[ghak81,RFC,V1,3/5] audit: use inline function to get audit context

Message ID	0e43c5135c197209b3189032d538244571e7443d.1525466167.git.rgb@redhat.com
State	RFC
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Richard Guy Briggs <rgb@redhat.com> To: Linux-Audit Mailing List <linux-audit@redhat.com>, LKML <linux-kernel@vger.kernel.org>, Linux NetDev Upstream Mailing List <netdev@vger.kernel.org>, Netfilter Devel List <netfilter-devel@vger.kernel.org>, Linux Security Module list <linux-security-module@vger.kernel.org>, Integrity Measurement Architecture <linux-integrity@vger.kernel.org>, SElinux list <selinux@tycho.nsa.gov> Cc: Eric Paris <eparis@redhat.com>, Paul Moore <paul@paul-moore.com>, Steve Grubb <sgrubb@redhat.com>, Ingo Molnar <mingo@redhat.com>, David Howells <dhowells@redhat.com>, Richard Guy Briggs <rgb@redhat.com> Subject: [PATCH ghak81 RFC V1 3/5] audit: use inline function to get audit context Date: Fri, 4 May 2018 16:54:36 -0400 Message-Id: <0e43c5135c197209b3189032d538244571e7443d.1525466167.git.rgb@redhat.com> In-Reply-To: <cover.1525466167.git.rgb@redhat.com> References: <cover.1525466167.git.rgb@redhat.com> In-Reply-To: <cover.1525466167.git.rgb@redhat.com> References: <cover.1525466167.git.rgb@redhat.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	audit: group task params \| expand [ghak81,RFC,V1,0/5] audit: group task params [ghak81,RFC,V1,1/5] audit: normalize loginuid read access [ghak81,RFC,V1,2/5] audit: convert sessionid unset to a macro [ghak81,RFC,V1,3/5] audit: use inline function to get audit context [ghak81,RFC,V1,4/5] audit: use inline function to set audit context [ghak81,RFC,V1,5/5] audit: collect audit task parameters

diff --git a/include/linux/audit.h b/include/linux/audit.h index 5f86f7c..93e4c61 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -235,26 +235,30 @@ extern void __audit_inode_child(struct inode *parent, extern void __audit_seccomp(unsigned long syscall, long signr, int code); extern void __audit_ptrace(struct task_struct *t); +static inline struct audit_context *audit_context(struct task_struct *task) +{ + return task->audit_context; +} static inline bool audit_dummy_context(void) { - void *p = current->audit_context; + void *p = audit_context(current); return !p || *(int *)p; } static inline void audit_free(struct task_struct *task) { - if (unlikely(task->audit_context)) + if (unlikely(audit_context(task))) __audit_free(task); } static inline void audit_syscall_entry(int major, unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3) { - if (unlikely(current->audit_context)) + if (unlikely(audit_context(current))) __audit_syscall_entry(major, a0, a1, a2, a3); } static inline void audit_syscall_exit(void *pt_regs) { - if (unlikely(current->audit_context)) { + if (unlikely(audit_context(current))) { int success = is_syscall_success(pt_regs); long return_code = regs_return_value(pt_regs); @@ -468,6 +472,10 @@ static inline bool audit_dummy_context(void) { return true; } +static inline struct audit_context *audit_context(struct task_struct *task) +{ + return NULL; +} static inline struct filename *audit_reusename(const __user char *name) { return NULL; diff --git a/include/net/xfrm.h b/include/net/xfrm.h index fcce8ee..2788332 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -736,7 +736,7 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op) if (audit_enabled == 0) return NULL; - audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, + audit_buf = audit_log_start(audit_context(current), GFP_ATOMIC, AUDIT_MAC_IPSEC_EVENT); if (audit_buf == NULL) return NULL; diff --git a/kernel/audit.c b/kernel/audit.c index e9f9a90..9a03603 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1099,7 +1099,7 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature if (audit_enabled == AUDIT_OFF) return; - ab = audit_log_start(current->audit_context, + ab = audit_log_start(audit_context(current), GFP_KERNEL, AUDIT_FEATURE_CHANGE); if (!ab) return; @@ -2317,7 +2317,7 @@ void audit_log_link_denied(const char *operation) return; /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */ - ab = audit_log_start(current->audit_context, GFP_KERNEL, + ab = audit_log_start(audit_context(current), GFP_KERNEL, AUDIT_ANOM_LINK); if (!ab) return; diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index 9eb8b35..8b596c4 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c @@ -274,7 +274,7 @@ static void audit_update_watch(struct audit_parent *parent, /* If the update involves invalidating rules, do the inode-based * filtering now, so we don't omit records. */ if (invalidating && !audit_dummy_context()) - audit_filter_inodes(current, current->audit_context); + audit_filter_inodes(current, audit_context(current)); /* updating