Re: [PATCH 3rd revision] Add SELinux context support to AUDIT target
int audit_log_secctx(struct auditbuffer *ab, u32 secid)
{
int len, rc;
char *ctx;
rc = security_secid_to_secctx(sid, &ctx, &len);
if (rc) {
audit_panic("Cannot convert secid to context");
} else {
audit_log_format(ab, " subj=%s", ctx);
security_release_secctx(ctx, len);
}
return rc;
}
Such a function could be used a couple of places in the audit code itself.
My view on this is that LSM error-handling should be part of LSM.
I presume security_secid_to_secctx is going to be called from quite a
few places (well, I know of at least two now and they have nothing to do
with the LSM) and in my opinion it would be better if that error
handling, if adopted, is implemented within the function itself -
whether by calling another function, like the one you proposed above, or
as part of the secctx retrieval - this could be open to interpretation,
but the point I am trying to make is that whichever code
security_secid_to_secctx is invoked from shouldn't be involved in
reporting/handling (internal LSM) errors at all.
I think I made that point in my previous post, but just wanted to make
sure that is the case.