Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp4574822ioa;
        Wed, 27 Apr 2022 06:47:37 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxX7XY1XWbMsiHvc15RN2zD36MaBQsum56EmamOGsLjdb6ezOUlCTkZgGqiWXKLcBK8Qr4b
X-Received: by 2002:a17:90b:502:b0:1d9:a907:d845 with SMTP id r2-20020a17090b050200b001d9a907d845mr10890246pjz.162.1651067257600;
        Wed, 27 Apr 2022 06:47:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1651067257; cv=none;
        d=google.com; s=arc-20160816;
        b=fXOGP4/RpXPUYy0TJm0Mun/pV7DViijm9hvJaCBL72ed/TtGtc42Q8wjF16yypQIe2
         VxAYImGkdjwqyDhSXFvM/NeId0LhX+3tBFKOfuvw6pmjcTYxgEwbwAM7lkxcwQMDsU/v
         5+JbwUIRTVsJxZaSYFqJz47OE0WRK21I8XOivsl7FTEOPU3GpUTTya5VPvmik4fqvmjc
         TU+JrPqfVhFWy7ncb+/1GsIBtApu3HdtKyHuZU+ndviVtRg0oDtkAKpS9Y7D6SN0FYXR
         5zhKNIe5sgFF7IJr2y1jn3ZeX5Umftquxg1u0dlt1k8t6qWrqjwiBch/uZN69nOUxkKx
         CDAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=tN2tlewy0jrtdqoRAyVen4TTXWYKbcGUUb+F7FNds44=;
        b=tezvpRbxe5lP9hzVfcUhhAQn5AOMiNCxXR2u4t+0Kzk05wgSDHxs7xu29Dp8rpJ8GI
         7VDQBF0h4Su1X1brTfG1iQcQpe3mgtBOm90och7bckf+Px5RKwZnxInYoW5CC85uxA2y
         U96pkWxeBZ1C5/bTWIABNA74PK5zHoRNsP9ANqxwCgfP2A17TpFm+dZ240mYDDh8vQ1U
         UTnHFiyVAXU9ij2PPZHw23kC3QzJdQFLH/hy4NT076N92LbHHNi8FRhQOF8Gs+xzB/vP
         pmQYpiF8pMJekUeLzr//W5I8SjyUfwRXwNMIUbxzzNoz+G15jqXjzOoYcWb3/CvASKYT
         FyBg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=sILlvjao;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id t190-20020a6381c7000000b003ab22403d93si1503748pgd.109.2022.04.27.06.47.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 27 Apr 2022 06:47:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=sILlvjao;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id E1D792BB31;
	Wed, 27 Apr 2022 06:20:13 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235421AbiD0NWc (ORCPT <rfc822;andrew.melo@gmail.com>
        + 99 others); Wed, 27 Apr 2022 09:22:32 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48466 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235449AbiD0NW1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 27 Apr 2022 09:22:27 -0400
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B767D220D8
        for <linux-kernel@vger.kernel.org>; Wed, 27 Apr 2022 06:19:07 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id e24so2459609wrc.9
        for <linux-kernel@vger.kernel.org>; Wed, 27 Apr 2022 06:19:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20210112.gappssmtp.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=tN2tlewy0jrtdqoRAyVen4TTXWYKbcGUUb+F7FNds44=;
        b=sILlvjaoa79+Jq01+MGUwsyPooetRBFU1iAlpEECl2cPudJppo1YinTxtU6abSgyo/
         QTA8Zal/mY1bq/1gXa5bGs4VCzXMxQlrYPPkvWhOuipPIJddCI7Pl5S355jWcNB+KXTF
         copiZnvjqGPWxS19fl3NAkgziHJJbzpJxxIpU/iRFfS3o9ahS+EiHPRyrAZZv0dneyrr
         5vcYzflMyfO1bzHOj2sjGFMgAZxmEtB1HqdkKRvTR8P7rovFcv6QLT51Qe+3Lot7TJgV
         eu9bENb+UHFZIHYs8z+oKsQfqK0SHXvNR9xROa3FqIXFFz326OB6yvDRdAPvR++9Xxln
         FavA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=tN2tlewy0jrtdqoRAyVen4TTXWYKbcGUUb+F7FNds44=;
        b=ebL9AU7j5APoBdVD9rXNt7taBsRPfEPj9ciudSB3uPuw9bjsJJ9GgvYtqOFgobIV1G
         C6aTYLLe2SuUvxlbQKmYydxzVRAAq8qa7vYONFN1nwUbKX5kJzaf63LXrhWgdL6xx0Q2
         b6+zyMFZGVDHfVDmhFkCdFZbfavfIhGhdFW674XeKEu3OfBLlTIrFn5dvVDrgGKO2Eti
         UWJzjQ6P02s9r3DnK4ppc2ZSBP8PFByXkcOIVfUolZ8bpYuQPuqWJkpbp+G+2hgaOmmi
         dO3kiG8meBowOVP6ePtrybQEnM/lu28N6EuLPEf9MM3e3R/sYuGS/xqpo6WLBnIwEB9F
         EAcA==
X-Gm-Message-State: AOAM531VK8dYYv70nrlrRxGXwg0gvMmW6UdHY7tor2eRq6ecdkosRqDh
        6xJKDsmHlbSuUxcaxkWWMs5/W27nB7X6riSWah/f
X-Received: by 2002:a05:6000:10cc:b0:20a:de6f:3c48 with SMTP id
 b12-20020a05600010cc00b0020ade6f3c48mr10712609wrx.650.1651065546145; Wed, 27
 Apr 2022 06:19:06 -0700 (PDT)
MIME-Version: 1.0
References: <20220217143457.75229-1-cgzones@googlemail.com>
 <20220308170928.58040-1-cgzones@googlemail.com> <CAHC9VhSiqvCbKQHYTGAj3vqECNto6eNm0MyzLd92kcJnvZSw1A@mail.gmail.com>
In-Reply-To: <CAHC9VhSiqvCbKQHYTGAj3vqECNto6eNm0MyzLd92kcJnvZSw1A@mail.gmail.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Wed, 27 Apr 2022 09:18:55 -0400
Message-ID: <CAHC9VhR1d2aLKsZOxLb6b1uuTcWOpnJ22S5=mXygvjcv6Sm=xg@mail.gmail.com>
Subject: Re: [PATCH v2] selinux: log anon inode class name
To:     =?UTF-8?Q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
Cc:     selinux@vger.kernel.org, James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Eric Paris <eparis@parisplace.org>,
        Richard Guy Briggs <rgb@redhat.com>,
        Ondrej Mosnacek <omosnace@redhat.com>,
        linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE,
	SPF_HELO_NONE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Apr 4, 2022 at 4:18 PM Paul Moore <paul@paul-moore.com> wrote:
> On Tue, Mar 8, 2022 at 12:09 PM Christian G=C3=B6ttsche
> <cgzones@googlemail.com> wrote:
> >
> > Log the anonymous inode class name in the security hook
> > inode_init_security_anon.  This name is the key for name based type
> > transitions on the anon_inode security class on creation.  Example:
> >
> >     type=3DAVC msg=3Daudit(02/16/22 22:02:50.585:216) : avc:  granted \
> >         { create } for  pid=3D2136 comm=3Dmariadbd anonclass=3D"[io_uri=
ng]" \
> >         scontext=3Dsystem_u:system_r:mysqld_t:s0 \
> >         tcontext=3Dsystem_u:system_r:mysqld_iouring_t:s0 tclass=3Danon_=
inode
> >
> > Add a new LSM audit data type holding the inode and the class name.
> >
> > Signed-off-by: Christian G=C3=B6ttsche <cgzones@googlemail.com>
> >
> > ---
> > v2:
> >   - drop dev=3D and name=3D output for anonymous inodes, and hence simp=
lify
> >     the common_audit_data union member.
> >   - drop WARN_ON() on empty name passed to inode_init_security_anon hoo=
k
> > ---
> >  include/linux/lsm_audit.h | 2 ++
> >  security/lsm_audit.c      | 4 ++++
> >  security/selinux/hooks.c  | 4 ++--
> >  3 files changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
> > index 17d02eda9538..97a8b21eb033 100644
> > --- a/include/linux/lsm_audit.h
> > +++ b/include/linux/lsm_audit.h
> > @@ -76,6 +76,7 @@ struct common_audit_data {
> >  #define LSM_AUDIT_DATA_IBENDPORT 14
> >  #define LSM_AUDIT_DATA_LOCKDOWN 15
> >  #define LSM_AUDIT_DATA_NOTIFICATION 16
> > +#define LSM_AUDIT_DATA_ANONINODE       17
> >         union   {
> >                 struct path path;
> >                 struct dentry *dentry;
> > @@ -96,6 +97,7 @@ struct common_audit_data {
> >                 struct lsm_ibpkey_audit *ibpkey;
> >                 struct lsm_ibendport_audit *ibendport;
> >                 int reason;
> > +               const char *anonclass;
> >         } u;
> >         /* this union contains LSM specific data */
> >         union {
> > diff --git a/security/lsm_audit.c b/security/lsm_audit.c
> > index 1897cbf6fc69..981f6a4e4590 100644
> > --- a/security/lsm_audit.c
> > +++ b/security/lsm_audit.c
> > @@ -433,6 +433,10 @@ static void dump_common_audit_data(struct audit_bu=
ffer *ab,
> >                 audit_log_format(ab, " lockdown_reason=3D\"%s\"",
> >                                  lockdown_reasons[a->u.reason]);
> >                 break;
> > +       case LSM_AUDIT_DATA_ANONINODE:
> > +               audit_log_format(ab, " anonclass=3D");
> > +               audit_log_untrustedstring(ab, a->u.anonclass);
>
> My apologies, I didn't notice this in the previous patch ... I don't
> think we need to log this as an untrusted string as the string value
> is coming from the kernel, not userspace, so we could rewrite the
> above as the following:
>
>   audit_log_format(ab, " anonclass=3D%s", a->u.anonclass);
>
> ... if you are okay with that, I can make the change when I merge the
> patch or you can submit another revision, let me know which you would
> prefer.
>
> The rest of the patch looks good, thanks!

Hi Christian,

I just wanted to follow up on this as we are at -rc4 this week and if
we want this to go during the next merge window this would need to be
merged soon ...

--=20
paul-moore.com