ino will likely change which audit_hash_list we * are on so we need a new watch for the new list */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6e3ceb9..a4bbdcc 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -836,7 +836,7 @@ static inline struct audit_context *audit_take_context(struct task_struct *tsk, int return_valid, long return_code) { - struct audit_context *context = tsk->audit_context; + struct audit_context *context = audit_context(tsk); if (!context) return NULL; @@ -1510,7 +1510,7 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, unsigned long a3, unsigned long a4) { struct task_struct *tsk = current; - struct audit_context *context = tsk->audit_context; + struct audit_context *context = audit_context(tsk); enum audit_state state; if (!audit_enabled || !context) @@ -1602,7 +1602,7 @@ static inline void handle_one(const struct inode *inode) int count; if (likely(!inode->i_fsnotify_marks)) return; - context = current->audit_context; + context = audit_context(current); p = context->trees; count = context->tree_count; rcu_read_lock(); @@ -1633,7 +1633,7 @@ static void handle_path(const struct dentry *dentry) unsigned long seq; int count; - context = current->audit_context; + context = audit_context(current); p = context->trees; count = context->tree_count; retry: @@ -1715,7 +1715,7 @@ static struct audit_names *audit_alloc_name(struct audit_context *context, struct filename * __audit_reusename(const __user char *uptr) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); struct audit_names *n; list_for_each_entry(n, &context->names_list, list) { @@ -1738,7 +1738,7 @@ struct filename * */ void __audit_getname(struct filename *name) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); struct audit_names *n; if (!context->in_syscall) @@ -1766,7 +1766,7 @@ void __audit_getname(struct filename *name) void __audit_inode(struct filename *name, const struct dentry *dentry, unsigned int flags) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); struct inode *inode = d_backing_inode(dentry); struct audit_names *n; bool parent = flags & AUDIT_INODE_PARENT; @@ -1865,7 +1865,7 @@ void __audit_inode_child(struct inode *parent, const struct dentry *dentry, const unsigned char type) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); struct inode *inode = d_backing_inode(dentry); const char *dname = dentry->d_name.name; struct audit_names *n, *found_parent = NULL, *found_child = NULL; @@ -2084,7 +2084,7 @@ int audit_set_loginuid(kuid_t loginuid) */ void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); if (attr) memcpy(&context->mq_open.attr, attr, sizeof(struct mq_attr)); @@ -2108,7 +2108,7 @@ void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); struct timespec64 *p = &context->mq_sendrecv.abs_timeout; if (abs_timeout) @@ -2132,7 +2132,7 @@ void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); if (notification) context->mq_notify.sigev_signo = notification->sigev_signo; @@ -2151,7 +2151,7 @@ void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) */ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); context->mq_getsetattr.mqdes = mqdes; context->mq_getsetattr.mqstat = *mqstat; context->type = AUDIT_MQ_GETSETATTR; @@ -2164,7 +2164,7 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) */ void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; @@ -2184,7 +2184,7 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp) */ void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); context->ipc.qbytes = qbytes; context->ipc.perm_uid = uid; @@ -2195,7 +2195,7 @@ void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mo void __audit_bprm(struct linux_binprm *bprm) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); context->type = AUDIT_EXECVE; context->execve.argc = bprm->argc; @@ -2210,7 +2210,7 @@ void __audit_bprm(struct linux_binprm *bprm) */ int __audit_socketcall(int nargs, unsigned long *args) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); if (nargs <= 0 || nargs > AUDITSC_ARGS || !args) return -EINVAL; @@ -2228,7 +2228,7 @@ int __audit_socketcall(int nargs, unsigned long *args) */ void __audit_fd_pair(int fd1, int fd2) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); context->fds[0] = fd1; context->fds[1] = fd2; } @@ -2242,7 +2242,7 @@ void __audit_fd_pair(int fd1, int fd2) */ int __audit_sockaddr(int len, void *a) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); if (!context->sockaddr) { void *p = kmalloc(sizeof(struct sockaddr_storage), GFP_KERNEL); @@ -2258,7 +2258,7 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); @@ -2280,7 +2280,7 @@ int audit_signal_info(int sig, struct task_struct *t) { struct audit_aux_data_pids *axp; struct task_struct *tsk = current; - struct audit_context *ctx = tsk->audit_context; + struct audit_context *ctx = audit_context(tsk); kuid_t uid = current_uid(), t_uid = task_uid(t); if (auditd_test_task(t) && @@ -2347,7 +2347,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm, const struct cred *new, const struct cred *old) { struct audit_aux_data_bprm_fcaps *ax; - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); struct cpu_vfs_cap_data vcaps; ax = kmalloc(sizeof(*ax), GFP_KERNEL); @@ -2387,7 +2387,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm, */ void __audit_log_capset(const struct cred *new, const struct cred *old) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); context->capset.pid = task_tgid_nr(current); context->capset.cap.effective = new->cap_effective; context->capset.cap.inheritable = new->cap_effective; @@ -2398,7 +2398,7 @@ void __audit_log_capset(const struct cred *new, const struct cred *old) void __audit_mmap_fd(int fd, int flags) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); context->mmap.fd = fd; context->mmap.flags = flags; context->type = AUDIT_MMAP; @@ -2406,7 +2406,7 @@ void __audit_mmap_fd(int fd, int flags) void __audit_log_kern_module(char *name) { - struct audit_context *context = current->audit_context; + struct audit_context *context = audit_context(current); context->module.name = kmalloc(strlen(name) + 1, GFP_KERNEL); strcpy(context->module.name, name); @@ -2415,7 +2415,7 @@ void __audit_log_kern_module(char *name) void __audit_fanotify(unsigned int response) { - audit_log(current->audit_context, GFP_KERNEL, + audit_log(audit_context(current), GFP_KERNEL, AUDIT_FANOTIFY, "resp=%u", response); } @@ -2482,7 +2482,7 @@ void __audit_seccomp(unsigned long syscall, long signr, int code) struct list_head *audit_killed_trees(void) { - struct audit_context *ctx = current->audit_context; + struct audit_context *ctx = audit_context(current); if (likely(!ctx || !ctx->in_syscall)) return NULL; return &ctx->killed_trees; diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 032e0fe..ff8450b 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1062,7 +1062,7 @@ static int do_replace_finish(struct net *net, struct ebt_replace *repl, #ifdef CONFIG_AUDIT if (audit_enabled) { - audit_log(current->audit_context, GFP_KERNEL, + audit_log(audit_context(current), GFP_KERNEL, AUDIT_NETFILTER_CFG, "table=%s family=%u entries=%u", repl->name, AF_BRIDGE, repl->nentries); diff --git a/net/core/dev.c b/net/core/dev.c index 969462e..2837086 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -6749,7 +6749,7 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc, bool notify) dev->flags & IFF_PROMISC ? "entered" : "left"); if (audit_enabled) { current_uid_gid(&uid, &gid); - audit_log(current->audit_context, GFP_ATOMIC, + audit_log(audit_context(current), GFP_ATOMIC, AUDIT_ANOM_PROMISCUOUS, "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u", dev->name, (dev->flags & IFF_PROMISC), diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 71325fe..f271630 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -1414,7 +1414,7 @@ struct xt_table_info * #ifdef CONFIG_AUDIT if (audit_enabled) { - audit_log(current->audit_context, GFP_KERNEL, + audit_log(audit_context(current), GFP_KERNEL, AUDIT_NETFILTER_CFG, "table=%s family=%u entries=%u", table->name, table->af, private->number); diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 58495f4..6cd5573 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -104,7 +104,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_enabled == 0) return NULL; - audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type); + audit_buf = audit_log_start(audit_context(current), GFP_ATOMIC, type); if (audit_buf == NULL) return NULL; diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index bf88236..a727ae0 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -326,7 +326,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, hex_byte_pack(hash + (i * 2), iint->ima_hash->digest[i]); hash[i * 2] = '\0'; - ab = audit_log_start(current->audit_context, GFP_KERNEL, + ab = audit_log_start(audit_context(current), GFP_KERNEL, AUDIT_INTEGRITY_RULE); if (!ab) goto out; diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c index 90987d1..79adc98a 100644 --- a/security/integrity/integrity_audit.c +++ b/security/integrity/integrity_audit.c @@ -38,7 +38,7 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ return; - ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno); + ab = audit_log_start(audit_context(current), GFP_KERNEL, audit_msgno); audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", task_pid_nr(current), from_kuid(&init_user_ns, current_cred()->uid), diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 