1
Index: b/security/apparmor/apparmor.h
2
===================================================================
3
--- a/security/apparmor/apparmor.h
4
+++ b/security/apparmor/apparmor.h
5
@@ -72,8 +72,14 @@ static inline int mediated_filesystem(st
7
printk(KERN_DEBUG "AppArmor: " fmt, ##args); \
9
-#define AA_INFO(fmt, args...) printk(KERN_INFO "AppArmor: " fmt, ##args)
10
-#define AA_WARN(fmt, args...) printk(KERN_WARNING "AppArmor: " fmt, ##args)
11
+#define AA_INFO(gfp, fmt, args...) \
13
+ printk(KERN_INFO "AppArmor: " fmt, ##args); \
14
+ aa_audit_message(NULL, gfp, 0, fmt, ##args); \
16
+#define AA_WARN(gfp, fmt, args...) \
17
+ aa_audit_message(NULL, gfp, 0, fmt, ##args);
19
#define AA_ERROR(fmt, args...) printk(KERN_ERR "AppArmor: " fmt, ##args)
21
/* basic AppArmor data structures */
22
Index: b/security/apparmor/apparmorfs.c
23
===================================================================
24
--- a/security/apparmor/apparmorfs.c
25
+++ b/security/apparmor/apparmorfs.c
26
@@ -166,7 +166,7 @@ static char *aa_simple_write_to_buffer(c
28
profile = aa_get_profile(current);
30
- AA_WARN("REJECTING access to profile %s (%s(%d) "
31
+ AA_WARN(GFP_KERNEL, "REJECTING access to profile %s (%s(%d) "
32
"profile %s active %s)\n",
33
msg, current->comm, current->pid,
34
profile->parent->name, profile->name);
35
Index: b/security/apparmor/lsm.c
36
===================================================================
37
--- a/security/apparmor/lsm.c
38
+++ b/security/apparmor/lsm.c
39
@@ -628,7 +628,8 @@ static int apparmor_setprocattr(struct t
41
/* Only the current process may change it's hat */
42
if (current != task) {
43
- AA_WARN("%s: Attempt by foreign task %s(%d) "
45
+ "%s: Attempt by foreign task %s(%d) "
46
"[user %d] to changehat of task %s(%d)\n",
49
@@ -655,7 +656,8 @@ static int apparmor_setprocattr(struct t
52
if (!capable(CAP_SYS_ADMIN)) {
53
- AA_WARN("%s: Unprivileged attempt by task %s(%d) "
55
+ "%s: Unprivileged attempt by task %s(%d) "
56
"[user %d] to assign profile to task %s(%d)\n",
59
@@ -679,7 +681,8 @@ static int apparmor_setprocattr(struct t
63
- AA_WARN("%s: Attempt by confined task %s(%d) "
65
+ "%s: Attempt by confined task %s(%d) "
66
"[user %d] to assign profile to task %s(%d)\n",
69
@@ -693,8 +696,9 @@ static int apparmor_setprocattr(struct t
70
aa_put_profile(profile);
72
/* unknown operation */
73
- AA_WARN("%s: Unknown setprocattr command '%.*s' by task %s(%d) "
74
- "[user %d] for task %s(%d)\n",
76
+ "%s: Unknown setprocattr command '%.*s' by task %s(%d)"
77
+ " [user %d] for task %s(%d)\n",
79
size < 16 ? (int)size : 16,
81
@@ -780,7 +784,7 @@ static int __init apparmor_init(void)
82
goto register_security_out;
85
- AA_INFO("AppArmor initialized%s\n",
86
+ AA_INFO(GFP_KERNEL, "AppArmor initialized%s\n",
87
apparmor_complain ? complainmsg : "");
88
aa_audit_message(NULL, GFP_KERNEL, 0,
89
"AppArmor initialized%s\n",
90
@@ -833,9 +837,10 @@ static void __exit apparmor_exit(void)
93
if (unregister_security(&apparmor_ops))
94
- AA_WARN("Unable to properly unregister AppArmor\n");
95
+ AA_INFO(GFP_KERNEL, "Unable to properly unregister "
98
- AA_INFO("AppArmor protection removed\n");
99
+ AA_INFO(GFP_KERNEL, "AppArmor protection removed\n");
100
aa_audit_message(NULL, GFP_KERNEL, 0,
101
"AppArmor protection removed\n");
103
Index: b/security/apparmor/main.c
104
===================================================================
105
--- a/security/apparmor/main.c
106
+++ b/security/apparmor/main.c
107
@@ -807,7 +807,7 @@ aa_register_find(struct aa_profile *prof
109
profile = aa_dup_profile(null_complain_profile);
111
- AA_WARN("REJECTING exec(2) of image '%s'. "
112
