2bf4969032
Convert avc_audit in security/selinux/avc.c to use lsm_audit.h, for better maintainability. - changed selinux to use common_audit_data instead of avc_audit_data - eliminated code in avc.c and used code from lsm_audit.h instead. Had to add a LSM_AUDIT_NO_AUDIT to lsm_audit.h so that avc_audit can call common_lsm_audit and do the pre and post callbacks without doing the actual dump. This makes it so that the patched version behaves the same way as the unpatched version. Also added a denied field to the selinux_audit_data private space, once again to make it so that the patched version behaves like the unpatched. I've tested and confirmed that AVCs look the same before and after this patch. Signed-off-by: Thomas Liu <tliu@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
26 lines
857 B
Makefile
26 lines
857 B
Makefile
#
|
|
# Makefile for the kernel security code
|
|
#
|
|
|
|
obj-$(CONFIG_KEYS) += keys/
|
|
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
|
|
subdir-$(CONFIG_SECURITY_SMACK) += smack
|
|
subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
|
|
|
|
# always enable default capabilities
|
|
obj-y += commoncap.o min_addr.o
|
|
|
|
# Object file lists
|
|
obj-$(CONFIG_SECURITY) += security.o capability.o
|
|
obj-$(CONFIG_SECURITYFS) += inode.o
|
|
# Must precede capability.o in order to stack properly.
|
|
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
|
|
obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
|
|
obj-$(CONFIG_AUDIT) += lsm_audit.o
|
|
obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o
|
|
obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o
|
|
obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
|
|
|
|
# Object integrity file lists
|
|
subdir-$(CONFIG_IMA) += integrity/ima
|
|
obj-$(CONFIG_IMA) += integrity/ima/built-in.o
|