Re: [RFC PATCH] security: add an interface to lookup the lockdown reason

From: Stephen Smalley <sds@tycho.nsa.gov>
To: Paul Moore <paul@paul-moore.com>,
	selinux@vger.kernel.org, linux-security-module@vger.kernel.org
Cc: linux-next@vger.kernel.org, jamorris@linux.microsoft.com
Subject: Re: [RFC PATCH] security: add an interface to lookup the lockdown reason
Date: Tue, 10 Dec 2019 09:59:40 -0500	[thread overview]
Message-ID: <285edbb5-b08e-5bdc-f951-841fe1d77521@tycho.nsa.gov> (raw)
In-Reply-To: <157594493094.748324.9234611948545428995.stgit@chester>

On 12/9/19 9:28 PM, Paul Moore wrote:
> With CONFIG_AUDIT enabled but CONFIG_SECURITY disabled we run into
> a problem where the lockdown reason table is missing.  This patch
> attempts to fix this by hiding the table behind a lookup function.

Shouldn't lsm_audit.c be conditional on both CONFIG_AUDIT and 
CONFIG_SECURITY?  When/why would we want it built without 
CONFIG_SECURITY enabled?

> 
> Signed-off-by: Paul Moore <paul@paul-moore.com>
> ---
>   include/linux/security.h |    7 +++++++
>   security/lsm_audit.c     |   12 +++++++++---
>   security/security.c      |    5 +++++
>   3 files changed, 21 insertions(+), 3 deletions(-)
> 
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 64b19f050343..295509a809d6 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -447,6 +447,8 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
>   int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
>   int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
>   int security_locked_down(enum lockdown_reason what);
> +const char *security_locked_reasonstr(enum lockdown_reason what);
> +
>   #else /* CONFIG_SECURITY */
>   
>   static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
> @@ -1274,6 +1276,11 @@ static inline int security_locked_down(enum lockdown_reason what)
>   {
>   	return 0;
>   }
> +
> +static inline const char *security_locked_reasonstr(enum lockdown_reason what)
> +{
> +	return NULL;
> +}
>   #endif	/* CONFIG_SECURITY */
>   
>   #ifdef CONFIG_SECURITY_NETWORK
> diff --git a/security/lsm_audit.c b/security/lsm_audit.c
> index 2d2bf49016f4..519ef6046638 100644
> --- a/security/lsm_audit.c
> +++ b/security/lsm_audit.c
> @@ -426,10 +426,16 @@ static void dump_common_audit_data(struct audit_buffer *ab,
>   				 a->u.ibendport->dev_name,
>   				 a->u.ibendport->port);
>   		break;
> -	case LSM_AUDIT_DATA_LOCKDOWN:
> -		audit_log_format(ab, " lockdown_reason=");
> -		audit_log_string(ab, lockdown_reasons[a->u.reason]);
> +	case LSM_AUDIT_DATA_LOCKDOWN: {
> +		const char *str = security_locked_reasonstr(a->u.reason);
> +
> +		if (str) {
> +			audit_log_format(ab, " lockdown_reason=");
> +			audit_log_string(ab, str);
> +		} else
> +			audit_log_format(ab, " lockdown_reason=?");
>   		break;
> +	}
>   	} /* switch (a->type) */
>   }
>   
> diff --git a/security/security.c b/security/security.c
> index 2b5473d92416..2f228fdbebf5 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -2438,6 +2438,11 @@ int security_locked_down(enum lockdown_reason what)
>   }
>   EXPORT_SYMBOL(security_locked_down);
>   
> +const char *security_locked_reasonstr(enum lockdown_reason what)
> +{
> +	return lockdown_reasons[what];
> +}
> +
>   #ifdef CONFIG_PERF_EVENTS
>   int security_perf_event_open(struct perf_event_attr *attr, int type)
>   {
> 