+ AA_WARN(GFP_KERNEL, "REJECTING exec(2) of image '%s'. "
113
"Profile mandatory and not found "
114
"(%s(%d) profile %s active %s)\n",
116
@@ -844,7 +844,8 @@ int aa_register(struct linux_binprm *bpr
118
filename = aa_get_name(filp->f_dentry, filp->f_vfsmnt, &buffer, 0);
119
if (IS_ERR(filename)) {
120
- AA_WARN("%s: Failed to get filename\n", __FUNCTION__);
121
+ AA_WARN(GFP_KERNEL, "%s: Failed to get filename\n",
126
@@ -907,7 +908,8 @@ repeat:
127
new_profile = aa_dup_profile(null_complain_profile);
128
exec_mode |= AA_EXEC_UNSAFE;
130
- AA_WARN("%s: Rejecting exec(2) of image '%s'. "
131
+ AA_WARN(GFP_KERNEL,
132
+ "%s: Rejecting exec(2) of image '%s'. "
133
"Unable to determine exec qualifier "
134
"(%s (pid %d) profile %s active %s)\n",
136
@@ -1094,7 +1096,7 @@ int aa_change_hat(const char *hat_name,
138
/* Dump out above debugging in WARN mode if we are in AUDIT mode */
139
if (APPARMOR_AUDIT(aa_task_context(current))) {
140
- AA_WARN("%s: %s, 0x%llx (pid %d)\n",
141
+ AA_WARN(GFP_KERNEL, "%s: %s, 0x%llx (pid %d)\n",
142
__FUNCTION__, hat_name ? hat_name : "NULL",
143
hat_magic, current->pid);
145
Index: b/security/apparmor/module_interface.c
146
===================================================================
147
--- a/security/apparmor/module_interface.c
148
+++ b/security/apparmor/module_interface.c
149
@@ -288,7 +288,7 @@ static struct aa_profile *aa_unpack_prof
153
- AA_WARN("Invalid profile %s\n",
154
+ AA_WARN(GFP_KERNEL, "Invalid profile %s\n",
155
profile && profile->name ? profile->name : "unknown");
158
@@ -329,13 +329,14 @@ static int aa_verify_header(struct aa_ex
160
/* get the interface version */
161
if (!aa_is_u32(e, &e->version, "version")) {
162
- AA_WARN("Interface version missing\n");
163
+ AA_WARN(GFP_KERNEL, "Interface version missing\n");
164
return -EPROTONOSUPPORT;
167
/* check that the interface version is currently supported */
168
if (e->version != 3) {
169
- AA_WARN("Unsupported interface version (%d)\n", e->version);
170
+ AA_WARN(GFP_KERNEL,
171
+ "Unsupported interface version (%d)\n", e->version);
172
return -EPROTONOSUPPORT;
175
Index: b/security/apparmor/procattr.c
176
===================================================================
177
--- a/security/apparmor/procattr.c
178
+++ b/security/apparmor/procattr.c
179
@@ -86,7 +86,8 @@ int aa_setprocattr_changehat(char *hatin
181
magic = simple_strtoull(token, &hat, 16);
182
if (hat == token || *hat != '^') {
183
- AA_WARN("%s: Invalid input '%s'\n", __FUNCTION__, token);
184
+ AA_WARN(GFP_KERNEL, "%s: Invalid input '%s'\n",
185
+ __FUNCTION__, token);
189
@@ -97,7 +98,8 @@ int aa_setprocattr_changehat(char *hatin
192
if (!hat && !magic) {
193
- AA_WARN("%s: Invalid input, NULL hat and NULL magic\n",
194
+ AA_WARN(GFP_KERNEL,
195
+ "%s: Invalid input, NULL hat and NULL magic\n",
199
@@ -145,7 +147,8 @@ repeat:
200
if (strcmp(name_copy, "unconfined") != 0) {
201
new_profile = aa_find_profile(name_copy);
203
- AA_WARN("%s: Unable to switch task %s(%d) to profile"
204
+ AA_WARN(GFP_KERNEL,
205
+ "%s: Unable to switch task %s(%d) to profile"
206
"'%s'. No such profile.\n",
208
task->comm, task->pid,
209
@@ -167,7 +170,8 @@ repeat:
213
- AA_WARN("%s: Switching task %s(%d) "
214
+ AA_WARN(GFP_KERNEL,
215
+ "%s: Switching task %s(%d) "
216
"profile %s active %s to new profile %s\n",
218
task->comm, task->pid,
219
@@ -177,14 +181,16 @@ repeat:
223
- AA_WARN("%s: Unconfining task %s(%d) "
224
+ AA_WARN(GFP_KERNEL,
225
+ "%s: Unconfining task %s(%d) "
226
"profile %s active %s\n",
228
task->comm, task->pid,
229
old_profile->parent->name,
232
- AA_WARN("%s: task %s(%d) "
233
+ AA_WARN(GFP_KERNEL,
235
"is already unconfined\n",
236
__FUNCTION__, task->comm, task->pid);