Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1042146ybh; Tue, 21 Jul 2020 14:17:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxQMIgjXc1mT4p+Wn2itwNvS9aPqXM29qvwg4gpkUdXGMpfqE7HdaHL6vojIS6fm2aMNmLx X-Received: by 2002:a17:906:9354:: with SMTP id p20mr26211095ejw.187.1595366279049; Tue, 21 Jul 2020 14:17:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595366279; cv=none; d=google.com; s=arc-20160816; b=ISFR2eMyb4BUG+At+ec878oJEeagmR2UnWOINFflhkmSEb0pLfGGJrh2yuTUDcpmQ5 hw2EQQ4S8TuPjQoVcgRx3GafU/mjbGOdmmRT8ulsBwN6wjm1MGP09z359xDwlfYqQgtT 76N9nCOc7cc+CmOM7FqRrux4S4OQTpqwzP5dG/+rmE0KyNsMBEFiJM+AdW6Y5hLwsb84 iyNSNTEELFmONotvMa7Q+hZp6EK35nIOTIEXA4AvibP6pkFzCkiA0vH0bLPs4qV6eS9W vMnfMwoc/IJtdG4VFHa+wB82+zeLbUb5VRjmyydDTaISE7INH87N8ei0/5NGCrxKvfcQ BqHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=PpobAsBikcZzGgFnqaofvkVdzW58Lh6D10Z7oCD2icY=; b=T9KPZQbDbbeidmQ2b+JNWs4J72kP262lIfmIe3FoSZ2TMchyBsmsNGXBFOViRZ3kwK dUShEuUMrEk1q2ZseSsqckOTojMNJb3JEPSqEdF+GtlhAmgUscqDK30cKQs3DvLq7KLY 180OUBhWN4OhWQrKGlLAnLQFQZoKXKtYvLQZ3N6EbX0nMvcVHk0JVxuLVwQZpPg6jE8m cFrCUs+lp0tWRUDAIl5C3uaSxWzgfc6VP+ZesTuriuCRnwtFtUm2Z+4VTgfnkS002XDe d7DMqlr6fqF4nnmDAHhOUum5M68PAXorz3cyHZnfNXcihNO77D4HE4trzlj6QyQtq+wd Jqzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=Xaiud0Qh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qc14si14082771ejb.611.2020.07.21.14.17.35; Tue, 21 Jul 2020 14:17:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=Xaiud0Qh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731325AbgGUVQi (ORCPT + 99 others); Tue, 21 Jul 2020 17:16:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731446AbgGUVQh (ORCPT ); Tue, 21 Jul 2020 17:16:37 -0400 Received: from mail-ej1-x643.google.com (mail-ej1-x643.google.com [IPv6:2a00:1450:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DBAE3C0619DC for ; Tue, 21 Jul 2020 14:16:36 -0700 (PDT) Received: by mail-ej1-x643.google.com with SMTP id y10so23067465eje.1 for ; Tue, 21 Jul 2020 14:16:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PpobAsBikcZzGgFnqaofvkVdzW58Lh6D10Z7oCD2icY=; b=Xaiud0QhSy/r6srFLC9er7wlzLNhJ+x9jBLOQzxfK7m29SgnF630tbPQWUQseBSCju KrbRcGXupe16toOUy2OYa4QUFGQX9PiooUt6HS9DnozThiOUAlqPGXju+FatS0zW4ftE ELnozaxPZcpw/WmxLFM9jhJByCd8ghT6F+37Xs1g5xjC3gc0h0ONPmGdii3xfZU520ie h+Ir66N4019gG+oX+irJky59fod5on6Qp0/XyMB/bWu45E6qpB2OLdNJoB7Qr3hTbwlV rNbBzuyU4ySKTnijMgsB8IYVo7aEAPYKOxBQp1Hq8havf/ISvWUYaT69UdGjqFYs+4PK 90FA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PpobAsBikcZzGgFnqaofvkVdzW58Lh6D10Z7oCD2icY=; b=R14T22ZUEdjZSt+jSHGgWKSbgv4wZJ19wBXPKPgsAC2Cnoqs8orUyeeH7eqfORW9lS hajEzHzPb7YMdFV00Hd2w6lOKMYKHmWXmCfLY3ehLgP1IymXegmZAlMFWJs1xHCyzc9h 64hJzgnFfGBFYLwmdJd98KFTixhh2XTLk0YbeK0DUEjOcZeHDENZni9D56HAHvRZ8eum Wb1qcbVUpryp+xm0CHcVvXa4GqjyQy2qq7unaRbm0vHR/5nuAk+9Cg+R1WDE2oE/GmlB hZAG9uqHdsoiYTSRksjZQkRLj8c2XHNr5l/cM/BRHF2pZBtPdzcxS1A4RQtGaXnQ0oxN FATw== X-Gm-Message-State: AOAM531sj147vZpV4LNDNZCfm2UQmRlRIKyytqs29TSNEqsXHXd4dzpy 3lYzWFVGlkulPhgTcj4GX7JaWXb56gas0sQL0l/sbMY= X-Received: by 2002:a17:906:1a59:: with SMTP id j25mr25594636ejf.398.1595366195416; Tue, 21 Jul 2020 14:16:35 -0700 (PDT) MIME-Version: 1.0 References: <6effbbd4574407d6af21162e57d9102d5f8b02ed.1594664015.git.rgb@redhat.com> <20200714174353.ds7lj3iisy67t2zu@madcap2.tricolour.ca> <20200714210027.me2ieywjfcsf4v5r@madcap2.tricolour.ca> In-Reply-To: From: Paul Moore Date: Tue, 21 Jul 2020 17:16:24 -0400 Message-ID: Subject: Re: [PATCH ghak84 v4] audit: purge audit_log_string from the intra-kernel audit API To: John Johansen Cc: Richard Guy Briggs , Linux-Audit Mailing List , LKML , Linux Security Module list , Eric Paris Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 21, 2020 at 3:31 PM John Johansen wrote: > On 7/21/20 8:19 AM, Paul Moore wrote: > > On Tue, Jul 14, 2020 at 5:00 PM Richard Guy Briggs wrote: > >> On 2020-07-14 16:29, Paul Moore wrote: > >>> On Tue, Jul 14, 2020 at 1:44 PM Richard Guy Briggs wrote: > >>>> On 2020-07-14 12:21, Paul Moore wrote: > >>>>> On Mon, Jul 13, 2020 at 3:52 PM Richard Guy Briggs wrote: > >>>>>> > >>>>>> audit_log_string() was inteded to be an internal audit function and > >>>>>> since there are only two internal uses, remove them. Purge all external > >>>>>> uses of it by restructuring code to use an existing audit_log_format() > >>>>>> or using audit_log_format(). > >>>>>> > >>>>>> Please see the upstream issue > >>>>>> https://github.com/linux-audit/audit-kernel/issues/84 > >>>>>> > >>>>>> Signed-off-by: Richard Guy Briggs > >>>>>> --- > >>>>>> Passes audit-testsuite. > >>>>>> > >>>>>> Changelog: > >>>>>> v4 > >>>>>> - use double quotes in all replaced audit_log_string() calls > >>>>>> > >>>>>> v3 > >>>>>> - fix two warning: non-void function does not return a value in all control paths > >>>>>> Reported-by: kernel test robot > >>>>>> > >>>>>> v2 > >>>>>> - restructure to piggyback on existing audit_log_format() calls, checking quoting needs for each. > >>>>>> > >>>>>> v1 Vlad Dronov > >>>>>> - https://github.com/nefigtut/audit-kernel/commit/dbbcba46335a002f44b05874153a85b9cc18aebf > >>>>>> > >>>>>> include/linux/audit.h | 5 ----- > >>>>>> kernel/audit.c | 4 ++-- > >>>>>> security/apparmor/audit.c | 10 ++++------ > >>>>>> security/apparmor/file.c | 25 +++++++------------------ > >>>>>> security/apparmor/ipc.c | 46 +++++++++++++++++++++++----------------------- > >>>>>> security/apparmor/net.c | 14 ++++++++------ > >>>>>> security/lsm_audit.c | 4 ++-- > >>>>>> 7 files changed, 46 insertions(+), 62 deletions(-) > >>>>> > >>>>> Thanks for restoring the quotes, just one question below ... > >>>>> > >>>>>> diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c > >>>>>> index 4ecedffbdd33..fe36d112aad9 100644 > >>>>>> --- a/security/apparmor/ipc.c > >>>>>> +++ b/security/apparmor/ipc.c > >>>>>> @@ -20,25 +20,23 @@ > >>>>>> > >>>>>> /** > >>>>>> * audit_ptrace_mask - convert mask to permission string > >>>>>> - * @buffer: buffer to write string to (NOT NULL) > >>>>>> * @mask: permission mask to convert > >>>>>> + * > >>>>>> + * Returns: pointer to static string > >>>>>> */ > >>>>>> -static void audit_ptrace_mask(struct audit_buffer *ab, u32 mask) > >>>>>> +static const char *audit_ptrace_mask(u32 mask) > >>>>>> { > >>>>>> switch (mask) { > >>>>>> case MAY_READ: > >>>>>> - audit_log_string(ab, "read"); > >>>>>> - break; > >>>>>> + return "read"; > >>>>>> case MAY_WRITE: > >>>>>> - audit_log_string(ab, "trace"); > >>>>>> - break; > >>>>>> + return "trace"; > >>>>>> case AA_MAY_BE_READ: > >>>>>> - audit_log_string(ab, "readby"); > >>>>>> - break; > >>>>>> + return "readby"; > >>>>>> case AA_MAY_BE_TRACED: > >>>>>> - audit_log_string(ab, "tracedby"); > >>>>>> - break; > >>>>>> + return "tracedby"; > >>>>>> } > >>>>>> + return ""; > >>>>> > >>>>> Are we okay with this returning an empty string ("") in this case? > >>>>> Should it be a question mark ("?")? > >>>>> > >>>>> My guess is that userspace parsing should be okay since it still has > >>>>> quotes, I'm just not sure if we wanted to use a question mark as we do > >>>>> in other cases where the field value is empty/unknown. > >>>> > >>>> Previously, it would have been an empty value, not even double quotes. > >>>> "?" might be an improvement. > >>> > >>> Did you want to fix that now in this patch, or leave it to later? As > >>> I said above, I'm not too bothered by it with the quotes so either way > >>> is fine by me. > >> > >> I'd defer to Steve, otherwise I'd say leave it, since there wasn't > >> anything there before and this makes that more evident. > >> > >>> John, I'm assuming you are okay with this patch? > > > > With no comments from John or Steve in the past week, I've gone ahead > > and merged the patch into audit/next. > > sorry, for some reason I thought a new iteration of this was coming. > > the patch is fine, the empty unknown value should be possible here > so changing it to "?" won't affect anything. Yeah, I was kind of on the fence about requiring a new version from Richard. I think "?" is arguably the right approach, but I don't think it matters enough to force the issue. If it proves to be problematic we can fix it later. Regardless, it's in audit/next now. -- paul moore www.paul-moore.com