tmakin/tegra-linux-noble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UBUNTU: SAUCE: apparmor4.0.0 [15/90]: LSM stacking v39: Netlabel: Use lsmblob for audit data

Browse Source 
BugLink: http://bugs.launchpad.net/bugs/2028253

Replace the secid in the netlbl_audit structure with an lsmblob.
Remove stacking scaffolding that was required when the value
was a secid.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
(cherry picked from commit b06ee4ffb12d53aa5de887623603b6b6534dd387
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
This commit is contained in:
Casey Schaufler
2023-08-16 08:14:41 -07:00
committed by Paolo Pisati
parent 3c8189548d
commit 75ce10a9ac
5 changed files with 7 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/net/netlabel.h
+1 -1
View File
@@ -97,7 +97,7 @@ struct calipso_doi;
/* NetLabel audit information */
struct netlbl_audit {
u32 secid;
struct lsmblob blob;
kuid_t loginuid;
unsigned int sessionid;
};
net/netlabel/netlabel_unlabeled.c
+1 -4
View File
@@ -1534,14 +1534,11 @@ int __init netlbl_unlabel_defconf(void)
int ret_val;
struct netlbl_dom_map *entry;
struct netlbl_audit audit_info;
struct lsmblob blob;
/* Only the kernel is allowed to call this function and the only time
* it is called is at bootup before the audit subsystem is reporting
* messages so don't worry to much about these values. */
security_current_getlsmblob_subj(&blob);
/* stacking scaffolding */
audit_info.secid = blob.scaffold.secid;
security_current_getlsmblob_subj(&audit_info.blob);
audit_info.loginuid = GLOBAL_ROOT_UID;
audit_info.sessionid = 0;
net/netlabel/netlabel_user.c
+3 -4
View File
@@ -98,10 +98,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
from_kuid(&init_user_ns, audit_info->loginuid),
audit_info->sessionid);
if (audit_info->secid != 0 &&
security_secid_to_secctx(audit_info->secid,
&secctx,
&secctx_len) == 0) {
if (lsmblob_is_set(&audit_info->blob) &&
security_lsmblob_to_secctx(&audit_info->blob, &secctx,
&secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
security_release_secctx(secctx, secctx_len);
}
net/netlabel/netlabel_user.h
+1 -5
View File
@@ -32,11 +32,7 @@
*/
static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)
{
struct lsmblob blob;
security_current_getlsmblob_subj(&blob);
/* stacking scaffolding */
audit_info->secid = blob.scaffold.secid;
security_current_getlsmblob_subj(&audit_info->blob);
audit_info->loginuid = audit_get_loginuid(current);
audit_info->sessionid = audit_get_sessionid(current);
}
security/smack/smackfs.c
+1 -3
View File
@@ -182,11 +182,9 @@ static inline void smack_catset_bit(unsigned int cat, char *catsetp)
*/
static void smk_netlabel_audit_set(struct netlbl_audit *nap)
{
struct smack_known *skp = smk_of_current();
nap->loginuid = audit_get_loginuid(current);
nap->sessionid = audit_get_sessionid(current);
nap->secid = skp->smk_secid;
nap->blob.smack.skp = smk_of_current();
}
/*