Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp39826ybt; Thu, 18 Jun 2020 17:36:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwtumv6BMlpO9WEfSfevmDVwBGOCQapiIMIsIH2GCLA/JVI1BVxT+mZrx4szLtJYGjgKCw5 X-Received: by 2002:a17:906:6b8a:: with SMTP id l10mr1167825ejr.465.1592527012601; Thu, 18 Jun 2020 17:36:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592527012; cv=none; d=google.com; s=arc-20160816; b=G8riTVEycvb//HrytWV4+zutWmRo+6yDjmIqWFmmuE1JLWAZxHVL+wAKct8ZoRKwSP zH2vdVloHfR5NliE+uRGOR9E7wqHyn0ceT7WVZnFYSK+t0R3bjXfwk/xyxOO8KJk2aVU iV2MHiAHHcLp9u1t5ucLtBB3Evnri7qOn0PlJqZ8Xi3uzulvgYhEDL2JB/fbNImLjYnG SQHx1RW3r1Br8qdczB4NjWoB5eVmf3UPHVuFSwtabqBLp4NGfi/svUshvWIipJxv4toW wO5/oUIW2UqOv9RBNVjB5i3256ESfSRYh+0igKi8pecTBiBXdF3psRfrfKz6seBxnH9W veUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature:dkim-filter; bh=YiCRzEtMqOMRGhK1JB6+uXhuvSs5ixeHO99z/YzrCNw=; b=IcBE4SOBf+wJAkBjgFy7cox0YZn4Q042T+bn3VoLlW6q8h5AUTlW/WLY/Kvit4afwX fw5p8Pg2BwjNemmzhukn3IHQqag1j5mS9830TSZ1/V3PMLOqyAXzAmN1+5Y436ch987U 7MiEqJ7Lb52D0FA9XzStNLRjP4DBIPY8D0D+v0J+jBEURc6Lhqf32UdfVb4m7cu6C2Zo xMgY8clbblvhorstwFbQAuthSHZ4G/2NYHqIQZXedu0QTxJMI9QWgRQ9Z59IKT+k+D9M rlNR43M++ageCS6Xcd6nKBQ2RYA2DIWgdDVGeIoL3tjh1N02hoVkcQj4VGBgN009aM5a ymKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=b30qOhfF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u4si3026939ejx.88.2020.06.18.17.36.30; Thu, 18 Jun 2020 17:36:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=b30qOhfF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730261AbgFRVKR (ORCPT + 99 others); Thu, 18 Jun 2020 17:10:17 -0400 Received: from linux.microsoft.com ([13.77.154.182]:52548 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726478AbgFRVKR (ORCPT ); Thu, 18 Jun 2020 17:10:17 -0400 Received: from localhost.localdomain (c-73-42-176-67.hsd1.wa.comcast.net [73.42.176.67]) by linux.microsoft.com (Postfix) with ESMTPSA id EDA5E207564C; Thu, 18 Jun 2020 14:10:15 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com EDA5E207564C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1592514616; bh=YiCRzEtMqOMRGhK1JB6+uXhuvSs5ixeHO99z/YzrCNw=; h=From:To:Cc:Subject:Date:From; b=b30qOhfFRkmUxWYXsp0tCg1xNoai+tuzhcElGnk6aQqF+sHXn8o9cTZ3DOKkg2yAO nCwRPVzwRoHnBYW3E5flVBJUOwZ+1JrMzNU5fwjf0CB0m9smLxLpMKgSkKF7pk8Cv1 12u0C4+Wu/QLKVuHjPBdpSB4IYsxlYm7AINMH764= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, sgrubb@redhat.com, paul@paul-moore.com Cc: rgb@redhat.com, linux-integrity@vger.kernel.org, linux-audit@redhat.com, linux-kernel@vger.kernel.org Subject: [PATCH v3 1/2] integrity: Add errno field in audit message Date: Thu, 18 Jun 2020 14:10:11 -0700 Message-Id: <20200618211012.2823-1-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Error code is not included in the audit messages logged by the integrity subsystem. Define a new function integrity_audit_message() that takes error code in the "errno" parameter. Add "errno" field in the audit messages logged by the integrity subsystem and set the value passed in the "errno" parameter. [ 6.303048] audit: type=1804 audit(1592506281.627:2): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel op=measuring_key cause=ENOMEM comm="swapper/0" name=".builtin_trusted_keys" res=0 errno=-12 [ 7.987647] audit: type=1802 audit(1592506283.312:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=policy_update cause=completed comm="systemd" res=1 errno=0 [ 8.019432] audit: type=1804 audit(1592506283.344:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=measuring_kexec_cmdline cause=hashing_error comm="systemd" name="kexec-cmdline" res=0 errno=-22 Signed-off-by: Lakshmi Ramasubramanian Suggested-by: Steve Grubb Suggested-by: Mimi Zohar --- security/integrity/integrity.h | 13 +++++++++++++ security/integrity/integrity_audit.c | 11 ++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 16c1894c29bb..413c803c5208 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -239,6 +239,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int info); +void integrity_audit_message(int audit_msgno, struct inode *inode, + const unsigned char *fname, const char *op, + const char *cause, int result, int info, + int errno); + static inline struct audit_buffer * integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { @@ -253,6 +258,14 @@ static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, { } +static inline void integrity_audit_message(int audit_msgno, + struct inode *inode, + const unsigned char *fname, + const char *op, const char *cause, + int result, int info, int errno) +{ +} + static inline struct audit_buffer * integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c index 5109173839cc..f25e7df099c8 100644 --- a/security/integrity/integrity_audit.c +++ b/security/integrity/integrity_audit.c @@ -28,6 +28,15 @@ __setup("integrity_audit=", integrity_audit_setup); void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int audit_info) +{ + integrity_audit_message(audit_msgno, inode, fname, op, cause, + result, audit_info, 0); +} + +void integrity_audit_message(int audit_msgno, struct inode *inode, + const unsigned char *fname, const char *op, + const char *cause, int result, int audit_info, + int errno) { struct audit_buffer *ab; char name[TASK_COMM_LEN]; @@ -53,6 +62,6 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, audit_log_untrustedstring(ab, inode->i_sb->s_id); audit_log_format(ab, " ino=%lu", inode->i_ino); } - audit_log_format(ab, " res=%d", !result); + audit_log_format(ab, " res=%d errno=%d", !result, errno); audit_log_end(ab); } -- 2.27.0