| Message ID | 20241205012100.1444702-1-tweek@google.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [v2] selinux: add netlink nlmsg_type audit message | expand |
On Wed, Dec 4, 2024 at 8:21 PM Thiébaud Weksteen <tweek@google.com> wrote: > > Add a new audit message type to capture nlmsg-related information. This > is similar to LSM_AUDIT_DATA_IOCTL_OP which was added for the other > SELinux extended permission (ioctl). > > Adding a new type is preferred to adding to the existing > lsm_network_audit structure which contains irrelevant information for > the netlink sockets (i.e., dport, sport). > > Signed-off-by: Thiébaud Weksteen <tweek@google.com> > --- > v2: Change printed field name from nlmsg_type to nlnk-msgtype > > include/linux/lsm_audit.h | 2 ++ > security/lsm_audit.c | 3 +++ > security/selinux/hooks.c | 4 ++-- > 3 files changed, 7 insertions(+), 2 deletions(-) ... > diff --git a/security/lsm_audit.c b/security/lsm_audit.c > index 9a8352972086..70444230e56f 100644 > --- a/security/lsm_audit.c > +++ b/security/lsm_audit.c > @@ -425,6 +425,9 @@ static void dump_common_audit_data(struct audit_buffer *ab, > case LSM_AUDIT_DATA_ANONINODE: > audit_log_format(ab, " anonclass=%s", a->u.anonclass); > break; > + case LSM_AUDIT_DATA_NLMSGTYPE: > + audit_log_format(ab, " nlnk-msgtype=%hu", a->u.nlmsg_type); > + break; See my follow-up reply to your v1 patch. Assuming no objections, I can change this to "nl-msgtype" when I merge the patch; is that okay with you? > } /* switch (a->type) */ > }
On Sat, Dec 14, 2024 at 8:30 AM Paul Moore <paul@paul-moore.com> wrote: > > On Wed, Dec 4, 2024 at 8:21 PM Thiébaud Weksteen <tweek@google.com> wrote: > > > > Add a new audit message type to capture nlmsg-related information. This > > is similar to LSM_AUDIT_DATA_IOCTL_OP which was added for the other > > SELinux extended permission (ioctl). > > > > Adding a new type is preferred to adding to the existing > > lsm_network_audit structure which contains irrelevant information for > > the netlink sockets (i.e., dport, sport). > > > > Signed-off-by: Thiébaud Weksteen <tweek@google.com> > > --- > > v2: Change printed field name from nlmsg_type to nlnk-msgtype > > > > include/linux/lsm_audit.h | 2 ++ > > security/lsm_audit.c | 3 +++ > > security/selinux/hooks.c | 4 ++-- > > 3 files changed, 7 insertions(+), 2 deletions(-) > > ... > > > diff --git a/security/lsm_audit.c b/security/lsm_audit.c > > index 9a8352972086..70444230e56f 100644 > > --- a/security/lsm_audit.c > > +++ b/security/lsm_audit.c > > @@ -425,6 +425,9 @@ static void dump_common_audit_data(struct audit_buffer *ab, > > case LSM_AUDIT_DATA_ANONINODE: > > audit_log_format(ab, " anonclass=%s", a->u.anonclass); > > break; > > + case LSM_AUDIT_DATA_NLMSGTYPE: > > + audit_log_format(ab, " nlnk-msgtype=%hu", a->u.nlmsg_type); > > + break; > > See my follow-up reply to your v1 patch. Assuming no objections, I > can change this to "nl-msgtype" when I merge the patch; is that okay > with you? Yes, please do. Thanks Paul.
On Sun, Dec 15, 2024 at 6:20 PM Thiébaud Weksteen <tweek@google.com> wrote: > On Sat, Dec 14, 2024 at 8:30 AM Paul Moore <paul@paul-moore.com> wrote: > > On Wed, Dec 4, 2024 at 8:21 PM Thiébaud Weksteen <tweek@google.com> wrote: ... > > > diff --git a/security/lsm_audit.c b/security/lsm_audit.c > > > index 9a8352972086..70444230e56f 100644 > > > --- a/security/lsm_audit.c > > > +++ b/security/lsm_audit.c > > > @@ -425,6 +425,9 @@ static void dump_common_audit_data(struct audit_buffer *ab, > > > case LSM_AUDIT_DATA_ANONINODE: > > > audit_log_format(ab, " anonclass=%s", a->u.anonclass); > > > break; > > > + case LSM_AUDIT_DATA_NLMSGTYPE: > > > + audit_log_format(ab, " nlnk-msgtype=%hu", a->u.nlmsg_type); > > > + break; > > > > See my follow-up reply to your v1 patch. Assuming no objections, I > > can change this to "nl-msgtype" when I merge the patch; is that okay > > with you? > > Yes, please do. Thanks Paul. Merged into selinux/dev, thanks!
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h index 97a8b21eb033..69d2b7bc00ed 100644 --- a/include/linux/lsm_audit.h +++ b/include/linux/lsm_audit.h @@ -77,6 +77,7 @@ struct common_audit_data { #define LSM_AUDIT_DATA_LOCKDOWN 15 #define LSM_AUDIT_DATA_NOTIFICATION 16 #define LSM_AUDIT_DATA_ANONINODE 17 +#define LSM_AUDIT_DATA_NLMSGTYPE 18 union { struct path path; struct dentry *dentry; @@ -98,6 +99,7 @@ struct common_audit_data { struct lsm_ibendport_audit *ibendport; int reason; const char *anonclass; + u16 nlmsg_type; } u; /* this union contains LSM specific data */ union { diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 9a8352972086..70444230e56f 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -425,6 +425,9 @@ static void dump_common_audit_data(struct audit_buffer *ab, case LSM_AUDIT_DATA_ANONINODE: audit_log_format(ab, " anonclass=%s", a->u.anonclass); break; + case LSM_AUDIT_DATA_NLMSGTYPE: + audit_log_format(ab, " nlnk-msgtype=%hu", a->u.nlmsg_type); + break; } /* switch (a->type) */ } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f5a08f94e094..20ccd6ed5a75 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5939,14 +5939,14 @@ static int nlmsg_sock_has_extended_perms(struct sock *sk, u32 perms, u16 nlmsg_t { struct sk_security_struct *sksec = sk->sk_security; struct common_audit_data ad; - struct lsm_network_audit net; u8 driver; u8 xperm; if (sock_skip_has_perm(sksec->sid)) return 0; - ad_net_init_from_sk(&ad, &net, sk); + ad.type = LSM_AUDIT_DATA_NLMSGTYPE; + ad.u.nlmsg_type = nlmsg_type; driver = nlmsg_type >> 8; xperm = nlmsg_type & 0xff;
Add a new audit message type to capture nlmsg-related information. This is similar to LSM_AUDIT_DATA_IOCTL_OP which was added for the other SELinux extended permission (ioctl). Adding a new type is preferred to adding to the existing lsm_network_audit structure which contains irrelevant information for the netlink sockets (i.e., dport, sport). Signed-off-by: Thiébaud Weksteen <tweek@google.com> --- v2: Change printed field name from nlmsg_type to nlnk-msgtype include/linux/lsm_audit.h | 2 ++ security/lsm_audit.c | 3 +++ security/selinux/hooks.c | 4 ++-- 3 files changed, 7 insertions(+), 2 deletions(-)