UBUNTU: SAUCE: apparmor4.0.0 [01/90]: LSM stacking v39: integrity: disassociate ima_filter_rule from security_audit_rule

BugLink: http://bugs.launchpad.net/bugs/2028253 Create real functions for the ima_filter_rule interfaces. These replace #defines that obscure the reuse of audit interfaces. The new functions are put in security.c because they use security module registered hooks that we don't want exported. Acked-by: Paul Moore <paul@paul-moore.com> Reviewed-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> To: Mimi Zohar <zohar@linux.ibm.com> Cc: linux-integrity@vger.kernel.org (cherry picked from commit ceac4ac3a986cd84c6b83ff962fbc4206e42bd99 https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
2023-05-18 13:54:20 -07:00
parent 95dc0f6212
commit 4b2f41f91a
3 changed files with 45 additions and 26 deletions
@@ -420,32 +420,6 @@ static inline void ima_free_modsig(struct modsig *modsig)
 }
 #endif /* CONFIG_IMA_APPRAISE_MODSIG */

-/* LSM based policy rules require audit */
-#ifdef CONFIG_IMA_LSM_RULES
-
-#define ima_filter_rule_init security_audit_rule_init
-#define ima_filter_rule_free security_audit_rule_free
-#define ima_filter_rule_match security_audit_rule_match
-
-#else
-
-static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr,
-				       void **lsmrule)
-{
-	return -EINVAL;
-}
-
-static inline void ima_filter_rule_free(void *lsmrule)
-{
-}
-
-static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op,
-					void *lsmrule)
-{
-	return -EINVAL;
-}
-#endif /* CONFIG_IMA_LSM_RULES */
-
 #ifdef	CONFIG_IMA_READ_POLICY
 #define	POLICY_FILE_FLAGS	(S_IWUSR | S_IRUSR)
 #else