From nobody Mon Sep 15 20:47:45 2025 Received: from sonic316-26.consmr.mail.ne1.yahoo.com (sonic316-26.consmr.mail.ne1.yahoo.com [66.163.187.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B478A2FFDF0 for ; Sat, 16 Aug 2025 17:29:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.187.152 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755365366; cv=none; b=VQUBImVo+KntJQwGlImYY9RdlMRrSrkUuISOSLcz9baFG9LG3Co+/+BN+BY5LrB1ohVJct9bZ4czIDQhlbbQWr6wgyRNinjd3X4ZsnoIPAIL9gXEqBsC6p8HAXjLFw33FbyKIxHUMgppf9j9FuM0ghcKCrn2BVbC1PH6nRXkvo8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755365366; c=relaxed/simple; bh=vFw9bdj5HQvCzxgaSmVlE9yk3fIiueGOkl8bgkAx3+Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=J0pXoKeGk8GLNOlnWQEdyE3op8xdA3DFyv19SuZQyclQKRf67Qv60ljWy3J0kLDSZWoXFHYvf56Laxqhi+Gj9A0Inxg7lAmU8oO/PtBoYhP8r6lr9bjgU2stuPOtQUiL5pZ3viL7Pe5jRSGgJ0ihEqP1D1vSNa/rLDy3gpuaO/M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=Q5N48rTl; arc=none smtp.client-ip=66.163.187.152 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="Q5N48rTl" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1755365356; bh=PZswrgrb/iVrnC1GS9cUq6KksvfabfMQsHxJRWkedHE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Q5N48rTlDgPp3nEUpriQ6iN6jJc0m+NfdhrOIOEDOiRyoaq0/nXjjHge9eN3UFt8+1me2SGm4WA4ayGzkq1QD8Kk18wfmyuGJEyWGaIeO+QY+6BraZ2dXUaLNfG7S30+69rfz6HkOtEjAL1nJW5eCenf+UVo7Qoau+rdMyi0Re+j5PvCbqnNq4eZ8kiJ0fK9NXbDikwq/wVJg4focIGgeS7E1aou1h3DD4B8ZzKrwUjnZed9wLWTyd4GD1yNwNlNGtXXwmyas4M4jzhZ77pni1c/G2m+mDBYU6z+ELlCZ+CP6DNPu9jdtQ0FP6c7Z7soaTmTDCbYT4HOS58XK/Wn4Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1755365356; bh=kkXwEDnK+4G3RYopdJ22Q9JEhID4IOmQuxkTZjWZk/s=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=imxkPN2bYYf3jQEesMwKC0m02WMSxjZYq7ZFxGf4T9n26uO1ra1iOZOQmXTsBRT6C/b+PacemZv5jzTG6LqAndIEiCdI9zbWLQVBAuNtvGApPd2r810stJ5dsU3AEQpavxdF3WjWzK4Vat0QfR9ed/3oFSgeeOKI6tcZcqwI4Aujy0cyb1Yi1+EwMFTRJ+LhNZi8ZDcmC3YeCnHQNQ3RZvw0L0cu134wAkac7KJR4ZInKNLWueVB+YaSFHDQbOP4ERz/+bJnYI/5THxDhTsF6lCp4vzZdusWxUGfJGwVXM/pSl3VRJOLYNgAAOzzHpi9SAnaJNwL+SMuwJpQsGJQeA== X-YMail-OSG: 23SHywgVM1m35VLEKkx4FEeU9xJaC9nMbangtT7g1qCVbMqbHm2gAoM2rGdYtKe NJwQ6qgeuapXTz37.Doge4R2l_rRTnqJg0ZMTR6cxlIE5WLaSidLZGvbN4frkgPvWO3u_fgimxNq gk6VecGm0yoIKjlvytkqMHePILbRb6ouxDn0e6cq4lc72kwIr0HYXjPSFA7T7DaTX3zUEauPWMUS cf2PSXqx0gC37jWQF3qezUMhCpV4iM4IbmWjDP1HPzxM9ndW4EJpHUGNH9EJ2tQcyYurkyRPHmC5 QXl5fdu8f1efl76KFhdtklyKm0lbffwjXBfukozKVNOlcFGwoFS.lbE.WXhMCmsMqv52TtAylWtN m_FYBkMgYx6l9C2L8dhskpS1V6u61GdWbdQfyr7AKm3T7HJZSG0Elke57TPXm5WrvlAij3GJwDAt eTMwPunaqyEbM4Uguvic_cCUk4Q3vE5STLV4ozvcIoFXEnqVt6VuyldEvVeIPd2nfIHOt.JFy3D8 Z68frnSwLTtPXc2ad7bocqvr05icOCRGi_7C9678cK65reOPXkUuLb2rtpUA57op769BLP7kwgg4 Ij.j0fq_gmHW.4bUiGzvw.OT6yZdvXtyWA5ROIm2ytz50X9BtgQlRZ5t.4FMNxBf5b01qmu_3KfM IxgADdCmTNEbG6a0zF8gcUKfHjrQgXeVGbJZ28RAm.iIh95L6JuFASiOu5MzDnQBSTOMv1gEmbg. x...hwUpO6hKYz6tccvnoDGYBvgdQTjz68FxFK0TQU_8ZtCOy74pXK7QJrClPVLI0Bw1.3zuaq3Z dT0kcMCvSvBzmh.PDN5Sj.xR_HqHYyUQ37.B1tNXQ7.Fc41HISSUcHpG4AnO_aBoPDw9axQmaR8n t_CRL5sdMG_d_FNBoaY6u6tm0E0dJJKj0MxTinOUO4szIssvyovnTCmPBTN6mxdFiEZbtSlse8Ly eGvhAW_45dH1kZ5YbL88NBdKovmNvzLHhuCZqtVe75HOHpOwYj9Z0kOLrxmFyk4RX.7H2PfZPaUW jarDX_B_.lvfvL9AD1sXQlO.Fkg2enzdY044FeXKPs0Vsy2Zr78.v6oBHAGtw8YhbX9_XTapDoF. l8UE4dIzdjzOqprOivDEuJ8eMtXuHYNKJrICCtn4DSS3ohr1rPqM27ZIy9KS24ipSrVYsX3sh3DU 4qyTcfjTQm2gm5_yEwTdXIfVBI0eYl28usG3Lo38PT114YVvJBIX1VqTBbi5uOho5kIWb_FmE_by N9RpYSeJTVwkVMciycoiVy_XxpiMI_y_neh6liAUnBHckOZl3WHy0101f7.WAZ0AIIOjZd8KxTs7 YaZ4GBrphTf3FlJXGwPrj89EIvHQnGDhR06tCzA7y0e6QdTHwAHXxmczXombd0G65TRtYF.BeDgE XWfiEz_lrjD772ZYKS3olXLu0dPa_w34rZCxJxJcTJe0OKmao6THOhjmn_K1L7uAw3Az5MlHr5yS mzW6881KLTSypfSiuZRJqdBgbkRu.uCL6Ax82qsrFPjJFDwHAuZcQs.jdyHxw4On4F2ByBXvgJkr FhdjvOJSETk2hpnh26gglJ10aJqnjUMNexMvU7fWfn6YXybBryqJsm3zWCbt7kV6t7s.oB_kwomm 5X5rN0hZI6SPYV_Fy7UfhAmlCMBZhWmOY7mFtDLVgbnWzSWIZ30M_VEXPVOJj0KP2cds5I9Rz53F XkTeIreXq4lshQ4rryVvmhuUIsIj3vpvUXB8.XWEYl5F_LMLR2Bupz6AaYCv3MKE0fRFkXrsr8r1 5NDoJOxwzbx3iKUpwreHsWv7H6PypkWn4Kd5C3GvieO6DIyeRmxw14N6bc0mngfLp06amq7v5IiP 53vsyrKa9Wk5_RfLQdVbQcDqiJOU_f.vwsas2U5zCjfHTH_d_M3iosAPS5F_C3FWRbhDT0JOSIGc U3M1xUuJHoTuzecqAbF38dtsl9XOY3FF79NnN49VNH.18KP3YbA6H2qh6nPecZLXq5Yvha5Tl91_ _YD8BmxWtg2gYDOVpyWy2Y4eqB1wyzXlwGeoP0U4qvZMuPBod_UxdHHgi0D6NLeWdZGdSkbpBHxr j3dAcQGz0mwYxeGGgszvH9vio4VUMculAuz7UhF6b8dwuGk7Pnphp3Y7hM8ChN2xz0BQBtCDXYLU x3MtHbK7kP_ku7VVoSbUf.dPXf4qqWxssS7Tt.R2R5ZlTN0EZ154PKM7hP68OQRk0IP6sNKyTP.z rQu9lU_Fsvxby2ug2moyPV4D32bkNGZGARImebqhNJHQUNCtfbE21IfY2RmHbV2_nevclypGWbuK uyaJjZRc0dkc.gf8G8Umr5LzkqjfxCNg- X-Sonic-MF: X-Sonic-ID: 09ffffb8-7fd0-485c-ad13-99c228659dc0 Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Sat, 16 Aug 2025 17:29:16 +0000 Received: by hermes--production-gq1-74d64bb7d7-45lk9 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID a7374b10bab8e01c99c92e4838c45fe8; Sat, 16 Aug 2025 17:29:11 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v6 1/4] Audit: Create audit_stamp structure Date: Sat, 16 Aug 2025 10:28:56 -0700 Message-ID: <20250816172859.6437-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250816172859.6437-1-casey@schaufler-ca.com> References: <20250816172859.6437-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace the timestamp and serial number pair used in audit records with a structure containing the two elements. Signed-off-by: Casey Schaufler --- kernel/audit.c | 17 +++++++++-------- kernel/audit.h | 13 +++++++++---- kernel/auditsc.c | 22 +++++++++------------- 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 61b5744d0bb6..547967cb4266 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1833,11 +1833,11 @@ unsigned int audit_serial(void) } =20 static inline void audit_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) + struct audit_stamp *stamp) { - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { - ktime_get_coarse_real_ts64(t); - *serial =3D audit_serial(); + if (!ctx || !auditsc_get_stamp(ctx, stamp)) { + ktime_get_coarse_real_ts64(&stamp->ctime); + stamp->serial =3D audit_serial(); } } =20 @@ -1860,8 +1860,7 @@ struct audit_buffer *audit_log_start(struct audit_con= text *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct timespec64 t; - unsigned int serial; + struct audit_stamp stamp; =20 if (audit_initialized !