From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-audit-bounces@redhat.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id D3DC8CCA47B
	for <linux-audit@archiver.kernel.org>; Tue, 28 Jun 2022 01:15:36 +0000 (UTC)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-317-NBG8rEz1MXq3UrggbxI6-A-1; Mon, 27 Jun 2022 21:15:34 -0400
X-MC-Unique: NBG8rEz1MXq3UrggbxI6-A-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 293E11857F02;
	Tue, 28 Jun 2022 01:15:33 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 17ABB18EAE;
	Tue, 28 Jun 2022 01:15:33 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id DE166194704D;
	Tue, 28 Jun 2022 01:15:32 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id E7ADE1947054 for <linux-audit@listman.corp.redhat.com>;
 Tue, 28 Jun 2022 01:15:31 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id C9BE240CFD0A; Tue, 28 Jun 2022 01:15:31 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast10.extmail.prod.ext.rdu2.redhat.com [10.11.55.26])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id C59C740CFD05
 for <linux-audit@redhat.com>; Tue, 28 Jun 2022 01:15:31 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [205.139.110.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id AE3111C05AD1
 for <linux-audit@redhat.com>; Tue, 28 Jun 2022 01:15:31 +0000 (UTC)
Received: from sonic301-36.consmr.mail.ne1.yahoo.com
 (sonic301-36.consmr.mail.ne1.yahoo.com [66.163.184.205]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-546-IR3gb1IkN7Ow62HT5mqMFw-1; Mon, 27 Jun 2022 21:15:28 -0400
X-MC-Unique: IR3gb1IkN7Ow62HT5mqMFw-1
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1656378927; bh=Kee1lpu7boXS5ffDKR2+tNCzYCwaWd7jJTYwZGNShRk=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=HntXb+CieUBWx/urEkrDh6epQu9t1wOoSPR2+1+yPKo+qcszvCBa7JnVxDL+WkcbdG+emZR5D8zes1XuDteWHcXaaRH4xfhYT2jkwFz07XVA3ctLC0aH/aiORXdzJTS+MWQbRv7A/FE/7dzRFVyZCbdGieDBiJkFAT+oirvt1lRcHVS7gNcrq946M9OoQ4amQH9aQaSw3HPxWqUNI2e0yXs2sWC72h3398gd8rds/f6BG3fm98q8I4CctAbuCzTlAItzWEohwU3VjjfmSaYObDoCu49GMXqkIDzZ0l9ma2Gs5boYNWHJfeU8FVtlyicaLqUSnH5woPUhsOPo9BI53A==
X-YMail-OSG: 34I53hsVM1mRnO8GRdqLigtuy5woFJy5tVw6JMTqGphkuVEQ55mu.KFtTFPaTh5
 RKPC5LwJ2gbvphfQAIDVvuakvIaP7..YjtWB3Q9XMA2h0Ox6coKIfKFo0EYSDVKYFYxC.xtLMwUY
 P9b7DSc8OQLOz6jnhksAaEikR3McBOsOoLLaOX0Tlm8D.uLfdnh854li2L0BiNZpHFmCXkiS91T_
 O9dzDfxIJV2M1uOsFq8KH3.VTTDuRgyRy_d.xSkCLhxwcvcfVt9MwwQNNOQtdA3QP6t5kQ.mcQ4M
 kn2UqE76S4IStY7u_6Mf_5jfRBwqHaqK_54sTq6Gwvcb7ssNKzpxSbGI6CZ2JdkgrkZwBWG.h1H8
 nT0v._IkzwW94YoqVvCODxI6NDLKLmMJ8pwhsO4LnYOburhzI2xo3k0QeFqPvegmxwWQTwuZlHFV
 v6O.xY4qGUKjt73aSyNb1iaynzCfDse1h7ymEELKlLYOcDYCCjSimsx8cPJc8yTYUOk6h1VAlUkn
 kWLDibz7vqAg_oxtIKhzprLF1q7wJ7y798cDhyytnoRIoBSP8k42lFFkVi4KQRNiZi3MV2yULjjw
 nOtmBdmgqddLu1RSQ6IEuSy5EZhInYy5OLGgg6vhTcxIOGnW8oaoZXAoHsqkMCCGgGjCDTl7yilp
 ZeWLlaJdZMmgc_90aaItpSLKoZ1paNUasDSD9IWGLfkST2dU7yLp2rYQzdzkH6qgjLO3HSZ0O0Zw
 AfQFh_jslnjcc3nhinx8rU1mUantSIEBmPuD48iUM63lYxrWsawk0ZB8vVH3jyw5VO7HHCjR8BFT
