From nobody Sun Feb 8 10:22:30 2026 Received: from sonic303-28.consmr.mail.ne1.yahoo.com (sonic303-28.consmr.mail.ne1.yahoo.com [66.163.188.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF04B39FD9 for ; Sat, 7 Jun 2025 00:51:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.188.154 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749257509; cv=none; b=GB/K66ryM/Wtq7V8rNxPj4fMK0CDFESog9N7DwZwHeBYIXGeNyANFiNTGz0DagHK9YZIK+4wLr0/bcHHvRHT8y3Mowf3+xDwAU9BBc1iLv8gKDwQsG9PNwLLrRl2emF9vxQlG2JDdcwVX6bk6/MY7pXDozj+2FIjvHge3FinmZo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749257509; c=relaxed/simple; bh=2pOezyS2qZSc5TQVN6o92sO38Z6T9iIfdEifdZOn8G4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NkiOpUz4eTOdFVvYxqJgk+J+S/h6EHpAKn8ZDCdaACqz0Y5mjOk3816vV1M8gZGF3jrB/LZj5PybPN5Jy6yHhrUmawqGznN9PWYs0f+/S7BYc+orBBVol46i9NxYgPgkQFpqHwRp+2ltmFezFoOgVhy8mWZKKzyRbhF2s5FLgLU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=Gx23wNyv; arc=none smtp.client-ip=66.163.188.154 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="Gx23wNyv" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1749257505; bh=ztbvXsukeivLvQbhQeIQBI0l9DOjlssE9T9GW9VTq1o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Gx23wNyvhnqsrqyNKoThrUa09uWArZTFjGFx+OzGiAuwGqIxsM7/HTW87E9eRNk4BhEd07rEutF7s9QazbJ5e49o5ZT7/SO6LhbaW/wnWpxSr4lA0zbHQlo313AeNsPBJ/RI2QKdFRQS8srmcwiyveKVYwazE7lqJl6XBNYo3WovxhYawrgkR9Hc76GKPFCCbZ+UZQ1Yaw0InUS4TJpl6Y754r86nl2uXdo1MqRPoUD2bq9qVpnKYBZ3Yoi9lWY/BBnzi1Plw77A6J/YpYOB89abTxGEABtFxd4qhZMCz3L/MMA2MWQnB6OsuNXyq3aNlFsaxmQdXvROfLTnRQox2A== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1749257505; bh=CZt7aJZlmfbjhZZ+sB+H1ocFquYWVoehBvoESd9kWeC=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=DX7rsuSGa5+GBHWOFkDcSXOXA8csdHuP8ocOF3F8xbCoMTYIrWF95aCfOdN+mIiMActrJ22ICilp2mmK9/QttHJ/CG7NAswz09T4CFM0jRw9DGHLfcD5a7PZ4f+O2REsQvwg9VAt9Ui9gPiUO0wnHyDSlHVE2Ti8dxpyz7i6+tF0BYE++c7RwOiFbkD1S/czRgCbE/pPwWlIQn2RgZvOGLHe3Z7O6td88bks4D/AzJqYdhWk0o4dIlUswMy8f9o0ax+XJeW09WtfkZ+JbmczEhoDz8sj28kPUiV1qRjU7t0ckD0at6EtaEaAg9OZshO8O+vCk5DWgCTNUfdzvxLGkw== X-YMail-OSG: p9HGJPIVM1k.yY8zVrgLB8q2oDhvJ.E7YrXSQvM4IYJ9_Ou6mFFfzbv2d9pBCP2 AcVEWwCJXmKQBs9yS1N5c9m2rOLqbwQrtcthxHnXI.AfpzaOjoUmL9iZXO_yL5r4b6xLnFo8LUkO 3qO9KM6zLQe0nwzWmMAA_qSVgQ_1iUd9VPzamvjIkWSqYMZ2i2itr2d6cN27v07ASm5kYUnHa1wq JeAKulMtkAnDVNNbZ9pfIpxeOoSO_we.CVTUUgd9h_YzkwjOjxTQq0qHY4gKqz3sbrQKrK4ZY8UB 1N94qu1lgQBs6sGWtnzA.y.KfWe6zvdsllkB6T2T0e2bjzTjPdu2iZPfQ1vMe5MH0udvfVM5YGZq nvPPoj6rHOYB2s5uouIzB02h0HL184BjsxC.N33_eHJGVkB06k5pfXImubmgqPvaN0CUqX4Uww9t Lsck_aOqMk1teqXHK5eRSpjsmvk2.gtyy23W876zV8rPIJZoejwjtNmqlFixKYxfs_Wix4Jedxbr 9P5YbQXPyhK9kBV8dSIV4hx.OWITamPP_BzRMzGMvZupiPRY1Ur3GjmOkAosqxMSkplmHWtrdkon Nt4XCpa0pqF85UDbd.sPpQvnOUQVWmH7i82FzrsiydMa_.MWk280gqDS6CbGWnLwIYxeafq58_yY Cm1L88_jij8Tqz8zEKvaAvbNdRQlXw1IySPF5wuNgAmoKIFV9DCG29PQHVOOqP4XUVJqCKSS3Nww cvzCbvlk6g1DmC9rjTCfiFen7aDSFT0sWPK2hS1F7m9ypPrIu.MnwAIQ0HroNE.GgNLvw_cdn4Qx MpFRHlUz5IHAJeHazgmMF6ptWyEigtFlwAJVnMqHnfzBO.iOA.BCewDaZ3mCET11Q_JFFxa6A42X txQo2UFSKv96rN2BWOpR6AkyvkCZI1ZqPl.jW9o.cJkDJWVg5EwM1GMvNXFw5LzABlT8KHs7J3aq 0tfehKsQA9N578S6oP8zQy3UGxB98CRdZEHB7ZOO4O_Pjev8LqWqQv0UgbOGOnY6PUTDC0VYmGpB ycJth7UNByejyJ9W9F8LOjE.cYPQ2K4BIdxWZfB9PCnQgeLOCCEbMH4_ba6LOd7AnyasseE6pwbo rgZTxojRGYbtVZ86ElBN_RhafGnc80V7DroTAuDFW7Mh718Rs8rBmxruc2jDZSmMSEfqzEI_F0iR q2VxEz7PNzGnXZDlnxquP00h5woQ4FTkHzoRDCOKPAgabLYT_jeQeSVxQtS32cInOGf6eJgGJQZp 3d.c3bILshXC4Ciw0dS8ETy8aCD_EWmj13WEIEBNY6ZWfI9edITLtTFGyrTK2kk0VWiu6wdSmjna SlbLTfF0CyqWw_9s_6U8j_WmWnUT3d8Nr8igCTSId982ljBP7XNHUD8u6T8AB9t6smrLwUsFuf2O xi3pGFnlZQF8IKTzR1S57JXQq9FhUoPF3xaLLjlvWZ9DtYsruZQIS2ro2NhqGhxyMFs3inwHTeI3 kUed.TPAt.VXA0fLzcZtqfCk_e.gkvwbvYq4J68rnbCv4E.o0WN.WhUeQ.LR33khJxGEd7VQuoJ5 .OvpdjyEn_fjMUTAH3xhQVZyidq_3o1TCfeLXtVyk1P9kyCLgG35RhFMD9HVjkBFCbbee4dJd.8D ztTrAcHR9PcIozMEklyhXfIc4J.7iTFxqph5lNQdGpg3xHO8U9bksPGyM7sgydUO6e8kGxXEPCjU mybGifjqpka889u_8pRbVbIPARrSBotUCouAqinplRjflRmlQShH9CdvB1kFkGMx71uEGJAQPL8_ ZDej_tmTBAAMOQiyDBMaRc8NrWE0xM.NN2hy7v.soOYiQYvQgZFuweoTowZ5m3jlGhZ3LaxNWgKq 9gXV4EevI6FnCNTd0.uq0FpuKvdkxXRWeeHmb8jVDjh0OZMb1aGu.x_EGzdTlR_y9NXA2m4K2nbL Bz9bJ5YnWYtCeM6josv9kt9S9VQATe6iR45rky9Lz1kxVFjykLFD_9QM9Jl5ZpiJvuNFlkV5BDhG 5.8rxpkH0JJy7akymbr1tTH7UTuLEjs06yBS2GseAd7UBqbosaoLxPvS4C7LgiJ2f3bEIPfUcd7u pKEnKlKbVa.Fq5j8eoWmNTpOYcFGKbSmPJgTQqkLjS4kCUCBRCHWYjEmWOyJteVSlUjh7Ae3UbJi ETAYHRRTqthj5fNhWgwuXeiVKMObBzKICjNwNkE5zVKDcMKsBRhbF1U9a9qkQN1DWRvw_fNlORbb bjf.RrfnaGHuMAgQYYmQexdyM6NvwxfCgXzHANUR1iWG.gag.85p7PPq7WkDWtDr5JVL7UsMukOP rXPfhNNdnNEGaFzGCtXUqDfR6ukE- X-Sonic-MF: X-Sonic-ID: 95528723-bf9e-4362-aebe-92442b848819 Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Sat, 7 Jun 2025 00:51:45 +0000 Received: by hermes--production-gq1-74d64bb7d7-5qmwx (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7461f2feac0d1a8decd03521522bae75; Sat, 07 Jun 2025 00:51:39 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v4 1/4] Audit: Create audit_stamp structure Date: Fri, 6 Jun 2025 17:51:31 -0700 Message-ID: <20250607005134.10488-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20250607005134.10488-1-casey@schaufler-ca.com> References: <20250607005134.10488-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace the timestamp and serial number pair used in audit records with a structure containing the two elements. Signed-off-by: Casey Schaufler --- kernel/audit.c | 17 +++++++++-------- kernel/audit.h | 13 +++++++++---- kernel/auditsc.c | 22 +++++++++------------- 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 5f5bf85bcc90..2a567f667528 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1833,11 +1833,11 @@ unsigned int audit_serial(void) } =20 static inline void audit_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) + struct audit_stamp *stamp) { - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { - ktime_get_coarse_real_ts64(t); - *serial =3D audit_serial(); + if (!ctx || !auditsc_get_stamp(ctx, stamp)) { + ktime_get_coarse_real_ts64(&stamp->ctime); + stamp->serial =3D audit_serial(); } } =20 @@ -1860,8 +1860,7 @@ struct audit_buffer *audit_log_start(struct audit_con= text *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct timespec64 t; - unsigned int serial; + struct audit_stamp stamp; =20 if (audit_initialized !