Re: [PATCH v15 03/23] LSM: Use lsmblob in security_audit_rule_match

From: Paul Moore <paul@paul-moore.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: casey.schaufler@intel.com, linux-audit@redhat.com
Subject: Re: [PATCH v15 03/23] LSM: Use lsmblob in security_audit_rule_match
Date: Fri, 6 Mar 2020 17:01:59 -0500	[thread overview]
Message-ID: <CAHC9VhS+3K-AAzo2Z9iYTCx6wax0h2_grXayULDWsCFKezf8Jg@mail.gmail.com> (raw)
In-Reply-To: <20200222000407.110158-4-casey@schaufler-ca.com>

On Fri, Feb 21, 2020 at 7:04 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> Change the secid parameter of security_audit_rule_match
> to a lsmblob structure pointer. Pass the entry from the
> lsmblob structure for the approprite slot to the LSM hook.
>
> Change the users of security_audit_rule_match to use the
> lsmblob instead of a u32. In some cases this requires a
> temporary conversion using lsmblob_init() that will go
> away when other interfaces get converted.
>
> Reviewed-by: Kees Cook <keescook@chromium.org>
> Reviewed-by: John Johansen <john.johansen@canonical.com>
> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
>  include/linux/security.h            |  7 ++++---
>  kernel/auditfilter.c                |  6 ++++--
>  kernel/auditsc.c                    | 14 ++++++++++----
>  security/integrity/ima/ima.h        |  4 ++--
>  security/integrity/ima/ima_policy.c |  7 +++++--
>  security/security.c                 |  8 +++++---
>  6 files changed, 30 insertions(+), 16 deletions(-)

...

> diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
> index 3a44abf4fced..509eb21eff7f 100644
> --- a/kernel/auditfilter.c
> +++ b/kernel/auditfilter.c
> @@ -1327,6 +1327,7 @@ int audit_filter(int msgtype, unsigned int listtype)
>                         struct audit_field *f = &e->rule.fields[i];
>                         pid_t pid;
>                         u32 sid;
> +                       struct lsmblob blob;
>
>                         switch (f->type) {
>                         case AUDIT_PID:
> @@ -1357,8 +1358,9 @@ int audit_filter(int msgtype, unsigned int listtype)
>                         case AUDIT_SUBJ_CLR:
>                                 if (f->lsm_isset) {
>                                         security_task_getsecid(current, &sid);
> -                                       result = security_audit_rule_match(sid,
> -                                                  f->type, f->op,
> +                                       lsmblob_init(&blob, sid);
> +                                       result = security_audit_rule_match(
> +                                                  &blob, f->type, f->op,
>                                                    f->lsm_rules);

Unless I'm mistaken this patch is almost exclusively the following pattern:

  lsmblob_init(blob, sid);
  security_audit_rule_match(blob, ...);

... which means we are assigning every array member in @blob the same
value of "sid" and then sending that into the LSM where each LSM is
going to then have to index into that array, to all get the same
value, and then do their match.  I'm assuming this will make more
sense as I progress through the rest of the patchset, but right now it
seems like we could get by just fine with a u32 here.

-- 
paul moore
www.paul-moore.com

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit