tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'audit-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit updates from Paul Moore:

- Proper audit support for multiple LSMs

As the audit subsystem predated the work to enable multiple LSMs,
some additional work was needed to support logging the different LSM
labels for the subjects/tasks and objects on the system. Casey's
patches add new auxillary records for subjects and objects that
convey the additional labels.

- Ensure fanotify audit events are always generated

Generally speaking security relevant subsystems always generate audit
events, unless explicitly ignored. However, up to this point fanotify
events had been ignored by default, but starting with this pull
request fanotify follows convention and generates audit events by
default.

- Replace an instance of strcpy() with strscpy()

- Minor indentation, style, and comment fixes

* tag 'audit-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: fix skb leak when audit rate limit is exceeded
audit: init ab->skb_list earlier in audit_buffer_alloc()
audit: add record for multiple object contexts
audit: add record for multiple task security contexts
lsm: security_lsmblob_to_secctx module selection
audit: create audit_stamp structure
audit: add a missing tab
audit: record fanotify event regardless of presence of rules
audit: fix typo in auditfilter.c comment
audit: Replace deprecated strcpy() with strscpy()
audit: fix indentation in audit_log_exit()

Linus Torvalds 56a0810d f3827213

+334 -102
+24 -1
include/linux/audit.h
··· 37 37 struct audit_tree; 38 38 struct sk_buff; 39 39 struct kern_ipc_perm; 40 + struct lsm_id; 41 + struct lsm_prop; 40 42 41 43 struct audit_krule { 42 44 u32 pflags; ··· 149 147 #define AUDIT_TTY_ENABLE BIT(0) 150 148 #define AUDIT_TTY_LOG_PASSWD BIT(1) 151 149 150 + /* bit values for audit_cfg_lsm */ 151 + #define AUDIT_CFG_LSM_SECCTX_SUBJECT BIT(0) 152 + #define AUDIT_CFG_LSM_SECCTX_OBJECT BIT(1) 153 + 152 154 struct filename; 153 155 154 156 #define AUDIT_OFF 0 ··· 191 185 const char *operation); 192 186 extern void audit_log_lost(const char *message); 193 187 188 + extern int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *prop); 189 + extern int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *prop); 194 190 extern int audit_log_task_context(struct audit_buffer *ab); 195 191 extern void audit_log_task_info(struct audit_buffer *ab); 196 192 ··· 217 209 extern u32 audit_enabled; 218 210 219 211 extern int audit_signal_info(int sig, struct task_struct *t); 212 + 213 + extern void audit_cfg_lsm(const struct lsm_id *lsmid, int flags); 220 214 221 215 #else /* CONFIG_AUDIT */ 222 216 static inline __printf(4, 5) ··· 255 245 { } 256 246 static inline void audit_log_path_denied(int type, const char *operation) 257 247 { } 248 + static inline int audit_log_subj_ctx(struct audit_buffer *ab, 249 + struct lsm_prop *prop) 250 + { 251 + return 0; 252 + } 253 + static inline int audit_log_obj_ctx(struct audit_buffer *ab, 254 + struct lsm_prop *prop) 255 + { 256 + return 0; 257 + } 258 258 static inline int audit_log_task_context(struct audit_buffer *ab) 259 259 { 260 260 return 0; ··· 288 268 { 289 269 return 0; 290 270 } 271 + 272 + static inline void audit_cfg_lsm(const struct lsm_id *lsmid, int flags) 273 + { } 291 274 292 275 #endif /* CONFIG_AUDIT */ 293 276 ··· 550 527 551 528 static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) 552 529 { 553 - if (!audit_dummy_context()) 530 + if (audit_enabled) 554 531 __audit_fanotify(response, friar); 555 532 } 556 533