=3D AUDIT_INITIALIZED) return NULL; @@ -1916,12 +1915,14 @@ struct audit_buffer *audit_log_start(struct audit_c= ontext *ctx, gfp_t gfp_mask, return NULL; } =20 - audit_get_stamp(ab->ctx, &t, &serial); + audit_get_stamp(ab->ctx, &stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy =3D 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); + (unsigned long long)stamp.ctime.tv_sec, + stamp.ctime.tv_nsec/1000000, + stamp.serial); =20 return ab; } diff --git a/kernel/audit.h b/kernel/audit.h index 0211cb307d30..4d6dd2588f9b 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -99,6 +99,12 @@ struct audit_proctitle { char *value; /* the cmdline field */ }; =20 +/* A timestamp/serial pair to identify an event */ +struct audit_stamp { + struct timespec64 ctime; /* time of syscall entry */ + unsigned int serial; /* serial number for record */ +}; + /* The per-task audit context. */ struct audit_context { int dummy; /* must be the first element */ @@ -108,10 +114,9 @@ struct audit_context { AUDIT_CTX_URING, /* in use by io_uring */ } context; enum audit_state state, current_state; - unsigned int serial; /* serial number for record */ + struct audit_stamp stamp; /* event identifier */ int major; /* syscall number */ int uring_op; /* uring operation */ - struct timespec64 ctime; /* time of syscall entry */ unsigned long argv[4]; /* syscall arguments */ long return_code;/* syscall return code */ u64 prio; @@ -263,7 +268,7 @@ extern void audit_put_tty(struct tty_struct *tty); extern unsigned int audit_serial(void); #ifdef CONFIG_AUDITSYSCALL extern int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial); + struct audit_stamp *stamp); =20 extern void audit_put_watch(struct audit_watch *watch); extern void audit_get_watch(struct audit_watch *watch); @@ -304,7 +309,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx); extern struct list_head *audit_killed_trees(void); #else /* CONFIG_AUDITSYSCALL */ -#define auditsc_get_stamp(c, t, s) 0 +#define auditsc_get_stamp(c, s) 0 #define audit_put_watch(w) do { } while (0) #define audit_get_watch(w) do { } while (0) #define audit_to_watch(k, p, l, o) (-EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 78fd876a5473..528b6d2f5cb0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -994,10 +994,10 @@ static void audit_reset_context(struct audit_context = *ctx) */ =20 ctx->current_state =3D ctx->state; - ctx->serial =3D 0; + ctx->stamp.serial =3D 0; + ctx->stamp.ctime =3D (struct timespec64){ .tv_sec =3D 0, .tv_nsec =3D 0 }; ctx->major =3D 0; ctx->uring_op =3D 0; - ctx->ctime =3D (struct timespec64){ .tv_sec =3D 0, .tv_nsec =3D 0 }; memset(ctx->argv, 0, sizeof(ctx->argv)); ctx->return_code =3D 0; ctx->prio =3D (ctx->state =3D=3D AUDIT_STATE_RECORD ? ~0ULL : 0); @@ -1917,7 +1917,7 @@ void __audit_uring_entry(u8 op) =20 ctx->context =3D AUDIT_CTX_URING; ctx->current_state =3D ctx->state; - ktime_get_coarse_real_ts64(&ctx->ctime); + ktime_get_coarse_real_ts64(&ctx->stamp.ctime); } =20 /** @@ -2039,7 +2039,7 @@ void __audit_syscall_entry(int major, unsigned long a= 1, unsigned long a2, context->argv[3] =3D a4; context->context =3D AUDIT_CTX_SYSCALL; context->current_state =3D state; - ktime_get_coarse_real_ts64(&context->ctime); + ktime_get_coarse_real_ts64(&context->stamp.ctime); } =20 /** @@ -2508,21 +2508,17 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); /** * auditsc_get_stamp - get local copies of audit_context values * @ctx: audit_context for the task - * @t: timespec64 to store time recorded in the audit_context - * @serial: serial value that is recorded in the audit_context + * @stamp: timestamp to record * * Also sets the context as auditable. */ -int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) +int auditsc_get_stamp(struct audit_context *ctx, struct audit_stamp *stamp) { if (ctx->context =3D=3D AUDIT_CTX_UNUSED) return 0; - if (!ctx->serial) - ctx->serial =3D audit_serial(); - t->tv_sec =3D ctx->ctime.tv_sec; - t->tv_nsec =3D ctx->ctime.tv_nsec; - *serial =3D ctx->serial; + if (!ctx->stamp.serial) + ctx->stamp.serial =3D audit_serial(); + *stamp =3D ctx->stamp; if (!ctx->prio) { ctx->prio =3D 1; ctx->current_state =3D AUDIT_STATE_RECORD; --=20 2.47.0 From nobody Sun Feb 8 10:22:30 2026 Received: from sonic307-16.consmr.mail.ne1.yahoo.com (sonic307-16.consmr.mail.ne1.yahoo.com [66.163.190.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA548C2D1 for ; Sat, 7 Jun 2025 01:01:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.190.39 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749258112; cv=none; b=l+sRvfZeS91TERdcrUU0DG6iU/RihvvC9skZDdYClp5E4N9jrHULr9wtnyT5aUKftgzojJSdvDJ91V1LOMCqtA7zn5w0d2D5TkF1Hmv74qDfUx7TL/ftTmSMUwZPoWFn0XV5son7EdINABQoT9TXkuORpmhb0pA6k6Z1sYBkCXo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749258112; c=relaxed/simple; bh=f+VG72yA/9T00NO5XecApQNOq7FGbanG93lY5CQ5PiE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KuwOSFZPYozMxB8OYUxSmUGOV1IN5AwjHXXki+rjvY2fbpgrATXlgSrRoyIPJ+7uUStUg2Fv83gsCT7CFy0EWyjpDchJz3sVSrrqkFM6BsoKcq4+oQy2W99vnz4DFUcX4Sy583r82uxkWsuLozqMjgH34qS8JJH0uPvNPvfiaCM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=R1ndSfw/; arc=none smtp.client-ip=66.163.190.39 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="R1ndSfw/" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1749258110; bh=O9MvVXnnEISjr9pVZvv/llW9gwDfpO8uAVzxHg2LCSk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=R1ndSfw/wTO71XmRU5la+pNeCC1OEWW7BBdj9WxTm3G6goo5DfE/tTfCYFSKDlwap6z4CfRv7GJgrp62Dor58EYu5rM5HLOtu0Cb73bAd1k3hhTq0zbCYAVvfQaUxsN3PzvbF/thBbKOkPUL6x9d3keGQlguckRNemwMnKXydVWOf+LvAfaig9+7H/l0Z98/jJu1QTUp/TIuFl9eApXbGbnsSVx/bV84WWgbQPeIntAMYKsQ0Hf0Yvd0zCL0RC5n4qwiZhgFuFGAxQVLR/vG55++79GpxOdvcshNS5phVoOTauVtTqVTf9pTxF3c0xYRx6UNRIWwHHcqAIyYykkE0w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1749258110; bh=fCikjnWmUHDEwqPjsDTrIC48BN19NHAB9mwc5YWkLgX=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=jnt3g/D6/8qZ/+kHQGq3Mx/GE2tFDzpyouJ2dcNkKtVwI3UdWwMrhuuW+X/LeW/abxxNlpEnoQ4AxwmMaUnqUFZ1ugOlpGE0M+tU7WkzTbsx1NMl3zijphnd0gubQmvN6uTRHNW+HdHs0HlpYsdqOLCd4wKRLkJju3xR2L8wnHW5CbWnkdXgzg6dGkijIrk4iSYY0JTWiLsX50M0pdVYPNE55qOhd09baYk3EiJ6QutNkLUlyzrXxwqX7S3kSxPf3bkoQzfILm4PX947PrRkxHaMxo82kzknBRv4SINuUknrwAFUazOkj/wbwWE/NFz3QdtqCYb+0j483/7vGuzasQ== X-YMail-OSG: vJ4JTX8VM1kCmzlA7AujyLVGA743S0s26eeyOC23IvayHwWhwj2EtKIity9FEjT vkiOJ4MeT_75GmQiqypzpMiFEa.AD26dQGAYN.P7WNoDAY4EKb0oAJjWW8fUDb2C2dK4.00ql4Ie oHKWa7_fWUT5ou0XUktnSsNErw.TnfKbAgYzy4i2bmQDsfATZL9yQ.CvbN_eUOHleRlF7LUFEW.i CyUPKBR3GorO_FAMgnYYouF57ULc.VzDAWmngZyTIjraX0ixhARiqtUojqrmr0cC.we2yUXYEDNB 9Amm77wuX72rqYHNnSm.hAelQOEPAFER3IJFKOtgeh7RX9bLSNUdFYOmzxaJGV5JYP7UhuYiQty9 xXjGu9DZf39q2tcZyYIteO2M7.CETqWHlmtd9eBTCJKe6rTWei3PNapakuG7V6dwAaqwBDtL8mBQ 5EYOrKh4p_potIcuBRADNv6JEFoUNIh8xA60I94nvnAVwwyzk5J1cGqmTJ_ehLQb.uszz46urpTe av2qGhUlVK7u_5_OhKqHR3nMyaffSs_hGH_G80_e_Ui4BAPIZAK9nEPppzmYrpdU85ZUz3o7DQW6 5WQvFLq1FpDva2IkyIxeu85wjoIBekzyt9wV_XPaDw8N50JMSlXFrQm4DmaIY1JErpeD0WzKeHh5 AoYf0czj7ug8E04Eoyzh9Uq8gvOHTfRYsDSWNV9aFq3jegONqIgHm_4Ui6E5fqdnHnHmCu2GdOHd s._XFd9ff7XKd.bFdoqJrufWKhgrU3NXmUXDPvExnNr_pQhafMRlmWx2Rz26twFnib62s.E.Rq0Y wVgY6l47N2KYXQ81mr7SLWbsvfhp5ohKYyfkwdhnPZ8fTip9sYKOfJeIxgZnbavNPM6ZmG84PX3H J7uB3w_EDOxP49YMJBud.KXnmwOft0_8Hpa0ZF2dFz.KGTdZmf77sKFsyanVX0oRYEXThiW2QD3o JvofKr7E5hiRrIkqOjlKN490pqGKeTVhkaF41o59Vi_y6O8VO2XVef2ZZ00ZEeVLUehtOLL7nu24 5tLM2vRWd_prpRs_j9ZxrDCfRc7OvKD2uwoS1FcOvTT6AWzZoJp09K29GkGR4n2Wo3H8byTXZPTR