From patchwork Fri Mar 7 18:36:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 14006971 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic309-27.consmr.mail.ne1.yahoo.com (sonic309-27.consmr.mail.ne1.yahoo.com [66.163.184.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5737199FDE for ; Fri, 7 Mar 2025 18:47:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.184.153 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741373244; cv=none; b=kTDPwqk9V6eosFcw63t6LAWk5iWKUkx7zSzeXpJHy1yRUxDkncTE+JEX/ShOntFbF37I3MDlL16uMYRaCmb6GOg82aBUtcLWs5XcPb1LR9b33zPPxvAaEbgOt1qY0SFoiZlcg65vv9Jgx6X0GLcxBhtWWSiqVubgmFuv3w6PACg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741373244; c=relaxed/simple; bh=bf1+QbpcbSVah0/h8uBb3DCVF+GdYtB5ASLxPrihG7A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GWbWXcDW6ygIr8zvvrly+943Fr+XOLwb3ROybmLryvC95FzmZRG0Pnq4uAGtJIItiLvvNEND/1yqghgYS+XUJf74IRX1lcjgr54DBVr9kyVxsdNukz57Omk0kYau9eOFIO9ZTwtSBt3tEeZ4F83Ln4yXCozmUNTmj417YRXzoUQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=kOl1g4aJ; arc=none smtp.client-ip=66.163.184.153 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="kOl1g4aJ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741373241; bh=azN7Kk9YErwtWuqymGLMrPgHPFYKiUq/drMMdKqTQgM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=kOl1g4aJnGndSR3xj11kHZAb2EigOFHN0t1ZE4eSwqBn4pQvpmdOhZ2mDSFpFbWRmmD/cpxapeS/5G62V0ylmysqK52WN0imKHKdmUqM6pAAly1uD4VUQOHgUso7koRYNe5bU2g9/0T4BjaR/qMye8krvNSkDYeMgQU4KN3aFuAyLogtLhjSclR3QSH4lJtZCRBISpOGVsDP7Hf10MtYhiCjSPl2mQsqnslC95G9hyRwGuXLKO1PMDIL0b1iR1XjvbcCrBhlYB/emj1Pd722s7MppnHEI3IAfl/M/htRoNX3RwFe9P7ANzO4+bF8/EZ5rZg+fy5zpxyGYymFtiaUCw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741373241; bh=vTNMorO35YnvzTuBSYLIa0IbT2Eegwk62O7z2CNeCuq=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=k0PUdDqwtM2n97MUf3QDvH2/Z9vaPBaT8XK0ttT4b70a60eI9YtnRDCXbVE+ZZ5ZwpTjg6XhF7N8l4vxc9+TQsNUrv8dy0RmtiOe8wRGqDwT0JZpqJtP/tiYCZHHMyRUelICcqULVa8wwHDjQzL8NtmNT1wzw9I/Ly9GwHfn4JQ6+TOjxvmOlfqzvJZoQoekPZlgR8GI8ZyOC2HX5Bm01bf0PZACNu49p+xH2Y8wVvLxr2iareMB/lXRK5C9P/DUTq6i2Hshf18ZmbyrCG6rqRwz+hWqkcArI1KomabVic9spG83xX8PQHKQQu77kNxtoq1rSwkg0IYIzi+hW0N7cA== X-YMail-OSG: sodVNuwVM1nIIpzBOdI2aquWxNcSw17J9YDkAJypoaHFNRlW8ZXFw60VFV03BZh P3fTkGn0Me06EkYTBC_bZJ2BNt5JbOB2ggAChV043f5dyP84Bp.xWeSERNT6v3D4venGmz5wTLOl xx3u.w5cZEfJQIGxZbO3wFs6.OfzXM.M9yMZ8Itf6b1dO.gf.by3Ty5Uw8ETXk0OBM_UCY9pzZjf DsZYfDekfxE26XvBEfpGRkLiZBbKhF.nKw1caJenSBZEguNnv0Ktph5qrCJHjdqvL0KBgBvkJMt3 hZMBVDmFIPHpPIYruYxM5AVftrGPb69kjjcgiSHZ6Iz1I7ksSIrY9ufZvoXvWu2ab01IPxcWJHcr p3Ykh6WcQyj8TEGx1E5TvLeMZvxAw1qOKpJbjNp3j3cBrfOOVKP5pHcGWYisnwn65IzQdWwq2G72 wkW1sbMMrH1UtEcVGFBNzAeXm5H6OZvwE1jH.cSDgewCyoFo3wH0fxRieENOc_TLxm2vwrGJWjEe m3FuGavirEO9bShs76cT858PeN83lX.qAt1EDQ1n8oMG4zZ9DDgKYKmVbB1wuZbqRZ71BrcbsbFS QGNLymFI5KeaV5Y7K2O8DBwMBmiAKEM2oVKiivFy19GcACB70gZf0Tk123OQV1315rNfskJZTzjY AU7hnaAdaIZUUNVr8cn8z_xCy1AkKShLO7koLeuaoADlX36rM2izwieN6Y3QPiNqZwyd_SNI1dkv ZTvjgCa1RsJVch0kTkebzkGfQbiZ6UnC8locjOb4y8OgocsYiw4DRME3MDmCle.c4nU7vItYK3va gG3iOarmoGnxHx.fa9jWMoMguYv3wSoS3MmwaoPltOAWTjfk9Tyf.YgC2BOVN97HsnprFf8YFCsZ NodX5TWWcRfNFaSqDYzhKfmZvYs_1h331m4_watSDvtEMslG74TFTWGFWY.lnHLZU3gNjAVWm28P KcEbt9ILd0qJUHrt6ouYIacVx1arHsWD.xT50OSVrcxHOBj79vAraAA2oR8.tsUvGwP3GzfWpouN G64Fc3WIAUzz9o_Rof9tI5y40p2lhWsY0wRZuDRKb8nuUD.dEKSsenqAVZN2jiqaFku6Gm7cpe1y HbCHcecpPqlx0m0kkyfHueu_DM57x4v1OPRuT8U1cv5BGPpzKnLjQrJWTYp3aCReolYnbixarMHz FPZKnBECIiJHRIZFXE2PDDf1ag9ljHgl9ycGK4pJM7nIPKk39UTrtcaztuLu_iB6zhonnxhFmS1r 9odvaf1iod2XsrJ2lcLpMaBnHeKb5PIJoM.jENQWNXxwCXzDLuz_nkdHUcQxfS1DFW4uE9uZ5CTj GNmyU.NA5s7HGJ5nhQNautVCiZiuco6O72AqDLVbZsKlffpeeCQnWbvv4MBFEv5BavS3si7nsnct 19IMfHJckK0cfu7ZNGjQx3o.Vru.3iGvn1lDQs_dAaP0CURto7Xr0IVrDijmB2X1E0DXu.CtE5T1 7iWL9suQP2fHahA_plJc7MZH1C0nkk1ikXXo0xNKQO70uAzR8tF7SLFozYxGWLhaQhEyveReOoJ3 hA8IbrgEdFrftWZElNP1ljBF22BtG73UeBE2UVm_dpHuvf..22dqb5YKakrdZmQ5fDToDbMrsHiB gf2.4jaIhhaBUw6GK1tk7FAExQthESMhYsJXQtHUhwoXAzsJ4NswwpsOlF0hog94ERdrZAaSdEVx do9nLrBRs8wc4pfxcP1U.5YGKF.xLkaqgl4jy7tWbf4v0jBPQVFSytIQhpWiuZFn7Dt6z8xwKqxR 6aUGgTlM4qbqRQoa_vVLh5F3hGULrSJ3yFrma50OCmrARp37jxN7YHgAUqSx5bPDmiWr5tdwlTFi 0DmoIpKic7D_aOK_W8ecWDEY8ugtwEhEUehFUQ3rOPOrBxsVbXUdz700LyIB0Y9AOCespGOSMDUo WhekrVCycwr0lRDPXT.AYunFtLtw3oYUn9exD.N8aZsbvCVglXjonYUmhQ9OermDwVq0BqvHfN3m QeBy.buEIc8BSjMeuW5bAkFY2qF0y8FRt6d01ARutQ9ABl7L.z.6P_pne.S3v4hyX_t6qXJmcICW r0RJ.kOVTdFPsUrLwDgubX.S0VJwVEPoF3_vLZ68UaGZSBaypx.DKIupuQ_Z34MIBUzapSbmH32F m0N8tveOza7gQlQPCmG7Mart_ptzJQ3XfGVKWMim.lqqzuuRq9oceZiMcYjHagkehDR9ibauu3nV Fn3f4qtpjpFRnSuDqa_7EP3pXU.b7glhlPS0OCjoG754If6lvdsho X-Sonic-MF: X-Sonic-ID: eac63fb3-8e16-4dd8-b4ed-5160a93bfede Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Fri, 7 Mar 2025 18:47:21 +0000 Received: by hermes--production-gq1-7d5f4447dd-9qjv2 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 9e6d6a2ea591e1dd2da3497c747300b1; Fri, 07 Mar 2025 18:37:07 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v2 1/6] Audit: Create audit_stamp structure Date: Fri, 7 Mar 2025 10:36:56 -0800 Message-ID: <20250307183701.16970-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20250307183701.16970-1-casey@schaufler-ca.com> References: <20250307183701.16970-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the timestamp and serial number pair used in audit records with a structure containing the two elements. Signed-off-by: Casey Schaufler --- kernel/audit.c | 17 +++++++++-------- kernel/audit.h | 13 +++++++++---- kernel/auditsc.c | 22 +++++++++------------- 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 5f5bf85bcc90..2a567f667528 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1833,11 +1833,11 @@ unsigned int audit_serial(void) } static inline void audit_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) + struct audit_stamp *stamp) { - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { - ktime_get_coarse_real_ts64(t); - *serial = audit_serial(); + if (!ctx || !auditsc_get_stamp(ctx, stamp)) { + ktime_get_coarse_real_ts64(&stamp->ctime); + stamp->serial = audit_serial(); } } @@ -1860,8 +1860,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct timespec64 t; - unsigned int serial; + struct audit_stamp stamp; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1916,12 +1915,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &t, &serial); + audit_get_stamp(ab->ctx, &stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); + (unsigned long long)stamp.ctime.tv_sec, + stamp.ctime.tv_nsec/1000000, + stamp.serial); return ab; } diff --git a/kernel/audit.h b/kernel/audit.h index 0211cb307d30..4d6dd2588f9b 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -99,6 +99,12 @@ struct audit_proctitle { char *value; /* the cmdline field */ }; +/* A timestamp/serial pair to identify an event */ +struct audit_stamp { + struct timespec64 ctime; /* time of syscall entry */ + unsigned int serial; /* serial number for record */ +}; + /* The per-task audit context. */ struct audit_context { int dummy; /* must be the first element */ @@ -108,10 +114,9 @@ struct audit_context { AUDIT_CTX_URING, /* in use by io_uring */ } context; enum audit_state state, current_state; - unsigned int serial; /* serial number for record */ + struct audit_stamp stamp; /* event identifier */ int major; /* syscall number */ int uring_op; /* uring operation */ - struct timespec64 ctime; /* time of syscall entry */ unsigned long argv[4]; /* syscall arguments */ long return_code;/* syscall return code */ u64 prio; @@ -263,7 +268,7 @@ extern void audit_put_tty(struct tty_struct *tty); extern unsigned int audit_serial(void); #ifdef CONFIG_AUDITSYSCALL extern int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial); + struct audit_stamp *stamp); extern void audit_put_watch(struct audit_watch *watch); extern void audit_get_watch(struct audit_watch *watch); @@ -304,7 +309,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx); extern struct list_head *audit_killed_trees(void); #else /* CONFIG_AUDITSYSCALL */ -#define auditsc_get_stamp(c, t, s) 0 +#define auditsc_get_stamp(c, s) 0 #define audit_put_watch(w) do { } while (0) #define audit_get_watch(w) do { } while (0) #define audit_to_watch(k, p, l, o) (-EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9c853cde9abe..2ec3a0d85447 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -994,10 +994,10 @@ static void audit_reset_context(struct audit_context *ctx) */ ctx->current_state = ctx->state; - ctx->serial = 0; + ctx->stamp.serial = 0; ctx->major = 0; ctx->uring_op = 0; - ctx->ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; + ctx->stamp.ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; memset(ctx->argv, 0, sizeof(ctx->argv)); ctx->return_code = 0; ctx->prio = (ctx->state == AUDIT_STATE_RECORD ? ~0ULL : 0); @@ -1917,7 +1917,7 @@ void __audit_uring_entry(u8 op) ctx->context = AUDIT_CTX_URING; ctx->current_state = ctx->state; - ktime_get_coarse_real_ts64(&ctx->ctime); + ktime_get_coarse_real_ts64(&ctx->stamp.ctime); } /** @@ -2039,7 +2039,7 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, context->argv[3] = a4; context->context = AUDIT_CTX_SYSCALL; context->current_state = state; - ktime_get_coarse_real_ts64(&context->ctime); + ktime_get_coarse_real_ts64(&context->stamp.ctime); } /** @@ -2510,21 +2510,17 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); /** * auditsc_get_stamp - get local copies of audit_context values * @ctx: audit_context for the task - * @t: timespec64 to store time recorded in the audit_context - * @serial: serial value that is recorded in the audit_context + * @stamp: timestamp to record * * Also sets the context as auditable. */ -int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) +int auditsc_get_stamp(struct audit_context *ctx, struct audit_stamp *stamp) { if (ctx->context == AUDIT_CTX_UNUSED) return 0; - if (!ctx->serial) - ctx->serial = audit_serial(); - t->tv_sec = ctx->ctime.tv_sec; - t->tv_nsec = ctx->ctime.tv_nsec; - *serial = ctx->serial; + if (!ctx->stamp.serial) + ctx->stamp.serial = audit_serial(); + *stamp = ctx->stamp; if (!ctx->prio) { ctx->prio = 1; ctx->current_state = AUDIT_STATE_RECORD; From patchwork Fri Mar 7 18:36:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 14006959 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic313-15.consmr.mail.ne1.yahoo.com (sonic313-15.consmr.mail.ne1.yahoo.com [66.163.185.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 82422241685 for ; Fri, 7 Mar 2025 18:37:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.185.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741372643; cv=none; b=bf3nkUBN2Jrn47oo0L9+zeav7DE8znhFtWO1dyekAdQNDQxxG1glwLfFlaZeAo3hV60ZOdiGu2gqsLXdQrdHU+LQSl4iDU0DeqHGwgbIWGDWYmgLM/CowUD7jQRywe/IBjG3y9bYQcB+qRX1hDt7E0xsQ/v5EDgfrpfmKRXGp40= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741372643; c=relaxed/simple; bh=O520XCBXS2x+I9s35ielYReLlm716tHd8FSnv7v/wzI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=h6UZc7ixS1gOIP5p4wFehtzRcO5IO5IMDMMN1JY0sf8RwhKeeonL2/c6AEXRjEZoUTuWciuYvVFzek3G8GDbVmkuFCB+QWhoe8lFuh7ocEozDDREJhYvjfHXRrcOWoWF3aulnhCTGMrCJrKkKElrSv9OYwiVyb6b3tYtK87no24= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=tdtSC6+T; arc=none smtp.client-ip=66.163.185.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="tdtSC6+T" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741372639; bh=wwQQc6uVjiuVerD0doILMzpDf6RWPtnsEN6Tqwh9Lb4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=tdtSC6+TqnyvF3vgSiwJTv4yJd4ud2YAkbMSVsOgXIiM7TxfWDm5CHZMQns9hNNElhLAzwapyvb/WV7os8I4413RnuE8R/J05vhiHHrEeFQ9nr6hPx5W7gkaVo9hwjjH/RETAy7Yd1BF7F1E2cpURSmv0OSiJQVUQG3z4106Tb1+HeiWHvgIYevfEum0T8xPr5JEJillg21MCn/IY1eiCpEZjENxNj0RFrD3ELXOElb5vpShf0LMmnJ3x3M3aycnlHqSQF9Cgi9alo7oeJtYNh+9g1POHKmWvSSs1a+QKJtWUJhc0jxb5nVfld1uEbzM4JgYB61FZx/Y95ojek5maA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741372639; bh=pIWKAmTrcc8bHi1mzzGWf96kfrp1RBFpJjKkP/UQGCG=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=jGuNcI+QsFfeYlx86xzvynEF9pbSna2GFzoNzBwAY1Bqaxu98hXcRNLcOytxVPCksEec3vpfHAw45/SS3eVwnBcfWVAAc5Z/thhd+rGbvFemjQi6KSOeQyoPyY9KRO5fGQFpIffdaGZ03WuAtmWZWbwHa2ayNllU528T3mRM2F1d6leo86dyIDZvGd0zqD7NglBpBKbvUsyhG8TrDvUhvc6+CLTcpYrpf26RCkJwEzACKRLRQQknpBYct2NY4GY6YHjfoJGq6Acw98GykJNch3e4SUOSXwsKGeI6dUktUcuLDuOds+dpz96+TuE4XqobU0+WuuPC3ImKIji6RgAqPw== X-YMail-OSG: Rz3MZbEVM1nU9bOVdgVwX_D1FPURhra5SiCrx.B0d9ULWTvUXqepjDqFo9riqUz mW0i6VT1mwTqifs_RvqNL3fAyZUp5l81xDohDFIpKR5Rmq5mGgdpUY49UMpUSEY8hvrYPN7hNxH9 qz_WDnoBJBX44LmQAYAniuw1t2q_6x9PEjBMtzMrd7m8At1WLVdF.PDgR7LKYCL.lwP9P4XcQrka wa4McFXLbU_sPfoU9PfkrH723TFxOADlluyp7jiJX5e9lCJ2zhE5bqZhNyKchYf8HSG427fK0eXp 7_XL5MvJCA.g9BlekoJCg11jPh.439PNlHw4l8.uQUJeE2CTDi4DyCOhjLmxQ98SpLrPuLrRVj4U cChk7k8EWF.GgxOB2acpy.7VKzSdnJ3iazD1o5KX9dAEOTmxyvkDF6Y.NF91sxwBn6otP21Ewtt3 xqnTCuiMloZ5ULJlczRlq35iu98cKbT.iVrUFd9erVBYF3TepOxWmhP0_r01TwdTezTdak22gSye UeAUyL0sxq77i3uIol5uswEw78UrJ5JqXtMC2xZSutWGnv6TUJSvd0VKog.SUlaqPtrKtJGFSRgz CRrcXtoaVoZwNkgsNs_Uhl.1HY_01lOTGZX8EkHU7taV.CpVh07HP0mX9VB5jVICKH.A5qVdr_mM Yf6ZHa9pdGl0NLu_CrrYXAagK1ZoqARFw0Pq6u3tUJdJsb5ZjUXeRsqNhmnfsk5tb.0UCLb2a7Vr 7EXc1qf2Pidu4rj66Flq.VArf5GHVt5s3uHB4COxI.AnXhEpseceXwwN34D.Y2LpIDnPAwKWsLcK 2wgK7GzsBW529UO9VZXcKkS2QELpB0i3D0_NgGNeECtPCrMWRV4AQx9Tew67B.w3_PCcYseBcw5W G6DPQWRS5Wf_1LKLq6OL2KGdUp_GVfH9o39gmBjd7kmQu53LVEYHE98VUYKhyf961uMWRkOUjj5L y1TskDYXrjcZvOP1YdF2zaqq.oLCvEazNF8eKslG5bRJ7sSwlwuG.cmzq.b937Vg__WRw59b6TBS vY2jXtX7jA.r_kE7VUlchqJJg8Mp2VY4ompyEFnPcLEOg8xJNd74TwkaPDEjEeYN46guz40psBzD mGvVTgkfzQb12LdVHvN5TUV9xT_51mJy_dYuWrqRwX01OdZrGPNiCKeo6qHOk1ve8qDmaPHN5avH t4n1D70j1V7w8VSc6vsYZBKwHgCD1m2IMxIsILav.NHbvO4OMnfb19Ru3I8tk2F1.MchQU8LWzoE bcwwvAGY4DdzniAOCpHD_BGpdiwsCessIfJfPrYWXMnqj1uviIeT9e1OP1JPLu9y7RqNUvWNkWaK HU7BAoSVxIg5EgNXr6XOrHTD_goGI0FebMww0.A9AYv54Ku.cfIqndcYZi3CJ3mmERuzWKo0nCZ. 82oiKgZQIqkaAeMKYf_zLHxb1eEJe_p4R6f9a865AFakFbdEi9v9NH9vf7rDI370pvwoWyzH04Ve dpT8l3bkHvfBXC4OT2ruGBUo6Almw8qiYt9nTCxt82ogyzzleGtdac4NVOUWsCLoIYa79rW0_W1x Cilty_Jzeo7pVpaP6vvlMam_1WoF84FyO2fH7m1ea2UKRExn.H0hhVGesKkbLu6kv9ShKTKbGGnS BOgI07yye_mKM98aYkwFosUwE.HifegHu7r13Lofpo.U9KUR_0umZ5.ubG6qCWBqQdILgSZTNEi8 ZakkfqzOtEGSEpcAoQa.BcYbRc2cJwmrXDYqvXlKHbl3mrsbdXWABs6cfkLT_FzGI_I8De6LZRIr pe5Gn0uepTAKokWjOXtqJUO4Rhii_gE_uFOWYrZSFQJN4qfDRVGaauvy.lS5Z2rveblu._Khc7jz RbB39srIKrse4Cq90use0bGInQ5BJQAoU3lemxVapnNDn6bBZ8zUpOqonwJdYF8OPJAVqy7xzA2O fdAHnup9AHXg3yUspEkD9G6yt9gnKxSslHNcYQM_TJUeuSzROgvk8ZbhwcEQSzZTtAzf5Btf.G6W .EohM3gL73voPP_EY3EFZ7b4NewLsIsFY59IHYJjExKp9xgu.uk4_ypHK1COsGv8DzhyecbBZV5X I6LZuH4M09jmT_WdLT8alRwQLdgv2r5hqwl4sxKrDFlwmh2vpjhxWlXz4oF4qf6QILjX9nQ2qk68 vKewnl4z779GhK8m19_7klJ113BKf5sJ8Fksvhs1NZhcFlIAWl10jHkmu0Avz6..ZukNYjtYetKS nqvEyfN0PlqWWI_OSqBEPviMcwwRnmDlgcbsnE5SPo3uv5dQBVOTLn1aUSYhT24klsmnXh.RL1yw E9F_vcrfz5RtSWTJpdeJcZDwxiqnuqA-- X-Sonic-MF: X-Sonic-ID: 54a0f2e8-1b5e-4a0b-a351-74edd27fdbba Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Fri, 7 Mar 2025 18:37:19 +0000 Received: by hermes--production-gq1-7d5f4447dd-9qjv2 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 9e6d6a2ea591e1dd2da3497c747300b1; Fri, 07 Mar 2025 18:37:13 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v2 2/6] Audit: Allow multiple records in an audit_buffer Date: Fri, 7 Mar 2025 10:36:57 -0800 Message-ID: <20250307183701.16970-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20250307183701.16970-1-casey@schaufler-ca.com> References: <20250307183701.16970-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the single skb pointer in an audit_buffer with a list of skb pointers. Add the audit_stamp information to the audit_buffer as there's no guarantee that there will be an audit_context containing the stamp associated with the event. At audit_log_end() time create auxiliary records (none are currently defined) as have been added to the list. Functions are created to manage the skb list in the audit_buffer. Suggested-by: Paul Moore Signed-off-by: Casey Schaufler --- kernel/audit.c | 111 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 89 insertions(+), 22 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 2a567f667528..a4945f1c3ec0 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -195,8 +195,10 @@ static struct audit_ctl_mutex { * to place it on a transmit queue. Multiple audit_buffers can be in * use simultaneously. */ struct audit_buffer { - struct sk_buff *skb; /* formatted skb ready to send */ + struct sk_buff *skb; /* the skb for audit_log functions */ + struct sk_buff_head skb_list; /* formatted skbs, ready to send */ struct audit_context *ctx; /* NULL or associated context */ + struct audit_stamp stamp; /* audit stamp for these records */ gfp_t gfp_mask; }; @@ -1776,10 +1778,13 @@ __setup("audit_backlog_limit=", audit_backlog_limit_set); static void audit_buffer_free(struct audit_buffer *ab) { + struct sk_buff *skb; + if (!ab) return; - kfree_skb(ab->skb); + while ((skb = skb_dequeue(&ab->skb_list))) + kfree_skb(skb); kmem_cache_free(audit_buffer_cache, ab); } @@ -1795,6 +1800,10 @@ static struct audit_buffer *audit_buffer_alloc(struct audit_context *ctx, ab->skb = nlmsg_new(AUDIT_BUFSIZ, gfp_mask); if (!ab->skb) goto err; + + skb_queue_head_init(&ab->skb_list); + skb_queue_tail(&ab->skb_list, ab->skb); + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) goto err; @@ -1860,7 +1869,6 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct audit_stamp stamp; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1915,14 +1923,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &stamp); + audit_get_stamp(ab->ctx, &ab->stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)stamp.ctime.tv_sec, - stamp.ctime.tv_nsec/1000000, - stamp.serial); + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); return ab; } @@ -2178,6 +2186,57 @@ void audit_log_key(struct audit_buffer *ab, char *key) audit_log_format(ab, "(null)"); } +/** + * audit_buffer_aux_new - Add an aux record buffer to the skb list + * @ab: audit_buffer + * @type: message type + * + * Aux records are allocated and added to the skb list of + * the "main" record. The ab->skb is reset to point to the + * aux record on its creation. When the aux record in complete + * ab->skb has to be reset to point to the "main" record. + * This allows the audit_log_ functions to be ignorant of + * which kind of record it is logging to. It also avoids adding + * special data for aux records. + * + * On success ab->skb will point to the new aux record. + * Returns 0 on success, -ENOMEM should allocation fail. + */ +static int audit_buffer_aux_new(struct audit_buffer *ab, int type) +{ + WARN_ON(ab->skb != skb_peek(&ab->skb_list)); + + ab->skb = nlmsg_new(AUDIT_BUFSIZ, ab->gfp_mask); + if (!ab->skb) + goto err; + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) + goto err; + skb_queue_tail(&ab->skb_list, ab->skb); + + audit_log_format(ab, "audit(%llu.%03lu:%u): ", + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); + + return 0; + +err: + kfree_skb(ab->skb); + ab->skb = skb_peek(&ab->skb_list); + return -ENOMEM; +} + +/** + * audit_buffer_aux_end - Switch back to the "main" record from an aux record + * @ab: audit_buffer + * + * Restores the "main" audit record to ab->skb. + */ +static void audit_buffer_aux_end(struct audit_buffer *ab) +{ + ab->skb = skb_peek(&ab->skb_list); +} + int audit_log_task_context(struct audit_buffer *ab) { struct lsm_prop prop; @@ -2412,26 +2471,14 @@ int audit_signal_info(int sig, struct task_struct *t) } /** - * audit_log_end - end one audit record - * @ab: the audit_buffer - * - * We can not do a netlink send inside an irq context because it blocks (last - * arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a - * queue and a kthread is scheduled to remove them from the queue outside the - * irq context. May be called in any context. + * __audit_log_end - enqueue one audit record + * @skb: the buffer to send */ -void audit_log_end(struct audit_buffer *ab) +static void __audit_log_end(struct sk_buff *skb) { - struct sk_buff *skb; struct nlmsghdr *nlh; - if (!ab) - return; - if (audit_rate_check()) { - skb = ab->skb; - ab->skb = NULL; - /* setup the netlink header, see the comments in * kauditd_send_multicast_skb() for length quirks */ nlh = nlmsg_hdr(skb); @@ -2442,6 +2489,26 @@ void audit_log_end(struct audit_buffer *ab) wake_up_interruptible(&kauditd_wait); } else audit_log_lost("rate limit exceeded"); +} + +/** + * audit_log_end - end one audit record + * @ab: the audit_buffer + * + * We can not do a netlink send inside an irq context because it blocks (last + * arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a + * queue and a kthread is scheduled to remove them from the queue outside the + * irq context. May be called in any context. + */ +void audit_log_end(struct audit_buffer *ab) +{ + struct sk_buff *skb; + + if (!ab) + return; + + while ((skb = skb_dequeue(&ab->skb_list))) + __audit_log_end(skb); audit_buffer_free(ab); } From patchwork Fri Mar 7 18:36:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 14006958 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic309-27.consmr.mail.ne1.yahoo.com (sonic309-27.consmr.mail.ne1.yahoo.com [66.163.184.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7BD4424166B for ; Fri, 7 Mar 2025 18:37:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.184.153 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741372642; cv=none; b=fZ6TF4vRQ/I3Si4xONRgieSJRTfzsJzmQ7/bWTTOMI5gJqKd/e7tKIkmWy3I1KB1PPsTllrDXVc5SUcS/vjuPSyShIzVvFmyiDthQRWLbWN4LO9dQse/+qmqfXQVwSZ4qlMJzSzTt+8YyTHhQuL2KrjA73pV1DKcfgdB4vhPCMk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741372642; c=relaxed/simple; bh=l3hAOTdFWFPeDsiTh+QFM06dt1Vg/1ETKhCKYfaIKuA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GLRrAP4pMziiC+Ba2n3AYcZWccxE32IJ71LU5bOudKU5/R+jcuR+EP1tIA54igzhLFrCzwexfjuSCPIz6+TqEpkAhSTbaOuKbcwtKccixmqmdX7lyL9WMIzopdrNz8kiS05URMMGt7JlFDkpUpjRucFiVmfxh/jwSpdjepvN2pw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=W3EShh5M; arc=none smtp.client-ip=66.163.184.153 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="W3EShh5M" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741372639; bh=spbXtOSsR1EeX44UoKopWfeHY1ZWMyOJ+GR3xZECzhk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=W3EShh5MzAW/doeNftNgCmvqIO4YEXd7h1mgaOp1WITVMLuB/J5urbLMNZas0ouB3Q9XwZIcbPV3hnTcrlgFHLVc6vB6/04WIsFnYUeYErUxRuTAtM8B7hRK+cF0DN7aZReo4XEKYILrdOZiGUF7XdjQbuoA4Vl03AzEl6ANe/iFG6FIPdjn1XZjr0O8C1Eo9PQ6z+1CMGOxQERTEVzsWva/pWakpVEyHwbzXiA3ffcuP5yJaYnpX6LqUbh43fFYmPHj3wAQVA9RSd3MDK1b70IYXVeqfHjGoJ0vQ67xTSDwGNudgLta4TLttWDNMyDHV1aWlVfQ09LhcvqCiNwaOw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741372639; bh=aetwbMJAKZFLiS66plhssUfMuMSVmbgplcN4qlapxtC=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=VyWMKZ9h2R1kfsTxf4XZYdS0TuXTLEcdTgFdHJtCCXSCuzHcfPR03Y5NsXPUJLuq6tpDajmyDzHibJGTI1rMSsRMR5VHJT9AsB1kgpDX1btOG5qYboEEDmwQkklOGATGVE1QPl3Vb744VTBru9MR3vXElEPcO1Z5TnXw2G42kePx1hclcLsoInLdJXEqVM0vQxo8+skhNbxBKfeL2UR7IJLhxQG8eRz/KXZ+2e8OsywX9SbG4vkGUkXVsJ/9emXzNMfRRwpWpH5OyPVoi/I2XStXne4TNLoh7mRF4g33j/Kp4TnID4n4MT/rt/VP0rDFGvVIuThDX5/3Ao8PrsHlgg== X-YMail-OSG: YJW.heQVM1m6o24YdCnY697RgoGJRIecO0HpQ8baO5F7fK_eY2IXYg4Oz.ZzEtv B9OEQTLn2zmfifDuKKPmJ9itYIg_YNEmJ.49HCU0j6jqTW6ZftThIVsjESqFWaw890hoAYCMPqm1 8fj50Bf82keFOKU0qM2lSQRhPWMwWegAURiuYj65yVOETcV_5wX7.KarvtypW091RSO_aSyKOr8Q k4p4dPJceyuW2g4zotMMCGxd.vt9n5Um0wGhs47LV3RsQOY5440lO8olln0Z5l2WUWtEPqbLw5Li k_NdVwfkymfKQ14gAnEBLhTpHQ0vwvcnd2nd68f5qANuxyMwKam9ZBNpC7u.t5zmn8_1QAsX.tuK IxvpseP10HXmdU6Px5BaGlEW_E6Xpbw.2VSwrC61wCqcWCLFA_Aj0nRWHIj.maaMUD5xrZumUSl5 UmYVgUaiTTwfWsk4a4vI.7XMwWfUqpLs5ZXFoIxoAlp_KGwnlVftD4JmyKZcdW5K0YQ1k7CwtUOz DE78FhIYY8t6GFLJVHv99OguVIWOZwPH8j9WT80gb8UZT.js5KMYYMLNnpMIGM5ab4YIBETMhanQ 3I8XvmqcwBzyYNRg3jY6t_v8i5SaZfnUtbpUFmMBpSb7D3wtjP9ZQt1IvagbmOm0IMPpNfW2dvBq QqS_kwbxLNrtgFsa5ps.TmSeUDIEUsDidxUGKME4UullFANaoCM90Tat0e1x0YWhwMsqOx53uFz7 9nHGyVX9OEsb.DgQJHLtQp_sBxZhWKAzsz2c42b_wgCDb_p4SIvSI2pPGSTfKdmQAx6.1o7XJtyS 4U4hMClJcDzEAYqGv3MYLBpneEDAV7A3iq26dzlSteeRiMgeaFQkK506WxXQwOMJ20xf1KSVnfUi TXgnQE21KagUIyeesGMZK6fTugupdMcp471sHDnv9K8OfSpRrcYN5xZsnrOFsvd2Uov8SouY5GUU 4krPOqPFQEVZXzSTWezRZaimWHf.eTQLhWhxyoGWG7wdTQMXzyRDKBp..R61zDlQzhIvZVKl.LCq 