=3D AUDIT_INITIALIZED) return NULL; @@ -1916,12 +1915,14 @@ struct audit_buffer *audit_log_start(struct audit_c= ontext *ctx, gfp_t gfp_mask, return NULL; } =20 - audit_get_stamp(ab->ctx, &t, &serial); + audit_get_stamp(ab->ctx, &stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy =3D 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); + (unsigned long long)stamp.ctime.tv_sec, + stamp.ctime.tv_nsec/1000000, + stamp.serial); =20 return ab; } diff --git a/kernel/audit.h b/kernel/audit.h index 2a24d01c5fb0..0f05933a173b 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -99,6 +99,12 @@ struct audit_proctitle { char *value; /* the cmdline field */ }; =20 +/* A timestamp/serial pair to identify an event */ +struct audit_stamp { + struct timespec64 ctime; /* time of syscall entry */ + unsigned int serial; /* serial number for record */ +}; + /* The per-task audit context. */ struct audit_context { int dummy; /* must be the first element */ @@ -108,10 +114,9 @@ struct audit_context { AUDIT_CTX_URING, /* in use by io_uring */ } context; enum audit_state state, current_state; - unsigned int serial; /* serial number for record */ + struct audit_stamp stamp; /* event identifier */ int major; /* syscall number */ int uring_op; /* uring operation */ - struct timespec64 ctime; /* time of syscall entry */ unsigned long argv[4]; /* syscall arguments */ long return_code;/* syscall return code */ u64 prio; @@ -263,7 +268,7 @@ extern void audit_put_tty(struct tty_struct *tty); extern unsigned int audit_serial(void); #ifdef CONFIG_AUDITSYSCALL extern int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial); + struct audit_stamp *stamp); =20 extern void audit_put_watch(struct audit_watch *watch); extern void audit_get_watch(struct audit_watch *watch); @@ -304,7 +309,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx); extern struct list_head *audit_killed_trees(void); #else /* CONFIG_AUDITSYSCALL */ -#define auditsc_get_stamp(c, t, s) 0 +#define auditsc_get_stamp(c, s) 0 #define audit_put_watch(w) do { } while (0) #define audit_get_watch(w) do { } while (0) #define audit_to_watch(k, p, l, o) (-EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index eb98cd6fe91f..aa6add4b9e30 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -994,10 +994,10 @@ static void audit_reset_context(struct audit_context = *ctx) */ =20 ctx->current_state =3D ctx->state; - ctx->serial =3D 0; + ctx->stamp.serial =3D 0; + ctx->stamp.ctime =3D (struct timespec64){ .tv_sec =3D 0, .tv_nsec =3D 0 }; ctx->major =3D 0; ctx->uring_op =3D 0; - ctx->ctime =3D (struct timespec64){ .tv_sec =3D 0, .tv_nsec =3D 0 }; memset(ctx->argv, 0, sizeof(ctx->argv)); ctx->return_code =3D 0; ctx->prio =3D (ctx->state =3D=3D AUDIT_STATE_RECORD ? ~0ULL : 0); @@ -1917,7 +1917,7 @@ void __audit_uring_entry(u8 op) =20 ctx->context =3D AUDIT_CTX_URING; ctx->current_state =3D ctx->state; - ktime_get_coarse_real_ts64(&ctx->ctime); + ktime_get_coarse_real_ts64(&ctx->stamp.ctime); } =20 /** @@ -2039,7 +2039,7 @@ void __audit_syscall_entry(int major, unsigned long a= 1, unsigned long a2, context->argv[3] =3D a4; context->context =3D AUDIT_CTX_SYSCALL; context->current_state =3D state; - ktime_get_coarse_real_ts64(&context->ctime); + ktime_get_coarse_real_ts64(&context->stamp.ctime); } =20 /** @@ -2508,21 +2508,17 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); /** * auditsc_get_stamp - get local copies of audit_context values * @ctx: audit_context for the task - * @t: timespec64 to store time recorded in the audit_context - * @serial: serial value that is recorded in the audit_context + * @stamp: timestamp to record * * Also sets the context as auditable. */ -int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) +int auditsc_get_stamp(struct audit_context *ctx, struct audit_stamp *stamp) { if (ctx->context =3D=3D AUDIT_CTX_UNUSED) return 0; - if (!ctx->serial) - ctx->serial =3D audit_serial(); - t->tv_sec =3D ctx->ctime.tv_sec; - t->tv_nsec =3D ctx->ctime.tv_nsec; - *serial =3D ctx->serial; + if (!ctx->stamp.serial) + ctx->stamp.serial =3D audit_serial(); + *stamp =3D ctx->stamp; if (!ctx->prio) { ctx->prio =3D 1; ctx->current_state =3D AUDIT_STATE_RECORD; --=20 2.50.1 From nobody Mon Sep 15 20:47:45 2025 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B84D23002B7 for ; Sat, 16 Aug 2025 17:29:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.186.211 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755365365; cv=none; b=rq/wWT5lyX/KQGFtBHxllUPeL4rTKpvQn6tMieJhEzk7+RPaWFAvWvW7P56ysbJ+IUiIgHNPCWBDkGU735nG+s5eVH7L0R5xr5Qrqb4/Pb33UdYHXY+jymFMJzWDp9Qf6f8Up2Rpagdvl+0A0tm2ecj/jgYkzYs1xHW/RxRdakE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755365365; c=relaxed/simple; bh=Frtc6a5si9sk7JXgwBC5CMsASJ/uAxfj6+oE6uSIpcg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bGaF4SpiuB/opV4L9qSOj/oDN65BlEiYZGtmmOgvO25KIzdDEorfMTSlwohfwIzAOmGDEv7Xmkyljhx3FtRMaDRy6A8DJB7vDuBgYgp6QypymhGVxrRXULYHaR+MUM249ismaNJezKtyW+ktf8QX6ZGbAL1mk6ZEVgWZJSNVZ2k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=qf914+37; arc=none smtp.client-ip=66.163.186.211 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="qf914+37" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1755365356; bh=rsmIdOvOK9h0F5/SyxdyCUE/lfvQbb2ukTNoXJ1AHuA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=qf914+37S42JllSkzyPpdCM4zxoiZ4E6DRBOfGf7m7qxj4TQpioAC3kmyYj5IJ/S1ts9J6+BuUQ3WQFrc6uAKPRi+OtzLmaiNyH3sznD0X3Em0YHmpOHYjgIgAcJGqmdSwwKkBIcpmjqhMW8dCym8yoNjp7HCv+Bm0f3eWy3b/ExsnGg3LIAu1AM/fZk9G670Dbdt3Rb0EDyTnkZmsqrqZMt2O2x4FpV/VEG/C3ke+kN343FUYF9ht5InPY4by2VVoS08GQ66tlj4KpjyFiFKHkrqc4ou0TZMNPZydE9Pzq7G3/nTG+2/lopnXf5vxSfdUlG3g7ca7bwiscQcdGOzA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1755365356; bh=4isJ5OjS0A8HRupYNn5rmrA6bL1YIJpJNjvzOYcg2Gq=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Fw3/5Q7Ip7tUnav3SdXfPNq6wDEmMu3q1Zd1NhTA3gJJsYaq3SaGZM42mZSoiRq9syQxoeLuPe6lppiIj+NJpH0fu8YusfWgCvTUqWQy16c9ereRhB5vsNdAVQwVLS8a2ZE3wEgHZam7lxY9RxFwtl5lFFuKAIE0SSizRjwoF0sZMsQZ92ic4zXPWNITwmtArBlm932pNSGIBHrns49qlb5oiWYKxBRYlA2Be/eOyM5X1IPjECZcAnyfedkyQ20hvjza1S8NzmnaJfrb0qA8CrZODP8waf85nlW0QTJY2B+iyWLt4N81CZL+17SoZl3s3eIZfcCVNsdBjktYgZ4Z8A== X-YMail-OSG: 2.07LVYVM1n7ORSYu8Jt.qQPf4D2pPIipTiot8s0LWIAYnmyf.byeDFl3usTQy5 BnbZuqge3bJxKm5d22VlxexDWC9qnNgjWILIb3Fxs1TuGSWTk9SGf8sc50ATWRK_EnNJxgacn4Hc yVQG7LzRMhqZsjtD9ktO1muUW62AUSMPdywz_obzKnzipz9_hKUjc7aPROrVTS4wJhzjyrK1HH45 kx6rFWLP_lpsfFBRexbKdKQ3jWg6m1BiSVCxo898UTb_m0kKU7RudazguNu_czeTTJ9MvVLdtZQa OtEN2R1a8MYuGS2bHtKM.KOPcJeaBjYjvoJePa5oRP13h0NHroR.O.IC2rulj.uPcFMHd9Z.A4mC B2eOGNqHNeLkTf_gRrszK9inrJ0wGaLFxDACYXbclnTabDtMfDpIAp3XZ6CDFIczVZE847ppPZG_ rBmZxY2hka_bXnHne_vXEsRxDU9VdINmrgdEtbUqQImII5nSo.44R7ZtlTXlfau4RdGsLk5sJtsx dWoRJsYxNgDdyHXEoeaKzOYs7ZVloWSGJvKd.yHBYZvTMwYreziF1p_jgm24aelI_Ag92Jyg7Wx9 3B4Y.9SF8XlADvcbROUT3yVnkv7mWRNf3w5ww.h3cxTL0kBw95jbjzG648b2rsgHjdNlsNUrEaCV 0uQvtRhcU5BYmYAJIhznnieU0LD5mnAYGczMphpghseY_F1Kz9kNeXR02u_CQcDUk6B.y4NnhT9z OFPdEwW3hyK5TbEZP5W_qhFLxj61WPFPUBD48Z.NkL6dldJb28uiLN6y1MEPs1EsnIlwVO5IeuQs