dcvDg9aWKOnFpLd3MQYB2WFZuiZ2K8YQ_r9QAJYRTw_qgqK6PhAiXyDaL9.D5sqg_SMKVjAOzJzr tbyEZbkjtYr3uMBFp.9RyUVdtFZI1wvcnTxmhRa9dyMmCOTDWl92e3WJf9jHXgni.Fvnhp733mia vyutfBgKirYSwuaehYxS_U4Mt2gdT9xKE_GHK0CH.aBm_l7Tr1X8Phe5itFyol3lOOFc6TLm2hTo RiLe6tgmHCTQpM_zJdgCju63b_XrM2CBjJjcQRJGSkeN5lfnnDmn3ThWtxHwFhymqP9dz7OWnB7B V1Xz2Q5uNrGQKzB_RMcxy674sMWvSsH7XTJ7ycJn2cULs0FFZaFd24k_Ax.T1CLocLIXug7ZDE0A V_YqsxfqjGj16FPCPWzv61WENnYbjtzKQwx0FwoMAd4hW3G_PSfuFGnm4bHxUTfblfG9I8khNsZh IqfnrKy2DZhT03fzCEvvZa6LT67uZ8mnpnSWiKCsORgqFsWi_2lazj.g6k9HGtfWsDma0CHXBN4n 0Q_7FmyoYL.DGpuQQboDPAXBYPhcYxA82rurUgaqSKZzlTQl_XZuNiM51uUHUvLLKooayUUvHixR S5cfhsY8WA72fkagXcK9RQg.C6lJZ6HW.8_KuDnxVm_Irok6W6VBMMsRiUj.J7kd65ghOYX5RYxp VvGgMKVSewknvhhtx9QBc_QX4M_nKK82kpCIes0CitEylOHVsKdhHn5jLcM3fE9t2QXp2LvRz8eB 4m4QxgM3uDxI2w.8CWFShikIk5yixbHne66x1AKWOeVYCWoumcp9B_PssWwVHVFK3rr0Y6aIdcqT ui9C6uCFQkAmospAxTvN1pr6XM422bBU6mUm_7rUPLOZk.nu2J1z2lRfcUpT7VR6jBb6hMDn.VZ7 taTf5U7K65ne9GmrqDjryeI3808LsdvQJwVQZGZwUB2LiLcm8DncviG7nK0lmsgNNwQr6RZsa_a0 AhBPPF5_RIShYnSmY3fi3SLGxvWfMUUenhvTC04ORX7.wUM.fiYpDfsr3H8_7lJ6GaBlZZQYvM0c Zfb1PrICBo0MFSTDRSjta1muMFyd3sImjIQyJymTz150iBs6n0DmB.RY__H89rBDT0y4H3mkOL_g brNqOKeHb_oiDEN_BjLU2HdZ.pKwoIfpDGStje6KitwZiDt7lsAuTx3Ez13XuzeGnL5Gj4.cmIQR pvKGB28lv9JtvettdlTECOGkB6TY- X-Sonic-MF: X-Sonic-ID: 27deef14-fe58-42dc-87e1-fbb32ce10e4e Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Sat, 7 Jun 2025 01:01:50 +0000 Received: by hermes--production-gq1-74d64bb7d7-5qmwx (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7461f2feac0d1a8decd03521522bae75; Sat, 07 Jun 2025 00:51:41 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v4 2/4] LSM: security_lsmblob_to_secctx module selection Date: Fri, 6 Jun 2025 17:51:32 -0700 Message-ID: <20250607005134.10488-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20250607005134.10488-1-casey@schaufler-ca.com> References: <20250607005134.10488-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a parameter lsmid to security_lsmblob_to_secctx() to identify which of the security modules that may be active should provide the security context. If the value of lsmid is LSM_ID_UNDEF the first LSM providing a hook is used. security_secid_to_secctx() is unchanged, and will always report the first LSM providing a hook. Signed-off-by: Casey Schaufler --- include/linux/security.h | 6 ++++-- kernel/audit.c | 4 ++-- kernel/auditsc.c | 8 +++++--- net/netlabel/netlabel_user.c | 3 ++- security/security.c | 13 +++++++++++-- 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index a0ff4fc69375..2707b514670f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -565,7 +565,8 @@ int security_setprocattr(int lsmid, const char *name, v= oid *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, struct lsm_context *cp); -int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *= cp); +int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *= cp, + int lsmid); int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); void security_release_secctx(struct lsm_context *cp); void security_inode_invalidate_secctx(struct inode *inode); @@ -1542,7 +1543,8 @@ static inline int security_secid_to_secctx(u32 secid,= struct lsm_context *cp) } =20 static inline int security_lsmprop_to_secctx(struct lsm_prop *prop, - struct lsm_context *cp) + struct lsm_context *cp, + int lsmid) { return -EOPNOTSUPP; } diff --git a/kernel/audit.c b/kernel/audit.c index 2a567f667528..6bbadb605ca3 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1473,7 +1473,7 @@ static int audit_receive_msg(struct sk_buff *skb, str= uct nlmsghdr *nlh, case AUDIT_SIGNAL_INFO: if (lsmprop_is_set(&audit_sig_lsm)) { err =3D security_lsmprop_to_secctx(&audit_sig_lsm, - &lsmctx); + &lsmctx, LSM_ID_UNDEF); if (err < 0) return err; } @@ -2188,7 +2188,7 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmprop_is_set(&prop)) return 0; =20 - error =3D security_lsmprop_to_secctx(&prop, &ctx); + error =3D security_lsmprop_to_secctx(&prop, &ctx, LSM_ID_UNDEF); if (error < 0) { if (error !=3D -EINVAL) goto error_path; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 528b6d2f5cb0..322d4e27f28e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1109,7 +1109,7 @@ static int audit_log_pid_context(struct audit_context= *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmprop_is_set(prop)) { - if (security_lsmprop_to_secctx(prop, &ctx) < 0) { + if (security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF) < 0) { audit_log_format(ab, " obj=3D(none)"); rc =3D 1; } else { @@ -1395,7 +1395,8 @@ static void show_special(struct audit_context *contex= t, int *call_panic) struct lsm_context lsmctx; =20 if (security_lsmprop_to_secctx(&context->ipc.oprop, - &lsmctx) < 0) { + &lsmctx, + LSM_ID_UNDEF) < 0) { *call_panic =3D 1; } else { audit_log_format(ab, " obj=3D%s", lsmctx.context); @@ -1560,7 +1561,8 @@ static void audit_log_name(struct audit_context *cont= ext, struct audit_names *n, if (lsmprop_is_set(&n->oprop)) { struct lsm_context ctx; =20 - if (security_lsmprop_to_secctx(&n->oprop, &ctx) < 0) { + if (security_lsmprop_to_secctx(&n->oprop, &ctx, + LSM_ID_UNDEF) < 0) { if (call_panic) *call_panic =3D 2; } else { diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 0d04d23aafe7..6d6545297ee3 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -98,7 +98,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, audit_info->sessionid); =20 if (lsmprop_is_set(&audit_info->prop) && - security_lsmprop_to_secctx(&audit_info->prop, &ctx) > 0) { + security_lsmprop_to_secctx(&audit_info->prop, &ctx, + LSM_ID_UNDEF) > 0) { audit_log_format(audit_buf, " subj=3D%s", ctx.context); security_release_secctx(&ctx); } diff --git a/security/security.c b/security/security.c index 2b9dde02f4de..306860434200 100644 --- a/security/security.c +++ b/security/security.c @@ -3774,6 +3774,7 @@ EXPORT_SYMBOL(security_ismaclabel); * security_secid_to_secctx() - Convert a secid to a secctx * @secid: secid * @cp: the LSM context + * @lsmid: which security module to report * * Convert secid to security context. If @cp is NULL the length of the * result will be returned, but no data will be returned. This @@ -3800,9 +3801,17 @@ EXPORT_SYMBOL(security_secid_to_secctx); * * Return: Return length of data on success, error on failure. */ -int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *= cp) +int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *= cp, + int lsmid) { - return call_int_hook(lsmprop_to_secctx, prop, cp); + struct lsm_static_call *scall; + + lsm_for_each_hook(scall, lsmprop_to_secctx) { + if (lsmid !=3D LSM_ID_UNDEF && lsmid !=3D scall->hl->lsmid->id) + continue; + return scall->hl->hook.lsmprop_to_secctx(prop, cp); + } + return LSM_RET_DEFAULT(lsmprop_to_secctx); } EXPORT_SYMBOL(security_lsmprop_to_secctx); =20 --=20 2.47.0 From nobody Sun Feb 8 10:22:30 2026 Received: from sonic310-31.consmr.mail.ne1.yahoo.com (sonic310-31.consmr.mail.ne1.yahoo.com [66.163.186.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1A4415E8B for ; Sat, 7 Jun 2025 01:01:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.186.212 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749258118; cv=none; b=OFL1Iwk/wbEE3NrYrrSkcDcU+QWpBHAIWc6Nye6ezhNE5yP106C2Z5yR9Tzvl0JxMrvDHIwJfnwHF1p/sPZu5uoylLb1izHApNwutlelY4OtQ3xvEnJHXZ1hvNucbRs5pWWTGp/2qGIRN8or7cjh9acfh7zqDdVEnzl7/m7SOfY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749258118; c=relaxed/simple; bh=pahT5/AZtLJqmqnj4Fx2qzvSECN7TzTtZWNFYbrBfpU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=acKvI9vKH3KOQd5HQ+W6DEhXB3mT50xA3XNmd+slzop63TdvUFhWABZJYt5Gsj2GIIwXE2WsZl26nTQNU7Moz+1vkLdsA4zlpG96XLXh/9/QSRkA8roExB5GzNfmyGULrD/KTllJJPrtq0fxvmVsKWDGmcNkdKOAPffc1lSMPrE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=Fq2kxAWt; arc=none smtp.client-ip=66.163.186.212 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="Fq2kxAWt" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1749258115; bh=FANMOcSKaAjB90pMvB5JWdKco5eZLFlABgl6oxSFxyw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Fq2kxAWtDJFAUy+JM41VTzWxUlPxXuDMjxpVal6hje04kNnnUuh5IhieagxuXpbCyhzhohsMAuIU9tyXp7BnImKDCxiYBtfOLDVdW2Q4YGMZRE/R+0sVgezmPW+RtsatRpsRjUEVImR+324O/QOC2bv+05ZoSqzVSniXW7rOeAyzCkMlj5uiREZGycBhH2eZzvF4Ft0ExW3oQUvd6fpOIOy3HrN7bLIc/d2VX4U4EA8jJeOu9M/DiHEBS+uL2+k3WMg+ozIV11NjbU+Z8uggoO2x7Vr7ZjbgyaU+rUsTCaZnF0sZHAc5tw+cJilDcl9bqjedK9EwIiTmNN5BY4DyKg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1749258115; bh=O77OCam0GoggWMUTykexlVD7i6S18mQ3Pxq+wIzk9zh=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=LH8ZWmuqi/SW356jlBRLlZRe3n+ga9c/4w7B67lp1Tiua/easw6p0ehgWRIOY2gv5gcOpE5Yo1OD88R00xrwflMZqe6ofnt+Q3a4jofdpX0zwjH77Zv7X0dLf5CRSgvYLDWZaGCUB9Fd0/zMDUlrNX4mOtlvlLLNroS2I7fivMeVsR9V83i3hhY+XRo/mVwdaW5iod5NuztWfNscu2bEVTno2bI91Fvnrg0qOd66wRMsqTdRCYRSPGxRCd5RJV9L6ER8+mdPqN2MXfQnNSRnWx1HUzQoUwKGAFrkRUaRYNXugquhPAZu6BbeszeO36uJ63pImS3NMKwdxOL0FyDoJQ== X-YMail-OSG: 7LdvR3UVM1l6kDdtTP1svJLlpceCPCFSUdJGf2JFkiQmxJ28DyMc4JSKePZI.oE Dafa7iYpBU4LuvQSrSKBOP_E.XX5QOkhvlUTyPugIxjhe1HDpCgWx3eY2x66FicdJtxwBKZVaesH sJCSKNobzY.uZURGDO5Jwke_CNJyOHH0MMArlQfRPQeFf.Op8FBUo8Kbq.BPFUAHFIoPmgNqe7os cXQWVw8dw0vCWgRvcyRzeDoLYSkpPad7wxvnFKi_4_rmH4FwXFN0JSQ7UG1K3I4duQAPLeBZL.UO hoNoUo.Zi3tyfEEjiZRBJM7B2Fz6xdj2IevsBl6qIv4S8Y0NaK05U6zw25i1TyPWBrFMoO7K4eQ6 JnDPcbxA_B_Y6RvLPQEogg4NEcaJgtVj9kgEfROxo0skyYN466QAPk_L2DMB.kJbOUiQf9oxp49n 3zFEkxshiKRREaSnocUSZ_etBrnFhCV59dLN2VbGazQAAyp6TC5nfmp2BSCGsM_Tn2tiMSY.r1B2 8Pr43OIJz8cOIN_3I5d2CvrAQVa4BusCXolDCHqjc43FRdYQknoL6C6OKp9BWf2pN_BGRzvcJkLa SRHlyDIRmQuaTNuQ3Mklxy_H9ln82ojC0KMDcZzrjlKANiFK4V898flzFmvPzUER6cIFQOiHVkkg etH8YTkyIDc6sShONkPpZNddZ3O5lSbmYMjH1Nj9jaG_JYhyyE7LgdqmaOaLRsKlJW7C498c._zl dC6uugS0lcJp.VcJ8aqj5BNaAJmqgOX3oMyIAtB6Z7810ez4zGjmufqBRtaLxwQPCDP3jM3MWQr4 8k2.rbECbJD6gRqu9edw10Mwe4MvLKZMr9O0vxB_nhBWzl7teDiu6w_Mxsxmk4ZHdGzluQWRuwat pe3SCJYyV6uzBC8V2gn8Lre81ZwHqxKtEAewpOs6NhAQ06Isq4XqS_vYU_thwM28zaXbUFPDVU14 puoVmnYP5jce.5rGLv892Pn6sMd_10qHn_zMTEBB8dgDZOFy8THqqn2rvjH04yBe6NnqpcGCo12C Xr1ddTPRxqof13eflxZhk58cJo.9CWNotaXpSQFxl8JiUo9HF4zC9Wsb1kx03BWFOUq1jBZsG4bu STZ_lFi5umYFpqZKlMA4C9d6BLqhIvCxEDV87147Oh0fx8Pjvi4d26fLId2xMbum2qHotmckFwks k_O13df45t3dUycWHRQlysxIOmnfCqWm7bxVWCm8AUIgmezIE9OvpWuSYciqDqpcbj_WXQBD3Ncf TGfiUWNF9QN5gX1FqQU5_BuCd_XLJrFrKcIVTNnEq8WNtHODpgciwQs.Y4gxgt8nLsJ6Oku.dBFE A7a6GrH1B8OkLT5yqVAoWxfttFdq9FLNJczqWyJN5I2hRZSludeq39BhTl7tIs7nof_UP.2FGCk1 BuCO5_G1.9RqPos1EQaCIA2XszbTA60iq2KBEzNXyHXwWmC3r9VgI2vsyjqMGeP5J.oUwSlBkJmh OVxqQC4XxXeTI9EbQXBGVgNvnHFeJb5u4HNVdPhkzOceECZWIe..XoDLpa8kjmDAb8UXTUPwtyLy baeE6EfSZL7voShJ2hN21S2FJ45HXWEFmlfiLkLgigQTc_toeFltU.5MGpwnP5EMpNVQACKg4sQ2 8tmwV.D3wAjaipGePUh6kvEiGbZK6ZYWg_i5rQ06BqtVwAX9zUUpI8_bTOWI8teU91c9RFwxbQJT FKfpSXoWN_BrF9dDFKZ7VOK4rrv3AKF1j96wsNxjE8m.LqOr8qiVii7Hyi1f4goDQaSHK1fzcB4Y 7jQrMMRhfWzM.DebNhLUzyYG7PUz8u.aRw8V0V1ceeDL7.HFfz371TGq4.Ydl5yE7swNsGvQgiSI HgkIgWm2SXCoIrZRRVfU_A9gMYWXBZfqxdUT_jqovpe1Jmmpow9_IK_tgZbmjJIyHxCDcvcehvR3 _.NG3NaU6r_1Pf4Zp24hnIGWiSg6iRS_w5mvxjuEv1g_2B3Cnm3UIeBPL59MZnEikKyngJ8.fVQy .ZaS0DVgBSK0_KMvhG0ITQw5e71e9KkkkB1ocdteEsqLWb486_3g8zyrpApaz9HY3Dv70BTV7nsC _YXmD2GzjDa.znaio_SkA8.S13LuqdatBnzydrnDMpfu_PathhMql2601VExkbbSFiOvY.TG5v6d PZ4WjsXABLjm1D.DLifNXSeBdyXMHB8xbp5491MaKxfxVx6oE9p3JuM4r502nYZqZfA38aW1vOBg .r3P03G9Mqr7Pxxx.zX0Zv7lyrHuBMgT.ttvbw9O0D4qgkTab1yhSiKVIETzD5ihnn6OEtklXXgx 5L3EwL19B6Ut.UQFH5F62ULuvRXGS X-Sonic-MF: X-Sonic-ID: 60c8aa22-0e0f-4724-9cbf-096cb7921969 Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Sat, 7 Jun 2025 01:01:55 +0000 Received: by hermes--production-gq1-74d64bb7d7-5qmwx (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7461f2feac0d1a8decd03521522bae75; Sat, 07 Jun 2025 00:51:42 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v4 3/4] Audit: Add record for multiple task security contexts Date: Fri, 6 Jun 2025 17:51:33 -0700 Message-ID: <20250607005134.10488-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20250607005134.10488-1-casey@schaufler-ca.com> References: <20250607005134.10488-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace the single skb pointer in an audit_buffer with a list of skb pointers. Add the audit_stamp information to the audit_buffer as there's no guarantee that there will be an audit_context containing the stamp associated with the event. At audit_log_end() time create auxiliary records as have been added to the list. Functions are created to manage the skb list in the audit_buffer. Create a new audit record AUDIT_MAC_TASK_CONTEXTS. An example of the MAC_TASK_CONTEXTS record is: type=3DMAC_TASK_CONTEXTS msg=3Daudit(1600880931.832:113) subj_apparmor=3Dunconfined subj_smack=3D_ When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record the "subj=3D" field in other records in the event will be "subj=3D?". An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on a subject security context. Refactor audit_log_task_context(), creating a new audit_log_subj_ctx(). This is used in netlabel auditing to provide multiple subject security contexts as necessary. Suggested-by: Paul Moore Signed-off-by: Casey Schaufler --- include/linux/audit.h | 16 +++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 207 +++++++++++++++++++++++++++++------ net/netlabel/netlabel_user.c | 9 +- security/apparmor/lsm.c | 3 + security/lsm.h | 4 - security/lsm_init.c | 5 - security/security.c | 3 - security/selinux/hooks.c | 3 + security/smack/smack_lsm.c | 3 + 10 files changed, 202 insertions(+), 52 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 0050ef288ab3..5020939fb8bc 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -37,6 +37,8 @@ struct audit_watch; struct audit_tree; struct sk_buff; struct kern_ipc_perm; +struct lsm_id; +struct lsm_prop; =20 struct audit_krule { u32 pflags; @@ -147,6 +149,9 @@ extern unsigned compat_signal_class[]; #define AUDIT_TTY_ENABLE BIT(0) #define AUDIT_TTY_LOG_PASSWD BIT(1) =20 +/* bit values for audit_lsm_secctx */ +#define AUDIT_SECCTX_SUBJECT BIT(0) + struct filename; =20 #define AUDIT_OFF 0 @@ -185,6 +190,7 @@ extern void audit_log_path_denied(int type, const char *operation); extern void audit_log_lost(const char *message); =20 +extern int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *pr= op); extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); =20 @@ -210,6 +216,8 @@ extern u32 audit_enabled; =20 extern int audit_signal_info(int sig, struct task_struct *t); =20 +extern void audit_lsm_secctx(const struct lsm_id *lsmid, int flags); + #else /* CONFIG_AUDIT */ static inline __printf(4, 5) void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, @@ -245,6 +253,11 @@ static inline void audit_log_key(struct audit_buffer *= ab, char *key) { } static inline void audit_log_path_denied(int type, const char *operation) { } +static inline int audit_log_subj_ctx(struct audit_buffer *ab, + struct lsm_prop *prop) +{ + return 0; +} static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; @@ -269,6 +282,9 @@ static inline int audit_signal_info(int sig, struct tas= k_struct *t) return 0; } =20 +static inline void audit_lsm_secctx(const struct lsm_id *lsmid, int flags) +{ } + #endif /* CONFIG_AUDIT */ =20 #ifdef CONFIG_AUDIT_COMPAT_GENERIC diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 9a4ecc9f6dc5..8cad2f307719 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -148,6 +148,7 @@ #define AUDIT_IPE_POLICY_LOAD 1422 /* IPE policy load */ #define AUDIT_LANDLOCK_ACCESS 1423 /* Landlock denial */ #define AUDIT_LANDLOCK_DOMAIN 1424 /* Landlock domain status */ +#define AUDIT_MAC_TASK_CONTEXTS 1425 /* Multiple LSM task contexts */ =20 #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 6bbadb605ca3..0987b2f391cc 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -54,6 +54,7 @@ #include #include #include +#include #include #include #include @@ -81,6 +82,11 @@ static u32 audit_failure =3D AUDIT_FAIL_PRINTK; /* private audit network namespace index */ static unsigned int audit_net_id; =20 +/* Number of modules that provide a security context. + List of lsms that provide a security context */ +static u32 audit_subj_secctx_cnt; +static const struct lsm_id *audit_subj_lsms[MAX_LSM_COUNT]; + /** * struct audit_net - audit private network namespace data * @sk: communication socket @@ -195,8 +201,10 @@ static struct audit_ctl_mutex { * to place it on a transmit queue. Multiple audit_buffers can be in * use simultaneously. */ struct audit_buffer { - struct sk_buff *skb; /* formatted skb ready to send */ + struct sk_buff *skb; /* the skb for audit_log functions */ + struct sk_buff_head skb_list; /* formatted skbs, ready to send */ struct audit_context *ctx; /* NULL or associated context */ + struct audit_stamp stamp; /* audit stamp for these records */ gfp_t gfp_mask; }; =20 @@ -278,6 +286,27 @@ static pid_t auditd_pid_vnr(void) return pid; } =20 +/** + * audit_lsm_secctx - Identify a security module as providing a secctx. + * @lsmid: LSM identity + * @flags: which contexts are provided + * + * Description: + * Increments the count of the security modules providing a secctx. + * If the LSM id is already in the list leave it alone. + */ +void audit_lsm_secctx(const struct lsm_id *lsmid, int flags) +{ + int i; + + if (flags & AUDIT_SECCTX_SUBJECT) { + for (i =3D 0 ; i < audit_subj_secctx_cnt; i++) + if (audit_subj_lsms[i] =3D=3D lsmid) + return; + audit_subj_lsms[audit_subj_secctx_cnt++] =3D lsmid; + } +} + /** * audit_get_sk - Return the audit socket for the given network namespace * @net: the destination network namespace @@ -1776,10 +1805,13 @@ __setup("audit_backlog_limit=3D", audit_backlog_lim= it_set); =20 static void audit_buffer_free(struct audit_buffer *ab) { + struct sk_buff *skb; + if (!ab) return; =20 - kfree_skb(ab->skb); + while ((skb =3D skb_dequeue(&ab->skb_list))) + kfree_skb(skb); kmem_cache_free(audit_buffer_cache, ab); } =20 @@ -1795,6 +1827,10 @@ static struct audit_buffer *audit_buffer_alloc(struc= t audit_context *ctx, ab->skb =3D nlmsg_new(AUDIT_BUFSIZ, gfp_mask); if (!ab->skb) goto err; + + skb_queue_head_init(&ab->skb_list); + skb_queue_tail(&ab->skb_list, ab->skb); + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) goto err; =20 @@ -1860,7 +1896,6 @@ struct audit_buffer *audit_log_start(struct audit_con= text *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct audit_stamp stamp; =20 if (audit_initialized !=3D AUDIT_INITIALIZED) return NULL; @@ -1915,14 +1950,14 @@ struct audit_buffer *audit_log_start(struct audit_c= ontext *ctx, gfp_t gfp_mask, return NULL; } =20 - audit_get_stamp(ab->ctx, &stamp); + audit_get_stamp(ab->ctx, &ab->stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy =3D 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)stamp.ctime.tv_sec, - stamp.ctime.tv_nsec/1000000, - stamp.serial); + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); =20 return ab; } @@ -2178,31 +2213,128 @@ void audit_log_key(struct audit_buffer *ab, char *= key) audit_log_format(ab, "(null)"); } =20 -int audit_log_task_context(struct audit_buffer *ab) +/** + * audit_buffer_aux_new - Add an aux record buffer to the skb list + * @ab: audit_buffer + * @type: message type + * + * Aux records are allocated and added to the skb list of + * the "main" record. The ab->skb is reset to point to the + * aux record on its creation. When the aux record in complete + * ab->skb has to be reset to point to the "main" record. + * This allows the audit_log_ functions to be ignorant of + * which kind of record it is logging to. It also avoids adding + * special data for aux records. + * + * On success ab->skb will point to the new aux record. + * Returns 0 on success, -ENOMEM should allocation fail. + */ +static int audit_buffer_aux_new(struct audit_buffer *ab, int type) +{ + WARN_ON(ab->skb !=3D skb_peek(&ab->skb_list)); + + ab->skb =3D nlmsg_new(AUDIT_BUFSIZ, ab->gfp_mask); + if (!ab->skb) + goto err; + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) + goto err; + skb_queue_tail(&ab->skb_list, ab->skb); + + audit_log_format(ab, "audit(%llu.