| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhQ3BNtG6y9gyKJiWrPCn81LpKG0Deep40GxAmUYCbem8w@mail.gmail.com>
Date: Wed, 20 Dec 2023 16:22:05 -0500
From: Paul Moore <paul@...l-moore.com>
To: Mickaël Salaün <mic@...ikod.net>
Cc: Eric Paris <eparis@...hat.com>, James Morris <jmorris@...ei.org>,
"Serge E . Hallyn" <serge@...lyn.com>, Ben Scarlato <akhna@...gle.com>,
Günther Noack <gnoack@...gle.com>,
Jeff Xu <jeffxu@...gle.com>, Jorge Lucangeli Obes <jorgelo@...gle.com>,
Konstantin Meskhidze <konstantin.meskhidze@...wei.com>, Shervin Oloumi <enlightened@...gle.com>,
audit@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: Re: [RFC PATCH v1 1/7] lsm: Add audit_log_lsm_data() helper
On Thu, Sep 21, 2023 at 2:16 AM Mickaël Salaün <mic@...ikod.net> wrote:
>
> Extract code from common_dump_audit_data() into the audit_log_lsm_data()
Did you mean dump_common_audit_data()? Assuming you correct the
function name above this looks fine to me.
Acked-by: Paul Moore <paul@...l-moore.com>
> helper. This helps reuse common LSM audit data while not abusing
> AUDIT_AVC records because of the common_lsm_audit() helper.
>
> Signed-off-by: Mickaël Salaün <mic@...ikod.net>
> ---
> include/linux/lsm_audit.h | 2 ++
> security/lsm_audit.c | 26 +++++++++++++++++---------
> 2 files changed, 19 insertions(+), 9 deletions(-)
>
> diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
> index 97a8b21eb033..5f9a7ed0e7a5 100644
> --- a/include/linux/lsm_audit.h
> +++ b/include/linux/lsm_audit.h
> @@ -122,6 +122,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
> int ipv6_skb_to_auditdata(struct sk_buff *skb,
> struct common_audit_data *ad, u8 *proto);
>
> +void audit_log_lsm_data(struct audit_buffer *ab, struct common_audit_data *a);
> +
> void common_lsm_audit(struct common_audit_data *a,
> void (*pre_audit)(struct audit_buffer *, void *),
> void (*post_audit)(struct audit_buffer *, void *));
> diff --git a/security/lsm_audit.c b/security/lsm_audit.c
> index 849e832719e2..58f9b8bde22a 100644
> --- a/security/lsm_audit.c
> +++ b/security/lsm_audit.c
> @@ -189,16 +189,12 @@ static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
> }
>
> /**
> - * dump_common_audit_data - helper to dump common audit data
> + * audit_log_lsm_data - helper to log common LSM audit data
> * @ab : the audit buffer
> * @a : common audit data
> - *
> */
> -static void dump_common_audit_data(struct audit_buffer *ab,
> - struct common_audit_data *a)
> +void audit_log_lsm_data(struct audit_buffer *ab, struct common_audit_data *a)
> {
> - char comm[sizeof(current->comm)];
> -
> /*
> * To keep stack sizes in check force programmers to notice if they
> * start making this union too large! See struct lsm_network_audit
> @@ -206,9 +202,6 @@ static void dump_common_audit_data(struct audit_buffer *ab,
> */
> BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);
>
> - audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
> - audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm)));
> -
> switch (a->type) {
> case LSM_AUDIT_DATA_NONE:
> return;
> @@ -428,6 +421,21 @@ static void dump_common_audit_data(struct audit_buffer *ab,
> } /* switch (a->type) */
> }
>
> +/**
> + * dump_common_audit_data - helper to dump common audit data
> + * @ab : the audit buffer
> + * @a : common audit data
> + */
> +static void dump_common_audit_data(struct audit_buffer *ab,
> + struct common_audit_data *a)
> +{
> + char comm[sizeof(current->comm)];
> +
> + audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
> + audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm)));
> + audit_log_lsm_data(ab, a);
> +}
> +
> /**
> * common_lsm_audit - generic LSM auditing function
> * @a: auxiliary audit data
> --
> 2.42.0
--
paul-moore.com
Powered by blists - more mailing lists