audit: minimize our use of audit_log_format()

There are some cases where we are making multiple audit_log_format() calls in a row, for no apparent reason. Squash these down to a single audit_log_format() call whenever possible. Acked-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2025-01-16 21:35:07 +00:00 · 2018-08-02 17:56:50 -04:00 · 2018-08-02 17:56:50 -04:00 · d0a3f18a70
commit d0a3f18a70
parent c8fc5d49c3
5 changed files with 11 additions and 16 deletions
--- a/kernel/audit.c
+++ b/kernel/audit.c
@ -2177,22 +2177,21 @@ void audit_log_name(struct audit_context *context, struct audit_names *n,
 	}
 	/* log the audit_names record type */
 	audit_log_format(ab, " nametype=");
 	switch(n->type) {
 	case AUDIT_TYPE_NORMAL:
-		audit_log_format(ab, "NORMAL");
+		audit_log_format(ab, " nametype=NORMAL");
 		break;
 	case AUDIT_TYPE_PARENT:
-		audit_log_format(ab, "PARENT");
+		audit_log_format(ab, " nametype=PARENT");
 		break;
 	case AUDIT_TYPE_CHILD_DELETE:
-		audit_log_format(ab, "DELETE");
+		audit_log_format(ab, " nametype=DELETE");
 		break;
 	case AUDIT_TYPE_CHILD_CREATE:
-		audit_log_format(ab, "CREATE");
+		audit_log_format(ab, " nametype=CREATE");
 		break;
 	default:
-		audit_log_format(ab, "UNKNOWN");
+		audit_log_format(ab, " nametype=UNKNOWN");
 		break;
 	}
--- a/kernel/audit_fsnotify.c
+++ b/kernel/audit_fsnotify.c
@ -131,8 +131,7 @@ static void audit_mark_log_rule_change(struct audit_fsnotify_mark *audit_mark, c
 	if (unlikely(!ab))
 		return;
 	audit_log_session_info(ab);
-	audit_log_format(ab, " op=%s", op);
+	audit_log_format(ab, " op=%s path=", op);
 	audit_log_format(ab, " path=");
 	audit_log_untrustedstring(ab, audit_mark->path);
 	audit_log_key(ab, rule->filterkey);
 	audit_log_format(ab, " list=%d res=1", rule->listnr);
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@ -533,8 +533,7 @@ static void audit_tree_log_remove_rule(struct audit_krule *rule)
 	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
 	if (unlikely(!ab))
 		return;
-	audit_log_format(ab, "op=remove_rule");
+	audit_log_format(ab, "op=remove_rule dir=");
 	audit_log_format(ab, " dir=");
 	audit_log_untrustedstring(ab, rule->tree->pathname);
 	audit_log_key(ab, rule->filterkey);
 	audit_log_format(ab, " list=%d res=1", rule->listnr);
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@ -246,8 +246,7 @@ static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watc
 	if (!ab)
 		return;
 	audit_log_session_info(ab);
-	audit_log_format(ab, "op=%s", op);
+	audit_log_format(ab, "op=%s path=", op);
 	audit_log_format(ab, " path=");
 	audit_log_untrustedstring(ab, w->path);
 	audit_log_key(ab, r->filterkey);
 	audit_log_format(ab, " list=%d res=1", r->listnr);
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@ -2503,10 +2503,9 @@ void audit_seccomp_actions_logged(const char *names, const char *old_names,
 	if (unlikely(!ab))
 		return;
-	audit_log_format(ab, "op=seccomp-logging");
+	audit_log_format(ab,
-	audit_log_format(ab, " actions=%s", names);
+			 "op=seccomp-logging actions=%s old-actions=%s res=%d",
-	audit_log_format(ab, " old-actions=%s", old_names);
+			 names, old_names, res);
 	audit_log_format(ab, " res=%d", res);
 	audit_log_end(ab);
 }