+4 -2
include/linux/security.h
··· 567 567 int security_setprocattr(int lsmid, const char *name, void *value, size_t size); 568 568 int security_ismaclabel(const char *name); 569 569 int security_secid_to_secctx(u32 secid, struct lsm_context *cp); 570 - int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp); 570 + int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp, 571 + int lsmid); 571 572 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); 572 573 void security_release_secctx(struct lsm_context *cp); 573 574 void security_inode_invalidate_secctx(struct inode *inode); ··· 1552 1551 } 1553 1552 1554 1553 static inline int security_lsmprop_to_secctx(struct lsm_prop *prop, 1555 - struct lsm_context *cp) 1554 + struct lsm_context *cp, 1555 + int lsmid) 1556 1556 { 1557 1557 return -EOPNOTSUPP; 1558 1558 }
+2
include/uapi/linux/audit.h
··· 148 148 #define AUDIT_IPE_POLICY_LOAD 1422 /* IPE policy load */ 149 149 #define AUDIT_LANDLOCK_ACCESS 1423 /* Landlock denial */ 150 150 #define AUDIT_LANDLOCK_DOMAIN 1424 /* Landlock domain status */ 151 + #define AUDIT_MAC_TASK_CONTEXTS 1425 /* Multiple LSM task contexts */ 152 + #define AUDIT_MAC_OBJ_CONTEXTS 1426 /* Multiple LSM objext contexts */ 151 153 152 154 #define AUDIT_FIRST_KERN_ANOM_MSG 1700 153 155 #define AUDIT_LAST_KERN_ANOM_MSG 1799
+241 -39
kernel/audit.c
··· 54 54 #include <net/netlink.h> 55 55 #include <linux/skbuff.h> 56 56 #include <linux/security.h> 57 + #include <linux/lsm_hooks.h> 57 58 #include <linux/freezer.h> 58 59 #include <linux/pid_namespace.h> 59 60 #include <net/netns/generic.h> ··· 81 80 82 81 /* private audit network namespace index */ 83 82 static unsigned int audit_net_id; 83 + 84 + /* Number of modules that provide a security context. 85 + List of lsms that provide a security context */ 86 + static u32 audit_subj_secctx_cnt; 87 + static u32 audit_obj_secctx_cnt; 88 + static const struct lsm_id *audit_subj_lsms[MAX_LSM_COUNT]; 89 + static const struct lsm_id *audit_obj_lsms[MAX_LSM_COUNT]; 84 90 85 91 /** 86 92 * struct audit_net - audit private network namespace data ··· 203 195 * to place it on a transmit queue. Multiple audit_buffers can be in 204 196 * use simultaneously. */ 205 197 struct audit_buffer { 206 - struct sk_buff *skb; /* formatted skb ready to send */ 198 + struct sk_buff *skb; /* the skb for audit_log functions */ 199 + struct sk_buff_head skb_list; /* formatted skbs, ready to send */ 207 200 struct audit_context *ctx; /* NULL or associated context */ 201 + struct audit_stamp stamp; /* audit stamp for these records */ 208 202 gfp_t gfp_mask; 209 203 }; 210 204 ··· 286 276 rcu_read_unlock(); 287 277 288 278 return pid; 279 + } 280 + 281 + /** 282 + * audit_cfg_lsm - Identify a security module as providing a secctx. 283 + * @lsmid: LSM identity 284 + * @flags: which contexts are provided 285 + * 286 + * Description: 287 + * Increments the count of the security modules providing a secctx. 288 + * If the LSM id is already in the list leave it alone. 