Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp541154iob; Wed, 4 May 2022 02:36:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx3gkj9zzZmEOctvguyGMZJnqOLW/8xH0UagJhP7CfO45G9WsOCmeV3U1h7Of13SY2OhUne X-Received: by 2002:aa7:9255:0:b0:505:a44b:275c with SMTP id 21-20020aa79255000000b00505a44b275cmr19883375pfp.40.1651656972564; Wed, 04 May 2022 02:36:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651656972; cv=none; d=google.com; s=arc-20160816; b=r/davjHVMl+CXpqkwAm5OSxO2HJJWd8gNInWM8Km+fIqxJuAQ5rz3qS5u9AC2Kf/Of ZlZgMyl8yfYS9M52Qzr8Jcn79G01mqEA5spzvMyTxAJ6BW4b3RpYQQalS0i4ooRZxpPH 6R22teROLNWxtDMDpQ0DmYHypmvP9ciX0TwAaJrPp/ZHfRLdpLNrdwrlYCIl8s34e4/w v5XqgkMkPZl9EUEwUXPyooZGsxDbigNSmHRveTwsV1YZl0SZ9CHV0/mM48vzEphHR9b5 wOJyusWcdCasvz2SQ0tz5xN4/ox5WRfuwRjzgWF1eCLMv/zdw2aiolI8IeE/5vgbmGAF gxGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=F1Z4/d6DDe3J/2+a6zGvXw/SwahIrpiTzs4QPSGop1Q=; b=jFxbVeyc7dRSYWkOIJfVUgcmWxJNr6NWH4WK5X3I9b2zGmSMoILXBXN6TDctO2NXwf QPtyCBslGKBRvKU9FoHH1lN9ABGb2ICVm4U4KvNnbzUZKIgXGbr3C7sfnY6PB8LeO7UZ kyq9R4XxMrOqbb0Y8kOfRT++rnL8oluQfEXkcuaXKuPNRIvZMAlEowfvixWm16y/22sM /67BxfIYhlkJGAFyadfiEXoIrq+gKW1C5OZMQgXpxiamS1PQcqf0d9LOCTvZzPo9C8GC vteXebJM0bLNeqxoldD2LaQFq3U/m9nisQQKAW7TDYN3ZmQmazBnbuowaCRhRAJPW6po QL6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=AhDLELav; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q3-20020a17090311c300b00153b2d1659esi21599038plh.422.2022.05.04.02.35.57; Wed, 04 May 2022 02:36:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=AhDLELav; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233320AbiECUQA (ORCPT + 99 others); Tue, 3 May 2022 16:16:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56230 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242396AbiECUPj (ORCPT ); Tue, 3 May 2022 16:15:39 -0400 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2559D40E52 for ; Tue, 3 May 2022 13:10:54 -0700 (PDT) Received: by mail-pj1-x1035.google.com with SMTP id m14-20020a17090a34ce00b001d5fe250e23so2916044pjf.3 for ; Tue, 03 May 2022 13:10:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=F1Z4/d6DDe3J/2+a6zGvXw/SwahIrpiTzs4QPSGop1Q=; b=AhDLELavTudJm4Q4HJmBysN8XtrTMfFnCe15RLGV4KJnUqdms/L3RqTK7tRVF4QFVC T6H+NTDqgYEzJEVqsZdpnLa+6ApN4LBlt6glH8keHBix5Y828v4Fwk4F8EAVosiwPEt8 hWWFmf4NCVfMVLqHTyCJcaJDHAeQIdUUkXs1dj8yQN4H8MsJ/K+51jHPKxSBqGOP5J3Y it8s9sBRuEku0sppDBxiZN4y2pWV6M1ulo5q+Wc49JUTMJ9GBDpBJ7nJvoNkRAkpQCkP XbCyCFRw74gGN4A95lOX6TXnYvydrTRttTx4839DDBzRNwd443p7jf8iMZ8HrbCcE38S 1Tgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=F1Z4/d6DDe3J/2+a6zGvXw/SwahIrpiTzs4QPSGop1Q=; b=mlk0Szsq0qw2zEdbTI928rTgSvNI6y9HgzFhLEdvs/oLnS19TcN8ReZb40IOGLLjAQ mPMo6oS6LXgxpblWje8/PQ7aTlVVvWw8Ibo1oATFymZGUgUqB/oEUGKicUxkAui/GaT1 00jQ2DKt4w0r7TN7YnFfqbKghXbTu0zfoFEhPBMJ7efcXH7WikSIMfLEF9PZFjqi1oge VwAWWA6iV97b1/yfZ94EBjNrku1pmcs4IEjydgK1Dr2fyxIeRHka3kus9UiZdLr3ehnN eJaLy7qGHdoYoxCZZvLnpfOMgmz9CD4gmVDCihbG/XAkvBXmq0Bu5b3K9naC8a50YhyO 8+Iw== X-Gm-Message-State: AOAM532GUDxVqPsCT3DG7NrMGe5Nqr3HyinvbxfR4Db86RN9SkCN6ZqE +n9q1PxLrDOjHMAD3yzCEVglOep7qapQR5PAT9J5 X-Received: by 2002:a17:902:b094:b0:15c:dee8:74c8 with SMTP id p20-20020a170902b09400b0015cdee874c8mr18100490plr.6.1651608653214; Tue, 03 May 2022 13:10:53 -0700 (PDT) MIME-Version: 1.0 References: <20220217143457.75229-1-cgzones@googlemail.com> <20220308170928.58040-1-cgzones@googlemail.com> In-Reply-To: From: Paul Moore Date: Tue, 3 May 2022 16:10:42 -0400 Message-ID: Subject: Re: [PATCH v2] selinux: log anon inode class name To: =?UTF-8?Q?Christian_G=C3=B6ttsche?