tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Audit: remove unused audit_log_secctx function

The function audit_log_secctx() is unused in the upstream kernel.
All it does is wrap another function that doesn't need wrapping.
It claims to give you the SELinux context, but that is not true if
you are using a different security module.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Casey Schaufler and committed by
Paul Moore f7b53637 33e8a907

-34
-8
include/linux/audit.h
··· 149 149 extern void audit_log_link_denied(const char *operation, 150 150 const struct path *link); 151 151 extern void audit_log_lost(const char *message); 152 - #ifdef CONFIG_SECURITY 153 - extern void audit_log_secctx(struct audit_buffer *ab, u32 secid); 154 - #else 155 - static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid) 156 - { } 157 - #endif 158 152 159 153 extern int audit_log_task_context(struct audit_buffer *ab); 160 154 extern void audit_log_task_info(struct audit_buffer *ab, ··· 196 202 { } 197 203 static inline void audit_log_link_denied(const char *string, 198 204 const struct path *link) 199 - { } 200 - static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid) 201 205 { } 202 206 static inline int audit_log_task_context(struct audit_buffer *ab) 203 207 {
-26
kernel/audit.c
··· 2345 2345 } 2346 2346 } 2347 2347 2348 - #ifdef CONFIG_SECURITY 2349 - /** 2350 - * audit_log_secctx - Converts and logs SELinux context 2351 - * @ab: audit_buffer 2352 - * @secid: security number 2353 - * 2354 - * This is a helper function that calls security_secid_to_secctx to convert 2355 - * secid to secctx and then adds the (converted) SELinux context to the audit 2356 - * log by calling audit_log_format, thus also preventing leak of internal secid 2357 - * to userspace. If secid cannot be converted audit_panic is called. 2358 - */ 2359 - void audit_log_secctx(struct audit_buffer *ab, u32 secid) 2360 - { 2361 - u32 len; 2362 - char *secctx; 2363 - 2364 - if (security_secid_to_secctx(secid, &secctx, &len)) { 2365 - audit_panic("Cannot convert secid to context"); 2366 - } else { 2367 - audit_log_format(ab, " obj=%s", secctx); 2368 - security_release_secctx(secctx, len); 2369 - } 2370 - } 2371 - EXPORT_SYMBOL(audit_log_secctx); 2372 - #endif 2373 - 2374 2348 EXPORT_SYMBOL(audit_log_start); 2375 2349 EXPORT_SYMBOL(audit_log_end); 2376 2350 EXPORT_SYMBOL(audit_log_format);