6dNFfZ8aB5pnxQBCQxT.r7OSw5ze6RilFeOAJC4OLSYxnZSF7c64WW8GZWbjECWVQqRHatYiukvs Z9ouj9klphMwTIirWBdcHeuIR_SkZiu5ZMzGlCARC_6rEhHg6aaFv.s4vlxra_Pap0qiGBdneyYM AzMpDRvG4.bwODWdwTNGVMBcp0AS.BqBp_K09Hdwgi7gVfXwaWYWZiSiuoxvYfnxsmyLLUfKgs8R hQHbt1Pnw.VxRRGaJvG4R82sn7JqNl.9VdtdjZ8c34Efx6JgzSuIJUmFnSvBEWqLBrm_6ntyqGq2 bfsVQV7mV89Um5P3wIETceQskIbAPDUbqUadTmRYjoaBhLsDMPb0SWrCnPE7oeas3MFuLAkur9N9 4Sd6sunG9zXUVE1qxl3O1JBR52K0.nSSFwYRfke3MhgYCoUIa0eJqyPVXM9W3J8zhhbMXXI3aAQT bnkgO3gH0tFYnTiZFcyCwIifSpkkpInx.O5o1GBcUgYopc244RkGDtM7dnBDEQx_MgT2TMx74jZG 3cyMxHhEnTHxE3yXyvwjta3XFuuXCYQRtv8hqdyJEeg7M4x4.SDRLsqpN4X0j51nmtjOnRn3ekMK wjcFgJYVBFmdS6UqZF46LzEDUHFQWZloHqdVSeqnoM1wNPHWJAkcr9ppaf0FHKEKGXNb0hMmH4nC 0mEQIjzC.yA9yDsWUM78fWucrZKiJeyig2r5IJAngtd_88X5JlEYjowIvHWKbDe7mrhLz9XR.Uzt yfP7CVPVEHqv2p54QuHdvUOkwwwldlYjp9wADq_zfvK_2N1KXYMQgr2vxemBVjthQx9jAvPec9C1 dh_Ylf25KTf7z5QaD6YE8pmpZq2uudFAItpeG3jTmaxQpSP0BGlLm93dAW_sxfNBszheR4cLRWLY h98em80pSGrRCfepnYsgbmJd91IVp2Jb0RRQYU6bnZj5GsM1QfXE4DtmmlA3Lu8tD6QlKV32T2BQ EdhBtvXJhuocyUz3zHUfPEMm4A2wEUd.lfou2IANp80EHuJO1YfWn9eY77PAx_FCtlG4tYA5l2oh E4RTkncwHa26KIXZ6_UkAOp2dE4zgbUmgbxfy4wS_AMW7GssTrIgUrVKyTEMB1OjdZ1ysAHKlCP4 Blv3QsWDWrF2h5O8cqmCfAolJOnFPUSBrE4wJt1ABXyCj7ZnN73sbNJo7JgVqcmVbUWEaOp4dSQv OYerAUmqiWiysWWMGXMaDXBAcdzTWbd4y.r6jusygC1amJJPwAWduoMnsh5gFMOleztAX6l.atoG 1pxiBnXGv3R7IkpaOMrNLVlKD4LlQ X-Sonic-MF: X-Sonic-ID: 5c7460b6-392f-4b0a-82a5-a083544e999c Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Fri, 7 Mar 2025 18:37:19 +0000 Received: by hermes--production-gq1-7d5f4447dd-9qjv2 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 9e6d6a2ea591e1dd2da3497c747300b1; Fri, 07 Mar 2025 18:37:15 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v2 3/6] LSM: security_lsmblob_to_secctx module selection Date: Fri, 7 Mar 2025 10:36:58 -0800 Message-ID: <20250307183701.16970-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20250307183701.16970-1-casey@schaufler-ca.com> References: <20250307183701.16970-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add a parameter lsmid to security_lsmblob_to_secctx() to identify which of the security modules that may be active should provide the security context. If the value of lsmid is LSM_ID_UNDEF the first LSM providing a hook is used. security_secid_to_secctx() is unchanged, and will always report the first LSM providing a hook. Signed-off-by: Casey Schaufler --- include/linux/security.h | 6 ++++-- kernel/audit.c | 4 ++-- kernel/auditsc.c | 8 +++++--- net/netlabel/netlabel_user.c | 3 ++- security/security.c | 13 +++++++++++-- 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 980b6c207cad..540894695c4b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -566,7 +566,8 @@ int security_setprocattr(int lsmid, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, struct lsm_context *cp); -int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp); +int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp, + int lsmid); int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); void security_release_secctx(struct lsm_context *cp); void security_inode_invalidate_secctx(struct inode *inode); @@ -1543,7 +1544,8 @@ static inline int security_secid_to_secctx(u32 secid, struct lsm_context *cp) } static inline int security_lsmprop_to_secctx(struct lsm_prop *prop, - struct lsm_context *cp) + struct lsm_context *cp, + int lsmid) { return -EOPNOTSUPP; } diff --git a/kernel/audit.c b/kernel/audit.c index a4945f1c3ec0..293364bba961 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1475,7 +1475,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh, case AUDIT_SIGNAL_INFO: if (lsmprop_is_set(&audit_sig_lsm)) { err = security_lsmprop_to_secctx(&audit_sig_lsm, - &lsmctx); + &lsmctx, LSM_ID_UNDEF); if (err < 0) return err; } @@ -2247,7 +2247,7 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmprop_is_set(&prop)) return 0; - error = security_lsmprop_to_secctx(&prop, &ctx); + error = security_lsmprop_to_secctx(&prop, &ctx, LSM_ID_UNDEF); if (error < 0) { if (error != -EINVAL) goto error_path; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2ec3a0d85447..d98ce7097a2d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1109,7 +1109,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmprop_is_set(prop)) { - if (security_lsmprop_to_secctx(prop, &ctx) < 0) { + if (security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF) < 0) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1395,7 +1395,8 @@ static void show_special(struct audit_context *context, int *call_panic) struct lsm_context lsmctx; if (security_lsmprop_to_secctx(&context->ipc.oprop, - &lsmctx) < 0) { + &lsmctx, + LSM_ID_UNDEF) < 0) { *call_panic = 1; } else { audit_log_format(ab, " obj=%s", lsmctx.context); @@ -1560,7 +1561,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, if (lsmprop_is_set(&n->oprop)) { struct lsm_context ctx; - if (security_lsmprop_to_secctx(&n->oprop, &ctx) < 0) { + if (security_lsmprop_to_secctx(&n->oprop, &ctx, + LSM_ID_UNDEF) < 0) { if (call_panic) *call_panic = 2; } else { diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 0d04d23aafe7..6d6545297ee3 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -98,7 +98,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, audit_info->sessionid); if (lsmprop_is_set(&audit_info->prop) && - security_lsmprop_to_secctx(&audit_info->prop, &ctx) > 0) { + security_lsmprop_to_secctx(&audit_info->prop, &ctx, + LSM_ID_UNDEF) > 0) { audit_log_format(audit_buf, " subj=%s", ctx.context); security_release_secctx(&ctx); } diff --git a/security/security.c b/security/security.c index 143561ebc3e8..55f9c7ad3f89 100644 --- a/security/security.c +++ b/security/security.c @@ -4312,6 +4312,7 @@ EXPORT_SYMBOL(security_ismaclabel); * security_secid_to_secctx() - Convert a secid to a secctx * @secid: secid * @cp: the LSM context + * @lsmid: which security module to report * * Convert secid to security context. If @cp is NULL the length of the * result will be returned, but no data will be returned. This @@ -4338,9 +4339,17 @@ EXPORT_SYMBOL(security_secid_to_secctx); * * Return: Return length of data on success, error on failure. */ -int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp) +int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp, + int lsmid) { - return call_int_hook(lsmprop_to_secctx, prop, cp); + struct lsm_static_call *scall; + + lsm_for_each_hook(scall, lsmprop_to_secctx) { + if (lsmid != 0 && lsmid != scall->hl->lsmid->id) + continue; + return scall->hl->hook.lsmprop_to_secctx(prop, cp); + } + return LSM_RET_DEFAULT(lsmprop_to_secctx); } EXPORT_SYMBOL(security_lsmprop_to_secctx); From patchwork Fri Mar 7 18:36:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 14006962 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic308-15.consmr.mail.ne1.yahoo.com (sonic308-15.consmr.mail.ne1.yahoo.com [66.163.187.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3790242931 for ; Fri, 7 Mar 2025 18:39:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.187.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741372742; cv=none; b=LgNcNrIv3koMlLqTqzL1+cvkoxcymiG8M7Ma41vpZozMMlCbEPeP6MI+j+LC8XYxcEJsdb+VDVuGgEspQR1fS8SCX7OXs277hKinj+VVSVY9mGSuxvRZK7gUu2Sb8cLAc71Ra5pFiTYg3Ohy36/8fMfTIZZUFtaMGyBEBp2Btio= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741372742; c=relaxed/simple; bh=Af5KTKsQk6wc/oG/z+DaiMXKAfgl5ohzN1roqLwBscM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=t2vTxB5xsgVA3jP2KKwj6G3S5cMNnx5f2vQ4PaxlxpFK/nyzFMoj3xXiWZjUNoghDC6C5cvmw0Qa7/AiwmI4ynlTz3U+PHVS+kTvMb6GGvosjxafT3U4sjefKi8y01S0u7nyKxW7rnxr2rgAePtygme1AzkI3t0zXEmTkwl0Deg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=pAY1XrLm; arc=none smtp.client-ip=66.163.187.