[RFC PATCH v1 1/7] lsm: Add audit_log_lsm_data() helper

From: Mickaël Salaün
Date: Thu Sep 21 2023 - 17:13:59 EST

Next message: Christian König: "Re: [PATCH drm-misc-next v4 4/8] drm/gpuvm: add common dma-resv per struct drm_gpuvm"
Previous message: Wolfram Sang: "[PATCH] i2c: mux: gpio: adhere to coding style"
In reply to: Mickaël Salaün: "[RFC PATCH v1 3/7] landlock: Log ruleset creation and release"
Next in thread: Mickaël Salaün: "[RFC PATCH v1 6/7] landlock: Log mount-related requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Extract code from common_dump_audit_data() into the audit_log_lsm_data()
helper. This helps reuse common LSM audit data while not abusing
AUDIT_AVC records because of the common_lsm_audit() helper.

Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxx>
---
include/linux/lsm_audit.h | 2 ++
security/lsm_audit.c | 26 +++++++++++++++++---------
2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index 97a8b21eb033..5f9a7ed0e7a5 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -122,6 +122,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
int ipv6_skb_to_auditdata(struct sk_buff *skb,
struct common_audit_data *ad, u8 *proto);

+void audit_log_lsm_data(struct audit_buffer *ab, struct common_audit_data *a);
+
void common_lsm_audit(struct common_audit_data *a,
void (*pre_audit)(struct audit_buffer *, void *),
void (*post_audit)(struct audit_buffer *, void *));
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 849e832719e2..58f9b8bde22a 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -189,16 +189,12 @@ static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
}

/**
- * dump_common_audit_data - helper to dump common audit data
+ * audit_log_lsm_data - helper to log common LSM audit data
* @ab : the audit buffer
* @a : common audit data
- *
*/
-static void dump_common_audit_data(struct audit_buffer *ab,
- struct common_audit_data *a)
+void audit_log_lsm_data(struct audit_buffer *ab, struct common_audit_data *a)
{
- char comm[sizeof(current->comm)];
-
/*
* To keep stack sizes in check force programmers to notice if they
* start making this union too large! See struct lsm_network_audit
@@ -206,9 +202,6 @@ static void dump_common_audit_data(struct audit_buffer *ab,
*/
BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);

- audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
- audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm)));
-
switch (a->type) {
case LSM_AUDIT_DATA_NONE:
return;
@@ -428,6 +421,21 @@ static void dump_common_audit_data(struct audit_buffer *ab,
} /* switch (a->type) */
}

+/**
+ * dump_common_audit_data - helper to dump common audit data
+ * @ab : the audit buffer
+ * @a : common audit data
+ */
+static void dump_common_audit_data(struct audit_buffer *ab,
+ struct common_audit_data *a)
+{
+ char comm[sizeof(current->comm)];
+
+ audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
+ audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm)));
+ audit_log_lsm_data(ab, a);
+}
+
/**
* common_lsm_audit - generic LSM auditing function
* @a: auxiliary audit data
--
2.42.0

Next message: Christian König: "Re: [PATCH drm-misc-next v4 4/8] drm/gpuvm: add common dma-resv per struct drm_gpuvm"
Previous message: Wolfram Sang: "[PATCH] i2c: mux: gpio: adhere to coding style"
In reply to: Mickaël Salaün: "[RFC PATCH v1 3/7] landlock: Log ruleset creation and release"
Next in thread: Mickaël Salaün: "[RFC PATCH v1 6/7] landlock: Log mount-related requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]