rpms/kernel/devel linux-2.6-audit-rename.patch, NONE, 1.1.2.1 kernel-2.6.spec, 1.2293.2.4, 1.2293.2.5 linux-2.6-audit-by-object.patch, 1.1.2.1, 1.1.2.2
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jun 29 23:31:04 UTC 2006
- Previous message (by thread): rpms/evolution/devel evolution-2.7.3-mailing-list-menu.patch, NONE, 1.1 evolution.spec, 1.156, 1.157
- Next message (by thread): rpms/kasumi/devel kasumi-2.0.1-errorcode.patch, NONE, 1.1 .cvsignore, 1.6, 1.7 kasumi.spec, 1.17, 1.18 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: sgrubb
Update of /cvs/dist/rpms/kernel/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv5570
Modified Files:
Tag: private-lspp-37-branch
kernel-2.6.spec linux-2.6-audit-by-object.patch
Added Files:
Tag: private-lspp-37-branch
linux-2.6-audit-rename.patch
Log Message:
* Thu Jun 29 2006 Steve Grubb <sgrubb at redhat.com>
- lspp.41, really apply patch 8 of 8 from Paul
- added improved audit by obj by Darrel
linux-2.6-audit-rename.patch:
include/linux/audit.h | 15 ++++++++----
kernel/auditfilter.c | 50 ++++++++++++++++++++---------------------
kernel/auditsc.c | 10 ++++----
security/selinux/ss/services.c | 32 +++++++++++++-------------
4 files changed, 56 insertions(+), 51 deletions(-)
--- NEW FILE linux-2.6-audit-rename.patch ---
>From dgoeddel at trustedcs.com Thu Jun 29 17:56:39 2006
Return-Path: <dgoeddel at trustedcs.com>
Received: from mail.boston.redhat.com ([unix socket])
by mail.boston.redhat.com (Cyrus v2.1.12) with LMTP; Thu, 29 Jun 2006 17:57:13 -0400
X-Sieve: CMU Sieve 2.2
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
by mail.boston.redhat.com (8.12.8/8.12.8) with ESMTP id k5TLvDel020084
for <sgrubb at boston.redhat.com>; Thu, 29 Jun 2006 17:57:13 -0400
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k5TLvCpQ021948;
Thu, 29 Jun 2006 17:57:12 -0400
Received: from tcsfw4.tcs-sec.com (tcsfw4.tcs-sec.com [65.127.223.133])
by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id k5TLuvTf024106;
Thu, 29 Jun 2006 17:57:03 -0400
Received: (from smmsp at localhost)
by tcsfw4.tcs-sec.com (8.12.2/8.12.2) id k5TLuoAZ014001;
Thu, 29 Jun 2006 17:56:50 -0400 (EDT)
Received: from trauma.tcs-sec.com(192.168.1.16) by tcsfw4.tcs-sec.com via smap (V1.3)
id (null); Thu Jun 29 17:56:45 2006
Received: from chaos.tcs.tcs-sec.com (Not Verified[192.168.1.4]) by trauma.tcs-sec.com with NetIQ MailMarshal (v6,0,3,8)
id <B44a44c9c0000>; Thu, 29 Jun 2006 17:56:44 -0400
Received: from [10.1.10.208] (tcs_pc.tcs-sec.com [10.1.10.208]) by chaos.tcs.tcs-sec.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
id N4CXJJK5; Thu, 29 Jun 2006 17:56:44 -0400
Message-ID: <44A44C97.70102 at trustedcs.com>
Date: Thu, 29 Jun 2006 16:56:39 -0500
From: Darrel Goeddel <dgoeddel at trustedcs.com>
User-Agent: Mozilla Thunderbird 1.0.8-1.1.fc4 (X11/20060501)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Steve Grubb <sgrubb at redhat.com>,
Alexander Viro <aviro at redhat.com>
CC: Stephen Smalley <sds at tycho.nsa.gov>,
James Morris <jmorris at namei.org>,
redhat-lspp at redhat.com
Subject: [PATCH 1/2] audit: rename AUDIT_SE_* constants
Content-Type: text/plain;
charset=ISO-8859-1;
format=flowed
Content-Transfer-Encoding: 7bit
X-RedHat-Spam-Score: -2.613
X-UID: 72571
X-Length: 9854
This patch renames some audit constant definitions and adds
additional definitions used by the following patch. The renaming
avoids ambiguity with respect to the new definitions.