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="pAY1XrLm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741372733; bh=iDZEMDZr9QVsP0Bv/S7z/KogfWoghwIPZsAMo/z1I/k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=pAY1XrLmpfx3QxouD5iRx0O1IxmuPW6mz8+baxrAJNKlrhdCT4EueOnxtC/4C1ctfV5CdMeNlEp35k604qinNj3EmU7rsJjV8+3YaZnY0cNpnbQ4MEFiQiwuRpRKO5gvVgynsi4RyVlpmk+FK5A5Lz/VUK1EuFS1L0CpDEZItetyIZJWOs+EW+KkbzRzrA2qVsgw6WeoyLa3npXOSwr7uvPLiz7oh0tc1SvolUQMlhVNpkAmQ7CZvTrjgw6dIiBUVFget9kZicdXMa4CenQXQZ3FlmcStG5BWXRLQ9KSLg2/KPd1Zh5q/f+ibwU5OtTO/ZMRF8mTQSAhm8EisCSr7g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741372733; bh=pzsphi5EXunbdnc1UQqrYL4cpJOC3DADG7Q6rr3f+8I=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Iltak5ECk8Baab9l9ZaO5qePykGBxGihs7jPzwJNk7yaeFelB85vucXW3ts3JSOW+Yby83bGem7ZmDMUPJQQ8dzh3jt35Gh29GCOL1zrZED+WS6NrgCcwaax4MGFlBWy08kBA6zBYBmi2a6zy/20EmrSgAC9HFgvq4IPx+snzrXIcmx50g06OKd9Ng5KnEFqkAl2kI2alSiVaWGMUc8bc3CpX76peJP35Vkp8VtHEK1wWExr6bLAB+QRZQ+OcuOkdugL5/DzytbVKwhsH+dC1aD2uNxEO6WQgudO1tTXnCKwGZEUSdvXmh6LJo3e+1Sr1pCHUSeuY00pwifCHKXsPw== X-YMail-OSG: LAOhvpAVM1nNrTQgoiW_qKhfudkMofd.zcl4Wp9CDFz8hWB4WuCz.yblbLoRiwm 6sjOzB8exRqbj.M_A5snF12xeML7bpbA1aQLxb3F1yAtt4LP2q57MzT0bVuZxbv_YEgdR26FPQPE mkh8Tn7LSflVS99UDqHJ4eM0TmPu7nixId15DVzeWIKdY87fPp5dLB2U917lD9GeLtCELc5IvPQ_ 8ZiwmVVBiLitScmmXwPrxQsFu5F7t9lctCKFGOLUhGEyYs.YTYcTI_gexe20yIe8_Zo04hDVJ_Bt _TL_rzEhZBelUFazZhVJABMGfFZ1cY9XZeeIkkFwyN23ZuQcyR7fVP_Y8lcnCWyLXkAaQiJPy6Se ZYIyXTLx92G8yHCrLjXcnCg4jpJ9o.Rp5xtvQwN5qVZg4_uTylBPXDKkKZOBiz6fETcTJ9puQ8gD KvhaV_lPZRIBeOd9zoPkcsvHnZzjW63uOpwS7VB.Eo0KGNQ9AaiH8AIiBND6bsJ7viwY1YHyp2a0 xCKEFbrhx0gUC.CpTW8xXrO9DYElSCgWRSlJHoAP5Uta.qVcoyzIu7Du5oeRdYJAy.1.giz6iVia Rrs9xSRG1dwv_e2EgRahHzJAz53tZ7WMiAYu8hxo8wq1OKV6mgwP7UsexasDHX8YeTz7rqF_K3_1 zUb0RTeNex7oygDFJPvjMN_0EJpai8tUoVASdR0BEzAWTiStdMZUmhWZdsktLulOW3ejPT6UnkFr .uPSXxOqogft29_x3AylrN_xSDtzuEC.3liW7V1WcJ1vt.oYtVJpl8Kf9BFMB7hGReyJWh6woVkH 80FUWW3fcYdhDPsrYVBclOEsxbiX0m1HoN9RQipAqoBnP.mpWaHVwYn7qQkEbnAS0N2VEhYrTl2i H7WgrbuNcpDyfuX6qT2lZg.oZy4e4MbqTla5lqrbOpsG859dMBum7GSGwEgQjXOB5QGYzsHB9nAK c0UwCNEi8cfs0GcXZXc4TLSAwGU8G3yUtAvqa59OjAKquxjP_alDvUGlw_B3dOzpNrv9vK.i6YMW hcdjQHo.Sv_QLVWya.IORV8goJJe1rPpkqG1Jx4rXU8jbNVzbaRkdgty4uJe6nrCb9wSgkhtu6p_ Qqb9MAOv_PX7TijTtNhrfH.3kJvvFucUYDPGz.PzhgtaQfSw8kCEbQzwbaCqnxopgxR2aM4nkHjR JBXufXnFTTKp69qxIrhVYXxjRU6lGIYDpPyS4z4pCnDMMF5DaO4zMSC5WCrvLIn6ZylW1.ls1Lhs 4Bwoq9VdG1c6t3KVNoMUY7TTpnsejWjR.zsnBhVWs.43QdqHqA4D_2vgbmiPjvoHjAwNzq4iPYi_ pF7LYBg2GJqm5Ov.Yb70Y7VdNM4B1FgiPyp1or4B8j9km5XNfZxmuG2hj3CwE.J.i.GjbITIqFSX 5XhgpKaDm6nafWmuU9VvhbkL9Q5cHDUvTehLDXivFJuYAVq7YqQQztu.6lqm845Bqyhdgdg4icR4 990Hbst6KDeGMS7eVHg6GwIdwwANNUdfcy1lxSBVLC6_9i6GDpt0TEQivhF_mm1ULCnLyS7M1eoO vruZJoR3Nih6mVE1Nz5E6B0pb3AzcPziW2MPJpty.Oui0AKOca.kCLlSdB7CfzYZDgwE1ATHtSBd R1AhZRD9xlEPxJlO_pdsTam9Xi0Dy0n0zumsiO2FXdBswAKONlBg28SQxeNiT63m7RxUT4BpzOqa sEm.u8OvNH6GXhhLuD4qNIy94sJaoFIgaysxh_alcPnMGJ1KFwn.75HdMaQH7Y9kGw838._eJBH. F5opfmLMQQ5MhgFxm.MMMfztBMEkQkpNDa1HI2da2fok0qKF2cHQyrbbI02YsUctqTZ7.vHc6cNl aSULoVh8MGfAz6PgEBjd0T8rxm3tu5lnKLOYj8A4UeJsBXynZ.jafSXdFx3JMSQHWFb6SuI5RN4z BHi1H7gQD1u0RG40dItG3yXqJcqZJH4JbGRKngNrnf6zHfikqZ5kjGm_FPiJ7DP.KVMv.T3oT775 MI4LcB1Mj.5jC7Q_iMByGU2xVEem9nLLmLIBOIPcgwSPbHcG.ZqfbM1aJx8hiAeLmPOEfzmR7YFg 1r.IF2fhuz3a7xsTXdVbda2TjV1QGyYIdSc3fyMGwZc2uuH5v1iDEmttSZhKBwklUS.liKcICTG3 vNCcA4FhpIS6FfFe.C4nMG1sAHmwDe52IrZuFP5CQgQAZnTsTgzx1wmpzdpyZ_6Rnj48HFvktqnt fkR7oUwUlK9wcQB0K3FGEJON.w2x7LLvjHzhGIgYWqFBoy70hQnzqpTSHley8uZxLwOR11E2oXmw 1EZ8a5NqB.WVtWzZhdklhaNLu.Tqn X-Sonic-MF: X-Sonic-ID: ca76bb5f-cb09-40e6-835a-00d5b7889725 Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 7 Mar 2025 18:38:53 +0000 Received: by hermes--production-gq1-7d5f4447dd-mxg2z (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 84a3ec74d8bfe114e53660abafd57a8a; Fri, 07 Mar 2025 18:38:50 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v2 4/6] Audit: Add record for multiple task security contexts Date: Fri, 7 Mar 2025 10:36:59 -0800 Message-ID: <20250307183701.16970-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20250307183701.16970-1-casey@schaufler-ca.com> References: <20250307183701.16970-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Create a new audit record AUDIT_MAC_TASK_CONTEXTS. An example of the MAC_TASK_CONTEXTS (1423) record is: type=MAC_TASK_CONTEXTS[1423] msg=audit(1600880931.832:113) subj_apparmor=unconfined subj_smack=_ When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record the "subj=" field in other records in the event will be "subj=?". An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on a subject security context. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + include/linux/security.h | 1 + include/uapi/linux/audit.h | 1 + kernel/audit.c | 45 ++++++++++++++++++++++++++++++++------ security/apparmor/lsm.c | 1 + security/bpf/hooks.c | 1 + security/security.c | 3 +++ security/selinux/hooks.c | 1 + security/smack/smack_lsm.c | 1 + 9 files changed, 48 insertions(+), 7 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 090d1d3e19fe..e4d303ab1f20 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -81,6 +81,7 @@ struct lsm_static_calls_table { struct lsm_id { const char *name; u64 id; + bool subjctx; }; /* diff --git a/include/linux/security.h b/include/linux/security.h index 540894695c4b..79a9bf4a7cdd 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -168,6 +168,7 @@ struct lsm_prop { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; extern u32 lsm_active_cnt; +extern u32 lsm_subjctx_cnt; extern const struct lsm_id *lsm_idlist[]; /* These functions are in security/commoncap.c */ diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index d9a069b4a775..5ebb5d80363d 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -146,6 +146,7 @@ #define AUDIT_IPE_ACCESS 1420 /* IPE denial or grant */ #define AUDIT_IPE_CONFIG_CHANGE 1421 /* IPE config change */ #define AUDIT_IPE_POLICY_LOAD 1422 /* IPE policy load */ +#define AUDIT_MAC_TASK_CONTEXTS 1423 /* Multiple LSM task contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 293364bba961..59eaf69ee8ac 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -54,6 +54,7 @@ #include #include #include +#include #include #include #include @@ -2241,21 +2242,51 @@ int audit_log_task_context(struct audit_buffer *ab) { struct lsm_prop prop; struct lsm_context ctx; + bool space = false; int error; + int i; security_current_getlsmprop_subj(&prop); if (!lsmprop_is_set(&prop)) return 0; - error = security_lsmprop_to_secctx(&prop, &ctx, LSM_ID_UNDEF); - if (error < 0) { - if (error != -EINVAL) - goto error_path; + if (lsm_subjctx_cnt < 2) { + error = security_lsmprop_to_secctx(&prop, &ctx, LSM_ID_UNDEF); + if (error < 0) { + if (error != -EINVAL) + goto error_path; + return 0; + } + audit_log_format(ab, " subj=%s", ctx.context); + security_release_secctx(&ctx); return 0; } - - audit_log_format(ab, " subj=%s", ctx.context); - security_release_secctx(&ctx); + /* Multiple LSMs provide contexts. Include an aux record. */ + audit_log_format(ab, " subj=?"); + error = audit_buffer_aux_new(ab, AUDIT_MAC_TASK_CONTEXTS); + if (error) + goto error_path; + + for (i = 0; i < lsm_active_cnt; i++) { + if (!lsm_idlist[i]->subjctx) + continue; + error = security_lsmprop_to_secctx(&prop, &ctx, + lsm_idlist[i]->id); + if (error < 0) { + if (error == -EOPNOTSUPP) + continue; + audit_log_format(ab, "%ssubj_%s=?", space ? " " : "", + lsm_idlist[i]->name); + if (error != -EINVAL) + audit_panic("error in audit_log_task_context"); + } else { + audit_log_format(ab, "%ssubj_%s=%s", space ? " " : "", + lsm_idlist[i]->name, ctx.context); + security_release_secctx(&ctx); + } + space = true; + } + audit_buffer_aux_end(ab); return 0; error_path: diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 9b6c2f157f83..17ec93a8d3fc 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1427,6 +1427,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __ro_after_init = { static const struct lsm_id apparmor_lsmid = { .name = "apparmor", .id = LSM_ID_APPARMOR, + .subjctx = true, }; static struct security_hook_list apparmor_hooks[] __ro_after_init = { diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index db759025abe1..aaaa1227ce13 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -18,6 +18,7 @@ static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = { static const struct lsm_id bpf_lsmid = { .name = "bpf", .id = LSM_ID_BPF, + .subjctx = false, /* property exists, but will not be used */ }; static int __init bpf_lsm_init(void) diff --git a/security/security.c b/security/security.c index 55f9c7ad3f89..8450cc5f82d5 100644 --- a/security/security.c +++ b/security/security.c @@ -320,6 +320,7 @@ static void __init initialize_lsm(struct lsm_info *lsm) * Current index to use while initializing the lsm id list. */ u32 lsm_active_cnt __ro_after_init; +u32 lsm_subjctx_cnt __ro_after_init; const struct lsm_id *lsm_idlist[MAX_LSM_COUNT]; /* Populate ordered LSMs list from comma-separated LSM name list. */ @@ -626,6 +627,8 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, if (lsm_active_cnt >= MAX_LSM_COUNT) panic("%s Too many LSMs registered.