From: Paul Moore <paul@paul-moore.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
casey@schaufler-ca.com, linux-security-module@vger.kernel.org
Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
selinux@vger.kernel.org, mic@digikod.net
Subject: Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context
Date: Thu, 10 Oct 2024 23:08:08 -0400 [thread overview]
Message-ID: <4e2669fc0be9b0f1ca15b17ca415a87d@paul-moore.com> (raw)
In-Reply-To: <20241009173222.12219-5-casey@schaufler-ca.com>
On Oct 9, 2024 Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> Replace the secid value stored in struct audit_context with a struct
> lsm_prop. Change the code that uses this value to accommodate the
> change. security_audit_rule_match() expects a lsm_prop, so existing
> scaffolding can be removed. A call to security_secid_to_secctx()
> is changed to security_lsmprop_to_secctx(). The call to
> security_ipc_getsecid() is scaffolded.
>
> A new function lsmprop_is_set() is introduced to identify whether
> an lsm_prop contains a non-zero value.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
> include/linux/security.h | 24 ++++++++++++++++++++++++
> kernel/audit.h | 3 ++-
> kernel/auditsc.c | 19 ++++++++-----------
> 3 files changed, 34 insertions(+), 12 deletions(-)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index f1c68e38b15d..5652baa4ca3c 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -291,6 +291,19 @@ static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id)
>
> #ifdef CONFIG_SECURITY
>
> +/**
> + * lsmprop_is_set - report if there is a value in the lsm_prop
> + * @prop: Pointer to the exported LSM data
> + *
> + * Returns true if there is a value set, false otherwise
> + */
> +static inline bool lsm_prop_is_set(struct lsm_prop *prop)
> +{
> + const struct lsm_prop empty = {};
> +
> + return !!memcmp(prop, &empty, sizeof(*prop));
> +}
> +
> int call_blocking_lsm_notifier(enum lsm_event event, void *data);
> int register_blocking_lsm_notifier(struct notifier_block *nb);
> int unregister_blocking_lsm_notifier(struct notifier_block *nb);
> @@ -552,6 +565,17 @@ int security_bdev_setintegrity(struct block_device *bdev,
> size_t size);
> #else /* CONFIG_SECURITY */
>
> +/**
> + * lsmprop_is_set - report if there is a value in the lsm_prop
> + * @prop: Pointer to the exported LSM data
> + *
> + * Returns true if there is a value set, false otherwise
> + */
> +static inline bool lsm_prop_is_set(struct lsm_prop *prop)
> +{
> + return false;
> +}
If we're going to call this lsmprop_is_set() (see 5/13), we really should
name it that way to start in this patch.
Considering everything else in this patchset looks okay, if you want me
to fix this up during the merge let me know.
--
paul-moore.com
next prev parent reply other threads:[~2024-10-11 3:08 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20241009173222.12219-1-casey.ref@schaufler-ca.com>
2024-10-09 17:32 ` [PATCH v4 00/13] LSM: Move away from secids Casey Schaufler
2024-10-09 17:32 ` [PATCH v4 01/13] LSM: Add the lsm_prop data structure Casey Schaufler
2024-10-11 3:08 ` [PATCH v4 1/13] " Paul Moore
2024-10-11 15:45 ` Casey Schaufler
2024-10-11 7:36 ` [PATCH v4 01/13] " John Johansen
2024-10-09 17:32 ` [PATCH v4 02/13] LSM: Use lsm_prop in security_audit_rule_match Casey Schaufler
2024-10-09 17:32 ` [PATCH v4 03/13] LSM: Add lsmprop_to_secctx hook Casey Schaufler
2024-10-09 17:32 ` [PATCH v4 04/13] Audit: maintain an lsm_prop in audit_context Casey Schaufler
2024-10-11 3:08 ` Paul Moore [this message]
2024-10-11 15:52 ` [PATCH v4 4/13] " Casey Schaufler
2024-10-11 16:11 ` Paul Moore
2024-10-11 16:34 ` Casey Schaufler
2024-10-11 18:42 ` Paul Moore
2024-10-09 17:32 ` [PATCH v4 05/13] LSM: Use lsm_prop in security_ipc_getsecid Casey Schaufler
2024-10-11 3:08 ` [PATCH v4 5/13] " Paul Moore
2024-10-09 17:32 ` [PATCH v4 06/13] Audit: Update shutdown LSM data Casey Schaufler
2024-10-09 17:32 ` [PATCH v4 07/13] LSM: Use lsm_prop in security_current_getsecid Casey Schaufler
2024-10-09 17:32 ` [PATCH v4 08/13] LSM: Use lsm_prop in security_inode_getsecid Casey Schaufler
2024-10-09 17:32 ` [PATCH v4 09/13] Audit: use an lsm_prop in audit_names Casey Schaufler
2024-10-09 17:32 ` [PATCH v4 10/13] LSM: Create new security_cred_getlsmprop LSM hook Casey Schaufler
2024-10-09 17:32 ` [PATCH v4 11/13] Audit: Change context data from secid to lsm_prop Casey Schaufler
2024-10-09 17:32 ` [PATCH v4 12/13] Use lsm_prop for audit data Casey Schaufler
2024-10-09 17:32 ` [PATCH v4 13/13] LSM: Remove lsm_prop scaffolding Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4e2669fc0be9b0f1ca15b17ca415a87d@paul-moore.com \
--to=paul@paul-moore.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).