Re: [PATCH ghak81 RFC V2 3/5] audit: use inline function to get audit context

2018-05-14 Thread Richard Guy Briggs 
On 2018-05-14 23:05, Richard Guy Briggs wrote:
> On 2018-05-14 17:44, Paul Moore wrote:
> > On Sat, May 12, 2018 at 9:58 PM, Richard Guy Briggs  wrote:
> > > Recognizing that the audit context is an internal audit value, use an
> > > access function to retrieve the audit context pointer for the task
> > > rather than reaching directly into the task struct to get it.
> > >
> > > Signed-off-by: Richard Guy Briggs 
> > > ---
> > >  include/linux/audit.h| 14 ++--
> > >  include/net/xfrm.h   |  2 +-
> > >  kernel/audit.c   |  6 ++--
> > >  kernel/audit_watch.c |  2 +-
> > >  kernel/auditsc.c | 64 
> > > +---
> > >  net/bridge/netfilter/ebtables.c  |  2 +-
> > >  net/core/dev.c   |  2 +-
> > >  net/netfilter/x_tables.c |  2 +-
> > >  net/netlabel/netlabel_user.c |  2 +-
> > >  security/integrity/ima/ima_api.c |  2 +-
> > >  security/integrity/integrity_audit.c |  2 +-
> > >  security/lsm_audit.c |  2 +-
> > >  security/selinux/hooks.c |  4 +--
> > >  security/selinux/selinuxfs.c |  6 ++--
> > >  security/selinux/ss/services.c   | 12 +++
> > >  15 files changed, 64 insertions(+), 60 deletions(-)
> > 
> > Merged, but there was some fuzz due to the missing 1/5 patch and a
> > handfull of checkpatch.pl fixes.  Please take a look at the commit in
> > the audit/next branch and if anything looks awry please send a patch
> > to fix it.
> 
> Some of that fuzz was due to the two patches (ghak46/47) that went
> through the xelinux tree...  There will be a merge conflict.
> 
> Otherwise, looks ok.

Spoke too soon, missed one from the new seccomp actions_logged...

Patch pending...

> > paul moore
> 
> - RGB

- RGB

--
Richard Guy Briggs 
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH ghak81 RFC V2 3/5] audit: use inline function to get audit context

2018-05-14 Thread Richard Guy Briggs 
On 2018-05-14 17:44, Paul Moore wrote:
> On Sat, May 12, 2018 at 9:58 PM, Richard Guy Briggs  wrote:
> > Recognizing that the audit context is an internal audit value, use an
> > access function to retrieve the audit context pointer for the task
> > rather than reaching directly into the task struct to get it.
> >
> > Signed-off-by: Richard Guy Briggs 
> > ---
> >  include/linux/audit.h| 14 ++--
> >  include/net/xfrm.h   |  2 +-
> >  kernel/audit.c   |  6 ++--
> >  kernel/audit_watch.c |  2 +-
> >  kernel/auditsc.c | 64 
> > +---
> >  net/bridge/netfilter/ebtables.c  |  2 +-
> >  net/core/dev.c   |  2 +-
> >  net/netfilter/x_tables.c |  2 +-
> >  net/netlabel/netlabel_user.c |  2 +-
> >  security/integrity/ima/ima_api.c |  2 +-
> >  security/integrity/integrity_audit.c |  2 +-
> >  security/lsm_audit.c |  2 +-
> >  security/selinux/hooks.c |  4 +--
> >  security/selinux/selinuxfs.c |  6 ++--
> >  security/selinux/ss/services.c   | 12 +++
> >  15 files changed, 64 insertions(+), 60 deletions(-)
> 
> Merged, but there was some fuzz due to the missing 1/5 patch and a
> handfull of checkpatch.pl fixes.  Please take a look at the commit in
> the audit/next branch and if anything looks awry please send a patch
> to fix it.

Some of that fuzz was due to the two patches (ghak46/47) that went
through the xelinux tree...  There will be a merge conflict.

Otherwise, looks ok.

> paul moore

- RGB

--
Richard Guy Briggs 
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH ghak81 RFC V2 3/5] audit: use inline function to get audit context

2018-05-14 Thread Paul Moore 
On Sat, May 12, 2018 at 9:58 PM, Richard Guy Briggs  wrote:
> Recognizing that the audit context is an internal audit value, use an
> access function to retrieve the audit context pointer for the task
> rather than reaching directly into the task struct to get it.
>
> Signed-off-by: Richard Guy Briggs 
> ---
>  include/linux/audit.h| 14 ++--
>  include/net/xfrm.h   |  2 +-
>  kernel/audit.c   |  6 ++--
>  kernel/audit_watch.c |  2 +-
>  kernel/auditsc.c | 64 
> +---
>  net/bridge/netfilter/ebtables.c  |  2 +-
>  net/core/dev.c   |  2 +-
>  net/netfilter/x_tables.c |  2 +-
>  net/netlabel/netlabel_user.c |  2 +-
>  security/integrity/ima/ima_api.c |  2 +-
>  security/integrity/integrity_audit.c |  2 +-
>  security/lsm_audit.c |  2 +-
>  security/selinux/hooks.c |  4 +--
>  security/selinux/selinuxfs.c |  6 ++--
>  security/selinux/ss/services.c   | 12 +++
>  15 files changed, 64 insertions(+), 60 deletions(-)

Merged, but there was some fuzz due to the missing 1/5 patch and a
handfull of checkpatch.pl fixes.  Please take a look at the commit in
the audit/next branch and if anything looks awry please send a patch
to fix it.