\n", __func__); lsm_idlist[lsm_active_cnt++] = lsmid; + if (lsmid->subjctx) + lsm_subjctx_cnt++; } for (i = 0; i < count; i++) { diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7b867dfec88b..1e2e1545eb2e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7142,6 +7142,7 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) static const struct lsm_id selinux_lsmid = { .name = "selinux", .id = LSM_ID_SELINUX, + .subjctx = true, }; /* diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 239773cdcdcf..75bd62fe1513 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5057,6 +5057,7 @@ struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { static const struct lsm_id smack_lsmid = { .name = "smack", .id = LSM_ID_SMACK, + .subjctx = true, }; static struct security_hook_list smack_hooks[] __ro_after_init = { From patchwork Fri Mar 7 18:37:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 14006960 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic307-15.consmr.mail.ne1.yahoo.com (sonic307-15.consmr.mail.ne1.yahoo.com [66.163.190.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D033A2417C5 for ; Fri, 7 Mar 2025 18:38:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.190.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741372737; cv=none; b=axdSpsfgaXNBZujJAfOLbFhkcyQNqISPWMPJbx/2RmrltlHnLrvCaiEz1EUEt7opj94MSx1rxTzsCDvz8dUCmaLFJ5CavsjGpYsM85G+9NOI7st1LYEoCQ6plyJifaxk7EtBQ5K/PbOTx6gy+9JobLD5SCVTH9N68+71rTaytaA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741372737; c=relaxed/simple; bh=a42n1s+VWPRtyE3Sl9hkkLv1dafasepGqLQ4YT5lLyw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ghdiuS1zrq7x27LlkozDg6MhjP9BG3TdOMmUXr2j8VVCXa87yirb87Tw3f/1V7YDtW0i7dJ/gHi3wcXVFvHyG1tLdrAhxQT9XTGoig98sPhKfn8eWGT/v9qLN9I6uK4my3gkNL6QJ8d+HP5VpPQmRsZc/nqTe1vEB8jtbp7LoZ4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=S097tbpb; arc=none smtp.client-ip=66.163.190.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="S097tbpb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741372735; bh=0iPBfsQ0COUDj9DZCSGt4GDlspCeYC9Uy3b95YoJUYc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=S097tbpb8NJAawYs92Tm/KLDuL3dEFUSL3Di7M+H4THPR4jsUa8SLLq2HQGNfAvPW0nUpSJFv4l2yIX/YXrwRZw8q9vYaGaWYIaCryRF8fs2e79LL9aFozQsoz3m1KT/4QAo19R+KvVMWSrU/RpL3VPCa/IMFV4x4CsJV43QIHx3tq8wesEabfshsRBXQEmg6vLrudFjDtsG5+4VDnZ41f9rw15avXdRSjsdDA2fr2W7xuGo+CS0Gy3eX2xQuZ96ZAYnC6W8oW6nAiQ/TPMjwAJt6ItEb4bd1iU+lLNPDlH3pduLr82A+vhQzclixETYSvk5H6am0FoIwnGkk3mR5g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741372735; bh=g4osgIhVmDA3LLFYhF0eCwXfopOcq85WB1daRoHZFJn=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=pjoiU3B0jGGtMotNepRC+WHWjb9Qlzd8QTQK5P59+UDRiCbPFQ86JAEzjgvGlg+xe0OPqiIqLJ0HvLliGA60AGs3zZknJ9yEwAnCq+kSV+jZm/dakTGBTwJ9iu52shftt9+UEBIji/dvjgIeJBIU4qrOiZrw1C41kfVBwYWof6Gt35an/0vU/Jmp8OQoTJEfXMCTS6gBBa3cSpvMR6obPCOZumw5+19FKjU2AdVBJkspliiIuOqF8yFkDJSQ0s4uT8J+BdehQKr/f1JMpVPrW1J4LuPascfcqdzsMvBR4hXwQX9mSi2lXSCKHwGg0313ZExCk4xVsb/6uOFZUBxSuQ== X-YMail-OSG: dFqsXZ0VM1n9qw8n33XuKftAa0wW3KqyfjeAn1IqLyoIx5JK5CgacDZSjvQdiij z9EM8ohxUWeFBZNQ1sWOv0NRo3vtEaFvxxKMnrZiB59ryT.ZJATBsJiJ5tGO59C6Deqsal1.B9r7 p1jbOXW_NO.MwCKp.OVMr7W8lXjYzp9EAudjX7Jbh_liIuOl.Rk0Rzapit6552SDILV7AX8OiZUa kKqxySFBBBsHin83fxU2OpcEMuBna_J1Fk7uBaVjIpCx_.JMHYe3EkQqxhuJ.kMNZIR_rlUCwdKx zjxY7d81DaR7DE_lB0bS43M8G.z0wMVSuRH.s2pURGc_gp4QXB6lFtx1ZBn2S4LaqRyVZxtael3. Nk5O1V1ZkBpNaaye32lSr1wb1pvyitcCrcXPr2ugnoXNRBmphrztwDYfg_Nt9I5lWia5bpCXoGat S4LWtyVQEejbnXPu4urH.k0qESCPI2rrNvntAw7GIEt2c_PQt3qVUXe.QIhWK1XJ3D.SlSgglmMa bv0giQ4ichkC1tpU9yGxhPPN_zXtTTuJW7uaryvgWkToYcwQ4ncxeT0KeB7OETNnaX9MHU7hCt31 zg_Ahpai73Xw3LYauxjLExyZrM62BdcGufI0Fpl.ef9bISiB6m9RPGqwLvV7_0Oi_RzFDsNBNAGb MTJG5VAiY0Q_0ScOBN7Egrtp_4bpQhuwF9jgBlgGyaKTHNpSRN3WNtH6nvHyarYoYKYx7tZ2DjC4 nP2sRq25wTz6.3ZriVqXWYTl4VCIu2XQDy04EirV_7zlqPUVuuqn3uR9b.VDGBg4N8mWK4WkDD9O 8JZ81g20ajS.C.JekaEHqCCIAjG13wcQ2FcBEELGP9D8zByHwFxKkcA1eL02IE0I.CP862b7T8u3 dkyzvRSVe1HZH6F.wuJEsImvKJeLDsUa7NJfEsHsvpBlo6AuHQBL1_jEoqe.PL16JehifEIR4t8z tPg6Gz.MwnLuC6YVoSQ1sTBpCZ1TfBplnzfcGQ18DRQPRlR0K3G1podJiLVePBvvcfeLppFrTW.m 5PsO8s.ojbMNvPdO.ElIG7SlmKOxlu1tabvDHF7rkSeBEpD7yTCqp7YyLQBPoEb72GHCUxC9PHsk Dy1fiYQkRHsWASjh9vHBDvK.f.sSjLMzjLvkURWCcxxqomPNiMzXq0t.JTrxAPqe.h8BLOZlnViH mc1JG76nSomtLgHvExAOR2420SBHM3RxvQ1eoc5TyRGKkwrXx583zCUieUYhotkN.nEVQJgc4NON 6euQw469CqC0Q3YCZ9jOa5Am8Vz5Dj0B0I723kJGH2sFgzdd93flkO.oczhx4YUv0wxuX.m_kx.P 3y_eyqWCjXvcHJkxn.M0txaAJLuJ3pY0PdjrZHa2xY9_eNqJY0PtydhoboX9fUVbBow6YnusFMKZ 484o1iLClmmKxSR_r1DSeTVJYjNpJpkRxgB8sc4pi4IeQLJLrUc12x1fBJFGX4fMK1dju.3g2UKP C_S2egL0B_e6tbIw4ll_dWLKfRMWQlhHhuYdhjY7ZvxK72d5ajHOPGjS0tZvnUmqJ7PNIrTgzY40 hwce._ka6vkTmT0hCtbEFLLEzRCWF7BFJGsQ01ikZMGBqsOqOAjvF0toGMBO8rbmbOXdcWJgef4U mjVvAuqTc9dD92krlk_HuWKKCsH8hrk3nhbyRqw41ipFWcLpuwupLs6FokKnKBb3oE8R_qbP4nge knE_phNHXBfXYuQR912UBK3llzXna1JLjU3DO5TLQhGYRqJTDp4eXDwm1lx7wfMnWDt9hqMilo_P VFHEdYYEqSbCL._wTiaFi5AMMJf2Byh.io9P7bg_8h8swGEzfcoRaZf92giaQycRMnBpOOKEpXCb Hif2eSkGfJqouadKxcDe.dys2kBE9c8SpADnFh2_C_a8UqVmPSBQboQnBTMgHif1W5XdatxeVAbQ wL5NymPqZ2BpT3nXmuiLtCQRYWIMoAeCFB20XcNptcxH4jeM88bYQHsbZd1bMGBoPFGZiQ7eRCr5 iniTzebU2zm7vsZAoP5xr0fgrzv2ddoJhjvbiOqXpGurjesXNYkvZgdhxmLTbROwIMSbKRqrfKfs TWPUcCKpRbb85LDGoxfWcKnPWMDkWRGBtj1EjIwZiJVJhYI4xGAp1y7UF.Oj6gH11ix5AYv9LyCx FlCJ11z6cftRfP8JTptLKoXHfStL1hP19E8_y9uvYzkVCod8qZHtFfOpgVZXyf7Kq5if2V45t8sE YKkAmZkdBWxsZ1PVbQ70plNd0JBHs4hKIvnZbxQ7DJTgZhPAR0_otvyEWhaMHpsLq6nYOQoQ9WRc yyRh6Tan4WcS77bIeQa6tJ7Eg.Ok- X-Sonic-MF: X-Sonic-ID: 7add6132-3db4-439b-9809-d825a1469f44 Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Fri, 7 Mar 2025 18:38:55 +0000 Received: by hermes--production-gq1-7d5f4447dd-mxg2z (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 84a3ec74d8bfe114e53660abafd57a8a; Fri, 07 Mar 2025 18:38:51 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v2 5/6] Audit: multiple subject lsm values for netlabel Date: Fri, 7 Mar 2025 10:37:00 -0800 Message-ID: <20250307183701.16970-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20250307183701.16970-1-casey@schaufler-ca.com> References: <20250307183701.16970-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Refactor audit_log_task_context(), creating a new audit_log_subject_context(). This is used in netlabel auditing to provide multiple subject security contexts as necessary. Signed-off-by: Casey Schaufler --- include/linux/audit.h | 8 ++++++++ kernel/audit.c | 21 ++++++++++++++------- net/netlabel/netlabel_user.c | 9 +-------- 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 0050ef288ab3..ee3e2ce70c45 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -37,6 +37,7 @@ struct audit_watch; struct audit_tree; struct sk_buff; struct kern_ipc_perm; +struct lsm_prop; struct audit_krule { u32 pflags; @@ -185,6 +186,8 @@ extern void audit_log_path_denied(int type, const char *operation); extern void audit_log_lost(const char *message); +extern int audit_log_subject_context(struct audit_buffer *ab, + struct lsm_prop *blob); extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); @@ -245,6 +248,11 @@ static inline void audit_log_key(struct audit_buffer *ab, char *key) { } static inline void audit_log_path_denied(int type, const char *operation) { } +static inline int audit_log_subject_context(struct audit_buffer *ab, + struct lsm_prop *prop) +{ + return 0; +} static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; diff --git a/kernel/audit.c b/kernel/audit.c index 59eaf69ee8ac..f0c1f0c0b250 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2238,20 +2238,18 @@ static void audit_buffer_aux_end(struct audit_buffer *ab) ab->skb = skb_peek(&ab->skb_list); } -int audit_log_task_context(struct audit_buffer *ab) +int audit_log_subject_context(struct audit_buffer *ab, struct lsm_prop *prop) { - struct lsm_prop prop; struct lsm_context ctx; bool space = false; int error; int i; - security_current_getlsmprop_subj(&prop); - if (!lsmprop_is_set(&prop)) + if (!lsmprop_is_set(prop)) return 0; if (lsm_subjctx_cnt < 2) { - error = security_lsmprop_to_secctx(&prop, &ctx, LSM_ID_UNDEF); + error = security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF); if (error < 0) { if (error != -EINVAL) goto error_path; @@ -2270,7 +2268,7 @@ int audit_log_task_context(struct audit_buffer *ab) for (i = 0; i < lsm_active_cnt; i++) { if (!lsm_idlist[i]->subjctx) continue; - error = security_lsmprop_to_secctx(&prop, &ctx, + error = security_lsmprop_to_secctx(prop, &ctx, lsm_idlist[i]->id); if (error < 0) { if (error == -EOPNOTSUPP) @@ -2290,9 +2288,18 @@ int audit_log_task_context(struct audit_buffer *ab) return 0; error_path: - audit_panic("error in audit_log_task_context"); + audit_panic("error in audit_log_subject_context"); return error; } +EXPORT_SYMBOL(audit_log_subject_context); + +int audit_log_task_context(struct audit_buffer *ab) +{ + struct lsm_prop prop; + + security_current_getlsmprop_subj(&prop); + return audit_log_subject_context(ab, &prop); +} EXPORT_SYMBOL(audit_log_task_context); void audit_log_d_path_exe(struct audit_buffer *ab, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 6d6545297ee3..3d46ea6a8bb8 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,7 +84,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; - struct lsm_context ctx; if (audit_enabled == AUDIT_OFF) return NULL; @@ -96,13 +95,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, audit_log_format(audit_buf, "netlabel: auid=%u ses=%u", from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); - - if (lsmprop_is_set(&audit_info->prop) && - security_lsmprop_to_secctx(&audit_info->prop, &ctx, - LSM_ID_UNDEF) > 0) { - audit_log_format(audit_buf, " subj=%s", ctx.context); - security_release_secctx(&ctx); - } + audit_log_subject_context(audit_buf, &audit_info->prop); return audit_buf; } From patchwork Fri Mar 7 18:37:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 14006961 X-Patchwork-Delegate: paul@paul-moore.com Received: from sonic307-15.consmr.mail.ne1.yahoo.com (sonic307-15.consmr.mail.ne1.yahoo.com [66.163.190.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D0211241686 for ; Fri, 7 Mar 2025 18:38:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.190.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741372737; cv=none; b=HsblSAS4vafFskvsgC/LTdW08HZTQjdNGJJZxZw0/Bgf7NZcvX8bILW02pxlphGBqxWoSL4m/YG6pLMqdvkhYSljlYgC9DPloHN5WY92lxdXIshGLpfYfsH0mZM4DNXofEjfRAg3DrUv4iJ/bAxoDmfrblK+1PvQ26JpYDa8FcI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741372737; c=relaxed/simple; bh=tSKN4Cjx9nrEcfH2HlKBPdEI7fUjiYrOSzZarADa1CE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=W6h11lG9ewzWdxqOXzOG6e74n03f5DY/j/WZJ2AfPO9UCXikXXERBmk+quj9kYfK0XxpBhc4uoGT8YhFMC9TWrCt07/Z0sXC+oLwajYus5kzFva0D99a2qWIzOeuI7/VV4oEm8WFYvDJ2/MZXoPxPcc9C6JVEKuQkgCnW8ad2DU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=N/Qoqt3d; arc=none smtp.client-ip=66.163.190.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="N/Qoqt3d" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741372735; bh=ycS8nspkUXFVTGuCN2+zHn8Z6/iu9OemyNtk/iFNowM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=N/Qoqt3dFSXm9ra8iDIX+ZZHmPwaGN20bPwDLRAI7OZNt0EFYAcK5uJfeh2WkDcm78lURsivLkOJKusVxwszSkBxGeU1Pd6XLAQr/05KDxRBKuVr0RY1zvIsPa0UgvB1IjjsyAFZw7YMDda8cNgiPsv9eiZ8x7MVg2UN+Bd0RYa1mfiVlq4ThpvRv1TfQlZz6vv2WwePB1I8SBekGya6wWhGHJUXDi3XoFeoFlxI3u5lo88APy5lTvzP4mZbPaZ+zgz/+mTEty7tEd5a+ykFnez8ZVQ3UJ1AwH4qQUFyQDXB+z/0jEjYzvXUNFH85mDHQ+wX9ZPYhZ2XinQ75/DWIQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1741372735; bh=JEI8lmmxlDhq8OtrpQrxUy8xQI9L6LexCpQzoMYQUih=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=EIV7Xll0DNoXW/R8ePrwpMJS8bQ9JZpHj6WMZo8OlvlIDDXMsdz69pphEXP/pumovOBRT0xFdBLAbUScpPG8oY4MtRDEuEnUSwIAL2ruVyxayysy/B84/tSfT+m70IfUMe5hnTmPLbjKtYjicJ6e4+qKfvXckJlKRktTu8zsyNr5DzAh/jqYRatO8E2B6q1agfhTEdgnXiMVU0u2Rd6KySLzbj2svftZbi0ZgJv6Evc2caFyJNg6BinsckkT1w+FB0Z5QDDVMq1PBvuohpdcldxKQJ6dX9cQ6178S0tmK8Yvr2aQHr2YK6I0SmybfnC+enEPAUjoP9KuR1jY6ZJwwA== X-YMail-OSG: jgNOR4UVM1mAMLLMRcshYCW29MfuCp_JAq7j7slLtpfWU1Ee_qZBe5.8XCwMvXW 620aWWoGUyAbHzcBsRH2khqK_jGEXd75irdw7xRcpThXi_PDcFStIiq22PJ8SVmtHlNGimqCUPyu x9S0OujzSdE5kKrXh3ty3I1cNJjs2ESXBXhvXSjWTYOtXL1MMMJQZZBpqSaCBqpzCeMLk83R1eZJ xwEgQH10vo9deUTiCfMgh5qLjbyMEU856sAz3Y0qNTp7onMcf_T45alJBgWyOc76lSbM.F4wdUVG WA_j_kLfQFsobS9A9_ZbJzVbBPlzbK6Oz.AkyCnDHPTBLzlBeO8PDS..EjLxw81DADeHgRlY0v4O JMrDq1PlE1ed1vKW1CjQtRMaNy35xdMs.2jyjSwzNeoECGlWatLHqiwO6vpzlzhbYaGdkVasI8yg PpKEYQUx6bHivWqKXwJPgQwmxhGAKsRCLmXTWU0o5HJBjVnLmNy4rqLzfuP2gMCsBp0ZqYVZP.Om n3I0T7GK7nDvr4cF4hxeCyh1Jg1cr6FqAhEm25UxxGntbWjEzT_VmDg8w5kDSd_bIA3f5aoxhxJ5 sRx2pabDo2c6kW18JtyGlrAxWYNtmjbRCDSYMAMg_hrJqiPW5VHRrQph_9hg_Rt3gRWcFdKQImeM uU73y2R8gvjK77VWinm5Z4ZpC9tnYUivXaEnpPMhNG5UELfLmeFHc6nQ16lY4d1LeN03Tm51b4rf IMYJU3i6n3ji3OXhgiaR5a105ZVLiVT3u9wehiJbYVkH2uGlviz.8tWN1ip90l9TvANiZl4hoU_y wh7tzUhJVEV.G9XyyF.PnYe6xntkNYn3Okt1tZYJ9onDlc2GVyI7EnYAq.f52rS23AwzTtfm6G4p jkitcqEs9eLG.RLevzDwVgEhFIJ1YXHsqrRt1skxA_njLOnEuvkmklE17_D_0Op2cTjN1A0wiOM. Lh5ybq7V234lHrvifTnur6cAy5N09lwTlnFUv9XsNCFJiqncaKBslOBiJdgrnKhAXkrksH4U5iKd 16qSYKjcHV.AB6Q_B3rHQm9EC7KQ2F8h5FXDlvtE.CuJLkXC3XUS0q4bHZpYUTd5w9nLV_iDragd R56W02PIW6JJwPgU0vuqpgdteO66BETLdcmSNMMNupiyhj8x7mKIx9PghFxZzRVsJ802aGUpjwP3 MXi4yP7hPUqjaSIlf2yvMsKCfhhfu7wvmIjpZggKn4SDnezSsSYmQNXLuBS.rPHD_QHVGt76O0fe 5hBJNFbCs7CndVpAmZU7feXV7i9L6WNzzKwusJ2Smg510Q.8xpJVbckh6KZW4dtVCP1d8s_pY6cL FfbthxbBK44BhHV_RN4zjzdZNVWhXD9.x_snom0Te52B1o4DdLDGcrzHpiXnEQgIVvapHuZK_p43 Xk02nK0A03f6XDdu6SXGc.V1BrkoO5xaI3B5yqtS50T4h77d3kPM2uEDg1fjF1K2g1xCeD07h7DJ e.0uj2UVAi40DFDrtBvPm5OiApRWgRsWeJrL8j2oZgbvnXfvhqVbCqzYBZebotLI3XGkRcGF68WM DZueVzoi37iklIy1fFf1v_5__pTlXQOIiBigU8Gb3djdLBPCAiptA4bM.cpsW7MkatJC6ZHAwrfO Ynr79ZaGDnGRPjvzziDvWJO.eYJWdU1biDaJ4kJGjvJrb6js8zsTr3RSBkFZXqjdW5.EFcmpj3lI qtHmCTlWVZlouOeRYK_Yom4y7LAUrY.byFbQN4K7sTWgjq3gNCWDQ22lAIkTglxcrAM5bdAECdTV xIO3Suz8CevC.Rnvb5DgaGJKq2N36A3ODyQ.4oZbAzmGoK3khi6yI7BdkST5zuqVGqWVEOH05C0n .QRt6oKrr1zOb0eTeZ56gZ25LPa0tMWFxc_7v7l5p3mP4Eq5pD_u7u2C97PnwB4LslY1LnKpB1cb gNtsnVc5d7MnwFTlxEjFaEj9KA_W48UZXr9BMoih4LsKBItPYTk4OkMQ7e_LK29nK6_S2ZQF9XC0 lSBJwgIPgpYB1I2DcfnwsH9PFnadZ9wDiiX81Ps5wafRViJ.GYBceiJY4dQ7uTDPcXs6e0HzpI4i in_gLhP5Y9osV8S9bN7K5JKNjVD07GOwvjaBXJSp2Z2L0sWRazKNcL8o_uQs21zVnZCwJFn86ztL cavqD.YYBph3OMJqaj1i_i3VCA5d.Gmk0.RPGrBcGfszn_L63pMwAR4tJo7RoEK4tmCYHpl8QMSS 3pQ.YZKtRxVGwWxVPaFNP7zYIVjDHbGoXoo5LOYJ.ub0cbPgkmdpcSQ3fpRK1gvD6XZd8yQn6QQT pxup5zbEu3znVHPk5R3hmTp0YYln5cg-- X-Sonic-MF: X-Sonic-ID: 6b73b301-4445-4438-9c82-f034acccee7f Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Fri, 7 Mar 2025 18:38:55 +0000 Received: by hermes--production-gq1-7d5f4447dd-mxg2z (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 84a3ec74d8bfe114e53660abafd57a8a; Fri, 07 Mar 2025 18:38:52 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v2 6/6] Audit: Add record for multiple object contexts Date: Fri, 7 Mar 2025 10:37:01 -0800 Message-ID: <20250307183701.16970-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20250307183701.16970-1-casey@schaufler-ca.com> References: <20250307183701.16970-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Create a new audit record AUDIT_MAC_OBJ_CONTEXTS. An example of the MAC_OBJ_CONTEXTS (1424) record is: type=MAC_OBJ_CONTEXTS[1424] msg=audit(1601152467.009:1050): obj_selinux=unconfined_u:object_r:user_home_t:s0 When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record