%03lu:%u): ", + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); + + return 0; + +err: + kfree_skb(ab->skb); + ab->skb =3D skb_peek(&ab->skb_list); + return -ENOMEM; +} + +/** + * audit_buffer_aux_end - Switch back to the "main" record from an aux rec= ord + * @ab: audit_buffer + * + * Restores the "main" audit record to ab->skb. + */ +static void audit_buffer_aux_end(struct audit_buffer *ab) +{ + ab->skb =3D skb_peek(&ab->skb_list); +} + +/** + * audit_log_subj_ctx - Add LSM subject information + * @ab: audit_buffer + * @prop: LSM subject properties. + * + * Add a subj=3D field and, if necessary, a AUDIT_MAC_TASK_CONTEXTS record. + */ +int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *prop) { - struct lsm_prop prop; struct lsm_context ctx; + char *space =3D ""; int error; + int i; =20 - security_current_getlsmprop_subj(&prop); - if (!lsmprop_is_set(&prop)) + security_current_getlsmprop_subj(prop); + if (!lsmprop_is_set(prop)) return 0; =20 - error =3D security_lsmprop_to_secctx(&prop, &ctx, LSM_ID_UNDEF); - if (error < 0) { - if (error !=3D -EINVAL) - goto error_path; + if (audit_subj_secctx_cnt < 2) { + error =3D security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF); + if (error < 0) { + if (error !=3D -EINVAL) + goto error_path; + return 0; + } + audit_log_format(ab, " subj=3D%s", ctx.context); + security_release_secctx(&ctx); return 0; } - - audit_log_format(ab, " subj=3D%s", ctx.context); - security_release_secctx(&ctx); + /* Multiple LSMs provide contexts. Include an aux record. */ + audit_log_format(ab, " subj=3D?"); + error =3D audit_buffer_aux_new(ab, AUDIT_MAC_TASK_CONTEXTS); + if (error) + goto error_path; + + for (i =3D 0; i < audit_subj_secctx_cnt; i++) { + error =3D security_lsmprop_to_secctx(prop, &ctx, + audit_subj_lsms[i]->id); + if (error < 0) { + /* + * Don't print anything. An LSM like BPF could + * claim to support contexts, but only do so under + * certain conditions. + */ + if (error =3D=3D -EOPNOTSUPP) + continue; + if (error !=3D -EINVAL) + audit_panic("error in audit_log_task_context"); + } else { + audit_log_format(ab, "%ssubj_%s=3D%s", space, + audit_subj_lsms[i]->name, ctx.context); + space =3D " "; + security_release_secctx(&ctx); + } + } + audit_buffer_aux_end(ab); return 0; =20 error_path: - audit_panic("error in audit_log_task_context"); + audit_panic("error in audit_log_subj_ctx"); return error; } +EXPORT_SYMBOL(audit_log_subj_ctx); + +int audit_log_task_context(struct audit_buffer *ab) +{ + struct lsm_prop prop; + + security_current_getlsmprop_subj(&prop); + return audit_log_subj_ctx(ab, &prop); +} EXPORT_SYMBOL(audit_log_task_context); =20 void audit_log_d_path_exe(struct audit_buffer *ab, @@ -2411,6 +2543,26 @@ int audit_signal_info(int sig, struct task_struct *t) return audit_signal_info_syscall(t); } =20 +/** + * __audit_log_end - enqueue one audit record + * @skb: the buffer to send + */ +static void __audit_log_end(struct sk_buff *skb) +{ + struct nlmsghdr *nlh; + + if (audit_rate_check()) { + /* setup the netlink header, see the comments in + * kauditd_send_multicast_skb() for length quirks */ + nlh =3D nlmsg_hdr(skb); + nlh->nlmsg_len =3D skb->len - NLMSG_HDRLEN; + + /* queue the netlink packet */ + skb_queue_tail(&audit_queue, skb); + } else + audit_log_lost("rate limit exceeded"); +} + /** * audit_log_end - end one audit record * @ab: the audit_buffer @@ -2423,25 +2575,16 @@ int audit_signal_info(int sig, struct task_struct *= t) void audit_log_end(struct audit_buffer *ab) { struct sk_buff *skb; - struct nlmsghdr *nlh; =20 if (!ab) return; =20 - if (audit_rate_check()) { - skb =3D ab->skb; - ab->skb =3D NULL; + while ((skb =3D skb_dequeue(&ab->skb_list))) + __audit_log_end(skb); =20 - /* setup the netlink header, see the comments in - * kauditd_send_multicast_skb() for length quirks */ - nlh =3D nlmsg_hdr(skb); - nlh->nlmsg_len =3D skb->len - NLMSG_HDRLEN; - - /* queue the netlink packet and poke the kauditd thread */ - skb_queue_tail(&audit_queue, skb); + /* poke the kauditd thread */ + if (audit_rate_check()) wake_up_interruptible(&kauditd_wait); - } else - audit_log_lost("rate limit exceeded"); =20 audit_buffer_free(ab); } diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 6d6545297ee3..0da652844dd6 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,7 +84,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; - struct lsm_context ctx; =20 if (audit_enabled =3D=3D AUDIT_OFF) return NULL; @@ -96,13 +95,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, audit_log_format(audit_buf, "netlabel: auid=3D%u ses=3D%u", from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); - - if (lsmprop_is_set(&audit_info->prop) && - security_lsmprop_to_secctx(&audit_info->prop, &ctx, - LSM_ID_UNDEF) > 0) { - audit_log_format(audit_buf, " subj=3D%s", ctx.context); - security_release_secctx(&ctx); - } + audit_log_subj_ctx(audit_buf, &audit_info->prop); =20 return audit_buf; } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index db8592bed189..4ba6db93e5b0 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -2251,6 +2251,9 @@ static int __init apparmor_init(void) security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), &apparmor_lsmid); =20 + /* Inform the audit system that secctx is used */ + audit_lsm_secctx(&apparmor_lsmid, AUDIT_SECCTX_SUBJECT); + /* Report that AppArmor successfully initialized */ apparmor_initialized =3D 1; if (aa_g_profile_mode =3D=3D APPARMOR_COMPLAIN) diff --git a/security/lsm.h b/security/lsm.h index d1d54540da98..c432dc0c5e30 100644 --- a/security/lsm.h +++ b/security/lsm.h @@ -24,10 +24,6 @@ extern bool lsm_debug; extern unsigned int lsm_count; extern const struct lsm_id *lsm_idlist[]; =20 -/* LSM property configuration */ -extern unsigned int lsm_count_prop_subj; -extern unsigned int lsm_count_prop_obj; - /* LSM blob configuration */ extern struct lsm_blob_sizes blob_sizes; =20 diff --git a/security/lsm_init.c b/security/lsm_init.c index c2ef4db055db..54166688efff 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -190,11 +190,6 @@ static void __init lsm_order_append(struct lsm_info *l= sm, const char *src) lsm_order[lsm_count] =3D lsm; lsm_idlist[lsm_count++] =3D lsm->id; =20 - if (lsm->id->flags & LSM_ID_FLG_PROP_SUBJ) - lsm_count_prop_subj++; - if (lsm->id->flags & LSM_ID_FLG_PROP_OBJ) - lsm_count_prop_obj++; - lsm_pr_dbg("enabling LSM %s:%s\n", src, lsm->id->name); } =20 diff --git a/security/security.c b/security/security.c index 306860434200..0bb7e0d6ec8b 100644 --- a/security/security.c +++ b/security/security.c @@ -78,9 +78,6 @@ bool lsm_debug __ro_after_init; unsigned int lsm_count __ro_after_init; const struct lsm_id *lsm_idlist[MAX_LSM_COUNT]; =20 -unsigned int lsm_count_prop_subj __ro_after_init; -unsigned int lsm_count_prop_obj __ro_after_init; - struct lsm_blob_sizes blob_sizes; =20 struct kmem_cache *lsm_file_cache; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1dc4b3987af4..a89561c1fdea 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7516,6 +7516,9 @@ static __init int selinux_init(void) /* Set the security state for the initial task. */ cred_init_security(); =20 + /* Inform the audit system that secctx is used */ + audit_lsm_secctx(&selinux_lsmid, AUDIT_SECCTX_SUBJECT); + default_noexec =3D !