[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240825190048.13289-13-casey@schaufler-ca.com>
Date: Sun, 25 Aug 2024 12:00:47 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: casey@...aufler-ca.com,
paul@...l-moore.com,
linux-security-module@...r.kernel.org
Cc: jmorris@...ei.org,
serge@...lyn.com,
keescook@...omium.org,
john.johansen@...onical.com,
penguin-kernel@...ove.sakura.ne.jp,
stephen.smalley.work@...il.com,
linux-kernel@...r.kernel.org,
mic@...ikod.net
Subject: [PATCH 12/13] Netlabel: Use lsmblob for audit data
Replace the secid in the netlbl_audit structure with an lsmblob.
Remove scaffolding that was required when the value was a secid.
Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
---
include/net/netlabel.h | 2 +-
net/netlabel/netlabel_unlabeled.c | 5 +----
net/netlabel/netlabel_user.c | 7 +++----
net/netlabel/netlabel_user.h | 6 +-----
security/smack/smackfs.c | 4 +---
5 files changed, 7 insertions(+), 17 deletions(-)
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 654bc777d2a7..eb6b479c5c06 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -97,7 +97,7 @@ struct calipso_doi;
/* NetLabel audit information */
struct netlbl_audit {
- u32 secid;
+ struct lsmblob blob;
kuid_t loginuid;
unsigned int sessionid;
};
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 7f38dc9b6b57..7bac13ae07a3 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1534,14 +1534,11 @@ int __init netlbl_unlabel_defconf(void)
int ret_val;
struct netlbl_dom_map *entry;
struct netlbl_audit audit_info;
- struct lsmblob blob;
/* Only the kernel is allowed to call this function and the only time
* it is called is at bootup before the audit subsystem is reporting
* messages so don't worry to much about these values. */
- security_current_getlsmblob_subj(&blob);
- /* scaffolding */
- audit_info.secid = blob.scaffold.secid;
+ security_current_getlsmblob_subj(&audit_info.blob);
audit_info.loginuid = GLOBAL_ROOT_UID;
audit_info.sessionid = 0;
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 3ed4fea2a2de..6cd1fcb3902b 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -98,10 +98,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
from_kuid(&init_user_ns, audit_info->loginuid),
audit_info->sessionid);
- if (audit_info->secid != 0 &&
- security_secid_to_secctx(audit_info->secid,
- &secctx,
- &secctx_len) == 0) {
+ if (lsmblob_is_set(&audit_info->blob) &&
+ security_lsmblob_to_secctx(&audit_info->blob, &secctx,
+ &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
security_release_secctx(secctx, secctx_len);
}
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 40841d7af1d8..1a9639005d09 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -32,11 +32,7 @@
*/
static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)
{
- struct lsmblob blob;
-
- security_current_getlsmblob_subj(&blob);
- /* scaffolding */
- audit_info->secid = blob.scaffold.secid;
+ security_current_getlsmblob_subj(&audit_info->blob);
audit_info->loginuid = audit_get_loginuid(current);
audit_info->sessionid = audit_get_sessionid(current);
}
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index e22aad7604e8..878fe44b662d 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -182,11 +182,9 @@ static inline void smack_catset_bit(unsigned int cat, char *catsetp)
*/
static void smk_netlabel_audit_set(struct netlbl_audit *nap)
{
- struct smack_known *skp = smk_of_current();
-
nap->loginuid = audit_get_loginuid(current);
nap->sessionid = audit_get_sessionid(current);
- nap->secid = skp->smk_secid;
+ nap->blob.smack.skp = smk_of_current();
}
/*
--
2.41.0
Powered by blists - more mailing lists