A8NpMwc9aOeoGNvNIS_CfwDT.D1rToGvk9MWY6jWu5dV2goJDwp8kjdZ6X1W9PusVpJE8ZUIKzkz mRcT.JSiuYitDtVHPdBV.KEp2K4t9ds1DL3vt0OmAY_WpRdpI2kUYTip0u2_vE8ow6NVG3Aq3DYp 4nb8k5Dmf.no2e5tGr1lDGSymNS2jkIvsfcVSpNoGFyxKZPdolV1ec9Vgs_VxNRB_oFMNoKX.U7b cNgmPPp_QwKSpIaUsKeqdtflpxIwbIYrx9l9wo4egi_FjjjDFxTmdDRRPAr0G.MW8TjRI9EEqQTu ZPc_anA0iGw.NR3.THwnrI1WML8j5zJW3aVkVhdCi5CQxeICwAZMMF12mNNtBHOiONLFUPOj7.k1 1fTmZxOnXrp66mEdtbc_wddPH9yKS0C9tEHdHd3keD0Fgn0djKAp9z1lloYRqruRWBCBc.ONukWa VcXVnvfN9eWb0ADGc0uSgzmof7SSKMRdk4p.84SaOQ4_8wRWKjEkYvm_w.q9DCIS8SUHlFg.OAeg G9fxVTWvTR6Cenc6xe4F0uHUngWX6AsJLdCpN8xQ8voec2L1oBd6dT7fZZ1YP3WP2TKSh8fSAFfH _82RtbU72NCaY3ELG89bnrA9_nLKIp3x9XE7eVYR93YYN.J.zznIkt_5sf.myg.8J2QZ3zE1LAsQ mkw0GagvUbD7NvzCMVJs70IVsYHQTjYgL4x3hdFbLv2a4Fu6bqZ2dcWqbh8ttWvCYtqwEXMRDx_8 Ta.q8YETeZTMuuUSDAYS4NZuiowTZ9wsamiwZQdbe41WP6_pt5OYI_Lq8CH.tuCh.ozDqN2CW2qq 17GPNMW05IMP01BafDqMPw5BrxE9Fuerl3w_uGfiPpX9Exo2LMPxwDbQCcjzebb2gy6lGBx4DR.F 0BZZhb7pjE8zo5aRsaJYbjVzCwEJhjga3PmPAWm0r_TR7WP.hjCiLYsYPkuNbI7G4jIMJllCiCZn T4u8nezGxEuGup7iGj4RYEMoUIKINkLwHw.XEPrgPneVAPCWHJRMl9LVfypITT5ukBYdH_h5LsH_ 1_V9I4kgV88DDsb_2uWNN7sz26KsJl1VfLN6HgUbQZuwmWjV9aiKdGm3CUxezebF0j7A2o.CUd21 .6guAr1Xl3P.As03G4fu7nyd1i3zKqd7Fu9EMf3pGwAjisNbfqc8zUK407DmgBBIzZxnGKUXvUvZ dBcDPYcsPjQPrUC8of3_EqIlUvFp7qaUA3lBJhQzdTRyRPVnk2BcxJ5JlgrxVZwobNDyOH6w2gyv TjhtIzXHA5Eoi.6WzOuDrAjojyUbljOOMHF9gUN0Y6ZYvc5bjQQT14d2a7RPXekFe8ITdF.6T7xS cIeTD61ZU9BK.JVp.h0W24rCeoM8.9kALRCFAQNfEVfAiBG_.ZkiDpMk6LUxfXxvHODCBYu4golp 0VdH7wa0QsZ3TAGv0dpZdVa3mb4q7v2AOLULGx.FcFu.6elNHsHtq8ZmGUoNjwoGZtNtZLD98Wk_ aQs.acmd9H5RvDWZ1G82azvsgqnPDfZVA X-Sonic-MF: X-Sonic-ID: 8366eb74-baae-491f-b9f5-de8cbe0a6202 Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Sat, 16 Aug 2025 17:29:16 +0000 Received: by hermes--production-gq1-74d64bb7d7-45lk9 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID a7374b10bab8e01c99c92e4838c45fe8; Sat, 16 Aug 2025 17:29:13 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v6 2/4] LSM: security_lsmblob_to_secctx module selection Date: Sat, 16 Aug 2025 10:28:57 -0700 Message-ID: <20250816172859.6437-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250816172859.6437-1-casey@schaufler-ca.com> References: <20250816172859.6437-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a parameter lsmid to security_lsmblob_to_secctx() to identify which of the security modules that may be active should provide the security context. If the value of lsmid is LSM_ID_UNDEF the first LSM providing a hook is used. security_secid_to_secctx() is unchanged, and will always report the first LSM providing a hook. Signed-off-by: Casey Schaufler --- include/linux/security.h | 6 ++++-- kernel/audit.c | 4 ++-- kernel/auditsc.c | 8 +++++--- net/netlabel/netlabel_user.c | 3 ++- security/security.c | 18 ++++++++++++++++-- 5 files changed, 29 insertions(+), 10 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 521bcb5b9717..6d1ed6e7387b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -567,7 +567,8 @@ int security_getprocattr(struct task_struct *p, int lsm= id, const char *name, int security_setprocattr(int lsmid, const char *name, void *value, size_t = size); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, struct lsm_context *cp); -int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *= cp); +int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *= cp, + int lsmid); int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); void security_release_secctx(struct lsm_context *cp); void security_inode_invalidate_secctx(struct inode *inode); @@ -1551,7 +1552,8 @@ static inline int security_secid_to_secctx(u32 secid,= struct lsm_context *cp) } =20 static inline int security_lsmprop_to_secctx(struct lsm_prop *prop, - struct lsm_context *cp) + struct lsm_context *cp, + int lsmid) { return -EOPNOTSUPP; } diff --git a/kernel/audit.c b/kernel/audit.c index 547967cb4266..226c8ae00d04 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1473,7 +1473,7 @@ static int audit_receive_msg(struct sk_buff *skb, str= uct nlmsghdr *nlh, case AUDIT_SIGNAL_INFO: if (lsmprop_is_set(&audit_sig_lsm)) { err =3D security_lsmprop_to_secctx(&audit_sig_lsm, - &lsmctx); + &lsmctx, LSM_ID_UNDEF); if (err < 0) return err; } @@ -2188,7 +2188,7 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmprop_is_set(&prop)) return 0; =20 - error =3D security_lsmprop_to_secctx(&prop, &ctx); + error =3D security_lsmprop_to_secctx(&prop, &ctx, LSM_ID_UNDEF); if (error < 0) { if (error !=3D -EINVAL) goto error_path; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index aa6add4b9e30..03f33da8d02e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1109,7 +1109,7 @@ static int audit_log_pid_context(struct audit_context= *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmprop_is_set(prop)) { - if (security_lsmprop_to_secctx(prop, &ctx) < 0) { + if (security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF) < 0) { audit_log_format(ab, " obj=3D(none)"); rc =3D 1; } else { @@ -1395,7 +1395,8 @@ static void show_special(struct audit_context *contex= t, int *call_panic) struct lsm_context lsmctx; =20 if (security_lsmprop_to_secctx(&context->ipc.oprop, - &lsmctx) < 0) { + &lsmctx, + LSM_ID_UNDEF) < 0) { *call_panic =3D 1; } else { audit_log_format(ab, " obj=3D%s", lsmctx.context); @@ -1560,7 +1561,8 @@ static void audit_log_name(struct audit_context *cont= ext, struct audit_names *n, if (lsmprop_is_set(&n->oprop)) { struct lsm_context ctx; =20 - if (security_lsmprop_to_secctx(&n->oprop, &ctx) < 0) { + if (security_lsmprop_to_secctx(&n->oprop, &ctx, + LSM_ID_UNDEF) < 0) { if (call_panic) *call_panic =3D 2; } else { diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 0d04d23aafe7..6d6545297ee3 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -98,7 +98,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, audit_info->sessionid); =20 if (lsmprop_is_set(&audit_info->prop) && - security_lsmprop_to_secctx(&audit_info->prop, &ctx) > 0) { + security_lsmprop_to_secctx(&audit_info->prop, &ctx, + LSM_ID_UNDEF) > 0) { audit_log_format(audit_buf, " subj=3D%s", ctx.context); security_release_secctx(&ctx); } diff --git a/security/security.c b/security/security.c index ad163f06bf7a..dd588f548a2b 100644 --- a/security/security.c +++ b/security/security.c @@ -4342,17 +4342,31 @@ EXPORT_SYMBOL(security_secid_to_secctx); * security_lsmprop_to_secctx() - Convert a lsm_prop to a secctx * @prop: lsm specific information * @cp: the LSM context + * @lsmid: which security module to report * * Convert a @prop entry to security context. If @cp is NULL the * length of the result will be returned. This does mean that the * length could change between calls to check the length and the * next call which actually allocates and returns the @cp. * + * @lsmid identifies which LSM should supply the context. + * A value of LSM_ID_UNDEF indicates that the first LSM suppling + * the hook should be used. This is used in cases where the + * ID of the supplying LSM is unambiguous. + * * Return: Return length of data on success, error on failure. */ -int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *= cp) +int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *= cp, + int lsmid) { - return call_int_hook(lsmprop_to_secctx, prop, cp); + struct lsm_static_call *scall; + + lsm_for_each_hook(scall, lsmprop_to_secctx) { + if (lsmid !