Received: by 10.192.165.148 with SMTP id m20csp499392imm; Fri, 4 May 2018 13:57:34 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrI+ZqODa69efPK/GWalLfbAXZShkb78aYE9Nqk2ismBMqC2NvJ88Z4BoLF5yvo/5cqVKjS X-Received: by 2002:a65:6341:: with SMTP id p1-v6mr3382550pgv.85.1525467454822; Fri, 04 May 2018 13:57:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525467454; cv=none; d=google.com; s=arc-20160816; b=qucHCEk1H0Ggl7fZm0kg6CIjmdJenUVU7tfSPUPk28u9sECI5yw6ctAhQRzDTSxx5q ydF4vxGoCugVi1Zqyg9Ru+aXveLZ8tN+LatYhpgN0SQ3RRbPMfl0/CNSC64wfIRbE9us 3QaCY6BmsWaxedyZyrV4lXplUhZazE4yxQ685FHhIfB8YdTj7HQobZzmN5EH92zyJno8 3DUX83rHs0pZIJjngSzJpf61OwVriL65sGU+tPiGRaSfSiEoQxqquzpD4W94t3qGL3fw baquTZpJeLKCSakkJJ3A2F1Bg97MW52laKSr0utXIf3cU8asqkJsnaqAL2tgsW0dVl7z muKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=p4bUMuhvnGsDwtFt4YB3Ie304kTVkmzDvAzIgPRGsZc=; b=BWXIjF6pGCnsHE72XbIyhOYCPorihvGbtoYLQAV2rixXzX9REZVS9aY4j3i2ZphZsw grlxr1LvfiNencrXabS9j5cGhHFsYs11roBYZCaH+8hkB564JcvkqHUUYrAUO3c3LQuC wpFh4h7FXy98H40WMsgZPmqetn4W5VzJcXu2dovOzkK0kHJrYhOHkzyeUz/JgTu3NvMx KNeKc1omWL+nDHzZBahNAL0LXiaqlB2UTvXzEus7hErpqgG7CYLNU/hTr8MWx1BTzAkY 8waazBlwwPDN5Y4vme+qzN9lLrtM60Hxc+IizmCYI0APkdT7lZkARTz5NVTicoU7KwmN xEFg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g3-v6si15074348plp.594.2018.05.04.13.57.20; Fri, 04 May 2018 13:57:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751835AbeEDUzY (ORCPT + 99 others); Fri, 4 May 2018 16:55:24 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:53880 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751791AbeEDUzU (ORCPT ); Fri, 4 May 2018 16:55:20 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 324DCFA466; Fri, 4 May 2018 20:55:19 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12]) by smtp.corp.redhat.com (Postfix) with ESMTP id D706B215CDA7; Fri, 4 May 2018 20:55:16 +0000 (UTC) From: Richard Guy Briggs To: Linux-Audit Mailing List , LKML , Linux NetDev Upstream Mailing List , Netfilter Devel List , Linux Security Module list , Integrity Measurement Architecture , SElinux list Cc: Eric Paris , Paul Moore , Steve Grubb , Ingo Molnar , David Howells , Richard Guy Briggs Subject: [PATCH ghak81 RFC V1 1/5] audit: normalize loginuid read access Date: Fri, 4 May 2018 16:54:34 -0400 Message-Id: <611e9c85fca8bcdb24e6fb6da412773663c007b3.1525466167.git.rgb@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Fri, 04 May 2018 20:55:19 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Fri, 04 May 2018 20:55:19 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Recognizing that the loginuid is an internal audit value, use an access function to retrieve the audit loginuid value for the task rather than reaching directly into the task struct to get it. Signed-off-by: Richard Guy Briggs --- kernel/auditsc.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 479c031..f3817d0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -374,7 +374,7 @@ static int audit_field_compare(struct task_struct *tsk, case AUDIT_COMPARE_EGID_TO_OBJ_GID: return audit_compare_gid(cred->egid, name, f, ctx); case AUDIT_COMPARE_AUID_TO_OBJ_UID: - return audit_compare_uid(tsk->loginuid, name, f, ctx); + return audit_compare_uid(audit_get_loginuid(tsk), name, f, ctx); case AUDIT_COMPARE_SUID_TO_OBJ_UID: return audit_compare_uid(cred->suid, name, f, ctx); case AUDIT_COMPARE_SGID_TO_OBJ_GID: @@ -385,7 +385,7 @@ static int audit_field_compare(struct task_struct *tsk, return audit_compare_gid(cred->fsgid, name, f, ctx); /* uid comparisons */ case AUDIT_COMPARE_UID_TO_AUID: - return audit_uid_comparator(cred->uid, f->op, tsk->loginuid); + return audit_uid_comparator(cred->uid, f->op, audit_get_loginuid(tsk)); case AUDIT_COMPARE_UID_TO_EUID: return audit_uid_comparator(cred->uid, f->op, cred->euid); case AUDIT_COMPARE_UID_TO_SUID: @@ -394,11 +394,11 @@ static int audit_field_compare(struct task_struct *tsk, return audit_uid_comparator(cred->uid, f->op, cred->fsuid); /* auid comparisons */ case AUDIT_COMPARE_AUID_TO_EUID: - return audit_uid_comparator(tsk->loginuid, f->op, cred->euid); + return audit_uid_comparator(audit_get_loginuid(tsk), f->op, cred->euid); case AUDIT_COMPARE_AUID_TO_SUID: - return audit_uid_comparator(tsk->loginuid, f->op, cred->suid); + return audit_uid_comparator(audit_get_loginuid(tsk), f->op, cred->suid); case AUDIT_COMPARE_AUID_TO_FSUID: - return audit_uid_comparator(tsk->loginuid, f->op, cred->fsuid); + return audit_uid_comparator(audit_get_loginuid(tsk), f->op, cred->fsuid); /* euid comparisons */ case AUDIT_COMPARE_EUID_TO_SUID: return audit_uid_comparator(cred->euid, f->op, cred->suid); @@ -611,7 +611,7 @@ static int audit_filter_rules(struct task_struct *tsk, result = match_tree_refs(ctx, rule->tree); break; case AUDIT_LOGINUID: - result = audit_uid_comparator(tsk->loginuid, f->op, f->uid); + result = audit_uid_comparator(audit_get_loginuid(tsk), f->op, f->uid); break; case AUDIT_LOGINUID_SET: result = audit_comparator(audit_loginuid_set(tsk), f->op, f->val); @@ -2287,8 +2287,8 @@ int audit_signal_info(int sig, struct task_struct *t) (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2)) { audit_sig_pid = task_tgid_nr(tsk); - if (uid_valid(tsk->loginuid)) - audit_sig_uid = tsk->loginuid; + if (uid_valid(audit_get_loginuid(tsk))) + audit_sig_uid = audit_get_loginuid(tsk); else audit_sig_uid = uid; security_task_getsecid(tsk, &audit_sig_sid); -- 1.8.3.1