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); if (!default_noexec) pr_notice("SELinux: virtual memory is executable by default\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 47a036e8e452..06603c328079 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5275,6 +5275,9 @@ static __init int smack_init(void) /* initialize the smack_known_list */ init_smack_known_list(); =20 + /* Inform the audit system that secctx is used */ + audit_lsm_secctx(&smack_lsmid, AUDIT_SECCTX_SUBJECT); + return 0; } =20 --=20 2.47.0 From nobody Sun Feb 8 10:22:30 2026 Received: from sonic303-28.consmr.mail.ne1.yahoo.com (sonic303-28.consmr.mail.ne1.yahoo.com [66.163.188.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F62E13AA2F for ; Sat, 7 Jun 2025 00:51:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.188.154 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749257516; cv=none; b=tNvJiooJVN4wQkKxC5T7oKSMuZMoxSgOVLt2bzjy5Pf4n1GH5ohG5RPE7lRDMHz00t1dCLdQVQD1GLParOuDtZdGOMh6wGlvE0cCSlj4tW0uAilEb4Z28F3A7z5gRfCvFwiYJrITDs7riTYxOEBgNLGTlRz9byyvNjJG4uVFXpo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749257516; c=relaxed/simple; bh=vGsEpcIPU9W5C09hrCglfhLAg/B4+bFwjnvpYSKNo08=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jgW8kfsvC7YdoWR28M+YYsf/FvJZjbYJRABsxVAiVI4cFZJW5nqEz+0DDostFI3OlOs49c111MBcJXIPDZq6VYh0EX6RwtUawzkXC6qdL+2b8bJ485mIo8SC4xkkPXEvSYSuyoWqVrQL1jKkyC14Z1UOls1sz6hFPZSRMIBlj3k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=Rtf91VQa; arc=none smtp.client-ip=66.163.188.154 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="Rtf91VQa" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1749257510; bh=+KkE7dU6+udHw+pWKo4BbVy1LpUBIWuhx+iNhEuxF8o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Rtf91VQaWBSybcnh03HSDffFJaPtvf++8eDkG7o7DUaHzJS5yy272v1hrE8ORFwaULlTg4t6qc9z9XhMypF1xIPTZSJWacoaif9W9a79WTq49b/Gf8JfvQvyadn34CDLfbIQvu77RfmlieTspEoDPFmPfbZhzU3/5dgPBYyJeyh6BQO3l06LrW0b5d0u3JyapzUwpoRKJHsLGoHIhdaxS3W3wENm+/66BeGIjlXcp43EI2SUDfP2fqR7hDZpxH8xPm6BEI5KgsqLzi8eqLK4grvItNHd0vAJYJBgOEmYnGAFADey1LZuQ9WWSIcRJxJG1GwNfHHn7R85Rn7ClGrH6w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1749257510; bh=AA0SY4JFR3aARh3w6ci9+Q3IW1QA2xSzCn2deePagt+=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=YZszLGlf568FC9044CBSgrvhoFIv1gtE8zNQ+0wIfDt2MiX6KhNOFJ9kgDkVyM/X6iY3qs14QTRkdgzy+RZ1dM7pd4HlTlpH4ezwfpvgijRjHM0ms1yw/V4BXknDSzMop86zE3KSiXtusPAUQne1YNra9E0sIC0ntSmUGTcnKrqk2GYPIyaSi4POH5f3/wb7hR/0aiSisWmlKL8o0JMkVqsjmsJRE+UhPjWrkufwEKudC9QeguUQq6tfSRo60ryTCTA2SCh1B3pcTrKgIhbWjUbNhqk0JfDqrfcCiN5N2iNxZaDMU7ekaDD+FSgKU4TnvAUrTDZwdbVWFVVzkVTosA== X-YMail-OSG: rZv.rQAVM1lYj7JHy8QOKu14m1TZQTkoj2ydzpbgQh7zWfThl3sWZ88jCF30orS Y0K8waTHbkXKhcnL.5TUiHJjeMo04gq.nrA1DvpeTxy3QERXMF4hUb7DuhYTd96kWv6J6E4_q4W2 m7qQporufMHy99IKnph_7hM8rb9lHb9piF0Qo7CmlVGBU4Dm16bhJh5.UuaktjocwZ_bDbS5fLOv OJx9tHWGJ3UKv7UWNVG4RllpGWaF8KoBUjHiZR5CFwF8_enNJehgsSK9K5zavDf.9ZMHSkguuHEp ePU_1izaYLkwxNkENIXRIRRpXaQXbClM1BMGH8xG_W3h6fbUq884U.d_HMFinDC272vCS6she.TK 9zI_b2aKAXFSKmWiiqJ2lTXTulDJyHfqUZYTdokfkDaqWZQBnJFOVuJHDjp8eeAIpK8fcX3zyYIt jFF7IC.6gJldV80uxV5o_VCGvF.rwgsDhaTlFKRWMBbTtrq_pBL3g5Ee1ZuhIw3.KP1a9qGsmLPi krKV74kktxNTCdM1O07ikPBtVPGiIKIGwMvl2O5slNNGbvnH6dxsKbYoFR1ZiEvC5qChaaEtYdrl 4o3OubsHdF.K2Vw2YlH0i_dMzTVo2HQYZk498tBpS7DAJKv4GkO0UrJemFl158gZMJy_DC6t4ccN t7KaXhLv2MOC6vzC2o5anzqks.nt_ncVlh2.dA_mADzblos.pa_je4cdI.uOTuxt1F17IbZoxMLm JultLUuqmhwu2RLQXkpr76w5.1FQgwfntfurLUbUHrs0poINBrl_lZ6lAbDAIAlpniYAt8agHulT 0OzqqGWiedY6n5nCJA1U9NqmESLCi3jirgxrFU4wKQW2GY4iVkOsMTjXVVfMvjiVkeKcI9dhqRlM C.4L7djD23sbGsovJwCK__oYaeCQSkuyi8cuPC7r9QTFSlhyspvlkTpHC8y.LGEbm40ZGW8EXfld VNRChiwuw2b9CxeEYMnLuMxEx989tOsH2Cr4uWGVlLMiShuUXhLIblZaafrlU03iodRMN0E0ZMRb 4IUJGe0iFc8XglPk2wZC8x9NoGTN3r8LUCPM2x.qJuzqIkWOwi_FZTtItIB1k1.AEHiVFrznqBC6 BuC1AROl6LcuvZPTrbcNxcFWS273r5SMMIVTSP8Fpx2EvEmNCeA1PxcN2tK9m0IuAWA4SrXDOJDq yc5DMT5j9rlrItg.1J7iNQQh0dW0boAXfsldZT4Ojq2q51BHzMT7yZ3jAuSPerRLyZvN__tk5hK8 WokpsI5N0n.2UwByilUCrALOF5eI0_usvBZJqrjsUH.pnXB3GbEzUbD1BmRDV9H8rJ1lq2xG0dSm n7_jXGSswtCgxUNpBwkSlLHKIJAdTsyRXm3UDpaZ8UpBOIcCizzg6T7LbjQn8eTwDsSgh4rXeNAV QbwSNzKOEmRypY8C1R.LkWtTUgFzVf3.B6CTTLolTA21m.7PCjmKmPQrCIoPB7KA0EMLF0Pho3Cy 3.wvzytabdvh.baECkj00xb9lQ2OXAogkxqynU33kEiR_hdw2k7AcKUX77z1WekHNuU1tqWnc_eo 6CTigjWePNOOQpj2fn6Pa.zEf9rw07dK6PV5ojoeeR2rKXMMCDFEaGkUJRKMhNir1_gouOSZqYEx 58mLnKHus2XTlAkcHkYK.JwTtsK88S6C_xqjvCygMAn19_OAimdnbvWNp9LjjKKl4H3eryDpYCJn VcbsQ2tjtP9Kkqfa09WPs8v.uJS2C7FrU0IDiB7gWUVxzyf3nWk3Uq_hrQD0lwkCL8hxzo8BAJh5 DmOYgtqNp9V7Gk_ntua51AfLUmiAc81OQWyUtffH8BiPEGJh2bBth6P4pAzYU956dnXneFsx1ucH AwcYdAR4R5hdGmTkDFT29lx3liCZq5afDnvkTYnqNYgck_SrXZMtTPYQ5TldNp72zCqcEcMTmMUr tut9iQUt8V3Z34FaZY7RTFcDW7Prm5r9HCfMX9REj2Z0KI_dIQ0Wly6G2plGr3vdxVA6DT1TruIw EyjsQDfkrCQS9NNFdclxkVcnTdyOUAH_twYnrW02bQzzdEZUv..PWjDoLWBQNk1Z7KmvAbQwDByR 1LGAP0_i9PuNnIc6ITVjdoUrhLpSS_uWMJJRr_0BtU5_gvPrzEUtZ7mDcyWbDP5z1wrMD2ad3OOi U9o0hcWeEX8h8HJQc_2R61FhyCImr47_UHGJnkM3_J8WM3uhU85w7Azkg1shyhpMvrTCy2J96gAh 4HRS7GXjWaeCJ6SlsUK549aYyvU9FtxI2SRxv7Ah3FSAs3FawkMcjvkLMSVJB_NtmCwYcMNOzoM3 uquy52ksX5ETQDPZpsNwEe6PU7nzl X-Sonic-MF: X-Sonic-ID: 17919ce2-3d53-4202-97d5-c9c31b3a2267 Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Sat, 7 Jun 2025 00:51:50 +0000 Received: by hermes--production-gq1-74d64bb7d7-5qmwx (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7461f2feac0d1a8decd03521522bae75; Sat, 07 Jun 2025 00:51:44 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v4 4/4] Audit: Add record for multiple object contexts Date: Fri, 6 Jun 2025 17:51:34 -0700 Message-ID: <20250607005134.10488-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20250607005134.10488-1-casey@schaufler-ca.com> References: <20250607005134.10488-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Create a new audit record AUDIT_MAC_OBJ_CONTEXTS. An example of the MAC_OBJ_CONTEXTS record is: type=3DMAC_OBJ_CONTEXTS msg=3Daudit(1601152467.009:1050): obj_selinux=3Dunconfined_u:object_r:user_home_t:s0 When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record the "obj=3D" field in other records in the event will be "obj=3D?". An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on an object security context. Signed-off-by: Casey Schaufler --- include/linux/audit.h | 7 +++++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 58 +++++++++++++++++++++++++++++++++++++- kernel/auditsc.c | 45 ++++++++--------------------- security/selinux/hooks.c | 3 +- security/smack/smack_lsm.c | 3 +- 6 files changed, 80 insertions(+), 37 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 5020939fb8bc..c507fdfcf534 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -151,6 +151,7 @@ extern unsigned compat_signal_class[]; =20 /* bit values for audit_lsm_secctx */ #define AUDIT_SECCTX_SUBJECT BIT(0) +#define AUDIT_SECCTX_OBJECT BIT(1) =20 struct filename; =20 @@ -191,6 +192,7 @@ extern void audit_log_path_denied(int type, extern void