Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp937503pxp;
        Wed, 16 Mar 2022 21:57:40 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwFqyLfYtlDZSr4PGTSjSd0HbtJXjdJW/Y82TdVl9mMFDQa+r7NAlLXZLY2ERkpvUQplJmP
X-Received: by 2002:a17:90a:5402:b0:1b9:68e8:282e with SMTP id z2-20020a17090a540200b001b968e8282emr3338337pjh.62.1647493060232;
        Wed, 16 Mar 2022 21:57:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1647493060; cv=none;
        d=google.com; s=arc-20160816;
        b=VuNOTSJ1xgNTeovcksZnJAfTtX0CPbRG0gMb/fYqKjaOxvkubdblfsen2LfSUb07jF
         qNDhOqRgyUkZdxxWqL2Z+dChXsW/DHn4+MbQhiHFB0NuaqB/6MOV8joA950TC7BEyA8V
         6PiaFBwP7WYhlRF/+W9QNuZLWqIu8/8iKUpWvHp2Ewyv9o+Oi6YyZJCTM9Pr8bzgsJIe
         Qw1EMMlmBg7+E5pS+T46PkmJPNbJeQURr0QxbSGpKTXg6SFE8MOPTsbEeThrjwFEUTvh
         HDpFvPjoAuz7XtGV710Lj1UVJu5O1pMRg5Oox1fz9UZNUvJhlSyUAOIMuAueRfPgaA+x
         Hnyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=c4yJTBFrYxfC9d71JFIt7TJ1Pyac9aie49haagZLT7M=;
        b=bemLWa5ghhfT2XVMmNn2FnmATP69agC/ArJk5SSWFJ48dtZIz3ZUzI9/EaK5S3dJIr
         QpCHsVE0SEM+OvTSRFcojsztFLBi8HmeCMxVZGEuidI9Z9+z5riHksUrqJayto/+9Vyz
         PZR8ozu4yys2h2hwGtdKmKHh58pEZRHduFbX++hE8nDbKnbpIY61OIE1Nf7jQAfyswBr
         I7A1R/VCO1Cu8QkiZMZ36oAY5IwIuzS9AL/1ED96VF3AZA2qhdtylq4GAMsEDRN41uLM
         TEjaRHP6gJAOIP3/3/8/AwApNHvQ/yRRzEaBAVD+UtZWHnxMTQ2sO8QZk7pVheuVCVpl
         S9Ww==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=3gDlKTc4;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id s18-20020a17090302d200b0014a26adbdddsi3611068plk.398.2022.03.16.21.57.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Mar 2022 21:57:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=3gDlKTc4;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id E236918021B;
	Wed, 16 Mar 2022 21:13:32 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352876AbiCPBJ5 (ORCPT <rfc822;vegard.nossum@gmail.com>
        + 99 others); Tue, 15 Mar 2022 21:09:57 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39212 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1348762AbiCPBJx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 15 Mar 2022 21:09:53 -0400
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8000243EE2
        for <linux-kernel@vger.kernel.org>; Tue, 15 Mar 2022 18:08:37 -0700 (PDT)
Received: by mail-ej1-x631.google.com with SMTP id dr20so1127733ejc.6
        for <linux-kernel@vger.kernel.org>; Tue, 15 Mar 2022 18:08:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20210112.gappssmtp.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=c4yJTBFrYxfC9d71JFIt7TJ1Pyac9aie49haagZLT7M=;
        b=3gDlKTc4TJ5D37yFflHfb3SjMMeRE6vABJRAxukK3Wbi9sS86YcFxRL/T+d7J0y+rW
         kgf5CLNBMiGVhrblLVvXHsM4xVl8lKjQ2Aaxod5fquAk3Sw6F5Xo77feHzQfr6DzN6fA
         Vto75EWTlMCvkOmoXymTVFMduLDSYEg98V1xl56vheSaEh2N20EZF95fEFA50i+rkirG
         19QNzBGD43yNleI5RahGLzuq54uKlRleHuHvG+1HDnXxei/ukuUKiWad494s+nR+G27I
         W3YSuzYNlf9Fr/gmNE+2DIP+I77g+dLK7bxpi8JFVbA6sfDc+0B7vwsGv9t5bllW1hFH
         K8vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=c4yJTBFrYxfC9d71JFIt7TJ1Pyac9aie49haagZLT7M=;
        b=nxfvKlCQOWrnpJcXyWoBxEMjYQc7ZklRUkofvtXW3Na1BnqawaD5PvtytGT+ayYmrs
         X5OVlmIKsEUm8UDwIrh7uEmKcxLWY5VZs5qyvoaBPDskAJQWsgHYk1i3oU7+Yrm81pz/
         TpzjJGKficaYjewjwKdAc0LHHe+9nEdZZZtfcAPN4PLyoNqActm3cbtCFBvykuAmCrQC
         ys0G6ECuBn3ta75HW5Re018CnanJVRBwRkix/W4cCOjoLshjl/C9Dj97LBXJnzILnVjU
         Xjp6ilimXipxXqtZPRB8E/dFL4spyjPjXWrIEsdLQFo46cyQf0JgJLLy2NNeE2N5IN1t
         UR+Q==
X-Gm-Message-State: AOAM532Tq2iuXb8BSBqpiqkk1FL1k+3TEHOPUOlVHxuvMI0isvG9kfmq
        AmW7zy0FLbeW7BgwnQYZ5LzC8rihod2zmegkFxg1
X-Received: by 2002:a17:907:9803:b0:6db:ab21:738e with SMTP id
 ji3-20020a170907980300b006dbab21738emr17937334ejc.112.1647392915955; Tue, 15
 Mar 2022 18:08:35 -0700 (PDT)
MIME-Version: 1.0
References: <20220310234632.16194-1-casey@schaufler-ca.com>
 <20220310234632.16194-28-casey@schaufler-ca.com> <CAHC9VhQWv+04hETu3keU7Ev2nLn5MARW2R_p5hKVp3OfhD185A@mail.gmail.com>
 <987800d2-797c-e780-60f5-0e499081572f@schaufler-ca.com>
In-Reply-To: <987800d2-797c-e780-60f5-0e499081572f@schaufler-ca.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Tue, 15 Mar 2022 21:08:24 -0400
Message-ID: <CAHC9VhSYYy2_cTqZuDrVdoCboMeaUPy0a-1ArRpAhiMYr58r3g@mail.gmail.com>
Subject: Re: [PATCH v33 27/29] Audit: Add record for multiple object security contexts
To:     Casey Schaufler <casey@schaufler-ca.com>
Cc:     casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
        linux-audit@redhat.com, keescook@chromium.org,
        john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
        stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE,
	SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Mar 15, 2022 at 8:23 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
> On 3/15/2022 4:47 PM, Paul Moore wrote:
> > On Thu, Mar 10, 2022 at 7:01 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
> >> Create a new audit record AUDIT_MAC_OBJ_CONTEXTS.
> >> An example of the MAC_OBJ_CONTEXTS (1421) record is:
> >>
> >>      type=MAC_OBJ_CONTEXTS[1421]
> >>      msg=audit(1601152467.009:1050):
> >>      obj_selinux=unconfined_u:object_r:user_home_t:s0
> >>
> >> When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record
> >> the "obj=" field in other records in the event will be "obj=?".
> >> An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has
> >> multiple security modules that may make access decisions based
> >> on an object security context.
> >>
> >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> >> ---
> >>   include/linux/audit.h      |  5 +++
> >>   include/uapi/linux/audit.h |  1 +
> >>   kernel/audit.c             | 47 +++++++++++++++++++++++
> >>   kernel/auditsc.c           | 79 ++++++++++++--------------------------
> >>   4 files changed, 77 insertions(+), 55 deletions(-)

