[RFC PATCH v1 4/7] landlock: Log domain creation and enforcement

[Mickaël Salaün]

Add audit support for domain creation, i.e. task self-restriction.

Signed-off-by: Mickaël Salaün <m...@digikod.net>
---
 security/landlock/audit.c    | 24 ++++++++++++++++++++++++
 security/landlock/audit.h    |  8 ++++++++
 security/landlock/syscalls.c |  4 ++++
 3 files changed, 36 insertions(+)

diff --git a/security/landlock/audit.c b/security/landlock/audit.c
index f58bd529784a..d9589d07e126 100644
--- a/security/landlock/audit.c
+++ b/security/landlock/audit.c
@@ -84,6 +84,30 @@ void landlock_log_create_ruleset(struct landlock_ruleset 
*const ruleset)
        audit_log_end(ab);
 }
 
+void landlock_log_restrict_self(struct landlock_ruleset *const domain,
+                               struct landlock_ruleset *const ruleset)
+{
+       struct audit_buffer *ab;
+
+       WARN_ON_ONCE(domain->id);
+       WARN_ON_ONCE(!ruleset->id);
+
+       ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_LANDLOCK);
+       if (!ab)
+               /* audit_log_lost() call */
+               return;
+
+       domain->hierarchy->id =
+               atomic64_inc_return(&ruleset_and_domain_counter);
+       log_task(ab);
+       audit_log_format(ab, " op=restrict-self domain=%llu ruleset=%llu",
+                        domain->hierarchy->id, ruleset->id);
+       audit_log_format(
+               ab, " parent=%llu",
+               domain->hierarchy->parent ? domain->hierarchy->parent->id : 0);
+       audit_log_end(ab);
+}
+
 /*
  * This is useful to know when a domain or a ruleset will never show again in
  * the audit log.
diff --git a/security/landlock/audit.h b/security/landlock/audit.h
index 2666e9151627..bc17dc8ca6f1 100644
--- a/security/landlock/audit.h
+++ b/security/landlock/audit.h
@@ -16,6 +16,8 @@
 #ifdef CONFIG_AUDIT
 
 void landlock_log_create_ruleset(struct landlock_ruleset *const ruleset);
+void landlock_log_restrict_self(struct landlock_ruleset *const domain,
+                               struct landlock_ruleset *const ruleset);
 void landlock_log_release_ruleset(const struct landlock_ruleset *const 
ruleset);
 
 #else /* CONFIG_AUDIT */
@@ -25,6 +27,12 @@ landlock_log_create_ruleset(struct landlock_ruleset *const 
ruleset)
 {
 }
 
+static inline void
+landlock_log_restrict_self(struct landlock_ruleset *const domain,
+                          struct landlock_ruleset *const ruleset)
+{
+}
+
 static inline void
 landlock_log_release_ruleset(const struct landlock_ruleset *const ruleset)
 {
diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
index 373997a356e7..bfe5417a06c3 100644
--- a/security/landlock/syscalls.c
+++ b/security/landlock/syscalls.c
@@ -452,6 +452,10 @@ SYSCALL_DEFINE2(landlock_restrict_self, const int, 
ruleset_fd, const __u32,
        landlock_put_ruleset(new_llcred->domain);
        new_llcred->domain = new_dom;
 
+       // FIXME: Must be atomic between the ruleset merge and the audit log to
+       // be sure about the content of the domain.
+       // -> move mutex_lock() from merge_ruleset() into this function
+       landlock_log_restrict_self(new_dom, ruleset);
        landlock_put_ruleset(ruleset);
        return commit_creds(new_cred);
 
-- 
2.42.0