LSM: shrink sizeof LSM specific portion of common_audit_data

[~andy/linux] / security / apparmor / lsm.c

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index d7f06f8b283721df6f450bff880aa6d87a40bb50..ad05d391974dc1b83e67f7297324fc260a9a99da 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -136,16 +136,16 @@ static int apparmor_capget(struct task_struct *target, kernel_cap_t *effective,
        return 0;
 }
 
-static int apparmor_capable(struct task_struct *task, const struct cred *cred,
-                           struct user_namespace *ns, int cap, int audit)
+static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
+                           int cap, int audit)
 {
        struct aa_profile *profile;
        /* cap_capable returns 0 on success, else -EPERM */
-       int error = cap_capable(task, cred, ns, cap, audit);
+       int error = cap_capable(cred, ns, cap, audit);
        if (!error) {
                profile = aa_cred_profile(cred);
                if (!unconfined(profile))
-                       error = aa_capable(task, profile, cap, audit);
+                       error = aa_capable(current, profile, cap, audit);
        }
        return error;
 }
@@ -588,10 +588,12 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
                        error = aa_setprocattr_permipc(args);
                } else {
                        struct common_audit_data sa;
+                       struct apparmor_audit_data aad = {0,};
                        COMMON_AUDIT_DATA_INIT(&sa, NONE);
-                       sa.aad.op = OP_SETPROCATTR;
-                       sa.aad.info = name;
-                       sa.aad.error = -EINVAL;
+                       sa.aad = &aad;
+                       aad.op = OP_SETPROCATTR;
+                       aad.info = name;
+                       aad.error = -EINVAL;
                        return aa_audit(AUDIT_APPARMOR_DENIED,
                                        __aa_current_profile(), GFP_KERNEL,
                                        &sa, NULL);
@@ -708,7 +710,7 @@ module_param_call(mode, param_set_mode, param_get_mode,
                  &aa_g_profile_mode, S_IRUSR | S_IWUSR);
 
 /* Debug mode */
-int aa_g_debug;
+bool aa_g_debug;
 module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);
 
 /* Audit mode */
@@ -719,7 +721,7 @@ module_param_call(audit, param_set_audit, param_get_audit,
 /* Determines if audit header is included in audited messages.  This
  * provides more context if the audit daemon is not running
  */
-int aa_g_audit_header = 1;
+bool aa_g_audit_header = 1;
 module_param_named(audit_header, aa_g_audit_header, aabool,
                   S_IRUSR | S_IWUSR);
 
@@ -727,12 +729,12 @@ module_param_named(audit_header, aa_g_audit_header, aabool,
  * TODO: add in at boot loading of policy, which is the only way to
  *       load policy, if lock_policy is set
  */
-int aa_g_lock_policy;
+bool aa_g_lock_policy;
 module_param_named(lock_policy, aa_g_lock_policy, aalockpolicy,
                   S_IRUSR | S_IWUSR);
 
 /* Syscall logging mode */
-int aa_g_logsyscall;
+bool aa_g_logsyscall;
 module_param_named(logsyscall, aa_g_logsyscall, aabool, S_IRUSR | S_IWUSR);
 
 /* Maximum pathname length before accesses will start getting rejected */
@@ -742,12 +744,12 @@ module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR | S_IWUSR);
 /* Determines how paranoid loading of policy is and how much verification
  * on the loaded policy is done.
  */
-int aa_g_paranoid_load = 1;
+bool aa_g_paranoid_load = 1;
 module_param_named(paranoid_load, aa_g_paranoid_load, aabool,
                   S_IRUSR | S_IWUSR);
 
 /* Boot time disable flag */
-static unsigned int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
+static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
 module_param_named(enabled, apparmor_enabled, aabool, S_IRUSR);
 
 static int __init apparmor_enabled_setup(char *str)