TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lsm: use lsm_prop in security_audit_rule_match

Browse Source 
Change the secid parameter of security_audit_rule_match
to a lsm_prop structure pointer. Pass the entry from the
lsm_prop structure for the approprite slot to the LSM hook.

Change the users of security_audit_rule_match to use the
lsm_prop instead of a u32. The scaffolding function lsmprop_init()
fills the structure with the value of the old secid, ensuring that
it is available to the appropriate module hook. The sources of
the secid, security_task_getsecid() and security_inode_getsecid(),
will be converted to use the lsm_prop structure later in the series.
At that point the use of lsmprop_init() is dropped.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Casey Schaufler
2024-10-09 10:32:10 -07:00
committed by Paul Moore
parent ed870e35db
commit 870b7fdc66
12 changed files with 63 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/smack/smack_lsm.c
+8 -3
View File
@@ -4757,7 +4757,7 @@ static int smack_audit_rule_known(struct audit_krule *krule)
/**
* smack_audit_rule_match - Audit given object ?
* @secid: security id for identifying the object to test
* @prop: security id for identifying the object to test
* @field: audit rule flags given from user-space
* @op: required testing operator
* @vrule: smack internal rule presentation
@@ -4765,7 +4765,8 @@ static int smack_audit_rule_known(struct audit_krule *krule)
* The core Audit hook. It's used to take the decision of
* whether to audit or not to audit a given object.
*/
static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
static int smack_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,
void *vrule)
{
struct smack_known *skp;
char *rule = vrule;
@@ -4778,7 +4779,11 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
return 0;
skp = smack_from_secid(secid);
/* scaffolding */
if (!prop->smack.skp && prop->scaffold.secid)
skp = smack_from_secid(prop->scaffold.secid);
else
skp = prop->smack.skp;
/*
* No need to do string comparisons. If a match occurs,