=3D LSM_ID_UNDEF && lsmid !=3D scall->hl->lsmid->id) + continue; + return scall->hl->hook.lsmprop_to_secctx(prop, cp); + } + return LSM_RET_DEFAULT(lsmprop_to_secctx); } EXPORT_SYMBOL(security_lsmprop_to_secctx); =20 --=20 2.50.1 From nobody Mon Sep 15 20:47:45 2025 Received: from sonic310-30.consmr.mail.ne1.yahoo.com (sonic310-30.consmr.mail.ne1.yahoo.com [66.163.186.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B834E2FFDFA for ; Sat, 16 Aug 2025 17:29:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.186.211 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755365367; cv=none; b=J80ZO0xhI/YVnvCsCF+dPBT02qWj7NFHWScnUwfKi5RGOhjEDx2qh/cUZ5boql5OVqi/+pMPFrp+//bZnfB0+OHc3HecXtfKI8OtSDlfoehEupbG24ZS/ZlE24TzA9BjKKWVX9idXpVfcRR6TKUl+n1MfZIh3WLd0Am2EMMXsHU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755365367; c=relaxed/simple; bh=opmLbSEBotBvI1yuKRKT9WejLKBo0eNa0QroIBsDs5Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZLmNqm60reu8HQyhQzvdIgjFzwlipUQ4WQPRcpNLLlOFosV6KQ9Lfv1EdNUNfOly9tRDY6mei2cpyQtPupUuJTYqLT689M/v9KO+jZ6N4BLI2LhszR/aIXg7yew9K7GFoIljnU/d69dkKVjX60WIKOS8HZdjqDNIFXaL6KRcRgI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=fibusT7f; arc=none smtp.client-ip=66.163.186.211 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="fibusT7f" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1755365356; bh=tORoYsfNrRhhb2GqJbE8RmU2+8hj92sgtnIUvWxQHy0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=fibusT7fkPD/yg1cJlIsd2Fj1JQZ6Oo9Bn54Zo7T/6VhOel8UXoYGSj5rxxVHgvrQns+EnkpSD34naHNGbRq78EqbLYVagNbm8TwuBxjBI1W+07V/ETZ/c8TGmsVFbK9zLIzI1VQuHm8z/Z107r+E03N3ev325o9qMw2PujM3B3ZdUrH+Y8Nb00w7Hm2a3kUIq9jnZXiTK9eiMJkWhJVuSIQnF1p/RBSIYwlNuUZWw8iM16w5pwWFnln7uhrAg2DWN6AEcCVthc5l/dYcxUkL/gYq1K4nHu3aSHuXqxKblbxuKHyvrlzH1wn2YQCQR3NC/6FC7ymKiltfahwbLjZmw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1755365356; bh=dJK++GnwYrPan1iiyMRqTFmjSA+xMbTyUW4OSmVEj48=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=m3htZUxezKD/bGfV/5mjc9yhnoNCrPEi/YexgbYSnKUGrq+LphrF0ylPOuZdlLZPYfZA8QJwK3Q94l014CLGMlW6L3K15CBHb0vFSHEPsSZv5bWV4QCp1J1nkgvPy4bjLOrrcCgMYdok0xORFUbO00HRR6Y8mCQB0zxZgLxYscY04eYJCi4x5AhU961NJZq9TcI1ULeF1QVpC2m1tewRxlfb0tSeeiBUqpJAxl3aclJBwbGKD5rU4sPZN/BCipFmm3IbNMhFbOsnvcnm3BjGJ2BbKr+DvnQue31zHUntaQFAJCgDru+KsFCzLvmuepDiuEzV7iXMbEyTbyRxI7bzbQ== X-YMail-OSG: byN0QNsVM1muBYYTHteLcN8zhY6e2xjerD2imS1okPnC41pDWfMBtfp0gWxKsV0 CB6J4iLsIGKW9VFMJpylIviBN.4lA0b1zMDz6Zi5sjFXXm7BNG7637s_jeGLqq3j9S5VlE3saDvv C8ix6yDvPuM8Kdvn538YsZHdPWS5omgcp1Y.92xC9uYhSemOL5ymWdvR5HEQCd1D5aA7bkCVtbB2 bgpx83Z86IfdZP4SNXv2fpDhTlhuHLNOfqHlMoB8gYxH8JJKqRSYcgnhpSmzGStuFiHIDK7ePxQf S9LT4O1yMWphE2Nddjw85XkziilRQzv_paf9QLpIgFFev3gbyshoFqBYfKFLA3slo2QM2Babd4yo 00Mg38C6OErHPv_DsO_f0xXzmX6n7SkFHkRzyzh2Pmlp59OgjdtUdZhtouWB68nxxZERRepUJ.MR S4N5oIHNQKJUXrgNKcpBPgAbjrN3RadizXpGRQ1Zo_vwMdlvwutUdoXZQ478SptdQlyRKyyqlM.L 7FMGG5D3AYHr6w_peXnxXQTKYqTO3Sh.bAivACbxh3Dc9n5DRbTUHz9ZyI5SCdCiY6Xd40j5QDTF Nx8Op0lEHCYWYZPOkbaCAYhkp5GkEsVPjdZ1PiaYURIntjjrRMDy3IxRtXbNcT1QXmG3glbVjup_ pC4Z1XFGQoWBe8XNkf4wYqQQVLApAEPIOjdXwO8t1HRRSrqM9iPfZWnghKCMPWFVLDVQO0qJGMi_ bXP9VXyjYP1qGLh98XOzfWvpWu3U4B0Z1_SlDFK8ksrE5BC6th29gw1GekebAXjXCgzZEeBB5W.M 1byJLP_idwLSgbj3ZouG0KJPs4OAhFeo9JndjSpLu.AMGDDr_hOd8udunnDM5kSPpb53KTissd5s JhDetNrukq_6rjL.rJ1gQOYXZjK0ws6lUyuxkfL1dSLAEtVujB5wH0s6BF7_5uvRE.sQTk5ArBP. AmxIjc9pZUeI33LURBLVm7Q4QvFSLDqyBx1Mk5eYFyLrFz9wRdtckFuwRIBsYWfcspzwqD0pJ0R8 3LbOMp3_.qxnITmqFm2zwLA4BNilA.p5_IiPLco4zYVlGBmVmTyjSD5vB.zf6rE6srAxgXlLQ1YK EQ9MPfhNL9PCoN9d0csbQmtLsiJsvyxhJ8CfVGUhRx2_PSWN2QTY8YOwm0vbst8IZDqIQwVDkFLX eOiG6YlQlJxEFJ9YIXII.NnEOfq4EGl7Y.JLGmgc1w6m4W992vJrZFhQ9tmxFKluY0Qa4iWAEBJV qW_SML7d2SrQZ9jSEmuylkmVW8FiGJn0oXyfmiXdIP8WFwvgJeg_Bh94hB1mstUcLsd7F8NS0LaF fC.sHM12Lnb3xwPK8yXuDbF1nDWaU.HCx92zF7OaRKMgy39CN0QmwRr5FETzzsl3L_GR4c3PkkFP LnuUKz4HBsnSZV5p.RHvKj9oOrIBBTn9Auk4GyV6C7yRvBnMEc5VgiW1.7VhW0huY5maJ_1igBnX 5tcMSNMvLCZ2O3Oo9CeZ6vwbyq5OuWut6x.KqVUhIcyEpGuoOefoiUCLBU_GBLdT4M7bDpErdZaM OvnUY8mMD4vm7a7jrTIB6wGDxtsW3.xl5YPM2p2SF_pTgxFu7cQtH9eRghQO2DBa..vxF35PTMW1 LGfYGWP7qFUl1I1xeb1syrao_TtG9ZcDx7UoGVl6eu0zLAvuGrJK1H4Z6WiRz8jPsqQ9oYURgcWF 9iSFvTy0ddNv0Mm83_O1xwFqe3wQJmTCu3ybSsLzejXp.RrppLYaKqE3O8MxN2Q7hqAYrVnmHJev jd3VcxvMVhVw2IoRuut3NJLuqh5oalwavBzZDpKM8PhPLidqjF0QUjSn2.qgZfIvh1NJbyzvD0YT 7Lc75hriAX_syNETIDPrwu3xYXgw26ts92NgESpzsff96kn5RHrhZ1ARKk7uN.YmSjNLB_XwrmY3 F4Y0S2iS8kVhGfUrsVRypIzK0lZ2uu4axyyzD6_UzmDvfw_BVbPpAmH6P0HPa5ki9iVlk_Yx.._J BiU.XxAeMtygZ7yq3JyU4pAHkqeYludZWqqoOz6So9WFcVf7fHDSOwfCqEkKeb7NAoia1YFfwN2R O8PShWF_pOw0XN.WzSYeDicnCGbhn9nEbgwVzX4PzIvUaXo4R_RaVmr.Qvxo5H5DaFU9zC1TDUbO 5jXgIYmtE3N4w85MRWokM5O.FXEDsVN34IqSrO8NLvsie58BUMus_JbvdPNYI_NYhrPlaC9sfDcb A04WqssvAsvJENRQ6QkfKPh.07fUqXXR149VUth_I4TpKFU4mI5c1s5frIfmG5khrHDgo_j7ndIs CiAv.CubjdNtUmok63VKz8ZEw8qgimTvqlw-- X-Sonic-MF: X-Sonic-ID: 9bba87de-012f-4754-9bce-3e24872a0a32 Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Sat, 16 Aug 2025 17:29:16 +0000 Received: by hermes--production-gq1-74d64bb7d7-45lk9 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID a7374b10bab8e01c99c92e4838c45fe8; Sat, 16 Aug 2025 17:29:15 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v6 3/4] Audit: Add record for multiple task security contexts Date: Sat, 16 Aug 2025 10:28:58 -0700 Message-ID: <20250816172859.6437-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250816172859.6437-1-casey@schaufler-ca.com> References: <20250816172859.6437-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace the single skb pointer in an audit_buffer with a list of skb pointers. Add the audit_stamp information to the audit_buffer as there's no guarantee that there will be an audit_context containing the stamp associated with the event. At audit_log_end() time create auxiliary records as have been added to the list. Functions are created to manage the skb list in the audit_buffer. Create a new audit record AUDIT_MAC_TASK_CONTEXTS. An example of the MAC_TASK_CONTEXTS record is: type=3DMAC_TASK_CONTEXTS