67703db..ccae258 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -447,7 +447,7 @@ void common_lsm_audit(struct common_audit_data *a, if (a == NULL) return; /* we use GFP_ATOMIC so we won't sleep */ - ab = audit_log_start(current->audit_context, GFP_ATOMIC | __GFP_NOWARN, + ab = audit_log_start(audit_context(current), GFP_ATOMIC | __GFP_NOWARN, AUDIT_AVC); if (ab == NULL) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4cafe6a..f1de97a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3294,7 +3294,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, } else { audit_size = 0; } - ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR); + ab = audit_log_start(audit_context(current), GFP_ATOMIC, AUDIT_SELINUX_ERR); audit_log_format(ab, "op=setxattr invalid_context="); audit_log_n_untrustedstring(ab, value, audit_size); audit_log_end(ab); @@ -6431,7 +6431,7 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) audit_size = size - 1; else audit_size = size; - ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR); + ab = audit_log_start(audit_context(current), GFP_ATOMIC, AUDIT_SELINUX_ERR); audit_log_format(ab, "op=fscreate invalid_context="); audit_log_n_untrustedstring(ab, value, audit_size); audit_log_end(ab); diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index efdc633..e5f90da 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -167,7 +167,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, NULL); if (length) goto out; - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, + audit_log(audit_context(current), GFP_KERNEL, AUDIT_MAC_STATUS, "enforcing=%d old_enforcing=%d auid=%u ses=%u" " enabled=%d old-enabled=%d lsm=selinux res=1", new_value, old_value, @@ -303,7 +303,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf, length = selinux_disable(fsi->state); if (length) goto out; - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, + audit_log(audit_context(current), GFP_KERNEL, AUDIT_MAC_STATUS, "enforcing=%d old_enforcing=%d auid=%u ses=%u" " enabled=%d old-enabled=%d lsm=selinux res=1", enforcing, enforcing, @@ -581,7 +581,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, length = count; out1: - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, + audit_log(audit_context(current), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, "auid=%u ses=%u lsm=selinux res=1", from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 8057e19..83f40e2 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -501,7 +501,7 @@ static void security_dump_masked_av(struct policydb *policydb, goto out; /* audit a message */ - ab = audit_log_start(current->audit_context, + ab = audit_log_start(audit_context(current), GFP_ATOMIC, AUDIT_SELINUX_ERR); if (!ab) goto out; @@ -743,7 +743,7 @@ static int security_validtrans_handle_fail(struct selinux_state *state, goto out; if (context_struct_to_string(p, tcontext, &t, &tlen)) goto out; - audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, + audit_log(audit_context(current), GFP_ATOMIC, AUDIT_SELINUX_ERR, "op=security_validate_transition seresult=denied" " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", o, n, t, sym_name(p, SYM_CLASSES, tclass-1)); @@ -929,7 +929,7 @@ int security_bounded_transition(struct selinux_state *state, &old_name, &length) && !context_struct_to_string(policydb, new_context, &new_name, &length)) { - audit_log(current->audit_context, + audit_log(audit_context(current), GFP_ATOMIC, AUDIT_SELINUX_ERR, "op=security_bounded_transition " "seresult=denied " @@ -1586,7 +1586,7 @@ static int compute_sid_handle_invalid_context( goto out; if (context_struct_to_string(policydb, newcontext, &n, &nlen)) goto out; - audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, + audit_log(audit_context(current), GFP_ATOMIC, AUDIT_SELINUX_ERR, "op=security_compute_sid invalid_context=%s" " scontext=%s" " tcontext=%s" @@ -2882,7 +2882,7 @@ int security_set_bools(struct selinux_state *state, int len, int *values) for (i = 0; i < len; i++) { if (!!values[i] != policydb->bool_val_to_struct[i]->state) { - audit_log(current->audit_context, GFP_ATOMIC, + audit_log(audit_context(current), GFP_ATOMIC, AUDIT_MAC_CONFIG_CHANGE, "bool=%s val=%d old_val=%d auid=%u ses=%u", sym_name(policydb, SYM_BOOLS, i), @@ -3025,7 +3025,7 @@ int security_sid_mls_copy(struct selinux_state *state, if (rc) { if (!context_struct_to_string(policydb, &newcon, &s, &len)) { - audit_log(current->audit_context, + audit_log(audit_context(current), GFP_ATOMIC, AUDIT_SELINUX_ERR, "op=security_sid_mls_copy " "invalid_context=%s", s);

[ghak81,RFC,V1,3/5] audit: use inline function to get audit context

Commit Message

Comments

Patch