[PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm
Casey Schaufler
casey at schaufler-ca.com
Mon Jun 3 22:23:07 UTC 2019
On 6/1/2019 7:03 PM, Kees Cook wrote:
> On Fri, May 31, 2019 at 04:09:44PM -0700, Casey Schaufler wrote:
>> Remove lsm_export scaffolding around audit_sig_sid by
>> changing the u32 secid into an lsm_export structure named
>> audit_sig_lsm.
>>
>> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
>> ---
>> include/linux/security.h | 7 +++++++
>> kernel/audit.c | 18 ++++++++----------
>> kernel/audit.h | 2 +-
>> kernel/auditsc.c | 3 +--
>> 4 files changed, 17 insertions(+), 13 deletions(-)
>>
>> diff --git a/include/linux/security.h b/include/linux/security.h
>> index 40aa7b9f3c83..e76d7a9dbe50 100644
>> --- a/include/linux/security.h
>> +++ b/include/linux/security.h
>> @@ -93,6 +93,13 @@ static inline void lsm_export_init(struct lsm_export *l)
>> memset(l, 0, sizeof(*l));
>> }
>>
>> +static inline bool lsm_export_any(struct lsm_export *l)
>> +{
>> + return (((l->flags & LSM_EXPORT_SELINUX) && l->selinux) ||
>> + ((l->flags & LSM_EXPORT_SMACK) && l->smack) ||
>> + ((l->flags & LSM_EXPORT_APPARMOR) && l->apparmor));
>> +}
> All of these helpers need kerndoc.
Point.
> Bikeshed on naming:
> - struct lsm_export renamed to lsm_secid
I want to get away from the expectation that what an
LSM exports has to be a u32 secid. It's not in any patchset
yet, but I plan to replace the Smack u32 with a struct smack_known *
at some point in the future. That will require a little work
in the secmark code, but will have significant performance
improvement in audit and UDS.
> - lsm_export_any renamed to lsm_secid_defined() or ..._is_set() or
> ..._non_zero() ?
I'll admit lsm_export_any() isn't a great name. The state it has
to convey is "some LSM has set a value, and it isn't an error value."
Like "secid != 0", except that it matters whether the 0 came from
secid having never been set, as opposed to it was set because something
went wrong. At the same time, I don't want it to imply that the value
is set for all LSMs, because it may not be. That's why I used "any".
Some LSM *has* set a value. That value may not be the one you're hoping
for, but you may need to call the subsystem (e.g.audit) that's going to
look.
Maybe lsm_export_is_interesting()?
I'd love to discover there's a convention I could adhere to.
More information about the Linux-security-module-archive
mailing list