Signed-off-by: Darrel Goeddel <dgoeddel at trustedcs.com>
include/linux/audit.h | 15 ++++++++----
kernel/auditfilter.c | 50 ++++++++++++++++++++---------------------
kernel/auditsc.c | 10 ++++----
security/selinux/ss/services.c | 32 +++++++++++++-------------
4 files changed, 56 insertions(+), 51 deletions(-)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index f7883ec..c5cbd4d 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -152,12 +152,17 @@ #define AUDIT_LOGINUID 9
#define AUDIT_PERS 10
#define AUDIT_ARCH 11
#define AUDIT_MSGTYPE 12
-#define AUDIT_SE_USER 13 /* security label user */
-#define AUDIT_SE_ROLE 14 /* security label role */
-#define AUDIT_SE_TYPE 15 /* security label type */
-#define AUDIT_SE_SEN 16 /* security label sensitivity label */
-#define AUDIT_SE_CLR 17 /* security label clearance label */
+#define AUDIT_SUBJ_USER 13 /* security label user */
+#define AUDIT_SUBJ_ROLE 14 /* security label role */
+#define AUDIT_SUBJ_TYPE 15 /* security label type */
+#define AUDIT_SUBJ_SEN 16 /* security label sensitivity label */
+#define AUDIT_SUBJ_CLR 17 /* security label clearance label */
#define AUDIT_PPID 18
+#define AUDIT_OBJ_USER 19
+#define AUDIT_OBJ_ROLE 20
+#define AUDIT_OBJ_TYPE 21
+#define AUDIT_OBJ_LEV_LOW 22
+#define AUDIT_OBJ_LEV_HIGH 23
/* These are ONLY useful when checking
* at syscall exit time (AUDIT_AT_EXIT). */
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index e98db08..40a9931 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -470,11 +470,11 @@ static struct audit_entry *audit_data_to
case AUDIT_ARG2:
case AUDIT_ARG3:
break;
- case AUDIT_SE_USER:
- case AUDIT_SE_ROLE:
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
+ case AUDIT_SUBJ_USER:
+ case AUDIT_SUBJ_ROLE:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
str = audit_unpack_string(&bufp, &remain, f->val);
if (IS_ERR(str))
goto exit_free;
@@ -611,11 +611,11 @@ static struct audit_rule_data *audit_kru
data->fields[i] = f->type;
data->fieldflags[i] = f->op;
switch(f->type) {
- case AUDIT_SE_USER:
- case AUDIT_SE_ROLE:
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
+ case AUDIT_SUBJ_USER:
+ case AUDIT_SUBJ_ROLE:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
data->buflen += data->values[i] =
audit_pack_string(&bufp, f->se_str);
break;
@@ -654,11 +654,11 @@ static int audit_compare_rule(struct aud
return 1;
switch(a->fields[i].type) {
- case AUDIT_SE_USER:
- case AUDIT_SE_ROLE:
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
+ case AUDIT_SUBJ_USER:
+ case AUDIT_SUBJ_ROLE:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
if (strcmp(a->fields[i].se_str, b->fields[i].se_str))
return 1;
break;
@@ -774,11 +774,11 @@ static struct audit_entry *audit_dupe_ru
* the originals will all be freed when the old rule is freed. */
for (i = 0; i < fcount; i++) {
switch (new->fields[i].type) {
- case AUDIT_SE_USER:
- case AUDIT_SE_ROLE:
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
+ case AUDIT_SUBJ_USER:
+ case AUDIT_SUBJ_ROLE:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
err = audit_dupe_selinux_field(&new->fields[i],
&old->fields[i]);
break;
@@ -1537,11 +1537,11 @@ static inline int audit_rule_has_selinux
for (i = 0; i < rule->field_count; i++) {
