audit: change context data from secid to lsm_prop

Change the LSM data stored in the audit transactions from a secid
to an LSM prop. This is done in struct audit_context and struct
audit_aux_data_pids. Several cases of scaffolding can be removed.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subj line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Casey Schaufler 2024-10-09 10:32:19 -07:00 committed by Paul Moore
parent b0654ca429
commit 13d826e564
3 changed files with 13 additions and 21 deletions

View File

@ -144,7 +144,7 @@ struct audit_context {
kuid_t target_auid; kuid_t target_auid;
kuid_t target_uid; kuid_t target_uid;
unsigned int target_sessionid; unsigned int target_sessionid;
u32 target_sid; struct lsm_prop target_ref;
char target_comm[TASK_COMM_LEN]; char target_comm[TASK_COMM_LEN];
struct audit_tree_refs *trees, *first_trees; struct audit_tree_refs *trees, *first_trees;

View File

@ -1370,7 +1370,6 @@ int audit_filter(int msgtype, unsigned int listtype)
case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_SEN:
case AUDIT_SUBJ_CLR: case AUDIT_SUBJ_CLR:
if (f->lsm_rule) { if (f->lsm_rule) {
/* scaffolding */
security_current_getlsmprop_subj(&prop); security_current_getlsmprop_subj(&prop);
result = security_audit_rule_match( result = security_audit_rule_match(
&prop, f->type, f->op, &prop, f->type, f->op,

View File

@ -100,7 +100,7 @@ struct audit_aux_data_pids {
kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_auid[AUDIT_AUX_PIDS];
kuid_t target_uid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS];
unsigned int target_sessionid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS];
u32 target_sid[AUDIT_AUX_PIDS]; struct lsm_prop target_ref[AUDIT_AUX_PIDS];
char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
int pid_count; int pid_count;
}; };
@ -1019,7 +1019,7 @@ static void audit_reset_context(struct audit_context *ctx)
ctx->target_pid = 0; ctx->target_pid = 0;
ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_auid = ctx->target_uid = KUIDT_INIT(0);
ctx->target_sessionid = 0; ctx->target_sessionid = 0;
ctx->target_sid = 0; lsmprop_init(&ctx->target_ref);
ctx->target_comm[0] = '\0'; ctx->target_comm[0] = '\0';
unroll_tree_refs(ctx, NULL, 0); unroll_tree_refs(ctx, NULL, 0);
WARN_ON(!list_empty(&ctx->killed_trees)); WARN_ON(!list_empty(&ctx->killed_trees));
@ -1093,8 +1093,9 @@ static inline void audit_free_context(struct audit_context *context)
} }
static int audit_log_pid_context(struct audit_context *context, pid_t pid, static int audit_log_pid_context(struct audit_context *context, pid_t pid,
kuid_t auid, kuid_t uid, unsigned int sessionid, kuid_t auid, kuid_t uid,
u32 sid, char *comm) unsigned int sessionid, struct lsm_prop *prop,
char *comm)
{ {
struct audit_buffer *ab; struct audit_buffer *ab;
char *ctx = NULL; char *ctx = NULL;
@ -1108,8 +1109,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid,
from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, auid),
from_kuid(&init_user_ns, uid), sessionid); from_kuid(&init_user_ns, uid), sessionid);
if (sid) { if (lsmprop_is_set(prop)) {
if (security_secid_to_secctx(sid, &ctx, &len)) { if (security_lsmprop_to_secctx(prop, &ctx, &len)) {
audit_log_format(ab, " obj=(none)"); audit_log_format(ab, " obj=(none)");
rc = 1; rc = 1;
} else { } else {
@ -1778,7 +1779,7 @@ static void audit_log_exit(void)
axs->target_auid[i], axs->target_auid[i],
axs->target_uid[i], axs->target_uid[i],
axs->target_sessionid[i], axs->target_sessionid[i],
axs->target_sid[i], &axs->target_ref[i],
axs->target_comm[i])) axs->target_comm[i]))
call_panic = 1; call_panic = 1;
} }
@ -1787,7 +1788,7 @@ static void audit_log_exit(void)
audit_log_pid_context(context, context->target_pid, audit_log_pid_context(context, context->target_pid,
context->target_auid, context->target_uid, context->target_auid, context->target_uid,
context->target_sessionid, context->target_sessionid,
context->target_sid, context->target_comm)) &context->target_ref, context->target_comm))
call_panic = 1; call_panic = 1;
if (context->pwd.dentry && context->pwd.mnt) { if (context->pwd.dentry && context->pwd.mnt) {
@ -2722,15 +2723,12 @@ int __audit_sockaddr(int len, void *a)
void __audit_ptrace(struct task_struct *t) void __audit_ptrace(struct task_struct *t)
{ {
struct audit_context *context = audit_context(); struct audit_context *context = audit_context();
struct lsm_prop prop;
context->target_pid = task_tgid_nr(t); context->target_pid = task_tgid_nr(t);
context->target_auid = audit_get_loginuid(t); context->target_auid = audit_get_loginuid(t);
context->target_uid = task_uid(t); context->target_uid = task_uid(t);
context->target_sessionid = audit_get_sessionid(t); context->target_sessionid = audit_get_sessionid(t);
security_task_getlsmprop_obj(t, &prop); security_task_getlsmprop_obj(t, &context->target_ref);
/* scaffolding */
context->target_sid = prop.scaffold.secid;
memcpy(context->target_comm, t->comm, TASK_COMM_LEN); memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
} }
@ -2746,7 +2744,6 @@ int audit_signal_info_syscall(struct task_struct *t)
struct audit_aux_data_pids *axp; struct audit_aux_data_pids *axp;
struct audit_context *ctx = audit_context(); struct audit_context *ctx = audit_context();
kuid_t t_uid = task_uid(t); kuid_t t_uid = task_uid(t);
struct lsm_prop prop;
if (!audit_signals || audit_dummy_context()) if (!audit_signals || audit_dummy_context())
return 0; return 0;
@ -2758,9 +2755,7 @@ int audit_signal_info_syscall(struct task_struct *t)
ctx->target_auid = audit_get_loginuid(t); ctx->target_auid = audit_get_loginuid(t);
ctx->target_uid = t_uid; ctx->target_uid = t_uid;
ctx->target_sessionid = audit_get_sessionid(t); ctx->target_sessionid = audit_get_sessionid(t);
security_task_getlsmprop_obj(t, &prop); security_task_getlsmprop_obj(t, &ctx->target_ref);
/* scaffolding */
ctx->target_sid = prop.scaffold.secid;
memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
return 0; return 0;
} }
@ -2781,9 +2776,7 @@ int audit_signal_info_syscall(struct task_struct *t)
axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
axp->target_uid[axp->pid_count] = t_uid; axp->target_uid[axp->pid_count] = t_uid;
axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
security_task_getlsmprop_obj(t, &prop); security_task_getlsmprop_obj(t, &axp->target_ref[axp->pid_count]);
/* scaffolding */
axp->target_sid[axp->pid_count] = prop.scaffold.secid;
memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
axp->pid_count++; axp->pid_count++;