From: Casey Schaufler <casey@schaufler-ca.com> To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v8 24/28] Audit: Include object data for all security modules Date: Thu, 29 Aug 2019 16:29:31 -0700 Message-ID: <20190829232935.7099-25-casey@schaufler-ca.com> (raw) In-Reply-To: <20190829232935.7099-1-casey@schaufler-ca.com> When there is more than one context displaying security module extend what goes into the audit record by supplimenting the "obj=" with an "obj_<lsm>=" for each such security module. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- kernel/audit.h | 4 +- kernel/auditsc.c | 110 ++++++++++++++++++++++++----------------------- 2 files changed, 58 insertions(+), 56 deletions(-) diff --git a/kernel/audit.h b/kernel/audit.h index 29e29c6f4afb..af9a7d1fc069 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -91,7 +91,7 @@ struct audit_names { kuid_t uid; kgid_t gid; dev_t rdev; - u32 osid; + struct lsmblob oblob; struct audit_cap_data fcap; unsigned int fcap_ver; unsigned char type; /* record type */ @@ -165,7 +165,7 @@ struct audit_context { kuid_t uid; kgid_t gid; umode_t mode; - u32 osid; + struct lsmblob oblob; int has_perm; uid_t perm_uid; gid_t perm_gid; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 46d7a58babd2..04367c3593e4 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -646,17 +646,15 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_rule) { /* Find files that match */ if (name) { - lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - &blob, + &name->oblob, f->type, f->op, f->lsm_rule); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { - lsmblob_init(&blob, n->osid); if (security_audit_rule_match( - &blob, + &n->oblob, f->type, f->op, f->lsm_rule)) { @@ -668,8 +666,7 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - lsmblob_init(&blob, ctx->ipc.osid); - if (security_audit_rule_match(&blob, + if (security_audit_rule_match(&ctx->ipc.oblob, f->type, f->op, f->lsm_rule)) ++result; @@ -937,13 +934,57 @@ static inline void audit_free_context(struct audit_context *context) kfree(context); } +static int audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob) +{ + struct lsmcontext context; + const char *lsm; + int i; + + /* + * None of the installed modules have object labels. + */ + if (security_lsm_slot_name(0) == NULL) + return 0; + + if (blob->secid[0] != 0) { + if (security_secid_to_secctx(blob, &context, 0)) { + audit_log_format(ab, " obj=?"); + return 1; + } + audit_log_format(ab, " obj=%s", context.context); + security_release_secctx(&context); + } + + /* + * Don't do anything more unless there is more than one LSM + * with a security context to report. + */ + if (security_lsm_slot_name(1) == NULL) + return 0; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + lsm = security_lsm_slot_name(i); + if (lsm == NULL) + break; + if (blob->secid[i] == 0) + continue; + if (security_secid_to_secctx(blob, &context, i)) { + audit_log_format(ab, " obj_%s=?", lsm); + continue; + } + audit_log_format(ab, " obj_%s=%s", lsm, context.context); + security_release_secctx(&context); + } + return 0; +} + static int audit_log_pid_context(struct audit_context *context, pid_t pid, kuid_t auid, kuid_t uid, unsigned int sessionid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -953,15 +994,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " obj=(none)"); - rc = 1; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + rc = audit_log_object_context(ab, blob); audit_log_format(ab, " ocomm="); audit_log_untrustedstring(ab, comm); audit_log_end(ab); @@ -1187,26 +1220,14 @@ static void show_special(struct audit_context *context, int *call_panic) context->socketcall.args[i]); break; } case AUDIT_IPC: { - u32 osid = context->ipc.osid; + struct lsmblob *oblob = & context->ipc.oblob; audit_log_format(ab, "ouid=%u ogid=%u mode=%#ho", from_kuid(&init_user_ns, context->ipc.uid), from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); - if (osid) { - struct lsmcontext lsmcxt; - struct lsmblob blob; - - lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", osid); - *call_panic = 1; - } else { - audit_log_format(ab, " obj=%s", lsmcxt.context); - security_release_secctx(&lsmcxt); - } - } + if (audit_log_object_context(ab, oblob)) + *call_panic = 1; if (context->ipc.has_perm) { audit_log_end(ab); ab = audit_log_start(context, GFP_KERNEL, @@ -1347,20 +1368,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (n->osid != 0) { - struct lsmblob blob; - struct lsmcontext lsmctx; - - lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", n->osid); - if (call_panic) - *call_panic = 2; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (audit_log_object_context(ab, &n->oblob) && call_panic) + *call_panic = 2; /* log the audit_names record type */ switch (n->type) { @@ -1908,17 +1917,13 @@ static inline int audit_copy_fcaps(struct audit_names *name, void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { - struct lsmblob blob; - name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &blob); - /* scaffolding until osid is updated */ - name->osid = blob.secid[0]; + security_inode_getsecid(inode, &name->oblob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; @@ -2268,14 +2273,11 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - security_ipc_getsecid(ipcp, &blob); - /* scaffolding on the [0] - change "osid" to a lsmblob */ - context->ipc.osid = blob.secid[0]; + security_ipc_getsecid(ipcp, &context->ipc.oblob); context->type = AUDIT_IPC; } -- 2.20.1
next prev parent reply index Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-08-29 23:29 [PATCH v8 00/28] LSM: Module stacking for AppArmor Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 01/28] LSM: Infrastructure management of the superblock Casey Schaufler 2019-09-16 18:19 ` Stephen Smalley 2019-08-29 23:29 ` [PATCH v8 02/28] LSM: Infrastructure management of the sock security Casey Schaufler 2019-09-16 18:42 ` Stephen Smalley 2019-09-18 7:19 ` John Johansen 2019-08-29 23:29 ` [PATCH v8 03/28] LSM: Infrastructure management of the key blob Casey Schaufler 2019-09-16 18:47 ` Stephen Smalley 2019-08-29 23:29 ` [PATCH v8 04/28] LSM: Create and manage the lsmblob data structure Casey Schaufler 2019-09-16 19:15 ` Stephen Smalley 2019-09-23 15:56 ` Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 05/28] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 06/28] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 07/28] net: Prepare UDS for security module stacking Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 08/28] LSM: Use lsmblob in security_secctx_to_secid Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 09/28] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 10/28] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 11/28] LSM: Use lsmblob in security_task_getsecid Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 12/28] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 13/28] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 14/28] IMA: Change internal interfaces to use lsmblobs Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 15/28] LSM: Specify which LSM to display Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 16/28] LSM: Ensure the correct LSM context releaser Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 17/28] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 18/28] LSM: Use lsmcontext in security_dentry_init_security Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 19/28] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 20/28] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 21/28] NET: Store LSM netlabel data in a lsmblob Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 22/28] SELinux: Verify LSM display sanity in binder Casey Schaufler 2019-09-18 17:43 ` Stephen Smalley 2019-08-29 23:29 ` [PATCH v8 23/28] Audit: Add subj_LSM fields when necessary Casey Schaufler 2019-08-29 23:29 ` Casey Schaufler [this message] 2019-08-29 23:29 ` [PATCH v8 25/28] LSM: Provide an user space interface for the default display Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 26/28] NET: Add SO_PEERCONTEXT for multiple LSMs Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 27/28] LSM: Add /proc attr entry for full LSM context Casey Schaufler 2019-08-29 23:29 ` [PATCH v8 28/28] AppArmor: Remove the exclusive flag Casey Schaufler 2019-09-04 19:13 ` [PATCH v8 00/28] LSM: Module stacking for AppArmor Casey Schaufler 2019-09-06 13:46 ` Stephen Smalley
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190829232935.7099-25-casey@schaufler-ca.com \ --to=casey@schaufler-ca.com \ --cc=casey.schaufler@intel.com \ --cc=jmorris@namei.org \ --cc=john.johansen@canonical.com \ --cc=keescook@chromium.org \ --cc=linux-security-module@vger.kernel.org \ --cc=paul@paul-moore.com \ --cc=penguin-kernel@i-love.sakura.ne.jp \ --cc=sds@tycho.nsa.gov \ --cc=selinux@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
SELinux Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \ selinux@vger.kernel.org public-inbox-index selinux Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.selinux AGPL code for this site: git clone https://public-inbox.org/public-inbox.git