struct audit_field *f = &rule->fields[i];
switch (f->type) {
- case AUDIT_SE_USER:
- case AUDIT_SE_ROLE:
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
+ case AUDIT_SUBJ_USER:
+ case AUDIT_SUBJ_ROLE:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
return 1;
}
}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b32ccfa..e183a6f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -321,11 +321,11 @@ static int audit_filter_rules(struct tas
if (ctx)
result = audit_comparator(ctx->loginuid, f->op, f->val);
break;
- case AUDIT_SE_USER:
- case AUDIT_SE_ROLE:
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
+ case AUDIT_SUBJ_USER:
+ case AUDIT_SUBJ_ROLE:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
/* NOTE: this may return negative values indicating
a temporary error. We simply treat this as a
match for now to avoid losing information that
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index d82898c..112484f 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1855,15 +1855,15 @@ int selinux_audit_rule_init(u32 field, u
return -ENOTSUPP;
switch (field) {
- case AUDIT_SE_USER:
- case AUDIT_SE_ROLE:
- case AUDIT_SE_TYPE:
+ case AUDIT_SUBJ_USER:
+ case AUDIT_SUBJ_ROLE:
+ case AUDIT_SUBJ_TYPE:
/* only 'equals' and 'not equals' fit user, role, and type */
if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
return -EINVAL;
break;
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
/* we do not allow a range, indicated by the presense of '-' */
if (strchr(rulestr, '-'))
return -EINVAL;
@@ -1884,29 +1884,29 @@ int selinux_audit_rule_init(u32 field, u
tmprule->au_seqno = latest_granting;
switch (field) {
- case AUDIT_SE_USER:
+ case AUDIT_SUBJ_USER:
userdatum = hashtab_search(policydb.p_users.table, rulestr);
if (!userdatum)
rc = -EINVAL;
else
tmprule->au_ctxt.user = userdatum->value;
break;
- case AUDIT_SE_ROLE:
+ case AUDIT_SUBJ_ROLE:
roledatum = hashtab_search(policydb.p_roles.table, rulestr);
if (!roledatum)
rc = -EINVAL;
else
tmprule->au_ctxt.role = roledatum->value;
break;
- case AUDIT_SE_TYPE:
+ case AUDIT_SUBJ_TYPE:
typedatum = hashtab_search(policydb.p_types.table, rulestr);
if (!typedatum)
rc = -EINVAL;
else
tmprule->au_ctxt.type = typedatum->value;
break;
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);
break;
}
@@ -1958,7 +1958,7 @@ int selinux_audit_rule_match(u32 ctxid,
/* a field/op pair that is not caught here will simply fall through
without a match */
switch (field) {
- case AUDIT_SE_USER:
+ case AUDIT_SUBJ_USER:
switch (op) {
case AUDIT_EQUAL:
match = (ctxt->user == rule->au_ctxt.user);
@@ -1968,7 +1968,7 @@ int selinux_audit_rule_match(u32 ctxid,
break;
}
break;
- case AUDIT_SE_ROLE:
+ case AUDIT_SUBJ_ROLE:
switch (op) {
case AUDIT_EQUAL:
match = (ctxt->role == rule->au_ctxt.role);
@@ -1978,7 +1978,7 @@ int selinux_audit_rule_match(u32 ctxid,
break;
}
break;
- case AUDIT_SE_TYPE:
+ case AUDIT_SUBJ_TYPE:
switch (op) {
case AUDIT_EQUAL:
match = (ctxt->type == rule->au_ctxt.type);
@@ -1988,9 +1988,9 @@ int selinux_audit_rule_match(u32 ctxid,
break;
}
break;
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
- level = (field == AUDIT_SE_SEN ?
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
+ level = (field == AUDIT_SUBJ_SEN ?
