--- v38
+++ v31
@@ -1,92 +1,94 @@
-Provide interfaces to map LSM slot numbers and LSM names.
-Update the LSM registration code to save this information.
+There may be more than one LSM that provides IPC data
+for auditing. Change security_ipc_getsecid() to fill in
+a lsmblob structure instead of the u32 secid. The
+audit data structure containing the secid will be updated
+later, so there is a bit of scaffolding here.
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: John Johansen <john.johansen@canonical.com>
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
-Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
+Cc: linux-audit@redhat.com
---
- include/linux/security.h | 4 ++++
- security/security.c | 45 ++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 49 insertions(+)
+ include/linux/security.h | 7 ++++---
+ kernel/auditsc.c | 7 ++++++-
+ security/security.c | 12 +++++++++---
+ 3 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
-index c1f8b33e7c27..0f0fb2077f41 100644
+index 669eff47737a..a0b9bf48a60d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
-@@ -214,6 +214,10 @@ static inline bool lsmblob_equal(const struct lsmblob *bloba,
- return !memcmp(bloba, blobb, sizeof(*bloba));
+@@ -521,7 +521,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
+ unsigned long arg4, unsigned long arg5);
+ void security_task_to_inode(struct task_struct *p, struct inode *inode);
+ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
+-void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
++void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob);
+ int security_msg_msg_alloc(struct msg_msg *msg);
+ void security_msg_msg_free(struct msg_msg *msg);
+ int security_msg_queue_alloc(struct kern_ipc_perm *msq);
+@@ -1284,9 +1284,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
+ return 0;
}
-+/* Map lsm names to blob slot numbers */
-+extern int lsm_name_to_slot(char *name);
-+extern const char *lsm_slot_to_name(int slot);
-+
- /* These functions are in security/commoncap.c */
- extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
- int cap, unsigned int opts);
+-static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
++static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp,
++ struct lsmblob *blob)
+ {
+- *secid = 0;
++ lsmblob_init(blob, 0);
+ }
+
+ static inline int security_msg_msg_alloc(struct msg_msg *msg)
+diff --git a/kernel/auditsc.c b/kernel/auditsc.c
+index b28e2cbcc92c..c469368818fd 100644
+--- a/kernel/auditsc.c
++++ b/kernel/auditsc.c
+@@ -2601,12 +2601,17 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
+ void __audit_ipc_obj(struct kern_ipc_perm *ipcp)
+ {
+ struct audit_context *context = audit_context();
++ struct lsmblob blob;
+
+ context->ipc.uid = ipcp->uid;
+ context->ipc.gid = ipcp->gid;
+ context->ipc.mode = ipcp->mode;
+ context->ipc.has_perm = 0;
+- security_ipc_getsecid(ipcp, &context->ipc.osid);
++ security_ipc_getsecid(ipcp, &blob);
++ /* context->ipc.osid will be changed to a lsmblob later in
++ * the patch series. This will allow auditing of all the object
++ * labels associated with the ipc object. */
++ context->ipc.osid = lsmblob_value(&blob);
+ context->type = AUDIT_IPC;
+ }
+
diff --git a/security/security.c b/security/security.c
-index b837500cb3dc..2c197c25746c 100644
+index a0612afefc24..f8b5e2fa37a0 100644
--- a/security/security.c
+++ b/security/security.c
-@@ -486,6 +486,50 @@ static int lsm_append(const char *new, char **result)
- * Current index to use while initializing the lsmblob secid list.
- */
- static int lsm_slot __lsm_ro_after_init;
-+static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init;
+@@ -1996,10 +1996,16 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
+ return call_int_hook(ipc_permission, 0, ipcp, flag);
+ }
+
+-void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
++void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob)
+ {
+- *secid = 0;
+- call_void_hook(ipc_getsecid, ipcp, secid);
++ struct security_hook_list *hp;
+
-+/**
-+ * lsm_name_to_slot - Report the slot number for a security module
-+ * @name: name of the security module
-+ *
-+ * Look up the slot number for the named security module.
-+ * Returns the slot number or LSMBLOB_INVALID if @name is not
-+ * a registered security module name.
-+ */
-+int lsm_name_to_slot(char *name)
-+{
-+ int i;
-+
-+ for (i = 0; i < lsm_slot; i++)
-+ if (strcmp(lsm_slotlist[i]->lsm, name) == 0)
-+ return i;
-+
-+ return LSMBLOB_INVALID;
-+}
-+
-+/**
-+ * lsm_slot_to_name - Get the name of the security module in a slot
-+ * @slot: index into the interface LSM slot list.
-+ *
-+ * Provide the name of the security module associated with
-+ * a interface LSM slot.
-+ *
-+ * If @slot is LSMBLOB_INVALID return the value
-+ * for slot 0 if it has been set, otherwise NULL.
-+ *
-+ * Returns a pointer to the name string or NULL.
-+ */
-+const char *lsm_slot_to_name(int slot)
-+{
-+ if (slot == LSMBLOB_INVALID)
-+ slot = 0;
-+ else if (slot >= LSMBLOB_ENTRIES || slot < 0)
-+ return NULL;
-+
-+ if (lsm_slotlist[slot] == NULL)
-+ return NULL;
-+ return lsm_slotlist[slot]->lsm;
-+}
++ lsmblob_init(blob, 0);
++ hlist_for_each_entry(hp, &security_hook_heads.ipc_getsecid, list) {
++ if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
++ continue;
++ hp->hook.ipc_getsecid(ipcp, &blob->secid[hp->lsmid->slot]);
++ }
+ }
- /**
- * security_add_hooks - Add a modules hooks to the hook lists.
-@@ -517,6 +561,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
- if (lsmid->slot == LSMBLOB_NEEDED) {
- if (lsm_slot >= LSMBLOB_ENTRIES)
- panic("%s Too many LSMs registered.\n", __func__);
-+ lsm_slotlist[lsm_slot] = lsmid;
- lsmid->slot = lsm_slot++;
- init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm,
- lsmid->slot);
+ int security_msg_msg_alloc(struct msg_msg *msg)
--
-2.37.3
+2.31.1