289 + */ 290 + void audit_cfg_lsm(const struct lsm_id *lsmid, int flags) 291 + { 292 + int i; 293 + 294 + if (flags & AUDIT_CFG_LSM_SECCTX_SUBJECT) { 295 + for (i = 0 ; i < audit_subj_secctx_cnt; i++) 296 + if (audit_subj_lsms[i] == lsmid) 297 + return; 298 + audit_subj_lsms[audit_subj_secctx_cnt++] = lsmid; 299 + } 300 + if (flags & AUDIT_CFG_LSM_SECCTX_OBJECT) { 301 + for (i = 0 ; i < audit_obj_secctx_cnt; i++) 302 + if (audit_obj_lsms[i] == lsmid) 303 + return; 304 + audit_obj_lsms[audit_obj_secctx_cnt++] = lsmid; 305 + } 289 306 } 290 307 291 308 /** ··· 1150 1113 return af.features & AUDIT_FEATURE_TO_MASK(i); 1151 1114 } 1152 1115 1153 - 1154 1116 static int audit_get_feature(struct sk_buff *skb) 1155 1117 { 1156 1118 u32 seq; ··· 1509 1473 case AUDIT_SIGNAL_INFO: 1510 1474 if (lsmprop_is_set(&audit_sig_lsm)) { 1511 1475 err = security_lsmprop_to_secctx(&audit_sig_lsm, 1512 - &lsmctx); 1476 + &lsmctx, LSM_ID_UNDEF); 1513 1477 if (err < 0) 1514 1478 return err; 1515 1479 } ··· 1812 1776 1813 1777 static void audit_buffer_free(struct audit_buffer *ab) 1814 1778 { 1779 + struct sk_buff *skb; 1780 + 1815 1781 if (!ab) 1816 1782 return; 1817 1783 1818 - kfree_skb(ab->skb); 1784 + while ((skb = skb_dequeue(&ab->skb_list))) 1785 + kfree_skb(skb); 1819 1786 kmem_cache_free(audit_buffer_cache, ab); 1820 1787 } 1821 1788 ··· 1831 1792 if (!ab) 1832 1793 return NULL; 1833 1794 1795 + skb_queue_head_init(&ab->skb_list); 1796 + 1834 1797 ab->skb = nlmsg_new(AUDIT_BUFSIZ, gfp_mask); 1835 1798 if (!ab->skb) 1836 1799 goto err; 1800 + 1801 + skb_queue_tail(&ab->skb_list, ab->skb); 1802 + 1837 1803 if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) 1838 1804 goto err; 1839 1805 ··· 1877 1833 } 1878 1834 1879 1835 static inline void audit_get_stamp(struct audit_context *ctx, 1880 - struct timespec64 *t, unsigned int *serial) 1836 + struct audit_stamp *stamp) 1881 1837 { 1882 - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { 1883 - ktime_get_coarse_real_ts64(t); 1884 - *serial = audit_serial(); 1838 + if (!ctx || !auditsc_get_stamp(ctx, stamp)) { 1839 + ktime_get_coarse_real_ts64(&stamp->ctime); 1840 + stamp->serial = audit_serial(); 1885 1841 } 1886 1842 } 1887 1843 ··· 1904 1860 int type) 1905 1861 { 1906 1862 struct audit_buffer *ab; 1907 - struct timespec64 t; 1908 - unsigned int serial; 1909 1863 1910 1864 if (audit_initialized != AUDIT_INITIALIZED) 1911 1865 return NULL; ··· 1958 1916 return NULL; 1959 1917 } 1960 1918 1961 - audit_get_stamp(ab->ctx, &t, &serial); 1919 + audit_get_stamp(ab->ctx, &ab->stamp); 1962 1920 /* cancel dummy context to enable supporting records */ 1963 1921 if (ctx) 1964 1922 ctx->dummy = 0; 1965 1923 audit_log_format(ab, "audit(%llu.%03lu:%u): ", 1966 - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); 1924 + (unsigned long long)ab->stamp.ctime.tv_sec, 1925 + ab->stamp.ctime.tv_nsec/1000000, 1926 + ab->stamp.serial); 1967 1927 1968 1928 return ab; 1969 1929 } ··· 2221 2177 audit_log_format(ab, "(null)"); 2222 2178 } 2223 2179 2224 - int audit_log_task_context(struct audit_buffer *ab) 2180 + /** 2181 + * audit_buffer_aux_new - Add an aux record buffer to the skb list 2182 + * @ab: audit_buffer 2183 + * @type: message type 2184 + * 2185 + * Aux records are allocated and added to the skb list of 2186 + * the "main" record. The ab->skb is reset to point to the 2187 + * aux record on its creation. When the aux record in complete 2188 + * ab->skb has to be reset to point to the "main" record. 2189 + * This allows the audit_log_ functions to be ignorant of 2190 + * which kind of record it is logging to. It also avoids adding 2191 + * special data for aux records. 2192 + * 2193 + * On success ab->skb will point to the new aux record. 2194 + * Returns 0 on success, -ENOMEM should allocation fail. 2195 + */ 2196 + static int audit_buffer_aux_new(struct audit_buffer *ab, int type) 2225 2197 { 2226 - struct lsm_prop prop; 2227 - struct lsm_context ctx; 2228 - int error; 2198 + WARN_ON(ab->skb != skb_peek(&ab->skb_list)); 2229 2199 2230 - security_current_getlsmprop_subj(&prop); 2231 - if (!lsmprop_is_set(&prop)) 2200 + ab->skb = nlmsg_new(AUDIT_BUFSIZ, ab->gfp_mask); 2201 + if (!ab->skb) 2202 + goto err; 2203 + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) 2204 + goto err; 2205 + skb_queue_tail(&ab->skb_list, ab->skb); 2206 + 2207 + audit_log_format(ab, "audit(%llu.%03lu:%u): ", 2208 + (unsigned long long)ab->stamp.ctime.tv_sec, 2209 + ab->stamp.ctime.tv_nsec/1000000, 2210 + ab->stamp.serial); 2211 + 2212 + return 0; 2213 + 2214 + err: 2215 + kfree_skb(ab->skb); 2216 + ab->skb = skb_peek(&ab->skb_list); 2217 + return -ENOMEM; 2218 + } 2219 + 2220 + /** 2221 + * audit_buffer_aux_end - Switch back to the "main" record from an aux record 2222 + * @ab: audit_buffer 2223 + * 2224 + * Restores the "main" audit record to ab->skb. 2225 + */ 2226 + static void audit_buffer_aux_end(struct audit_buffer *ab) 2227 + { 2228 + ab->skb = skb_peek(&ab->skb_list); 2229 + } 2230 + 2231 + /** 2232 + * audit_log_subj_ctx - Add LSM subject information 2233 + * @ab: audit_buffer 2234 + * @prop: LSM subject properties. 2235 + * 2236 + * Add a subj= field and, if necessary, a AUDIT_MAC_TASK_CONTEXTS record. 2237 + */ 2238 + int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *prop) 2239 + { 2240 + struct lsm_context ctx; 2241 + char *space = ""; 2242 + int error; 2243 + int i; 2244 + 2245 + security_current_getlsmprop_subj(prop); 2246 + if (!lsmprop_is_set(prop)) 2232 2247 return 0; 2233 2248 2234 - error = security_lsmprop_to_secctx(&prop, &ctx); 2235 - if (error < 0) { 2236 - if (error != -EINVAL) 2237 - goto error_path; 2249 + if (audit_subj_secctx_cnt < 2) { 2250 + error = security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF); 2251 + if (error < 0) { 2252 + if (error != -EINVAL) 2253 + goto error_path; 2254 + return 0; 2255 + } 2256 + audit_log_format(ab, " subj=%s", ctx.context); 2257 + security_release_secctx(&ctx); 2238 2258 return 0; 2239 2259 } 2260 + /* Multiple LSMs provide contexts. Include an aux record. */ 2261 + audit_log_format(ab, " subj=?"); 2262 + error = audit_buffer_aux_new(ab, AUDIT_MAC_TASK_CONTEXTS); 2263 + if (error) 2264 + goto error_path; 2240 2265 2241 - audit_log_format(ab, " subj=%s", ctx.context); 2242 - security_release_secctx(&ctx); 2266 + for (i = 0; i < audit_subj_secctx_cnt; i++) { 2267 + error = security_lsmprop_to_secctx(prop, &ctx, 2268 + audit_subj_lsms[i]->id); 2269 + if (error < 0) { 2270 + /* 2271 + * Don't print anything. An LSM like BPF could 2272 + * claim to support contexts, but only do so under 2273 + * certain conditions. 2274 + */ 2275 + if (error == -EOPNOTSUPP) 2276 + continue; 2277 + if (error != -EINVAL) 2278 + audit_panic("error in audit_log_subj_ctx"); 2279 + } else { 2280 + audit_log_format(ab, "%ssubj_%s=%s", space, 2281 + audit_subj_lsms[i]->name, ctx.context); 2282 + space = " "; 2283 + security_release_secctx(&ctx); 2284 + } 2285 + } 2286 + audit_buffer_aux_end(ab); 2243 2287 return 0; 2244 2288 2245 2289 error_path: 2246 - audit_panic("error in audit_log_task_context"); 2290 + audit_panic("error in audit_log_subj_ctx"); 2247 2291 return error; 2248 2292 } 2293 + EXPORT_SYMBOL(audit_log_subj_ctx); 2294 + 2295 + int audit_log_task_context(struct audit_buffer *ab) 2296 + { 2297 + struct lsm_prop prop; 2298 + 2299 + security_current_getlsmprop_subj(&prop); 