msg=3Daudit(1600880931.832:113) subj_apparmor=3Dunconfined subj_smack=3D_ When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record the "subj=3D" field in other records in the event will be "subj=3D?". An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on a subject security context. Refactor audit_log_task_context(), creating a new audit_log_subj_ctx(). This is used in netlabel auditing to provide multiple subject security contexts as necessary. Suggested-by: Paul Moore Signed-off-by: Casey Schaufler --- include/linux/audit.h | 16 +++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 208 +++++++++++++++++++++++++++++------ net/netlabel/netlabel_user.c | 9 +- security/apparmor/lsm.c | 3 + security/selinux/hooks.c | 3 + security/smack/smack_lsm.c | 3 + 7 files changed, 202 insertions(+), 41 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index a394614ccd0b..38e5edffe371 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -37,6 +37,8 @@ struct audit_watch; struct audit_tree; struct sk_buff; struct kern_ipc_perm; +struct lsm_id; +struct lsm_prop; =20 struct audit_krule { u32 pflags; @@ -147,6 +149,9 @@ extern unsigned compat_signal_class[]; #define AUDIT_TTY_ENABLE BIT(0) #define AUDIT_TTY_LOG_PASSWD BIT(1) =20 +/* bit values for audit_cfg_lsm */ +#define AUDIT_CFG_LSM_SECCTX_SUBJECT BIT(0) + struct filename; =20 #define AUDIT_OFF 0 @@ -185,6 +190,7 @@ extern void audit_log_path_denied(int type, const char *operation); extern void audit_log_lost(const char *message); =20 +extern int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *pr= op); extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); =20 @@ -210,6 +216,8 @@ extern u32 audit_enabled; =20 extern int audit_signal_info(int sig, struct task_struct *t); =20 +extern void audit_cfg_lsm(const struct lsm_id *lsmid, int flags); + #else /* CONFIG_AUDIT */ static inline __printf(4, 5) void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, @@ -245,6 +253,11 @@ static inline void audit_log_key(struct audit_buffer *= ab, char *key) { } static inline void audit_log_path_denied(int type, const char *operation) { } +static inline int audit_log_subj_ctx(struct audit_buffer *ab, + struct lsm_prop *prop) +{ + return 0; +} static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; @@ -269,6 +282,9 @@ static inline int audit_signal_info(int sig, struct tas= k_struct *t) return 0; } =20 +static inline void audit_cfg_lsm(const struct lsm_id *lsmid, int flags) +{ } + #endif /* CONFIG_AUDIT */ =20 #ifdef CONFIG_AUDIT_COMPAT_GENERIC diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 9a4ecc9f6dc5..8cad2f307719 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -148,6 +148,7 @@ #define AUDIT_IPE_POLICY_LOAD 1422 /* IPE policy load */ #define AUDIT_LANDLOCK_ACCESS 1423 /* Landlock denial */ #define AUDIT_LANDLOCK_DOMAIN 1424 /* Landlock domain status */ +#define AUDIT_MAC_TASK_CONTEXTS 1425 /* Multiple LSM task contexts */ =20 #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 226c8ae00d04..c924b30f2524 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -54,6 +54,7 @@ #include #include #include +#include #include #include #include @@ -81,6 +82,11 @@ static u32 audit_failure =3D AUDIT_FAIL_PRINTK; /* private audit network namespace index */ static unsigned int audit_net_id; =20 +/* Number of modules that provide a security context. + List of lsms that provide a security context */ +static u32 audit_subj_secctx_cnt; +static const struct lsm_id *audit_subj_lsms[MAX_LSM_COUNT]; + /** * struct audit_net - audit private network namespace data * @sk: communication socket @@ -195,8 +201,10 @@ static struct audit_ctl_mutex { * to place it on a transmit queue. Multiple audit_buffers can be in * use simultaneously. */ struct audit_buffer { - struct sk_buff *skb; /* formatted skb ready to send */ + struct sk_buff *skb; /* the skb for audit_log functions */ + struct sk_buff_head skb_list; /* formatted skbs, ready to send */ struct audit_context *ctx; /* NULL or associated context */ + struct audit_stamp stamp; /* audit stamp for these records */ gfp_t gfp_mask; }; =20 @@ -278,6 +286,27 @@ static pid_t auditd_pid_vnr(void) return pid; } =20 +/** + * audit_cfg_lsm - Identify a security module as providing a secctx. + * @lsmid: LSM identity + * @flags: which contexts are provided + * + * Description: + * Increments the count of the security modules providing a secctx. + * If the LSM id is already in the list leave it alone. + */ +void audit_cfg_lsm(const struct lsm_id *lsmid, int flags) +{ + int i; + + if (flags & AUDIT_CFG_LSM_SECCTX_SUBJECT) { + for (i =3D 0 ; i < audit_subj_secctx_cnt; i++) + if (audit_subj_lsms[i] =3D=3D lsmid) + return; + audit_subj_lsms[audit_subj_secctx_cnt++] =3D lsmid; + } +} + /** * audit_get_sk - Return the audit socket for the given network namespace * @net: the destination network namespace @@ -1776,10 +1805,13 @@ __setup("audit_backlog_limit=3D", audit_backlog_lim= it_set); =20 static void audit_buffer_free(struct audit_buffer *ab) { + struct sk_buff *skb; + if (!ab) return; =20 - kfree_skb(ab->skb); + while ((skb =3D skb_dequeue(&ab->skb_list))) + kfree_skb(skb); kmem_cache_free(audit_buffer_cache, ab); } =20 @@ -1795,6 +1827,10 @@ static struct audit_buffer *audit_buffer_alloc(struc= t audit_context *ctx, ab->skb =3D nlmsg_new(AUDIT_BUFSIZ, gfp_mask); if (!ab->skb) goto err; + + skb_queue_head_init(&ab->skb_list); + skb_queue_tail(&ab->skb_list, ab->skb); + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) goto err; =20 @@ -1860,7 +1896,6 @@ struct audit_buffer *audit_log_start(struct audit_con= text *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct audit_stamp stamp; =20 if (audit_initialized !=3D AUDIT_INITIALIZED) return NULL; @@ -1915,14 +1950,14 @@ struct audit_buffer *audit_log_start(struct audit_c= ontext *ctx, gfp_t gfp_mask, return NULL; } =20 - audit_get_stamp(ab->ctx, &stamp); + audit_get_stamp(ab->ctx, &ab->stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy =3D 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)stamp.ctime.tv_sec, - stamp.ctime.tv_nsec/1000000, - stamp.serial); + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); =20 return ab; } @@ -2178,31 +2213,128 @@ void audit_log_key(struct audit_buffer *ab, char *= key) audit_log_format(ab, "(null)"); } =20 -int audit_log_task_context(struct audit_buffer *ab) +/** + * audit_buffer_aux_new - Add an aux record buffer to the skb list + * @ab: audit_buffer + * @type: message type + * + * Aux records are allocated and added to the skb list of + * the "main" record. The ab->skb is reset to point to the + * aux record on its creation. When the aux record in complete + * ab->skb has to be reset to point to the "main" record. + * This allows the audit_log_ functions to be ignorant of + * which kind of record it is logging to. It also avoids adding + * special data for aux records. + * + * On success ab->skb will point to the new aux record. + * Returns 0 on success, -ENOMEM should allocation fail. + */ +static int audit_buffer_aux_new(struct audit_buffer *ab, int type) +{ + WARN_ON(ab->skb !=3D skb_peek(&ab->skb_list)); + + ab->skb =3D nlmsg_new(AUDIT_BUFSIZ, ab->gfp_mask); + if (!ab->skb) + goto err; + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) + goto err; + skb_queue_tail(&ab->skb_list, ab->skb); + + audit_log_format(ab, "audit(%llu.%03lu:%u): ", + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); + + return 0; + +err: + kfree_skb(ab->skb); + ab->skb =3D skb_peek(&ab->skb_list); + return -ENOMEM; +} + +/** + * audit_buffer_aux_end - Switch back to the "main" record from an aux rec= ord + * @ab: audit_buffer + * + * Restores the "main" audit record to ab->skb. + */ +static void audit_buffer_aux_end(struct audit_buffer *ab) +{ + ab->skb =3D skb_peek(&ab->skb_list); +} + +/** + * audit_log_subj_ctx - Add LSM subject information + * @ab: audit_buffer + * @prop: LSM subject properties. + * + * Add a subj=3D field and, if necessary, a AUDIT_MAC_TASK_CONTEXTS record. + */ +int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *prop) { - struct lsm_prop prop; struct lsm_context ctx; + char *space =3D ""; int error; + int i; =20 - security_current_getlsmprop_subj(&prop); - if (!lsmprop_is_set(&prop)) + security_current_getlsmprop_subj(prop); + if (!lsmprop_is_set(prop)) return 0; =20 - error =3D security_lsmprop_to_secctx(&prop, &ctx, LSM_ID_UNDEF); - if (error < 0) { - if (error !=3D -EINVAL) - goto error_path; + if (audit_subj_secctx_cnt < 2) { + error =3D security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF); + if (error < 0) { + if (error !=3D -EINVAL) + goto error_path; + return 0; + } + audit_log_format(ab, " subj=3D%s", ctx.context); + security_release_secctx(&ctx); return 0; } - - audit_log_format(ab, " subj=3D%s", ctx.context); - security_release_secctx(&ctx); + /* Multiple LSMs provide contexts. Include an aux record. */ + audit_log_format(ab, " subj=3D?"); + error =3D audit_buffer_aux_new(ab, AUDIT_MAC_TASK_CONTEXTS); + if (error) + goto error_path; + + for (i =3D 0; i < audit_subj_secctx_cnt; i++) { + error =3D security_lsmprop_to_secctx(prop, &ctx, + audit_subj_lsms[i]->id); + if (error < 0) { + /* + * Don't print anything. An LSM like BPF could + * claim to support contexts, but only do so under + * certain conditions. + */ + if (error =3D=3D -EOPNOTSUPP) + continue; + if (error !=3D -EINVAL) + audit_panic("error in audit_log_subj_ctx"); + } else { + audit_log_format(ab, "%ssubj_%s=3D%s", space, + audit_subj_lsms[i]->name, ctx.context); + space =3D " "; + security_release_secctx(&ctx); + } + } + audit_buffer_aux_end(ab); return 0; =20 error_path: - audit_panic("error in audit_log_task_context"); + audit_panic("error in audit_log_subj_ctx"); return error; } +EXPORT_SYMBOL(audit_log_subj_ctx); + +int audit_log_task_context(struct audit_buffer *ab) +{ + struct lsm_prop prop; + + security_current_getlsmprop_subj(&prop); + return audit_log_subj_ctx(ab, &prop); +} EXPORT_SYMBOL(audit_log_task_context); =20 void audit_log_d_path_exe(struct audit_buffer *ab, @@ -2411,6 +2543,26 @@ int audit_signal_info(int sig, struct task_struct *t) return audit_signal_info_syscall(t); } =20 +/** + * __audit_log_end - enqueue one audit record + * @skb: the buffer to send + */ +static void __audit_log_end(struct sk_buff *skb) +{ + struct nlmsghdr *nlh; + + if (audit_rate_check()) { + /* setup the netlink header, see the comments in + * kauditd_send_multicast_skb() for length quirks */ + nlh =3D nlmsg_hdr(skb); + nlh->nlmsg_len =3D skb->len - NLMSG_HDRLEN; + + /* queue the netlink packet */ + skb_queue_tail(&audit_queue, skb); + } else + audit_log_lost("rate limit exceeded"); +} + /** * audit_log_end - end one audit record * @ab: the audit_buffer @@ -2423,25 +2575,15 @@ int audit_signal_info(int sig, struct task_struct *= t) void audit_log_end(struct audit_buffer *ab) { struct sk_buff *skb; - struct nlmsghdr *nlh; =20 if (!ab) return; =20 - if (audit_rate_check()) { - skb =3D ab->skb; - ab->skb =3D NULL; + while ((skb =3D skb_dequeue(&ab->skb_list))) + __audit_log_end(skb); =20 - /* setup the netlink header, see the comments in - * kauditd_send_multicast_skb() for length quirks */ - nlh =3D nlmsg_hdr(skb); - nlh->nlmsg_len =3D skb->len - NLMSG_HDRLEN; - - /* queue the netlink packet and poke the kauditd thread */ - skb_queue_tail(&audit_queue, skb); - wake_up_interruptible(&kauditd_wait); - } else - audit_log_lost("rate limit exceeded"); + /* poke the kauditd thread */ + wake_up_interruptible(&kauditd_wait); =20 audit_buffer_free(ab); } diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 6d6545297ee3..0da652844dd6 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,7 +84,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; - struct lsm_context ctx; =20 if (audit_enabled =3D=3D AUDIT_OFF) return NULL; @@ -96,13 +95,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, audit_log_format(audit_buf, "netlabel: auid=3D%u ses=3D%u", from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); - - if (lsmprop_is_set(&audit_info->prop) && - security_lsmprop_to_secctx(&audit_info->prop, &ctx, - LSM_ID_UNDEF) > 0) { - audit_log_format(audit_buf, " subj=3D%s", ctx.context); - security_release_secctx(&ctx); - } + audit_log_subj_ctx(audit_buf, &audit_info->prop); =20 return audit_buf; } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8e1cc229b41b..220d1684b8d4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -2530,6 +2530,9 @@ static int __init apparmor_init(void) security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), &apparmor_lsmid); =20 + /* Inform the audit system that secctx is used */ + audit_cfg_lsm(&apparmor_lsmid, AUDIT_CFG_LSM_SECCTX_SUBJECT); + /* Report that AppArmor successfully initialized */ apparmor_initialized =3D 1; if (aa_g_profile_mode =3D=3D APPARMOR_COMPLAIN) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c95a5874bf7d..975b84b466b4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7618,6 +7618,9 @@ static __init int selinux_init(void) /* Set the security state for the initial task. */ cred_init_security(); =20 + /* Inform the audit system that secctx is used */ + audit_cfg_lsm(&selinux_lsmid, AUDIT_CFG_LSM_SECCTX_SUBJECT); + default_noexec =3D !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); if (!default_noexec) pr_notice("SELinux: virtual memory is executable by default\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index fc340a6f0dde..eaff9b8901a7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5267,6 +5267,9 @@ static __init int smack_init(void) /* initialize the smack_known_list */ init_smack_known_list(); =20 + /* Inform the audit system that secctx is used */ + audit_cfg_lsm(&smack_lsmid, AUDIT_CFG_LSM_SECCTX_SUBJECT); + return 0; } =20 --=20 2.50.1 From nobody Mon Sep 15 20:47:45 2025 Received: from sonic303-27.consmr.mail.ne1.yahoo.com (sonic303-27.consmr.mail.ne1.yahoo.com [66.163.188.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75FBD241CB7 for ; Sat, 16 Aug 2025 17:29:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.188.153 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755365362; cv=none; b=ivhSbJ2VE92ruoubi52id2jIDUstt2dCB8YJ9slWWtKk7Fk27oH4Bx082X+P0ZtQuplCbkkXskRPYmVzQHO4hBFQ/hiBnUeKCbN+OTO2ZXKWteRFnS6z5ZVDUfQLsrQd0Chmv/VjZs745jSVw12VZtQHeXKYHjtcIJQlRREAZRw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755365362; c=relaxed/simple; bh=C5P+tLu6cIIx04l3pyG49Gdcj/UPcdobRXMvl97foK8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZqvxqQQqP2NbpUhSnWlvyib8FfxWKYDBHgQ/cnrFkMAQreWIrm/vPpUNsxsZlcuOsKCBho7QOlTUk5UX4EAHf292NyjJj9Gf0g/hrxv24FBIlYn8dkjzKs8dpnTBi3HGC9BywxgBPFQ7U57wlkM0uxDTROacz8V/5lzEAwXXetE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=c82MDMh9; arc=none smtp.client-ip=66.163.188.153 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="c82MDMh9" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1755365359; bh=JAOFvb6OihN6QjGeRvcGY3pfNhXgR7xR7SOIfDOj5SU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=c82MDMh9U1iEQcGixMa2pw8Uh6DkOaeQfwn4gJ3MWZM5FKO1Xk46OwMygTUbiyIv9uHgmf8h777V67vVfLWsBB2vcnzvjuiADK5daEQ7iKCdo7yrspvUXgEEOAakH2y6K5MRwTI3SbsDnxU3YtTe76Z0dQsmwrVGvunum7k0KdpOQqHIY+5UP0FTyoRcneftcSd3tddOadiibSX2qw9TdSEwR7V4I4KnkFJuJRCNwo1xompVuWfEAk86tWMpR6E4505v3v5QMQcSSZb9Pgv3MKuUclszG5Vai1bk3wGdIrGi7T6rXVYbSfD3A2+xfbStz3trK+AyqONKcAeCp35+LQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1755365359; bh=x7A01OSF8thSw1kzZ+7ZvFXx3fx79+rCd+JIIlNfRxd=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=iR0nhhD7EpflxOoHf9uFPS5dpsz8y5Q2OaHlMu4AUHy0WMj0CIUWaOE3A9V4Vbht1BifXgryBd2upY50d1XpdiggBnodwv5Ey0VPInZ/UfwOFRulktFtS+w+S1qvUSV8IPBoHuCw0LARqo2eIEKeW+m/V6UHPDutEAqbG82wvwyPZSbgkhGjy8amvgUm+lU1suKggh9/2vFuBgb72afhWnqHCZ18MX2Q4Dsc9ip0JcCZJAVzAgfPnGcRlWySXGbE48P/LcM8kYp4aQadhDKO161IGviW5g3b9DM6cJm1IzGV0yrpj+aOxYJ/417hPfLwKg+ebQxKQ/lHWyqGGZKoGA== X-YMail-OSG: L1dGlt0VM1kA5LO8lqdppqbPUysR_yUMZQh1zOu3FFyS5m6OLtMEH3K0ETELUhD 4AaOt4.6BatNEx1KI5wyJX.xs3LkBeM23xHBl5spLSfnl6ppC3QJw2JPVWXVJjLNTsqgfoJFacVT izRsjWiRHm3IhjrcrjLCVH7GLJbP3LntvO1lunIepy48Irxmbsgu7GXtKtVVLi.RGm_o8ewnQgqq 3HcqOeokg36MVMeXUkYMNI8wL8jjko2wHKuMHTn3SyCeVIePGRcavETD0yVytGA.6nSqmwWLDC_K hQ2T2mMevlR1st1Bswto1C_U1FkeX.qi_dNgba9FRH9P6sL7YO0vnryA6TUncXooOvpmqT2s6kiQ GV6z2HITxnygfBrdpWJy4LtTWQvbeUIcKFriU8YRG3mcFY0F61L2FyYJ2FciYfdivNY2Tb0RUEUO 2Q0_R8vXA9EEr0bddeQH5_SGDjELVgY9aJpUGumgYpr9m09DfdRrR3u0_y7tPiwVlqsHndC61qY3 XQgV3xnft8v68L9JUPgpKD2qaqPfstbK5mzrI9NMZIdCcNum4jqwKt1WKOAo07kN656xWlDdpFRM _9juWQA4H7LtQSee.AyIVHvQKu75ZmM.lCkBK5OBGbPQfB3Nscsw2Bkei07OBYVe0HWVK41hWgKu na.8i07M.SzurJBvIj2ohltrPG6Fyek.ZoM8O6R4BjCRqlu64pTjlwOJdjYf1ztXXqWzZq8v.evo hCYaVWVPu.ApYiid3pGLOSLDsvyete5DENFs1dutLZlpfyoJRwQpLdoDNntnM9Rw97S2nsKGnLxk BAJpPbfI21qTUaA5Z.3SrPnkVn7Y7bBsfOcikaef9EDOsqRBj6yk7ZbjK61lJH7Nm0HAQlFaSQwD JDZNSq_xPqitv4HrkyRRRjandeMehTgg9IF7Q7W13_RnpAuAx7VaMmC2tRenDPP007G1p5GDNFhA 7tAU_9SxfoF9CksPkbV.LPqORqJAQjsn8N1KRwHLmCabwwQpZR.FQNhPUAoegKmy9KBfXlbd3tPa vqR11VXYnkt.yEUjzqxvoWM_7VHvVRdWKGw2UpmtjpLcv2E_5qLPrBBw3mjvT47vsoz16TsMj4_C b7aV3Y5HYjJZzVVrhNGezKHk2RrXcYJEh3sqbdXbMSK_vumjLglHQqfyrq1r8ILkdVehFzqfrHZd h.p_eR5nxjkMwmcuOo5ZAIZA4PwkQ33Pr9EOFnhLHp4zQN2W1DDRmCYA5ZxDqk60sC7eWhtNge7q FUGaAn2IJLbWrpqR56nxlSHd8pVGGxSQ762pl7dsgk8u60ASZjrtO18BJY3YzxT3DtsmSknCO6GL jVmsjxTm3myJn1yyECfsuK4XUxfbwCFqMRJ.KB6uf1vEMN5ldOwKn6fjd.bpG4iJW1XmGoWKKyKB 5Ot8iT2fXKKogqCF_GGOztZIrGWNdgL52ghJhAwu2y3qN5e840249J6Q1wZRXGM0o.VOAqjmPXYD STYMZPeFJRa4OO7h.1DedWUWHnphraFBegOLNimZPikb4JTT4TuF6FNgN5ko1Y9SVuFfLJXQxX3S SMhsxL_eYGCz2GGJzEUsQ4eu96o29gREwz2jlw66_VSdG5PFN6klwQwwhm506QHfyABpWHY.ZgQz 1eIRelhTaAKuLqZmRCM6OXHBwoeTGrMtcTvBCkM.W9gX04LvWsiO9u9qqCCOcKtYDvG9ThwT3Vvi BDJJyFk0FG_E49cdqLXGxBVsOZwcxMk_4lZOVMgOkaWw4yy1b5LNr5X0eOd3soy5Ug5VLBS7lY73 zYXLpGANOgKgtIOKh4I2H15K4qLFBw2EdSS4bsH4K7IAfqJcHCNazratZNJodZwtF1ZWkQ_1tS0k sPrsEWY1Bjo2nyqky6ebcSSaTQ24s2FNB99aefQkvzH3r1Kfw.Os1cmnMQ4I.qYaJ495ZXP7Fxbo 6cbtjKRXFZIktG_x_RHBlJ5ZhOPdldsSEiegMiVbBwvY3D4tupsvZErqdJJ9yp0oNanOej6aOV07 IHa2PgGjZcHoSmm879P1uggfLTjc0yN2wrRydwzJ6ogDFNeDH464DFsZV6K2piGbpmYOeyBnFXru uVwHJC5jWQpQexOPEDXjO8WqKO5wDz6plR.9bVDr.med9YzL8ALm9R9P8r43lSIGd.VK8W3J3yOq hjjMGRRgJ6BSldTEMiu3dnQAFWusD9fDnBsnJve.axK2lZ79LYR8aA8fwzh9ALdGOOH5SB.YAEgS wHuR67Ix85irdwgZ.uTVD.yYlmPVMWGT1IYQatd4LJB.YSCSXoPmOFugM2vQvcg4CnvEIOVyxDk0 1Q5jZp2QGFJJlP9hyCBk83HNrYIracTPqwg-- X-Sonic-MF: X-Sonic-ID: 9fb33337-403d-4094-8b68-8c0db04d233b Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Sat, 16 Aug 2025 17:29:19 +0000 Received: by hermes--production-gq1-74d64bb7d7-45lk9 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID a7374b10bab8e01c99c92e4838c45fe8; Sat, 16 Aug 2025 17:29:16 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org, audit@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v6 4/4] Audit: Add record for multiple object contexts Date: Sat, 16 Aug 2025 10:28:59 -0700 Message-ID: <20250816172859.6437-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250816172859.6437-1-casey@schaufler-ca.com> References: <20250816172859.6437-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Create a new audit record AUDIT_MAC_OBJ_CONTEXTS. An example of the MAC_OBJ_CONTEXTS record is: type=3DMAC_OBJ_CONTEXTS msg=3Daudit(1601152467.009:1050): obj_selinux=3Dunconfined_u:object_r:user_home_t:s0 When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record the "obj=3D" field in other records in the event will be "obj=3D?". An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on an object security context. Signed-off-by: Casey Schaufler --- include/linux/audit.h | 7 +++++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 58 +++++++++++++++++++++++++++++++++++++- kernel/auditsc.c | 38 +++++-------------------- security/selinux/hooks.c | 4 ++- security/smack/smack_lsm.c | 4 ++- 6 files changed, 78 insertions(+), 34 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 38e5edffe371..150d34716f85 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -151,6 +151,7 @@ extern unsigned compat_signal_class[]; =20 /* bit values for audit_cfg_lsm */ #define AUDIT_CFG_LSM_SECCTX_SUBJECT BIT(0) +#define AUDIT_CFG_LSM_SECCTX_OBJECT BIT(1) =20 struct filename; =20 @@ -191,6 +192,7 @@ extern void audit_log_path_denied(int type, extern void audit_log_lost(const char *message); =20 extern int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *pr= op); +extern int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *pro= p); extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); =20 @@ -258,6 +260,11 @@ static inline int audit_log_subj_ctx(struct audit_buff= er *ab, { return 0; } +static inline int audit_log_obj_ctx(struct audit_buffer *ab, + struct lsm_prop *prop) +{ + return 0; +} static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 8cad2f307719..14a1c1fe013a 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -149,6 +149,7 @@ #define AUDIT_LANDLOCK_ACCESS 1423 /* Landlock denial */ #define AUDIT_LANDLOCK_DOMAIN 1424 /* Landlock domain status */ #define AUDIT_MAC_TASK_CONTEXTS 1425 /* Multiple LSM task contexts */ +#define AUDIT_MAC_OBJ_CONTEXTS 1426 /* Multiple LSM objext contexts */ =20 #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index c924b30f2524..bd7474fd8d2c 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -85,7 +85,9 @@ static unsigned int audit_net_id; /* Number of modules that provide a security context. List of lsms that provide a security context */ static u32 audit_subj_secctx_cnt; +static u32 audit_obj_secctx_cnt; static const struct lsm_id *audit_subj_lsms[MAX_LSM_COUNT]; +static const struct lsm_id *audit_obj_lsms[MAX_LSM_COUNT]; =20 /** * struct audit_net - audit private network namespace data @@ -305,6 +307,12 @@ void audit_cfg_lsm(const struct lsm_id *lsmid, int fla= gs) return; audit_subj_lsms[audit_subj_secctx_cnt++] =3D lsmid; } + if (flags & AUDIT_CFG_LSM_SECCTX_OBJECT) { + for (i =3D 0 ; i < audit_obj_secctx_cnt; i++) + if (audit_obj_lsms[i] =3D=3D lsmid) + return; + audit_obj_lsms[audit_obj_secctx_cnt++] =3D lsmid; + } } =20 /** @@ -1142,7 +1150,6 @@ static int is_audit_feature_set(int i) return af.features & AUDIT_FEATURE_TO_MASK(i); } =20 - static int audit_get_feature(struct sk_buff *skb) { u32 seq; @@ -2337,6 +2344,55 @@ int audit_log_task_context(struct audit_buffer *ab) } EXPORT_SYMBOL(audit_log_task_context); =20 +int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *prop) +{ + int i; + int rc; + int error =3D 0; + char *space =3D ""; + struct lsm_context ctx; + + if (audit_obj_secctx_cnt < 2) { + error =3D security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF); + if (error < 0) { + if (error !=3D -EINVAL) + goto error_path; + return error; + } + audit_log_format(ab, " obj=3D%s", ctx.context); + security_release_secctx(&ctx); + return 0; + } + audit_log_format(ab, " obj=3D?"); + error =3D audit_buffer_aux_new(ab, AUDIT_MAC_OBJ_CONTEXTS); + if (error) + goto error_path; + + for (i =3D 0; i < audit_obj_secctx_cnt; i++) { + rc =3D security_lsmprop_to_secctx(prop, &ctx, + audit_obj_lsms[i]->id); + if (rc < 0) { + audit_log_format(ab, "%sobj_%s=3D?", space, + audit_obj_lsms[i]->name); + if (rc !=3D -EINVAL) + audit_panic("error in audit_log_obj_ctx"); + error =3D rc; + } else { + audit_log_format(ab, "%sobj_%s=3D%s", space, + audit_obj_lsms[i]->name, ctx.context); + security_release_secctx(&ctx); + } + space =3D " "; + } + + audit_buffer_aux_end(ab); + return error; + +error_path: + audit_panic("error in audit_log_obj_ctx"); + return error; +} + void audit_log_d_path_exe(struct audit_buffer *ab, struct mm_struct *mm) { diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 03f33da8d02e..006273c323dd 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1098,7 +1098,6 @@ static int audit_log_pid_context(struct audit_context= *context, pid_t pid, char *comm) { struct audit_buffer *ab; - struct lsm_context ctx; int rc =3D 0; =20 ab =3D audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1108,15 +1107,9 @@ static int audit_log_pid_context(struct audit_contex= t *context, pid_t pid, audit_log_format(ab, "opid=3D%d oauid=3D%d ouid=3D%d oses=3D%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (lsmprop_is_set(prop)) { - if (security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF) < 0) { - audit_log_format(ab, " obj=3D(none)"); - rc =3D 1; - } else { - audit_log_format(ab, " obj=3D%s", ctx.context); - security_release_secctx(&ctx); - } - } + if (lsmprop_is_set(prop) && audit_log_obj_ctx(ab, prop)) + rc =3D 1; + audit_log_format(ab, " ocomm=3D"); audit_log_untrustedstring(ab, comm); audit_log_end(ab); @@ -1392,16 +1385,8 @@ static void show_special(struct audit_context *conte= xt, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (lsmprop_is_set(&context->ipc.oprop)) { - struct lsm_context lsmctx; - - if (security_lsmprop_to_secctx(&context->ipc.oprop, - &lsmctx, - LSM_ID_UNDEF) < 0) { + if (audit_log_obj_ctx(ab, &context->ipc.oprop)) *call_panic =3D 1; - } else { - audit_log_format(ab, " obj=3D%s", lsmctx.context); - security_release_secctx(&lsmctx); - } } if (context->ipc.has_perm) { audit_log_end(ab); @@ -1558,18 +1543,9 @@ static void audit_log_name(struct audit_context *con= text, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (lsmprop_is_set(&n->oprop)) { - struct lsm_context ctx; - - if (security_lsmprop_to_secctx(&n->oprop, &ctx, - LSM_ID_UNDEF) < 0) { - if (call_panic) - *call_panic =3D 2; - } else { - audit_log_format(ab, " obj=3D%s", ctx.context); - security_release_secctx(&ctx); - } - } + if (lsmprop_is_set(&n->oprop) && + audit_log_obj_ctx(ab, &n->oprop)) + *call_panic =3D 2; =20 /* log the audit_names record type */ switch (n->type) { diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 975b84b466b4..3999f58a1842 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7619,7 +7619,9 @@ static __init int selinux_init(void) cred_init_security(); =20 /* Inform the audit system that secctx is used */ - audit_cfg_lsm(&selinux_lsmid, AUDIT_CFG_LSM_SECCTX_SUBJECT); + audit_cfg_lsm(&selinux_lsmid, + AUDIT_CFG_LSM_SECCTX_SUBJECT | + AUDIT_CFG_LSM_SECCTX_OBJECT); =20 default_noexec =3D !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); if (!default_noexec) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index eaff9b8901a7..fdf2f193a291 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5268,7 +5268,9 @@ static __init int smack_init(void) init_smack_known_list(); =20 /* Inform the audit system that secctx is used */ - audit_cfg_lsm(&smack_lsmid, AUDIT_CFG_LSM_SECCTX_SUBJECT); + audit_cfg_lsm(&smack_lsmid, + AUDIT_CFG_LSM_SECCTX_SUBJECT | + AUDIT_CFG_LSM_SECCTX_OBJECT); =20 return 0; } --=20 2.50.1