...

> >> @@ -1373,18 +1362,10 @@ static void show_special(struct audit_context *context, int *call_panic)
> >>                                   from_kgid(&init_user_ns, context->ipc.gid),
> >>                                   context->ipc.mode);
> >>                  if (osid) {
> >> -                       struct lsmcontext lsmcxt;
> >>                          struct lsmblob blob;
> >>
> >>                          lsmblob_init(&blob, osid);
> >> -                       if (security_secid_to_secctx(&blob, &lsmcxt,
> >> -                                                    LSMBLOB_FIRST)) {
> >> -                               audit_log_format(ab, " osid=%u", osid);
> >> -                               *call_panic = 1;
> >> -                       } else {
> >> -                               audit_log_format(ab, " obj=%s", lsmcxt.context);
> >> -                               security_release_secctx(&lsmcxt);
> >> -                       }
> >> +                       audit_log_object_context(ab, &blob);
> > While we lose the "osid=X" in case of failure, the secid/SID is a
> > private kernel value meaning it was always of questionable value.
>
> I could come up with a change to audit_log_object_context() that
> would put out an osid= in the single security module case. I would
> prefer not to if that would be acceptable.

What I think you have right now is fine.  I thought others might point
out the field differences so I was trying to say that the existing
code really isn't very useful in case of error, there is no practical
way for someone in userspace to do anything meaningful with an
osid/secid/SID value as they are transient kernel-private values.

My apologies for the confusion.

-- 
paul-moore.com