2300 + return audit_log_subj_ctx(ab, &prop); 2301 + } 2249 2302 EXPORT_SYMBOL(audit_log_task_context); 2303 + 2304 + int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *prop) 2305 + { 2306 + int i; 2307 + int rc; 2308 + int error = 0; 2309 + char *space = ""; 2310 + struct lsm_context ctx; 2311 + 2312 + if (audit_obj_secctx_cnt < 2) { 2313 + error = security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF); 2314 + if (error < 0) { 2315 + if (error != -EINVAL) 2316 + goto error_path; 2317 + return error; 2318 + } 2319 + audit_log_format(ab, " obj=%s", ctx.context); 2320 + security_release_secctx(&ctx); 2321 + return 0; 2322 + } 2323 + audit_log_format(ab, " obj=?"); 2324 + error = audit_buffer_aux_new(ab, AUDIT_MAC_OBJ_CONTEXTS); 2325 + if (error) 2326 + goto error_path; 2327 + 2328 + for (i = 0; i < audit_obj_secctx_cnt; i++) { 2329 + rc = security_lsmprop_to_secctx(prop, &ctx, 2330 + audit_obj_lsms[i]->id); 2331 + if (rc < 0) { 2332 + audit_log_format(ab, "%sobj_%s=?", space, 2333 + audit_obj_lsms[i]->name); 2334 + if (rc != -EINVAL) 2335 + audit_panic("error in audit_log_obj_ctx"); 2336 + error = rc; 2337 + } else { 2338 + audit_log_format(ab, "%sobj_%s=%s", space, 2339 + audit_obj_lsms[i]->name, ctx.context); 2340 + security_release_secctx(&ctx); 2341 + } 2342 + space = " "; 2343 + } 2344 + 2345 + audit_buffer_aux_end(ab); 2346 + return error; 2347 + 2348 + error_path: 2349 + audit_panic("error in audit_log_obj_ctx"); 2350 + return error; 2351 + } 2250 2352 2251 2353 void audit_log_d_path_exe(struct audit_buffer *ab, 2252 2354 struct mm_struct *mm) ··· 2601 2411 } 2602 2412 2603 2413 /** 2414 + * __audit_log_end - enqueue one audit record 2415 + * @skb: the buffer to send 2416 + */ 2417 + static void __audit_log_end(struct sk_buff *skb) 2418 + { 2419 + struct nlmsghdr *nlh; 2420 + 2421 + if (audit_rate_check()) { 2422 + /* setup the netlink header, see the comments in 2423 + * kauditd_send_multicast_skb() for length quirks */ 2424 + nlh = nlmsg_hdr(skb); 2425 + nlh->nlmsg_len = skb->len - NLMSG_HDRLEN; 2426 + 2427 + /* queue the netlink packet */ 2428 + skb_queue_tail(&audit_queue, skb); 2429 + } else { 2430 + audit_log_lost("rate limit exceeded"); 2431 + kfree_skb(skb); 2432 + } 2433 + } 2434 + 2435 + /** 2604 2436 * audit_log_end - end one audit record 2605 2437 * @ab: the audit_buffer 2606 2438 * ··· 2634 2422 void audit_log_end(struct audit_buffer *ab) 2635 2423 { 2636 2424 struct sk_buff *skb; 2637 - struct nlmsghdr *nlh; 2638 2425 2639 2426 if (!ab) 2640 2427 return; 2641 2428 2642 - if (audit_rate_check()) { 2643 - skb = ab->skb; 2644 - ab->skb = NULL; 2429 + while ((skb = skb_dequeue(&ab->skb_list))) 2430 + __audit_log_end(skb); 2645 2431 2646 - /* setup the netlink header, see the comments in 2647 - * kauditd_send_multicast_skb() for length quirks */ 2648 - nlh = nlmsg_hdr(skb); 2649 - nlh->nlmsg_len = skb->len - NLMSG_HDRLEN; 2650 - 2651 - /* queue the netlink packet and poke the kauditd thread */ 2652 - skb_queue_tail(&audit_queue, skb); 2653 - wake_up_interruptible(&kauditd_wait); 2654 - } else 2655 - audit_log_lost("rate limit exceeded"); 2432 + /* poke the kauditd thread */ 2433 + wake_up_interruptible(&kauditd_wait); 2656 2434 2657 2435 audit_buffer_free(ab); 2658 2436 }
+9 -4
kernel/audit.h
