| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220609230146.319210-31-casey@schaufler-ca.com>
Date: Thu, 9 Jun 2022 16:01:43 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: casey.schaufler@...el.com, jmorris@...ei.org,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org
Cc: casey@...aufler-ca.com, linux-audit@...hat.com,
keescook@...omium.org, john.johansen@...onical.com,
penguin-kernel@...ove.sakura.ne.jp, paul@...l-moore.com,
stephen.smalley.work@...il.com, linux-kernel@...r.kernel.org
Subject: [PATCH v36 30/33] netlabel: Use a struct lsmblob in audit data
Remove scaffolding in netlabel audit by keeping subject
lsm information in an lsmblob structure instead of a secid.
Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
---
include/net/netlabel.h | 2 +-
net/netlabel/netlabel_unlabeled.c | 4 +---
net/netlabel/netlabel_user.c | 4 +---
net/netlabel/netlabel_user.h | 6 +-----
security/smack/smackfs.c | 2 +-
5 files changed, 5 insertions(+), 13 deletions(-)
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 73fc25b4042b..d9aaa264e29c 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -97,7 +97,7 @@ struct calipso_doi;
/* NetLabel audit information */
struct netlbl_audit {
- u32 secid;
+ struct lsmblob lsmblob;
kuid_t loginuid;
unsigned int sessionid;
};
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 8deee7e176a9..9277c6dd79f5 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1529,13 +1529,11 @@ int __init netlbl_unlabel_defconf(void)
int ret_val;
struct netlbl_dom_map *entry;
struct netlbl_audit audit_info;
- struct lsmblob blob;
/* Only the kernel is allowed to call this function and the only time
* it is called is at bootup before the audit subsystem is reporting
* messages so don't worry to much about these values. */
- security_current_getsecid_subj(&blob);
- audit_info.secid = lsmblob_first(&blob);
+ security_current_getsecid_subj(&audit_info.lsmblob);
audit_info.loginuid = GLOBAL_ROOT_UID;
audit_info.sessionid = 0;
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 42812bdfc31a..e72dfe2da77a 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -84,7 +84,6 @@ struct audit_buffer *netlbl_audit_start_common(int type,
struct netlbl_audit *audit_info)
{
struct audit_buffer *audit_buf;
- struct lsmblob blob;
if (audit_enabled == AUDIT_OFF)
return NULL;
@@ -97,8 +96,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
from_kuid(&init_user_ns, audit_info->loginuid),
audit_info->sessionid);
- lsmblob_init(&blob, audit_info->secid);
- audit_log_subject_context(audit_buf, &blob);
+ audit_log_subject_context(audit_buf, &audit_info->lsmblob);
return audit_buf;
}
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 34bb6572f33b..56a634244a6e 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -32,11 +32,7 @@
*/
static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)
{
- struct lsmblob blob;
-
- security_current_getsecid_subj(&blob);
- /* scaffolding until secid is converted */
- audit_info->secid = lsmblob_first(&blob);
+ security_current_getsecid_subj(&audit_info->lsmblob);
audit_info->loginuid = audit_get_loginuid(current);
audit_info->sessionid = audit_get_sessionid(current);
}
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 314336463111..f74207f6c71e 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -186,7 +186,7 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap)
nap->loginuid = audit_get_loginuid(current);
nap->sessionid = audit_get_sessionid(current);
- nap->secid = skp->smk_secid;
+ nap->lsmblob.secid[smack_lsmid.slot] = skp->smk_secid;
}
/*
--
2.35.1
Powered by blists - more mailing lists