&ctxt->range.level[0] : &ctxt->range.level[1]);
switch (op) {
case AUDIT_EQUAL:
--
Darrel
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/devel/kernel-2.6.spec,v
retrieving revision 1.2293.2.4
retrieving revision 1.2293.2.5
diff -u -r1.2293.2.4 -r1.2293.2.5
--- kernel-2.6.spec 28 Jun 2006 22:34:46 -0000 1.2293.2.4
+++ kernel-2.6.spec 29 Jun 2006 23:30:49 -0000 1.2293.2.5
@@ -28,7 +28,7 @@
%define sublevel 17
%define kversion 2.6.%{sublevel}
%define rpmversion 2.6.%{sublevel}
-%define tag FC6.lspp.40
+%define tag FC6.lspp.41
%if %{rhelbuild}
%define tag EL
%endif
@@ -470,7 +470,8 @@
Patch20109: linux-2.6-net-label_7_8.patch
Patch20110: linux-2.6-net-label_8_8.patch
Patch20120: ipsec-lspp-38.patch
-Patch20121: linux-2.6-audit-by-object.patch
+Patch20121: linux-2.6-audit-rename.patch
+Patch20122: linux-2.6-audit-by-object.patch
# END OF PATCH DEFINITIONS
@@ -1121,10 +1122,12 @@
%patch20107 -p1
%patch20108 -p1
%patch20109 -p1
+%patch20110 -p1
# ipsec
#%patch20120 -p1
# audit by obj
%patch20121 -p1
+%patch20122 -p1
# now run oldconfig over all the config files
@@ -1133,9 +1136,6 @@
mv $i .config
echo "CONFIG_INOTIFY_USER=y" >> .config
echo "CONFIG_NETLABEL=y" >> .config
- echo "CONFIG_NETLABEL_CIPSOV4=y" >> .config
- echo "CONFIG_NETLABEL_UNLABELED=y" >> .config
- echo "CONFIG_NETLABEL_UNLABELED_DEFAULT=y" >> .config
Arch=`head -1 .config | cut -b 3-`
make ARCH=$Arch nonint_oldconfig > /dev/null
echo "# $Arch" > configs/$i
@@ -1734,6 +1734,10 @@
%endif
%changelog
+* Thu Jun 29 2006 Steve Grubb <sgrubb at redhat.com>
+- lspp.41, really apply patch 8 of 8 from Paul
+- added improved audit by obj by Darrel
+
* Wed Jun 28 2006 Steve Grubb <sgrubb at redhat.com>
- lspp.40, refreshed netlabel patch from Paul
- dropped ipsec patch due to new conflicts
linux-2.6-audit-by-object.patch:
kernel/auditfilter.c | 25 +++++++++++++++++++++++++
kernel/auditsc.c | 40 ++++++++++++++++++++++++++++++++++++++++
security/selinux/ss/services.c | 18 +++++++++++++++++-
3 files changed, 82 insertions(+), 1 deletion(-)
Index: linux-2.6-audit-by-object.patch
===================================================================
RCS file: /cvs/dist/rpms/kernel/devel/Attic/linux-2.6-audit-by-object.patch,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- linux-2.6-audit-by-object.patch 28 Jun 2006 22:34:48 -0000 1.1.2.1
+++ linux-2.6-audit-by-object.patch 29 Jun 2006 23:31:00 -0000 1.1.2.2
@@ -1,193 +1,137 @@
-From dgoeddel at trustedcs.com Fri Jun 23 17:57:50 2006
-Return-Path: <redhat-lspp-bounces at redhat.com>
+From dgoeddel at trustedcs.com Thu Jun 29 17:57:08 2006
+Return-Path: <dgoeddel at trustedcs.com>
Received: from mail.boston.redhat.com ([unix socket])
- by mail.boston.redhat.com (Cyrus v2.1.12) with LMTP; Fri, 23 Jun 2006 17:58:49 -0400
+ by mail.boston.redhat.com (Cyrus v2.1.12) with LMTP; Thu, 29 Jun 2006 17:57:29 -0400
X-Sieve: CMU Sieve 2.2
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
- by mail.boston.redhat.com (8.12.8/8.12.8) with ESMTP id k5NLwn2b022695;
- Fri, 23 Jun 2006 17:58:49 -0400
-Received: from mx1.util.phx.redhat.com (mx1.util.phx.redhat.com [10.8.4.92])
- by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k5NLwm7N004468;
- Fri, 23 Jun 2006 17:58:48 -0400
-Received: from hormel.redhat.com (hormel.util.phx.redhat.com [10.8.4.111])
- by mx1.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id k5NLwhQh010463;
- Fri, 23 Jun 2006 17:58:43 -0400
-Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com [10.8.4.110])
- by hormel.redhat.com (Postfix) with ESMTP
- id 456187360E; Fri, 23 Jun 2006 17:58:43 -0400 (EDT)
-Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
- [172.16.52.254])
- by listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id
- k5NLweF0021070 for <redhat-lspp at listman.util.phx.redhat.com>;
- Fri, 23 Jun 2006 17:58:41 -0400
-Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
- by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
- k5NLweR2004458; Fri, 23 Jun 2006 17:58:40 -0400
+ by mail.boston.redhat.com (8.12.8/8.12.8) with ESMTP id k5TLvTel020126
+ for <sgrubb at boston.redhat.com>; Thu, 29 Jun 2006 17:57:29 -0400
+Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])