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH ghak81 RFC V2 3/5] audit: use inline function to get audit context

2018-05-12 Thread Richard Guy Briggs 
Recognizing that the audit context is an internal audit value, use an
access function to retrieve the audit context pointer for the task
rather than reaching directly into the task struct to get it.

Signed-off-by: Richard Guy Briggs 
---
 include/linux/audit.h| 14 ++--
 include/net/xfrm.h   |  2 +-
 kernel/audit.c   |  6 ++--
 kernel/audit_watch.c |  2 +-
 kernel/auditsc.c | 64 +---
 net/bridge/netfilter/ebtables.c  |  2 +-
 net/core/dev.c   |  2 +-
 net/netfilter/x_tables.c |  2 +-
 net/netlabel/netlabel_user.c |  2 +-
 security/integrity/ima/ima_api.c |  2 +-
 security/integrity/integrity_audit.c |  2 +-
 security/lsm_audit.c |  2 +-
 security/selinux/hooks.c |  4 +--
 security/selinux/selinuxfs.c |  6 ++--
 security/selinux/ss/services.c   | 12 +++
 15 files changed, 64 insertions(+), 60 deletions(-)

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 5f86f7c..786aa8e 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -235,9 +235,13 @@ extern void __audit_inode_child(struct inode *parent,
 extern void __audit_seccomp(unsigned long syscall, long signr, int code);
 extern void __audit_ptrace(struct task_struct *t);
 
+static inline struct audit_context *audit_context(void)
+{
+   return current->audit_context;
+}
 static inline bool audit_dummy_context(void)
 {
-   void *p = current->audit_context;
+   void *p = audit_context();
return !p || *(int *)p;
 }
 static inline void audit_free(struct task_struct *task)
@@ -249,12 +253,12 @@ static inline void audit_syscall_entry(int major, 
unsigned long a0,
   unsigned long a1, unsigned long a2,
   unsigned long a3)
 {
-   if (unlikely(current->audit_context))
+   if (unlikely(audit_context()))
__audit_syscall_entry(major, a0, a1, a2, a3);
 }
 static inline void audit_syscall_exit(void *pt_regs)
 {
-   if (unlikely(current->audit_context)) {
+   if (unlikely(audit_context())) {
int success = is_syscall_success(pt_regs);
long return_code = regs_return_value(pt_regs);
 
@@ -468,6 +472,10 @@ static inline bool audit_dummy_context(void)
 {
return true;
 }
+static inline struct audit_context *audit_context(void)
+{
+   return NULL;
+}
 static inline struct filename *audit_reusename(const __user char *name)
 {
return NULL;
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index fcce8ee..7f2e31a 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -736,7 +736,7 @@ static inline struct audit_buffer *xfrm_audit_start(const 
char *op)
 
if (audit_enabled == 0)
return NULL;
-   audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC,
+   audit_buf = audit_log_start(audit_context(), GFP_ATOMIC,
AUDIT_MAC_IPSEC_EVENT);
if (audit_buf == NULL)
return NULL;
diff --git a/kernel/audit.c b/kernel/audit.c
index e9f9a90..e7478cb 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1099,8 +1099,7 @@ static void audit_log_feature_change(int which, u32 
old_feature, u32 new_feature
 
if (audit_enabled == AUDIT_OFF)
return;
-   ab = audit_log_start(current->audit_context,
-GFP_KERNEL, AUDIT_FEATURE_CHANGE);
+   ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_FEATURE_CHANGE);
if (!ab)
return;
audit_log_task_info(ab, current);
@@ -2317,8 +2316,7 @@ void audit_log_link_denied(const char *operation)
return;
 
/* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
-   ab = audit_log_start(current->audit_context, GFP_KERNEL,
-AUDIT_ANOM_LINK);
+   ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_ANOM_LINK);
if (!ab)
return;
audit_log_format(ab, "op=%s", operation);
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 9eb8b35..f1ba889 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -274,7 +274,7 @@ static void audit_update_watch(struct audit_parent *parent,
/* If the update involves invalidating rules, do the inode-based
 * filtering now, so we don't omit records. */
if (invalidating && !audit_dummy_context())
-   audit_filter_inodes(current, current->audit_context);
+   audit_filter_inodes(current, audit_context());
 
/* updating ino will likely change which audit_hash_list we
 * are on so we need a new watch for the new list */
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index e157595..ecc0c23 100644