= Cc: SElinux list , James Morris , "Serge E. Hallyn" , Stephen Smalley , Eric Paris , Richard Guy Briggs , Ondrej Mosnacek , Linux kernel mailing list , linux-security-module@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 2, 2022 at 9:39 AM Christian G=C3=B6ttsche wrote: > On Wed, 27 Apr 2022 at 15:19, Paul Moore wrote: > > On Mon, Apr 4, 2022 at 4:18 PM Paul Moore wrote: > > > On Tue, Mar 8, 2022 at 12:09 PM Christian G=C3=B6ttsche > > > wrote: > > > > > > > > Log the anonymous inode class name in the security hook > > > > inode_init_security_anon. This name is the key for name based type > > > > transitions on the anon_inode security class on creation. Example: > > > > > > > > type=3DAVC msg=3Daudit(02/16/22 22:02:50.585:216) : avc: grant= ed \ > > > > { create } for pid=3D2136 comm=3Dmariadbd anonclass=3D"[io= _uring]" \ > > > > scontext=3Dsystem_u:system_r:mysqld_t:s0 \ > > > > tcontext=3Dsystem_u:system_r:mysqld_iouring_t:s0 tclass=3Da= non_inode > > > > > > > > Add a new LSM audit data type holding the inode and the class name. > > > > > > > > Signed-off-by: Christian G=C3=B6ttsche > > > > > > > > --- > > > > v2: > > > > - drop dev=3D and name=3D output for anonymous inodes, and hence = simplify > > > > the common_audit_data union member. > > > > - drop WARN_ON() on empty name passed to inode_init_security_anon= hook > > > > --- > > > > include/linux/lsm_audit.h | 2 ++ > > > > security/lsm_audit.c | 4 ++++ > > > > security/selinux/hooks.c | 4 ++-- > > > > 3 files changed, 8 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h > > > > index 17d02eda9538..97a8b21eb033 100644 > > > > --- a/include/linux/lsm_audit.h > > > > +++ b/include/linux/lsm_audit.h > > > > @@ -76,6 +76,7 @@ struct common_audit_data { > > > > #define LSM_AUDIT_DATA_IBENDPORT 14 > > > > #define LSM_AUDIT_DATA_LOCKDOWN 15 > > > > #define LSM_AUDIT_DATA_NOTIFICATION 16 > > > > +#define LSM_AUDIT_DATA_ANONINODE 17 > > > > union { > > > > struct path path; > > > > struct dentry *dentry; > > > > @@ -96,6 +97,7 @@ struct common_audit_data { > > > > struct lsm_ibpkey_audit *ibpkey; > > > > struct lsm_ibendport_audit *ibendport; > > > > int reason; > > > > + const char *anonclass; > > > > } u; > > > > /* this union contains LSM specific data */ > > > > union { > > > > diff --git a/security/lsm_audit.c b/security/lsm_audit.c > > > > index 1897cbf6fc69..981f6a4e4590 100644 > > > > --- a/security/lsm_audit.c > > > > +++ b/security/lsm_audit.c > > > > @@ -433,6 +433,10 @@ static void dump_common_audit_data(struct audi= t_buffer *ab, > > > > audit_log_format(ab, " lockdown_reason=3D\"%s\"", > > > > lockdown_reasons[a->u.reason]); > > > > break; > > > > + case LSM_AUDIT_DATA_ANONINODE: > > > > + audit_log_format(ab, " anonclass=3D"); > > > > + audit_log_untrustedstring(ab, a->u.anonclass); > > > > > > My apologies, I didn't notice this in the previous patch ... I don't > > > think we need to log this as an untrusted string as the string value > > > is coming from the kernel, not userspace, so we could rewrite the > > > above as the following: > > > > > > audit_log_format(ab, " anonclass=3D%s", a->u.anonclass); > > > > > > ... if you are okay with that, I can make the change when I merge the > > > patch or you can submit another revision, let me know which you would > > > prefer. > > Feel free to adjust while merging, thanks. Adjusted and merged, thanks. --=20 paul-moore.com