+ by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k5TLvSNS022009;
+ Thu, 29 Jun 2006 17:57:28 -0400
Received: from tcsfw4.tcs-sec.com (tcsfw4.tcs-sec.com [65.127.223.133])
- by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id k5NLwPbx031247;
- Fri, 23 Jun 2006 17:58:25 -0400
+ by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k5TLvRUg021835;
+ Thu, 29 Jun 2006 17:57:27 -0400
Received: (from smmsp at localhost)
- by tcsfw4.tcs-sec.com (8.12.2/8.12.2) id k5NLw5iv019985;
- Fri, 23 Jun 2006 17:58:05 -0400 (EDT)
-Received: from trauma.tcs-sec.com(192.168.1.16) by tcsfw4.tcs-sec.com via smap
- (V1.3) id (null); Fri Jun 23 17:58:02 2006
-Received: from chaos.tcs.tcs-sec.com (Not Verified[192.168.1.4]) by
- trauma.tcs-sec.com with NetIQ MailMarshal (v6, 0, 3, 8)
- id <B449c63ea0000>; Fri, 23 Jun 2006 17:58:02 -0400
-Received: from [10.1.10.208] (tcs_pc.tcs-sec.com [10.1.10.208]) by
- chaos.tcs.tcs-sec.com with SMTP (Microsoft Exchange Internet
- Mail Service Version 5.5.2653.13)
- id NLMHB6QQ; Fri, 23 Jun 2006 17:58:01 -0400
-Message-ID: <449C63DE.7080205 at trustedcs.com>
-Date: Fri, 23 Jun 2006 16:57:50 -0500
+ by tcsfw4.tcs-sec.com (8.12.2/8.12.2) id k5TLvLLE016029;
+ Thu, 29 Jun 2006 17:57:21 -0400 (EDT)
+Received: from trauma.tcs-sec.com(192.168.1.16) by tcsfw4.tcs-sec.com via smap (V1.3)
+ id (null); Thu Jun 29 17:57:13 2006
+Received: from chaos.tcs.tcs-sec.com (Not Verified[192.168.1.4]) by trauma.tcs-sec.com with NetIQ MailMarshal (v6,0,3,8)
+ id <B44a44cb90000>; Thu, 29 Jun 2006 17:57:13 -0400
+Received: from [10.1.10.208] (tcs_pc.tcs-sec.com [10.1.10.208]) by chaos.tcs.tcs-sec.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
+ id N4CXJJK7; Thu, 29 Jun 2006 17:57:13 -0400
+Message-ID: <44A44CB4.8090803 at trustedcs.com>
+Date: Thu, 29 Jun 2006 16:57:08 -0500
From: Darrel Goeddel <dgoeddel at trustedcs.com>
User-Agent: Mozilla Thunderbird 1.0.8-1.1.fc4 (X11/20060501)
X-Accept-Language: en-us, en
MIME-Version: 1.0
-To: redhat-lspp at redhat.com
+To: Steve Grubb <sgrubb at redhat.com>,
+ Alexander Viro <aviro at redhat.com>
+CC: Stephen Smalley <sds at tycho.nsa.gov>,
+ James Morris <jmorris at namei.org>,
+ redhat-lspp at redhat.com
+Subject: [PATCH 2/2] audit: support for object context filters
Content-Type: text/plain;
charset=ISO-8859-1;
format=flowed
Content-Transfer-Encoding: 7bit
-X-RedHat-Spam-Score: -2.82
-X-loop: redhat-lspp at redhat.com
-Cc: James Morris <jmorris at redhat.com>,
- Stephen Smalley <sds at tycho.nsa.gov>
-Subject: [redhat-lspp] [RFC KERNEL] object audit filters based on SELinux
- context
-X-BeenThere: redhat-lspp at redhat.com
-X-Mailman-Version: 2.1.5
-Precedence: junk
-List-Id: Red Hat LSPP / MLS Discussion <redhat-lspp.redhat.com>
-List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/redhat-lspp>,
- <mailto:redhat-lspp-request at redhat.com?subject=unsubscribe>
-List-Archive: <https://www.redhat.com/archives/redhat-lspp>
-List-Post: <mailto:redhat-lspp at redhat.com>
-List-Help: <mailto:redhat-lspp-request at redhat.com?subject=help>
-List-Subscribe: <https://www.redhat.com/mailman/listinfo/redhat-lspp>,
- <mailto:redhat-lspp-request at redhat.com?subject=subscribe>
-Sender: redhat-lspp-bounces at redhat.com
-Errors-To: redhat-lspp-bounces at redhat.com
-X-UID: 71436
-X-Length: 10986
+X-RedHat-Spam-Score: 0.261
+X-UID: 72572
+X-Length: 8725
-I recently noticed that we never got around to doing object filters
-based on context... This patch introduces object audit filters
-based on the fields of the SELinux context. I put in everything
-(user, role, type, levels) even though I don't think user and role
-will be of use. I'm also open to names on the filters because I
-couldn't really think of anything that sounded really good
-(especially for the object's mls - "ol1 means object level 1" and
-"ol2 means object level2"...). So, I'll trim and rename if people
-want that. This is just the kernel part, the userspace patch to
-handle these fields is forthcoming. One more thing - this patch
-only checks the contexts of filesystem objects. We also collect
-sids for ipc objects in the aux structs, should I also loop through
-those and filter based on the sids contained in AUDIT_IPC records?