 hUm.aSTrnkg6K8E84BJ_bb6Gfw11n3aF.QK8Gvvi1u.OsYnrFK4S9dRq7WFUdc51dUuDslqAzQgi
 zWeO9sRjDKcIzqSjcUw4VcXb_s_oEfV5uAbox2AqkrBC.WjDBPKzrHSHDelQm5L5KeWY62.n37Ml
 y3VKGXt24GOPE65L_rF5oE2m1KWWPw1CXyHpUiiS5cEEJgF6YolI3wUgsitGzJ.NjoQ3paP.rg2Q
 yV3JTIFfWcWUuSvj0shuxQV7I64xOEKRHNFaoZSqcXHHelKJykq6EKaaAbgxtqjI0V55B4H5zrKc
 h7B7eaA98q2cfTVlHHc7.LtaYYyvx1ixbOc7kIicfnEei133D.v2nGFp2gQfjap3P0U9Qv7lnFwo
 ybSluqv.oo0f3cRtxBhyKRJO3f3j622fOF.XGNuqOhY9I5U_oTm2UTC__FTzQ1NxyoIP_05amFNc
 _WLWPYwXm5MUg.yervr3meGhIGU0BhdqfgBZGqYjv2YcBkmv_Gj46aa7B.0ihiLvYjlSSypbMVih
 topODSSvKsBS3lvyHTNWLPykKmf3tiktbvSnC_DFtCUNQ2IKBAhWTnWczRa9mNYogKgDiCVuQzkB
 4Nfaq13R0MTDFxZSWvp2TC2x7Xds1.g1ioRXWLMDt5rmu_DMXKqjNFWixkqrH6LbjfTnjKuWHzEs
 KlCQV8g8V5AWn7SQWn4cGC_wx4hc.KzQDjsjkerL.0jzYmL4ddJVw9plcFQvOqdsIrbgonwtnSX0
 5ATSbyWMu9GtnzqQ_tBPK4HckDYtN6UmpjfuaAVztjWpuj.xWMJ.m3sETN_v1GWsDVfENqvHJkb6
 AAywc9bYUmsFPgkOyflO6dXSqAMV1yA48FfeLlK0pmMXPM0FiKYn17MThfsVXdjJjSWuWBbmvNv1
 u9CGEzGSaP0vYCAOWGhPnO57N.slHjG6CU6auiOscmie9t9BrxNLtoFkmVN5GV.rwtslQ2DXE.aH
 yOoRQyCc7EqP4oY6pytokhctUQwUk8mNHtedEuZDWB_iZOIqRJ5VshSZ.wUgDpkqv4C4U2SZjqlA
 3BPUp9elLO2sHh_lCzE2WVKREbuJN_krYMeb5U4GH.BExvslg66omlXN0.MgnqqEBxLKwSTrpin5
 bZpPnFax0zdqH71lR57ffDaJvX8gb3hn_Y9.hBCk9UVPsQAQ2L5DNBnxxIWqO6VLEcuSlDExpvDp
 IJA9my856Czp.HacpX3nnRWip5H5bQ98Dld1iyq3pJp33KX64R9AmxCGf8oMALnsXBa2HYkIjai2
 IqMDD15GkLMs5jqIO7eoFUZOy4L2AYwSBKY.8CyB1KN.a5s9BFtFgngMLxJEv4eLBt4g7nB4RWkJ
 zK_MPhSi5rachc6dUIiMmy382mmYlWnPECRt6yy0BxtZaVO1iIx0e8XlB8.cduJHFC2noDVYTMQh
 2LEwgsjhOzJFt5U_MAGXPqv8zVEadbQ5hdYmbRCg9AM.GXYi1SIZs_ZX3VVn6xZEMibys.DSIPLy
 pQ6J1EAhgvAOuAsXecMZ5SLe9L.0bk7cSq2tj4NYz4hXqg_sH
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:15:27 +0000
Received: by hermes--canary-production-gq1-677bd878b7-wc7mq (Yahoo Inc. Hermes
 SMTP Server) with ESMTPA ID 6ec536e7148195aee3798b7fdeda5831; 
 Tue, 28 Jun 2022 01:15:22 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
 linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Subject: [PATCH v37 30/33] netlabel: Use a struct lsmblob in audit data
Date: Mon, 27 Jun 2022 17:56:08 -0700
Message-Id: <20220628005611.13106-31-casey@schaufler-ca.com>
In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com>
References: <20220628005611.13106-1-casey@schaufler-ca.com>
MIME-Version: 1.0
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
X-BeenThere: linux-audit@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Linux Audit Discussion <linux-audit.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/linux-audit>,
 <mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/linux-audit/>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/linux-audit>,
 <mailto:linux-audit-request@redhat.com?subject=subscribe>
Cc: john.johansen@canonical.com, linux-kernel@vger.kernel.org,
 linux-audit@redhat.com
Errors-To: linux-audit-bounces@redhat.com
Sender: "Linux-audit" <linux-audit-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Remove scaffolding in netlabel audit by keeping subject
lsm information in an lsmblob structure instead of a secid.

Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/net/netlabel.h            | 2 +-
 net/netlabel/netlabel_unlabeled.c | 4 +---
 net/netlabel/netlabel_user.c      | 4 +---
 net/netlabel/netlabel_user.h      | 6 +-----
 security/smack/smackfs.c          | 2 +-
 5 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 73fc25b4042b..d9aaa264e29c 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -97,7 +97,7 @@ struct calipso_doi;
 
 /* NetLabel audit information */
 struct netlbl_audit {
-	u32 secid;
+	struct lsmblob lsmblob;
 	kuid_t loginuid;
 	unsigned int sessionid;
 };
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 8deee7e176a9..9277c6dd79f5 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1529,13 +1529,11 @@ int __init netlbl_unlabel_defconf(void)
 	int ret_val;
 	struct netlbl_dom_map *entry;
 	struct netlbl_audit audit_info;
-	struct lsmblob blob;
 
 	/* Only the kernel is allowed to call this function and the only time
 	 * it is called is at bootup before the audit subsystem is reporting
 	 * messages so don't worry to much about these values. */
-	security_current_getsecid_subj(&blob);
-	audit_info.secid = lsmblob_first(&blob);
+	security_current_getsecid_subj(&audit_info.lsmblob);
 	audit_info.loginuid = GLOBAL_ROOT_UID;
 	audit_info.sessionid = 0;
 
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 42812bdfc31a..e72dfe2da77a 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -84,7 +84,6 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 					       struct netlbl_audit *audit_info)
 {
 	struct audit_buffer *audit_buf;
-	struct lsmblob blob;
 
 	if (audit_enabled == AUDIT_OFF)
 		return NULL;
@@ -97,8 +96,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 			 from_kuid(&init_user_ns, audit_info->loginuid),
 			 audit_info->sessionid);
 
-	lsmblob_init(&blob, audit_info->secid);
-	audit_log_subject_context(audit_buf, &blob);
+	audit_log_subject_context(audit_buf, &audit_info->lsmblob);
 
 	return audit_buf;
 }
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 34bb6572f33b..56a634244a6e 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -32,11 +32,7 @@
  */
 static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)
 {
-	struct lsmblob blob;
-
-	security_current_getsecid_subj(&blob);
-	/* scaffolding until secid is converted */
-	audit_info->secid = lsmblob_first(&blob);
+	security_current_getsecid_subj(&audit_info->lsmblob);
 	audit_info->loginuid = audit_get_loginuid(current);
 	audit_info->sessionid = audit_get_sessionid(current);
 }
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 314336463111..f74207f6c71e 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -186,7 +186,7 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap)
 
 	nap->loginuid = audit_get_loginuid(current);
 	nap->sessionid = audit_get_sessionid(current);
-	nap->secid = skp->smk_secid;
+	nap->lsmblob.secid[smack_lsmid.slot] = skp->smk_secid;
 }
 
 /*
-- 
2.36.1

--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit