail(struct xfrm_state *x,
 		audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
 				 spi, spi, ntohl(net_seq));
 	}
-	audit_log_end_ns(current_user_ns(), audit_buf);
+	audit_log_end(current_user_ns(), audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
 #endif /* CONFIG_AUDITSYSCALL */
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index a94b54e..e60147f 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -223,8 +223,8 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
 		hex_byte_pack(hash + (i * 2), iint->ima_xattr.digest[i]);
 	hash[i * 2] = '\0';
 
-	ab = audit_log_start_ns(ns, current->audit_context, GFP_KERNEL,
-				AUDIT_INTEGRITY_RULE);
+	ab = audit_log_start(ns, current->audit_context, GFP_KERNEL,
+			     AUDIT_INTEGRITY_RULE);
 	if (!ab)
 		return;
 
@@ -234,7 +234,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
 	audit_log_untrustedstring(ab, hash);
 
 	audit_log_task_info(ab, current);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 
 	iint->flags |= IMA_AUDITED;
 }
diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c
index e7a205b..91e559e 100644
--- a/security/integrity/ima/ima_audit.c
+++ b/security/integrity/ima/ima_audit.c
@@ -39,8 +39,8 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
 		return;
 
 	ns = current_user_ns();
-	ab = audit_log_start_ns(ns, current->audit_context,
-				GFP_KERNEL, audit_msgno);
+	ab = audit_log_start(ns, current->audit_context,
+			     GFP_KERNEL, audit_msgno);
 	audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
 			 current->pid,
 			 from_kuid(ns, current_cred()->uid),
@@ -63,5 +63,5 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
 		audit_log_format(ab, " ino=%lu", inode->i_ino);
 	}
 	audit_log_format(ab, " res=%d", !result);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 }
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index c817d35..43e9af6 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -416,7 +416,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
 	int result = 0;
 	struct user_namespace *ns = current_user_ns();
 
-	ab = audit_log_start_ns(ns, NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
+	ab = audit_log_start(ns, NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
 
 	entry->uid = INVALID_UID;
 	entry->fowner = INVALID_UID;
@@ -634,7 +634,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
 	else if (entry->func == MODULE_CHECK)
 		ima_appraise |= IMA_APPRAISE_MODULES;
 	audit_log_format(ab, "res=%d", !result);
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 	return result;
 }
 
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 90fcd08..ace11d3 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -399,8 +399,8 @@ void common_lsm_audit(struct common_audit_data *a,
 
 	ns = current_user_ns();
 	/* we use GFP_ATOMIC so we won't sleep */
-	ab = audit_log_start_ns(ns, current->audit_context,
-				GFP_ATOMIC, AUDIT_AVC);
+	ab = audit_log_start(ns, current->audit_context,
+			     GFP_ATOMIC, AUDIT_AVC);
 
 	if (ab == NULL)
 		return;
@@ -413,5 +413,5 @@ void common_lsm_audit(struct common_audit_data *a,
 	if (post_audit)
 		post_audit(ab, a);
 
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 93b6c72..3e5a906 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2799,11 +2799,11 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
 				str = "";
 				audit_size = 0;
 			}
-			ab = audit_log_start_ns(ns, current->audit_context,
-						GFP_ATOMIC, AUDIT_SELINUX_ERR);
+			ab = audit_log_start(ns, current->audit_context,
+					     GFP_ATOMIC, AUDIT_SELINUX_ERR);
 			audit_log_format(ab, "op=setxattr invalid_context=");
 			audit_log_n_untrustedstring(ab, value, audit_size);
-			audit_log_end_ns(ns, ab);
+			audit_log_end(ns, ab);
 
 			return rc;
 		}
@@ -5338,13 +5338,13 @@ static int selinux_setprocattr(struct task_struct *p,
 					audit_size = size - 1;
 				else
 					audit_size = size;
-				ab = audit_log_start_ns(ns,
-							current->audit_context,
-							GFP_ATOMIC,
-							AUDIT_SELINUX_ERR);
+				ab = audit_log_start(ns,
+						     current->audit_context,
+						     GFP_ATOMIC,
+						     AUDIT_SELINUX_ERR);
 				audit_log_format(ab, "op=fscreate invalid_context=");
 				audit_log_n_untrustedstring(ab, value, audit_size);
-				audit_log_end_ns(ns, ab);
+				audit_log_end(ns, ab);
 
 				return error;
 			}
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 140a383..9cdd1e5 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -503,8 +503,8 @@ static void security_dump_masked_av(struct context *scontext,
 
 	/* audit a message */
 	ns = current_user_ns();
-	ab = audit_log_start_ns(ns, current->audit_context,
-				GFP_ATOMIC, AUDIT_SELINUX_ERR);
+	ab = audit_log_start(ns, current->audit_context,
+			     GFP_ATOMIC, AUDIT_SELINUX_ERR);
 	if (!ab)
 		goto out;
 
@@ -524,7 +524,7 @@ static void security_dump_masked_av(struct context *scontext,
 				 ? permission_names[index] : "????");
 		need_comma = true;
 	}
-	audit_log_end_ns(ns, ab);
+	audit_log_end(ns, ab);
 out:
 	/* release scontext/tcontext */
 	kfree(tcontext_name);
-- 
1.8.1.4



More information about the Containers mailing list