+This patch introduces object audit filters based on the elements
+of the SELinux context.
+Signed-off-by: Darrel Goeddel <dgoeddel at trustedcs.com>
- include/linux/audit.h | 5 +++++
kernel/auditfilter.c | 25 +++++++++++++++++++++++++
- kernel/auditsc.c | 25 +++++++++++++++++++++++++
- security/selinux/ss/services.c | 17 ++++++++++++++++-
- 4 files changed, 71 insertions(+), 1 deletion(-)
+ kernel/auditsc.c | 40 ++++++++++++++++++++++++++++++++++++++++
+ security/selinux/ss/services.c | 18 +++++++++++++++++-
+ 3 files changed, 82 insertions(+), 1 deletion(-)
-diff --git a/include/linux/audit.h b/include/linux/audit.h
-index f7883ec..f0857d6 100644
---- a/include/linux/audit.h
-+++ b/include/linux/audit.h
-@@ -158,6 +158,11 @@ #define AUDIT_SE_TYPE 15 /* security lab
- #define AUDIT_SE_SEN 16 /* security label sensitivity label */
- #define AUDIT_SE_CLR 17 /* security label clearance label */
- #define AUDIT_PPID 18
-+#define AUDIT_SE_OUSER 19
-+#define AUDIT_SE_OROLE 20
-+#define AUDIT_SE_OTYPE 21
-+#define AUDIT_SE_OL1 22
-+#define AUDIT_SE_OL2 23
-
- /* These are ONLY useful when checking
- * at syscall exit time (AUDIT_AT_EXIT). */
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
-index e98db08..6d77d1d 100644
+index 40a9931..7f2ea8b 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -475,6 +475,11 @@ static struct audit_entry *audit_data_to
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
-+ case AUDIT_SE_OUSER:
-+ case AUDIT_SE_OROLE:
-+ case AUDIT_SE_OTYPE:
-+ case AUDIT_SE_OL1:
-+ case AUDIT_SE_OL2:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
++ case AUDIT_OBJ_USER:
++ case AUDIT_OBJ_ROLE:
++ case AUDIT_OBJ_TYPE:
++ case AUDIT_OBJ_LEV_LOW:
++ case AUDIT_OBJ_LEV_HIGH:
str = audit_unpack_string(&bufp, &remain, f->val);
if (IS_ERR(str))
goto exit_free;
@@ -616,6 +621,11 @@ static struct audit_rule_data *audit_kru
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
-+ case AUDIT_SE_OUSER:
-+ case AUDIT_SE_OROLE:
-+ case AUDIT_SE_OTYPE:
-+ case AUDIT_SE_OL1:
-+ case AUDIT_SE_OL2:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
++ case AUDIT_OBJ_USER:
++ case AUDIT_OBJ_ROLE:
++ case AUDIT_OBJ_TYPE:
++ case AUDIT_OBJ_LEV_LOW:
++ case AUDIT_OBJ_LEV_HIGH:
data->buflen += data->values[i] =
audit_pack_string(&bufp, f->se_str);
break;
@@ -659,6 +669,11 @@ static int audit_compare_rule(struct aud
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
-+ case AUDIT_SE_OUSER:
-+ case AUDIT_SE_OROLE:
-+ case AUDIT_SE_OTYPE:
-+ case AUDIT_SE_OL1:
-+ case AUDIT_SE_OL2:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
++ case AUDIT_OBJ_USER:
++ case AUDIT_OBJ_ROLE:
++ case AUDIT_OBJ_TYPE:
++ case AUDIT_OBJ_LEV_LOW:
++ case AUDIT_OBJ_LEV_HIGH:
if (strcmp(a->fields[i].se_str, b->fields[i].se_str))
return 1;
break;
