[PATCH -mm 0/4] LSM interfaced Audit (SELinux audit separation)

["Ahmed S. Darwish" <darwish.07@gmail.com>]

Hi everybody,

This is a beginning of work (started and suggested by Casey Schaufler)
to let Audit be LSM neutral. This is done for proper audit<->SMACK 
integration which will also be useful for any future LSM.

What follows is four patches to remove the following exported 
SElinux interfaces:
selinux_get_inode_sid(inode, sid)
selinux_get_ipc_sid(ipcp, sid) 
selinux_get_task_sid(tsk, sid)
selinux_sid_to_string(sid, ctx, len)

and substitue them respectively with:
new LSM hook, inode_getsecid(inode, secid)
new LSM hook, ipc_getsecid*(ipcp, secid)
LSM hook, task_getsecid(tsk, secid)
LSM hook, sid_to_secctx(sid, ctx, len)

The work isn't complete yet, and those four patches are sent for
an early review. A new LSM interfaces/hooks will be created to
substitute the SELinux exported audit interfaces, thus completing
the separation.

It's worthy to note that those changes can be merged in
their current state. The tree is fully grepped to make sure
that no subsystem ,except the patched ones, will be affected
by this SELinux API breakage.

Diffstat:

 include/linux/security.h   |   23 +++++++++++++++-
 include/linux/selinux.h    |   62 ---------------------------------------------
 kernel/audit.c             |   14 +++++-----
 kernel/auditfilter.c       |    5 ++-
 kernel/auditsc.c           |   37 +++++++++++++-------------
 net/netlink/af_netlink.c   |    3 --
 security/dummy.c           |   16 ++++++++++-
 security/security.c        |   12 ++++++++
 security/selinux/exports.c |   42 ------------------------------
 security/selinux/hooks.c   |   19 ++++++++++++-
 10 files changed, 95 insertions(+), 138 deletions(-)

Thanks in advance for your reviews and comments.

-- 
Ahmed S. Darwish
Blog: http://darwish-07.blogspot.com
Homepage: http://darwish.07.googlepages.com