audit_log_lost(const char *message); =20 extern int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *pr= op); +extern int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *pro= p); extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); =20 @@ -258,6 +260,11 @@ static inline int audit_log_subj_ctx(struct audit_buff= er *ab, { return 0; } +static inline int audit_log_obj_ctx(struct audit_buffer *ab, + struct lsm_prop *prop) +{ + return 0; +} static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 8cad2f307719..14a1c1fe013a 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -149,6 +149,7 @@ #define AUDIT_LANDLOCK_ACCESS 1423 /* Landlock denial */ #define AUDIT_LANDLOCK_DOMAIN 1424 /* Landlock domain status */ #define AUDIT_MAC_TASK_CONTEXTS 1425 /* Multiple LSM task contexts */ +#define AUDIT_MAC_OBJ_CONTEXTS 1426 /* Multiple LSM objext contexts */ =20 #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 0987b2f391cc..451c36965889 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -85,7 +85,9 @@ static unsigned int audit_net_id; /* Number of modules that provide a security context. List of lsms that provide a security context */ static u32 audit_subj_secctx_cnt; +static u32 audit_obj_secctx_cnt; static const struct lsm_id *audit_subj_lsms[MAX_LSM_COUNT]; +static const struct lsm_id *audit_obj_lsms[MAX_LSM_COUNT]; =20 /** * struct audit_net - audit private network namespace data @@ -305,6 +307,12 @@ void audit_lsm_secctx(const struct lsm_id *lsmid, int = flags) return; audit_subj_lsms[audit_subj_secctx_cnt++] =3D lsmid; } + if (flags & AUDIT_SECCTX_OBJECT) { + for (i =3D 0 ; i < audit_obj_secctx_cnt; i++) + if (audit_obj_lsms[i] =3D=3D lsmid) + return; + audit_obj_lsms[audit_obj_secctx_cnt++] =3D lsmid; + } } =20 /** @@ -1142,7 +1150,6 @@ static int is_audit_feature_set(int i) return af.features & AUDIT_FEATURE_TO_MASK(i); } =20 - static int audit_get_feature(struct sk_buff *skb) { u32 seq; @@ -2337,6 +2344,55 @@ int audit_log_task_context(struct audit_buffer *ab) } EXPORT_SYMBOL(audit_log_task_context); =20 +int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *prop) +{ + int i; + int rc; + int error =3D 0; + char *space =3D ""; + struct lsm_context ctx; + + if (audit_obj_secctx_cnt < 2) { + error =3D security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF); + if (error < 0) { + if (error !=3D -EINVAL) + goto error_path; + return error; + } + audit_log_format(ab, " obj=3D%s", ctx.context); + security_release_secctx(&ctx); + return 0; + } + audit_log_format(ab, " obj=3D?"); + error =3D audit_buffer_aux_new(ab, AUDIT_MAC_OBJ_CONTEXTS); + if (error) + goto error_path; + + for (i =3D 0; i < audit_obj_secctx_cnt; i++) { + rc =3D security_lsmprop_to_secctx(prop, &ctx, + audit_obj_lsms[i]->id); + if (rc < 0) { + audit_log_format(ab, "%sobj_%s=3D?", space, + audit_obj_lsms[i]->name); + if (rc !=3D -EINVAL) + audit_panic("error in audit_log_obj_ctx"); + error =3D rc; + } else { + audit_log_format(ab, "%sobj_%s=3D%s", space, + audit_obj_lsms[i]->name, ctx.context); + security_release_secctx(&ctx); + } + space =3D " "; + } + + audit_buffer_aux_end(ab); + return error; + +error_path: + audit_panic("error in audit_log_obj_ctx"); + return error; +} + void audit_log_d_path_exe(struct audit_buffer *ab, struct mm_struct *mm) { diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 322d4e27f28e..0c28fa33d099 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1098,7 +1098,6 @@ static int audit_log_pid_context(struct audit_context= *context, pid_t pid, char *comm) { struct audit_buffer *ab; - struct lsm_context ctx; int rc =3D 0; =20 ab =3D audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1108,15 +1107,9 @@ static int audit_log_pid_context(struct audit_contex= t *context, pid_t pid, audit_log_format(ab, "opid=3D%d oauid=3D%d ouid=3D%d oses=3D%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (lsmprop_is_set(prop)) { - if (security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF) < 0) { - audit_log_format(ab, " obj=3D(none)"); - rc =3D 1; - } else { - audit_log_format(ab, " obj=3D%s", ctx.context); - security_release_secctx(&ctx); - } - } + if (lsmprop_is_set(prop) && audit_log_obj_ctx(ab, prop)) + rc =3D 1; + audit_log_format(ab, " ocomm=3D"); audit_log_untrustedstring(ab, comm); audit_log_end(ab); @@ -1392,16 +1385,8 @@ static void show_special(struct audit_context *conte= xt, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (lsmprop_is_set(&context->ipc.oprop)) { - struct lsm_context lsmctx; - - if (security_lsmprop_to_secctx(&context->ipc.oprop, - &lsmctx, - LSM_ID_UNDEF) < 0) { + if (audit_log_obj_ctx(ab, &context->ipc.oprop)) *call_panic =3D 1; - } else { - audit_log_format(ab, " obj=3D%s", lsmctx.context); - security_release_secctx(&lsmctx); - } } if (context->ipc.has_perm) { audit_log_end(ab); @@ -1558,18 +1543,9 @@ static void audit_log_name(struct audit_context *con= text, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (lsmprop_is_set(&n->oprop)) { - struct lsm_context ctx; - - if (security_lsmprop_to_secctx(&n->oprop, &ctx, - LSM_ID_UNDEF) < 0) { - if (call_panic) - *call_panic =3D 2; - } else { - audit_log_format(ab, " obj=3D%s", ctx.context); - security_release_secctx(&ctx); - } - } + if (lsmprop_is_set(&n->oprop) && + audit_log_obj_ctx(ab, &n->oprop)) + *call_panic =3D 2; =20 /* log the audit_names record type */ switch (n->type) { @@ -1780,15 +1756,16 @@ static void audit_log_exit(void) axs->target_sessionid[i], &axs->target_ref[i], axs->target_comm[i])) - call_panic =3D 1; + call_panic =3D 1; } =20 if (context->target_pid && audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - &context->target_ref, context->target_comm)) - call_panic =3D 1; + &context->target_ref, + context->target_comm)) + call_panic =3D 1; =20 if (context->pwd.dentry && context->pwd.mnt) { ab =3D audit_log_start(context, GFP_KERNEL, AUDIT_CWD); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a89561c1fdea..0ffe3a7cacf3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7517,7 +7517,8 @@ static __init int selinux_init(void) cred_init_security(); =20 /* Inform the audit system that secctx is used */ - audit_lsm_secctx(&selinux_lsmid, AUDIT_SECCTX_SUBJECT); + audit_lsm_secctx(&selinux_lsmid, + AUDIT_SECCTX_SUBJECT | AUDIT_SECCTX_OBJECT); =20 default_noexec =3D !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); if (!default_noexec) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 06603c328079..b54d93d31600 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5276,7 +5276,8 @@ static __init int smack_init(void) init_smack_known_list(); =20 /* Inform the audit system that secctx is used */ - audit_lsm_secctx(&smack_lsmid, AUDIT_SECCTX_SUBJECT); + audit_lsm_secctx(&smack_lsmid, + AUDIT_SECCTX_SUBJECT | AUDIT_SECCTX_OBJECT); =20 return 0; } --=20 2.47.0