@@ -779,6 +794,11 @@ static struct audit_entry *audit_dupe_ru
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
-+ case AUDIT_SE_OUSER:
-+ case AUDIT_SE_OROLE:
-+ case AUDIT_SE_OTYPE:
-+ case AUDIT_SE_OL1:
-+ case AUDIT_SE_OL2:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
++ case AUDIT_OBJ_USER:
++ case AUDIT_OBJ_ROLE:
++ case AUDIT_OBJ_TYPE:
++ case AUDIT_OBJ_LEV_LOW:
++ case AUDIT_OBJ_LEV_HIGH:
err = audit_dupe_selinux_field(&new->fields[i],
&old->fields[i]);
break;
@@ -1542,6 +1562,11 @@ static inline int audit_rule_has_selinux
- case AUDIT_SE_TYPE:
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
-+ case AUDIT_SE_OUSER:
-+ case AUDIT_SE_OROLE:
-+ case AUDIT_SE_OTYPE:
-+ case AUDIT_SE_OL1:
-+ case AUDIT_SE_OL2:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
++ case AUDIT_OBJ_USER:
++ case AUDIT_OBJ_ROLE:
++ case AUDIT_OBJ_TYPE:
++ case AUDIT_OBJ_LEV_LOW:
++ case AUDIT_OBJ_LEV_HIGH:
return 1;
}
}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index b32ccfa..fa6ead8 100644
+index e183a6f..b171c1f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -342,6 +342,31 @@ static int audit_filter_rules(struct tas
+@@ -342,6 +342,46 @@ static int audit_filter_rules(struct tas
ctx);
}
break;
-+ case AUDIT_SE_OUSER:
-+ case AUDIT_SE_OROLE:
-+ case AUDIT_SE_OTYPE:
-+ case AUDIT_SE_OL1:
-+ case AUDIT_SE_OL2:
-+ /* The above note for AUDIT_SE_USER...AUDIT_SE_CLR
++ case AUDIT_OBJ_USER:
++ case AUDIT_OBJ_ROLE:
++ case AUDIT_OBJ_TYPE:
++ case AUDIT_OBJ_LEV_LOW:
++ case AUDIT_OBJ_LEV_HIGH:
++ /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR
+ also applies here */
+ if (f->se_rule) {
++ /* Find files that match */
+ if (name) {
+ result = selinux_audit_rule_match(
+ name->osid, f->type, f->op,
@@ -203,108 +147,117 @@
+ }
+ }
+ }
++ /* Find ipc objects that match */
++ if (ctx) {
++ struct audit_aux_data *aux;
++ for (aux = ctx->aux; aux;
++ aux = aux->next) {
++ if (aux->type == AUDIT_IPC) {
++ struct audit_aux_data_ipcctl *axi = (void *)aux;
++ if (selinux_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) {
++ ++result;
++ break;
++ }
++ }
++ }
++ }
+ }
+ break;
case AUDIT_ARG0:
case AUDIT_ARG1:
case AUDIT_ARG2:
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
-index d82898c..5d0edd0 100644
+index 112484f..5132002 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1858,12 +1858,17 @@ int selinux_audit_rule_init(u32 field, u
- case AUDIT_SE_USER:
- case AUDIT_SE_ROLE:
- case AUDIT_SE_TYPE:
-+ case AUDIT_SE_OUSER:
-+ case AUDIT_SE_OROLE:
-+ case AUDIT_SE_OTYPE:
+ case AUDIT_SUBJ_USER:
+ case AUDIT_SUBJ_ROLE:
+ case AUDIT_SUBJ_TYPE:
++ case AUDIT_OBJ_USER:
++ case AUDIT_OBJ_ROLE:
++ case AUDIT_OBJ_TYPE:
/* only 'equals' and 'not equals' fit user, role, and type */
if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
return -EINVAL;
break;
