From patchwork Thu Aug 27 12:58:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chris PeBenito X-Patchwork-Id: 11740685 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B6C1A1731 for ; Thu, 27 Aug 2020 12:59:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 94E1E22BF5 for ; Thu, 27 Aug 2020 12:59:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="h1v7RuuC" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728901AbgH0M7R (ORCPT ); Thu, 27 Aug 2020 08:59:17 -0400 Received: from linux.microsoft.com ([13.77.154.182]:43130 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726084AbgH0M7O (ORCPT ); Thu, 27 Aug 2020 08:59:14 -0400 Received: from chpebeni.pebenito.net (pool-108-15-23-247.bltmmd.fios.verizon.net [108.15.23.247]) by linux.microsoft.com (Postfix) with ESMTPSA id 45B5C20B4908 for ; Thu, 27 Aug 2020 05:59:08 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 45B5C20B4908 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1598533148; bh=lC+0akrrUOHXkhfb91m8IQyv6ypzQsFZxYrT29MPIQ0=; h=From:To:Subject:Date:From; b=h1v7RuuCZY8CGh3RUfyXZMLRrgQub8P0yCdCFrgkxG/ONLrAwgaGz/OU+iBtAOLFm J00rkoHW/J+qJmx6QGRiOMoULdNIDOZnEavZJyZ9tGxk5HRhudhe0ATXEQ1YeiWqSD CsZKVM4OFEph9q06QwN1ozNaLuk6R3hG0vHean24= From: Chris PeBenito To: selinux@vger.kernel.org Subject: [PATCH 1/1] libselinux: Add new log callback levels for enforcing and policy load notices. Date: Thu, 27 Aug 2020 08:58:39 -0400 Message-Id: <20200827125839.79006-1-chpebeni@linux.microsoft.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org This will enable userspace object managers to send proper audits for policy loads and setenforce messages generated by the userspace AVC code. Signed-off-by: Chris PeBenito Acked-by: Stephen Smalley --- libselinux/include/selinux/selinux.h | 2 ++ libselinux/man/man3/selinux_set_callback.3 | 5 +++++ libselinux/src/avc_internal.c | 4 ++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index c22834e5..ae98a92e 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -182,6 +182,8 @@ extern void selinux_set_callback(int type, union selinux_callback cb); #define SELINUX_WARNING 1 #define SELINUX_INFO 2 #define SELINUX_AVC 3 +#define SELINUX_POLICYLOAD 4 +#define SELINUX_SETENFORCE 5 #define SELINUX_TRANS_DIR "/var/run/setrans" /* Compute an access decision. */ diff --git a/libselinux/man/man3/selinux_set_callback.3 b/libselinux/man/man3/selinux_set_callback.3 index a4c613ad..6dfe5ff6 100644 --- a/libselinux/man/man3/selinux_set_callback.3 +++ b/libselinux/man/man3/selinux_set_callback.3 @@ -46,6 +46,11 @@ argument indicates the type of message and will be set to one of the following: .B SELINUX_INFO .B SELINUX_AVC + +.B SELINUX_POLICYLOAD + +.B SELINUX_SETENFORCE + . .TP .B SELINUX_CB_AUDIT diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c index 4ef92452..572b2159 100644 --- a/libselinux/src/avc_internal.c +++ b/libselinux/src/avc_internal.c @@ -58,7 +58,7 @@ int avc_process_setenforce(int enforcing) { int rc = 0; - avc_log(SELINUX_INFO, + avc_log(SELINUX_SETENFORCE, "%s: received setenforce notice (enforcing=%d)\n", avc_prefix, enforcing); if (avc_setenforce) @@ -80,7 +80,7 @@ int avc_process_policyload(uint32_t seqno) { int rc = 0; - avc_log(SELINUX_INFO, + avc_log(SELINUX_POLICYLOAD, "%s: received policyload notice (seqno=%u)\n", avc_prefix, seqno); rc = avc_ss_reset(seqno);