··· 99 99 char *value; /* the cmdline field */ 100 100 }; 101 101 102 + /* A timestamp/serial pair to identify an event */ 103 + struct audit_stamp { 104 + struct timespec64 ctime; /* time of syscall entry */ 105 + unsigned int serial; /* serial number for record */ 106 + }; 107 + 102 108 /* The per-task audit context. */ 103 109 struct audit_context { 104 110 int dummy; /* must be the first element */ ··· 114 108 AUDIT_CTX_URING, /* in use by io_uring */ 115 109 } context; 116 110 enum audit_state state, current_state; 117 - unsigned int serial; /* serial number for record */ 111 + struct audit_stamp stamp; /* event identifier */ 118 112 int major; /* syscall number */ 119 113 int uring_op; /* uring operation */ 120 - struct timespec64 ctime; /* time of syscall entry */ 121 114 unsigned long argv[4]; /* syscall arguments */ 122 115 long return_code;/* syscall return code */ 123 116 u64 prio; ··· 268 263 extern unsigned int audit_serial(void); 269 264 #ifdef CONFIG_AUDITSYSCALL 270 265 extern int auditsc_get_stamp(struct audit_context *ctx, 271 - struct timespec64 *t, unsigned int *serial); 266 + struct audit_stamp *stamp); 272 267 273 268 extern void audit_put_watch(struct audit_watch *watch); 274 269 extern void audit_get_watch(struct audit_watch *watch); ··· 309 304 struct audit_context *ctx); 310 305 extern struct list_head *audit_killed_trees(void); 311 306 #else /* CONFIG_AUDITSYSCALL */ 312 - #define auditsc_get_stamp(c, t, s) 0 307 + #define auditsc_get_stamp(c, s) 0 313 308 #define audit_put_watch(w) do { } while (0) 314 309 #define audit_get_watch(w) do { } while (0) 315 310 #define audit_to_watch(k, p, l, o) (-EINVAL)
+4 -2
kernel/audit_tree.c
··· 93 93 static struct audit_tree *alloc_tree(const char *s) 94 94 { 95 95 struct audit_tree *tree; 96 + size_t sz; 96 97 97 - tree = kmalloc(struct_size(tree, pathname, strlen(s) + 1), GFP_KERNEL); 98 + sz = strlen(s) + 1; 99 + tree = kmalloc(struct_size(tree, pathname, sz), GFP_KERNEL); 98 100 if (tree) { 99 101 refcount_set(&tree->count, 1); 100 102 tree->goner = 0; ··· 105 103 INIT_LIST_HEAD(&tree->list); 106 104 INIT_LIST_HEAD(&tree->same_root); 107 105 tree->root = NULL; 108 - strcpy(tree->pathname, s); 106 + strscpy(tree->pathname, s, sz); 109 107 } 110 108 return tree; 111 109 }
+1 -1
kernel/auditfilter.c
··· 1440 1440 } 1441 1441 1442 1442 /* This function will re-initialize the lsm_rule field of all applicable rules. 1443 - * It will traverse the filter lists serarching for rules that contain LSM 1443 + * It will traverse the filter lists searching for rules that contain LSM 1444 1444 * specific filter fields. When such a rule is found, it is copied, the 1445 1445 * LSM field is re-initialized, and the old rule is replaced with the 1446 1446 * updated rule. */
+19 -44
kernel/auditsc.c
··· 994 994 */ 995 995 996 996 ctx->current_state = ctx->state; 997 - ctx->serial = 0; 997 + ctx->stamp.serial = 0; 998 + ctx->stamp.ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; 998 999 ctx->major = 0; 999 1000 ctx->uring_op = 0; 1000 - ctx->ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; 1001 1001 memset(ctx->argv, 0, sizeof(ctx->argv)); 1002 1002 ctx->return_code = 0; 1003 1003 ctx->prio = (ctx->state == AUDIT_STATE_RECORD ? ~0ULL : 0); ··· 1098 1098 char *comm) 1099 1099 { 1100 1100 struct audit_buffer *ab; 1101 - struct lsm_context ctx; 1102 1101 int rc = 0; 1103 1102 1104 1103 ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); ··· 1107 1108 audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, 1108 1109 from_kuid(&init_user_ns, auid), 1109 1110 from_kuid(&init_user_ns, uid), sessionid); 1110 - if (lsmprop_is_set(prop)) { 1111 - if (security_lsmprop_to_secctx(prop, &ctx) < 0) { 1112 - audit_log_format(ab, " obj=(none)"); 1113 - rc = 1; 1114 - } else { 1115 - audit_log_format(ab, " obj=%s", ctx.context); 1116 - security_release_secctx(&ctx); 1117 - } 1118 - } 1111 + if (lsmprop_is_set(prop) && audit_log_obj_ctx(ab, prop)) 1112 + rc = 1; 1113 + 1119 1114 audit_log_format(ab, " ocomm="); 1120 1115 audit_log_untrustedstring(ab, comm); 1121 1116 audit_log_end(ab); ··· 1385 1392 from_kgid(&init_user_ns, context->ipc.gid), 1386 1393 context->ipc.mode); 1387 1394 if (lsmprop_is_set(&context->ipc.oprop)) { 1388 - struct lsm_context lsmctx; 1389 - 1390 - if (security_lsmprop_to_secctx(&context->ipc.oprop, 1391 - &lsmctx) < 0) { 1395 + if (audit_log_obj_ctx(ab, &context->ipc.oprop)) 1392 1396 *call_panic = 1; 1393 - } else { 1394 - audit_log_format(ab, " obj=%s", lsmctx.context); 1395 - security_release_secctx(&lsmctx); 1396 - } 1397 1397 } 1398 1398 if (context->ipc.has_perm) { 1399 1399 audit_log_end(ab); ··· 1543 1557 from_kgid(&init_user_ns, n->gid), 1544 1558 MAJOR(n->rdev), 1545 1559 MINOR(n->rdev)); 1546 - if (lsmprop_is_set(&n->oprop)) { 1547 - struct lsm_context ctx; 1548 - 1549 - if (security_lsmprop_to_secctx(&n->oprop, &ctx) < 0) { 1550 - if (call_panic) 1551 - *call_panic = 2; 1552 - } else { 1553 - audit_log_format(ab, " obj=%s", ctx.context); 1554 - security_release_secctx(&ctx); 1555 - } 1556 - } 1560 + if (lsmprop_is_set(&n->oprop) && 1561 + audit_log_obj_ctx(ab, &n->oprop)) 1562 + *call_panic = 2; 1557 1563 1558 1564 /* log the audit_names record type */ 1559 1565 switch (n->type) { ··· 1763 1785 audit_log_pid_context(context, context->target_pid, 1764 1786 context->target_auid, context->target_uid, 1765 1787 context->target_sessionid, 1766 - &context->target_ref, context->target_comm)) 1767 - call_panic = 1; 1788 + &context->target_ref, 1789 + context->target_comm)) 1790 + call_panic = 1; 1768 1791 1769 1792 if (context->pwd.dentry && context->pwd.mnt) { 1770 1793 ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); ··· 1896 1917 1897 1918 ctx->context = AUDIT_CTX_URING; 1898 1919 ctx->current_state = ctx->state; 1899 - ktime_get_coarse_real_ts64(&ctx->ctime); 1920 + ktime_get_coarse_real_ts64(&ctx->stamp.ctime); 1900 1921 } 1901 1922 1902 1923 /** ··· 2018 2039 context->argv[3] = a4; 2019 2040 context->context = AUDIT_CTX_SYSCALL; 2020 2041 context->current_state = state; 2021 - ktime_get_coarse_real_ts64(&context->ctime); 2042 + ktime_get_coarse_real_ts64(&context->stamp.ctime); 2022 2043 } 2023 2044 2024 2045 /** ··· 2487 2508 /** 2488 2509 * auditsc_get_stamp - get local copies of audit_context values 2489 2510 * @ctx: audit_context for the task 2490 - * @t: timespec64 to store time recorded in the audit_context 2491 - * @serial: serial value that is recorded in the audit_context 2511 + * @stamp: timestamp to record 2492 2512 * 2493 2513 * Also sets the context as auditable. 2494 2514 */ 2495 - int auditsc_get_stamp(struct audit_context *ctx, 2496 - struct timespec64 *t, unsigned int *serial) 2515 + int auditsc_get_stamp(struct audit_context *ctx, struct audit_stamp *stamp) 2497 2516 { 2498 2517 if (ctx->context == AUDIT_CTX_UNUSED) 2499 2518 return 0; 2500 - if (!ctx->serial) 2501 - ctx->serial = audit_serial(); 2502 - t->tv_sec = ctx->ctime.tv_sec; 2503 - t->tv_nsec = ctx->ctime.tv_nsec; 2504 - *serial = ctx->serial; 2519 + if (!ctx->stamp.serial) 2520 + ctx->stamp.serial = audit_serial(); 2521 + *stamp = ctx->stamp; 2505 2522 if (!ctx->prio) { 2506 2523 ctx->prio = 1; 2507 2524 ctx->current_state = AUDIT_STATE_RECORD;
