From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32F9CC433F5 for ; Fri, 24 Sep 2021 18:20:43 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BF1C361241 for ; Fri, 24 Sep 2021 18:20:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org BF1C361241 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-282-XAcTI0gDP-KA7Y4kulZ7HQ-1; Fri, 24 Sep 2021 14:20:38 -0400 X-MC-Unique: XAcTI0gDP-KA7Y4kulZ7HQ-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1D8CC1922023; Fri, 24 Sep 2021 18:20:35 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EC4875D6CF; Fri, 24 Sep 2021 18:20:33 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A49984EA2A; Fri, 24 Sep 2021 18:20:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 18OIJPCu012331 for ; Fri, 24 Sep 2021 14:19:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8B6CA200C0D4; Fri, 24 Sep 2021 18:19:25 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 865DA2087A55 for ; Fri, 24 Sep 2021 18:19:20 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9C43F80B718 for ; Fri, 24 Sep 2021 18:19:20 +0000 (UTC) Received: from sonic308-15.consmr.mail.ne1.yahoo.com (sonic308-15.consmr.mail.ne1.yahoo.com [66.163.187.38]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-17-96Y2tdyIOYm9KOMrFat1-w-1; Fri, 24 Sep 2021 14:19:18 -0400 X-MC-Unique: 96Y2tdyIOYm9KOMrFat1-w-1 X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507558; bh=5KFmHfxOQ+KGU3M66lknUR0Wm4LlNZyA6mXfbh6pzvq=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=GBEHDwWjyjVLj2NqJWqpmFkLgPoI/37OVpNMw4REzbVZOBzPy6A/Da8pnBg741ZyUqRjfnoyD35vZS49WDQjqSx45KwpasH43iQmuadW9CoC2foV5p6Rl/cuU3M8XseDBchG08GGxoJcytzQj/jwCZAUHBYrB4126JYw0mZ6ci+jCKPdTVkJG7VgqqZNMnC1SExNZ437qPkVCP18N3S9A3njRBHaSgdb0NNqlJW8pgD4pfP8cm54vWflfX2nrfomrBZGjr4YYQ19nRPPFS4PAENoD0Hj0KlTH88LF7k7+MNBA1Yv1jg6/NuqwDROmJsRLsV2LZ3OByf7GWOuluVtHQ== X-YMail-OSG: E5AZbDkVM1nr2Mf4cy8E.NQjxLOUe34CNg4IEvQpk9yvatg3oYZOHZ3cQbOw6iz 1NJhvQ_wHHrMQ_wtE..u_yElyXGEjq9aqYHFrqKw_mPxrgMH234pXMwX08xzAKfgdxKZE.LBT3JV 4h.o5V75.OQFiwzJj7YrD4AN6F0ki8a7JXWVrZd1lpe0jr1fb7jESBs2o8yBFJl94yrggYMHUIj6 hnFXDlYo5AItUHVkf.m7qY.umKhCvoWAdWBUaR2Lr9Goq5RKXUYorHIFCnqBunOAF.GR56gjCBt_ 8_eYzYIB1D77XErTSwoGsxkaapjxhWEhnmWrs2NAu9sb5mLm5qoBcTDBhHBe.7zC88lPUcpFvlfZ v8.JxoLPBndtsxVlFbBYXe_tH__eJgDWQR3SG5PyBiQn8mBvyQzLyckGgPC_i1SLoGgl1EVKT2w4 gSFK__hkMBSyDrDpl5EM64tj9men0Pq03K0dsUI.VujAC9nLXPzVUWzv5FLs3btPKz48u3XrH4qJ Fa9LCXfJO0kAR8AOcP4ZdR.vZeMIiLJPPGGZwqdsj9hYjZIdipbhRuYiyRhk8wPxlyyR5d1xmrWb MyWpT_LW69OIcORDx5dyd2CbEaYmZmjn5NvYUL1ufJc1l22lId1N6.FePqVDqMzOtX0srLQpTYuX VTvIl1R1bZ7HE8tdABS7SDa3wZgJ9T7.94nOymKo_hsdaIbhHDwA47Y8UQXQ1edMn5BEeTFa4NLu xtwzYToqogqrmI9LGzktGWXjn2weRR5YYjKi2_qjPriGfGs6PhyH86EvpCgnf9jXBmCJXzpbxmuG Of7AHv4n8dyvNEq7gf_zO2nWitFyt8iLTVasqOEQvk_QlSyKgzNU88EOMChX328110evm5clBTKe 2g3zCgP.lv7Uo4o2J_zPxJ1Mj1zGsSo8CWpP0SAjEXjNXh6kRxh4d6go2AH3_wmQuGXXaLv099KT st3b.1_uond0QwOM_OC751Thdsn8ZcUW7LMtzg_X0GfBNZPp7rx_g5s_qA5_0PU_sOeytKzr17S4 jGA_Sq2RClNwuqXBpQir54lc9OemG6iU1rPFurHPV0Hqzxs.a.HTI5NNfp714_ZuyrXPdwSlCnht 70PZQATSvLQ3Hv0bPhfYRRLALQV0KPi6I1.aFjxv5PxkRQUyhSW_VFvnt7ZWzBQIl8A.sSzAppJT UA6G6rwPGo1Bg_0oaA1wXG8uRVquM5UVjyjl0mQdmhvNLvEhjrc14TqBZJ_4F5JF2ttbcXkydH.I tXUfDD4ZyLKibyCMXGAqbQw2HIrVymUaYnbwdichjOeYCQiiLR_k5kGezlH3Yo9DAhXvQK99bMAR phR2U8kzrrWQ.4ZpBSUWkd1sLsHMFr5ZB9z0rSAM_c2Qxevp9XW.tOCvf7RBHA_r1W4tw.ohyyIu BI.h28eIpN8eK3fsNie64wGDl_Uz9E_uTWmzpZN8MpxMqDlLJiYU_Pb4ZUY1Qc0dA0xYgHW1pc9C kaS.tcwlSfRPdd4LplSf0ZqCWncYtmTcUxu9MXJzdV38jM84iLmHv1OtSi6l7ZQQxAgZTBSPNlGt _I3uqMxmDwHh_6arkNXuhvoGqloF6V6wpl4EjSnZwKVadYznxX1pmXmui6Om5on_Lad5BMMfdXYL 9tNycvaDwLZcFgUt3wr1zf3KC6sO8v20BPu0Q_MKwQJDyj6vEvRgnbHGZN.CGLYQr9JJCV8iMdNd iQKoczM1osKFhT4jeFY7u0vVCKOS2wVck1ru2Y9q2rKj4CGOMr4knK6cFteHZD.Kgdz95WKOz6xw V74xJGspLm13fPvlhtEMTQYjY3Lt1n_ff6_P4GikVzFe1NvX5MOMUeURzmrqFSJNzOmm6zWnmIHc u3EfKZwnTlw88P8ArtlC27d8rGYLw5EqbRae9SHduJlawaaNWrTN6H8DlcwYqN5S8W6YbInDyU.G ucx2UvNcPjPIprcalM9Zd4pTGwK8OWligTU6Dg0e3yi5ylHPkFUzXdnNFBsNpgr8sHkp6O7kj8kf qc4lMdf1AO_.hkRUHrPUszCXn7EHgrNw1koQ0LeTwMFrsOZmjnikp7P8WfwJm52FT12M5PrCnT2. jHqIZBGdbZEqhQd90mpw2uOVj3nO7PSOiJnYC_vUpuC.LhfTkDWD45xW05YW_zGkRXJOosmCkAAe 54B56fSsmp5.dS3WUWtMTAbQEHeuaMpySpjhbQm7_XzEvGU0i_xBGMKbQBzQEMIg1DhehzKBTFtQ sKa8staeWgElujB18YSyJ7cjKIkDkt0tBI3rLwaTQ6evE7VwzaN6bf65sA3lV3qBS__xxI15WNby F2es4Jwf29wuB0lHvMi32iUHRNTOIV1g- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:19:18 +0000 Received: by kubenode508.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 1d3365360bf2498a624d7dcd82348a6f; Fri, 24 Sep 2021 18:19:14 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v29 22/28] Audit: Keep multiple LSM data in audit_names Date: Fri, 24 Sep 2021 10:54:35 -0700 Message-Id: <20210924175441.7943-23-casey@schaufler-ca.com> In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: linux-audit@redhat.com Cc: john.johansen@canonical.com, linux-kernel@vger.kernel.org, linux-audit@redhat.com, sds@tycho.nsa.gov X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Replace the osid field in the audit_names structure with a lsmblob structure. This accomodates the use of an lsmblob in security_audit_rule_match() and security_inode_getsecid(). Signed-off-by: Casey Schaufler --- kernel/audit.h | 2 +- kernel/auditsc.c | 21 +++++++-------------- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/kernel/audit.h b/kernel/audit.h index d43a08eabd86..f3ff2bd31459 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -81,7 +81,7 @@ struct audit_names { kuid_t uid; kgid_t gid; dev_t rdev; - u32 osid; + struct lsmblob lsmblob; struct audit_cap_data fcap; unsigned int fcap_ver; unsigned char type; /* record type */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e87f21cf9494..e960410cf4e4 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -698,17 +698,15 @@ static int audit_filter_rules(struct task_struct *tsk, * lsmblob, which happens later in * this patch set. */ - lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - &blob, + &name->lsmblob, f->type, f->op, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { - lsmblob_init(&blob, name->osid); if (security_audit_rule_match( - &blob, + &n->lsmblob, f->type, f->op, f->lsm_rules)) { @@ -1412,13 +1410,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (n->osid != 0) { - struct lsmblob blob; + if (lsmblob_is_set(&n->lsmblob)) { struct lsmcontext lsmctx; - lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", n->osid); + if (security_secid_to_secctx(&n->lsmblob, &lsmctx, + LSMBLOB_FIRST)) { + audit_log_format(ab, " osid=?"); if (call_panic) *call_panic = 2; } else { @@ -1972,17 +1969,13 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { - struct lsmblob blob; - name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &blob); - /* scaffolding until osid is updated */ - name->osid = blob.secid[0]; + security_inode_getsecid(inode, &name->lsmblob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; -- 2.31.1 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit