Commit 05a344e5 authored Oct 09, 2024 by Casey Schaufler Committed by Paul Moore Oct 11, 2024

netlabel,smack: use lsm_prop for audit data



Replace the secid in the netlbl_audit structure with an lsm_prop.
Remove scaffolding that was required when the value was a secid.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: fix the subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>

parent 13d826e5

include/net/netlabel.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -97,7 +97,7 @@ struct calipso_doi;

		/* NetLabel audit information */
		struct netlbl_audit {
		u32 secid;
		struct lsm_prop prop;
		kuid_t loginuid;
		unsigned int sessionid;
		};

net/netlabel/netlabel_unlabeled.c

+1 −4

Original line number	Diff line number	Diff line
		@@ -1534,14 +1534,11 @@ int __init netlbl_unlabel_defconf(void)
		int ret_val;
		struct netlbl_dom_map *entry;
		struct netlbl_audit audit_info;
		struct lsm_prop prop;

		/* Only the kernel is allowed to call this function and the only time
		* it is called is at bootup before the audit subsystem is reporting
		* messages so don't worry to much about these values. */
		security_current_getlsmprop_subj(&prop);
		/* scaffolding */
		audit_info.secid = prop.scaffold.secid;
		security_current_getlsmprop_subj(&audit_info.prop);
		audit_info.loginuid = GLOBAL_ROOT_UID;
		audit_info.sessionid = 0;

net/netlabel/netlabel_user.c

+3 −4

Original line number	Diff line number	Diff line
		@@ -98,9 +98,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
		from_kuid(&init_user_ns, audit_info->loginuid),
		audit_info->sessionid);

		if (audit_info->secid != 0 &&
		security_secid_to_secctx(audit_info->secid,
		&secctx,
		if (lsmprop_is_set(&audit_info->prop) &&
		security_lsmprop_to_secctx(&audit_info->prop, &secctx,
		&secctx_len) == 0) {
		audit_log_format(audit_buf, " subj=%s", secctx);
		security_release_secctx(secctx, secctx_len);

net/netlabel/netlabel_user.h

+1 −5

Original line number	Diff line number	Diff line
		@@ -32,11 +32,7 @@
		*/
		static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)
		{
		struct lsm_prop prop;

		security_current_getlsmprop_subj(&prop);
		/* scaffolding */
		audit_info->secid = prop.scaffold.secid;
		security_current_getlsmprop_subj(&audit_info->prop);
		audit_info->loginuid = audit_get_loginuid(current);
		audit_info->sessionid = audit_get_sessionid(current);
		}

security/smack/smackfs.c

+1 −3

Original line number	Diff line number	Diff line
		@@ -182,11 +182,9 @@ static inline void smack_catset_bit(unsigned int cat, char *catsetp)
		*/
		static void smk_netlabel_audit_set(struct netlbl_audit *nap)
		{
		struct smack_known *skp = smk_of_current();

		nap->loginuid = audit_get_loginuid(current);
		nap->sessionid = audit_get_sessionid(current);
		nap->secid = skp->smk_secid;
		nap->prop.smack.skp = smk_of_current();
		}

		/*