+1 -7
net/netlabel/netlabel_user.c
··· 84 84 struct netlbl_audit *audit_info) 85 85 { 86 86 struct audit_buffer *audit_buf; 87 - struct lsm_context ctx; 88 87 89 88 if (audit_enabled == AUDIT_OFF) 90 89 return NULL; ··· 95 96 audit_log_format(audit_buf, "netlabel: auid=%u ses=%u", 96 97 from_kuid(&init_user_ns, audit_info->loginuid), 97 98 audit_info->sessionid); 98 - 99 - if (lsmprop_is_set(&audit_info->prop) && 100 - security_lsmprop_to_secctx(&audit_info->prop, &ctx) > 0) { 101 - audit_log_format(audit_buf, " subj=%s", ctx.context); 102 - security_release_secctx(&ctx); 103 - } 99 + audit_log_subj_ctx(audit_buf, &audit_info->prop); 104 100 105 101 return audit_buf; 106 102 }
+3
security/apparmor/lsm.c
··· 2530 2530 security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), 2531 2531 &apparmor_lsmid); 2532 2532 2533 + /* Inform the audit system that secctx is used */ 2534 + audit_cfg_lsm(&apparmor_lsmid, AUDIT_CFG_LSM_SECCTX_SUBJECT); 2535 + 2533 2536 /* Report that AppArmor successfully initialized */ 2534 2537 apparmor_initialized = 1; 2535 2538 if (aa_g_profile_mode == APPARMOR_COMPLAIN)
+16 -2
security/security.c
··· 4342 4342 * security_lsmprop_to_secctx() - Convert a lsm_prop to a secctx 4343 4343 * @prop: lsm specific information 4344 4344 * @cp: the LSM context 4345 + * @lsmid: which security module to report 4345 4346 * 4346 4347 * Convert a @prop entry to security context. If @cp is NULL the 4347 4348 * length of the result will be returned. This does mean that the 4348 4349 * length could change between calls to check the length and the 4349 4350 * next call which actually allocates and returns the @cp. 4350 4351 * 4352 + * @lsmid identifies which LSM should supply the context. 4353 + * A value of LSM_ID_UNDEF indicates that the first LSM suppling 4354 + * the hook should be used. This is used in cases where the 4355 + * ID of the supplying LSM is unambiguous. 4356 + * 4351 4357 * Return: Return length of data on success, error on failure. 4352 4358 */ 4353 - int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp) 4359 + int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp, 4360 + int lsmid) 4354 4361 { 4355 - return call_int_hook(lsmprop_to_secctx, prop, cp); 4362 + struct lsm_static_call *scall; 4363 + 4364 + lsm_for_each_hook(scall, lsmprop_to_secctx) { 4365 + if (lsmid != LSM_ID_UNDEF && lsmid != scall->hl->lsmid->id) 4366 + continue; 4367 + return scall->hl->hook.lsmprop_to_secctx(prop, cp); 4368 + } 4369 + return LSM_RET_DEFAULT(lsmprop_to_secctx); 4356 4370 } 4357 4371 EXPORT_SYMBOL(security_lsmprop_to_secctx); 4358 4372
+5
security/selinux/hooks.c
··· 7618 7618 /* Set the security state for the initial task. */ 7619 7619 cred_init_security(); 7620 7620 7621 + /* Inform the audit system that secctx is used */ 7622 + audit_cfg_lsm(&selinux_lsmid, 7623 + AUDIT_CFG_LSM_SECCTX_SUBJECT | 7624 + AUDIT_CFG_LSM_SECCTX_OBJECT); 7625 + 7621 7626 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); 7622 7627 if (!default_noexec) 7623 7628 pr_notice("SELinux: virtual memory is executable by default\n");
+5
security/smack/smack_lsm.c
··· 5267 5267 /* initialize the smack_known_list */ 5268 5268 init_smack_known_list(); 5269 5269 5270 + /* Inform the audit system that secctx is used */ 5271 + audit_cfg_lsm(&smack_lsmid, 5272 + AUDIT_CFG_LSM_SECCTX_SUBJECT | 5273 + AUDIT_CFG_LSM_SECCTX_OBJECT); 5274 + 5270 5275 return 0; 5271 5276 } 5272 5277