the "obj=" field in other records in the event will be "obj=?". An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on an object security context. Signed-off-by: Casey Schaufler --- include/linux/audit.h | 7 ++++- include/linux/lsm_hooks.h | 3 +++ include/linux/security.h | 1 + include/uapi/linux/audit.h | 1 + kernel/audit.c | 53 +++++++++++++++++++++++++++++++++++++- kernel/auditsc.c | 45 ++++++++------------------------ security/security.c | 3 +++ security/selinux/hooks.c | 1 + security/smack/smack_lsm.c | 1 + 9 files changed, 79 insertions(+), 36 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index ee3e2ce70c45..0b17acf459f2 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -186,8 +186,10 @@ extern void audit_log_path_denied(int type, const char *operation); extern void audit_log_lost(const char *message); +extern int audit_log_object_context(struct audit_buffer *ab, + struct lsm_prop *prop); extern int audit_log_subject_context(struct audit_buffer *ab, - struct lsm_prop *blob); + struct lsm_prop *prop); extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); @@ -248,6 +250,9 @@ static inline void audit_log_key(struct audit_buffer *ab, char *key) { } static inline void audit_log_path_denied(int type, const char *operation) { } +static inline void audit_log_object_context(struct audit_buffer *ab, + struct lsm_prop *prop) +{ } static inline int audit_log_subject_context(struct audit_buffer *ab, struct lsm_prop *prop) { diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index e4d303ab1f20..464bd8ef4045 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -75,6 +75,8 @@ struct lsm_static_calls_table { * struct lsm_id - Identify a Linux Security Module. * @lsm: name of the LSM, must be approved by the LSM maintainers * @id: LSM ID number from uapi/linux/lsm.h + * @subjctx: true if LSM supports a subject context + * @objctx: true if LSM supports an object context * * Contains the information that identifies the LSM. */ @@ -82,6 +84,7 @@ struct lsm_id { const char *name; u64 id; bool subjctx; + bool objctx; }; /* diff --git a/include/linux/security.h b/include/linux/security.h index 79a9bf4a7cdd..7c1a6d99e148 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -169,6 +169,7 @@ struct lsm_prop { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; extern u32 lsm_active_cnt; extern u32 lsm_subjctx_cnt; +extern u32 lsm_objctx_cnt; extern const struct lsm_id *lsm_idlist[]; /* These functions are in security/commoncap.c */ diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 5ebb5d80363d..8ca58144bcc6 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -147,6 +147,7 @@ #define AUDIT_IPE_CONFIG_CHANGE 1421 /* IPE config change */ #define AUDIT_IPE_POLICY_LOAD 1422 /* IPE policy load */ #define AUDIT_MAC_TASK_CONTEXTS 1423 /* Multiple LSM task contexts */ +#define AUDIT_MAC_OBJ_CONTEXTS 1424 /* Multiple LSM objext contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index f0c1f0c0b250..054776f29327 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1116,7 +1116,6 @@ static int is_audit_feature_set(int i) return af.features & AUDIT_FEATURE_TO_MASK(i); } - static int audit_get_feature(struct sk_buff *skb) { u32 seq; @@ -2302,6 +2301,58 @@ int audit_log_task_context(struct audit_buffer *ab) } EXPORT_SYMBOL(audit_log_task_context); +int audit_log_object_context(struct audit_buffer *ab, struct lsm_prop *prop) +{ + int i; + int rc; + int error = 0; + char *space = ""; + struct lsm_context context; + + if (lsm_objctx_cnt < 2) { + error = security_lsmprop_to_secctx(prop, &context, + LSM_ID_UNDEF); + if (error < 0) { + if (error != -EINVAL) + goto error_path; + return error; + } + audit_log_format(ab, " obj=%s", context.context); + security_release_secctx(&context); + return 0; + } + audit_log_format(ab, " obj=?"); + error = audit_buffer_aux_new(ab, AUDIT_MAC_OBJ_CONTEXTS); + if (error) + goto error_path; + + for (i = 0; i < lsm_active_cnt; i++) { + if (!lsm_idlist[i]->objctx) + continue; + rc = security_lsmprop_to_secctx(prop, &context, + lsm_idlist[i]->id); + if (rc < 0) { + audit_log_format(ab, "%sobj_%s=?", space, + lsm_idlist[i]->name); + if (rc != -EINVAL) + audit_panic("error in audit_log_object_context"); + error = rc; + } else { + audit_log_format(ab, "%sobj_%s=%s", space, + lsm_idlist[i]->name, context.context); + security_release_secctx(&context); + } + space = " "; + } + + audit_buffer_aux_end(ab); + return error; + +error_path: + audit_panic("error in audit_log_object_context"); + return error; +} + void audit_log_d_path_exe(struct audit_buffer *ab, struct mm_struct *mm) { diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d98ce7097a2d..82470862ea81 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1098,7 +1098,6 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, char *comm) { struct audit_buffer *ab; - struct lsm_context ctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1108,15 +1107,9 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (lsmprop_is_set(prop)) { - if (security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF) < 0) { - audit_log_format(ab, " obj=(none)"); - rc = 1; - } else { - audit_log_format(ab, " obj=%s", ctx.context); - security_release_secctx(&ctx); - } - } + if (lsmprop_is_set(prop) && audit_log_object_context(ab, prop)) + rc = 1; + audit_log_format(ab, " ocomm="); audit_log_untrustedstring(ab, comm); audit_log_end(ab); @@ -1392,16 +1385,8 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (lsmprop_is_set(&context->ipc.oprop)) { - struct lsm_context lsmctx; - - if (security_lsmprop_to_secctx(&context->ipc.oprop, - &lsmctx, - LSM_ID_UNDEF) < 0) { + if (audit_log_object_context(ab, &context->ipc.oprop)) *call_panic = 1; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } } if (context->ipc.has_perm) { audit_log_end(ab); @@ -1558,18 +1543,9 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (lsmprop_is_set(&n->oprop)) { - struct lsm_context ctx; - - if (security_lsmprop_to_secctx(&n->oprop, &ctx, - LSM_ID_UNDEF) < 0) { - if (call_panic) - *call_panic = 2; - } else { - audit_log_format(ab, " obj=%s", ctx.context); - security_release_secctx(&ctx); - } - } + if (lsmprop_is_set(&n->oprop) && + audit_log_object_context(ab, &n->oprop)) + *call_panic = 2; /* log the audit_names record type */ switch (n->type) { @@ -1780,15 +1756,16 @@ static void audit_log_exit(void) axs->target_sessionid[i], &axs->target_ref[i], axs->target_comm[i])) - call_panic = 1; + call_panic = 1; } if (context->target_pid && audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - &context->target_ref, context->target_comm)) - call_panic = 1; + &context->target_ref, + context->target_comm)) + call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); diff --git a/security/security.c b/security/security.c index 8450cc5f82d5..ed48457f8f24 100644 --- a/security/security.c +++ b/security/security.c @@ -321,6 +321,7 @@ static void __init initialize_lsm(struct lsm_info *lsm) */ u32 lsm_active_cnt __ro_after_init; u32 lsm_subjctx_cnt __ro_after_init; +u32 lsm_objctx_cnt __ro_after_init; const struct lsm_id *lsm_idlist[MAX_LSM_COUNT]; /* Populate ordered LSMs list from comma-separated LSM name list. */ @@ -629,6 +630,8 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, lsm_idlist[lsm_active_cnt++] = lsmid; if (lsmid->subjctx) lsm_subjctx_cnt++; + if (lsmid->objctx) + lsm_objctx_cnt++; } for (i = 0; i < count; i++) { diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1e2e1545eb2e..10b13cd589c5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7143,6 +7143,7 @@ static const struct lsm_id selinux_lsmid = { .name = "selinux", .id = LSM_ID_SELINUX, .subjctx = true, + .objctx = true, }; /* diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 75bd62fe1513..1b42ac32d815 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5058,6 +5058,7 @@ static const struct lsm_id smack_lsmid = { .name = "smack", .id = LSM_ID_SMACK, .subjctx = true, + .objctx = true, }; static struct security_hook_list smack_hooks[] __ro_after_init = {