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
-+ case AUDIT_SE_OL1:
-+ case AUDIT_SE_OL2:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
++ case AUDIT_OBJ_LEV_LOW:
++ case AUDIT_OBJ_LEV_HIGH:
/* we do not allow a range, indicated by the presense of '-' */
if (strchr(rulestr, '-'))
return -EINVAL;
@@ -1885,6 +1890,7 @@ int selinux_audit_rule_init(u32 field, u
switch (field) {
- case AUDIT_SE_USER:
-+ case AUDIT_SE_OUSER:
+ case AUDIT_SUBJ_USER:
++ case AUDIT_OBJ_USER:
userdatum = hashtab_search(policydb.p_users.table, rulestr);
if (!userdatum)
rc = -EINVAL;
@@ -1892,6 +1898,7 @@ int selinux_audit_rule_init(u32 field, u
tmprule->au_ctxt.user = userdatum->value;
break;
- case AUDIT_SE_ROLE:
-+ case AUDIT_SE_OROLE:
+ case AUDIT_SUBJ_ROLE:
++ case AUDIT_OBJ_ROLE:
roledatum = hashtab_search(policydb.p_roles.table, rulestr);
if (!roledatum)
rc = -EINVAL;
@@ -1899,6 +1906,7 @@ int selinux_audit_rule_init(u32 field, u
tmprule->au_ctxt.role = roledatum->value;
break;
- case AUDIT_SE_TYPE:
-+ case AUDIT_SE_OTYPE:
+ case AUDIT_SUBJ_TYPE:
++ case AUDIT_OBJ_TYPE:
typedatum = hashtab_search(policydb.p_types.table, rulestr);
if (!typedatum)
rc = -EINVAL;
@@ -1907,6 +1915,8 @@ int selinux_audit_rule_init(u32 field, u
break;
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
-+ case AUDIT_SE_OL1:
-+ case AUDIT_SE_OL2:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
++ case AUDIT_OBJ_LEV_LOW:
++ case AUDIT_OBJ_LEV_HIGH:
rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);
break;
}
@@ -1959,6 +1969,7 @@ int selinux_audit_rule_match(u32 ctxid,
without a match */
switch (field) {
- case AUDIT_SE_USER:
-+ case AUDIT_SE_OUSER:
+ case AUDIT_SUBJ_USER:
++ case AUDIT_OBJ_USER:
switch (op) {
case AUDIT_EQUAL:
match = (ctxt->user == rule->au_ctxt.user);
@@ -1969,6 +1980,7 @@ int selinux_audit_rule_match(u32 ctxid,
}
break;
- case AUDIT_SE_ROLE:
-+ case AUDIT_SE_OROLE:
+ case AUDIT_SUBJ_ROLE:
++ case AUDIT_OBJ_ROLE:
switch (op) {
case AUDIT_EQUAL:
match = (ctxt->role == rule->au_ctxt.role);
@@ -1979,6 +1991,7 @@ int selinux_audit_rule_match(u32 ctxid,
}
break;
- case AUDIT_SE_TYPE:
-+ case AUDIT_SE_OTYPE:
+ case AUDIT_SUBJ_TYPE:
++ case AUDIT_OBJ_TYPE:
switch (op) {
case AUDIT_EQUAL:
match = (ctxt->type == rule->au_ctxt.type);
-@@ -1990,7 +2003,9 @@ int selinux_audit_rule_match(u32 ctxid,
+@@ -1990,7 +2003,10 @@ int selinux_audit_rule_match(u32 ctxid,
break;
- case AUDIT_SE_SEN:
- case AUDIT_SE_CLR:
-- level = (field == AUDIT_SE_SEN ?
-+ case AUDIT_SE_OL1:
-+ case AUDIT_SE_OL2:
-+ level = ((field == AUDIT_SE_SEN || field == AUDIT_SE_OL1) ?
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
+- level = (field == AUDIT_SUBJ_SEN ?
++ case AUDIT_OBJ_LEV_LOW:
++ case AUDIT_OBJ_LEV_HIGH:
++ level = ((field == AUDIT_SUBJ_SEN ||
++ field == AUDIT_OBJ_LEV_LOW) ?
&ctxt->range.level[0] : &ctxt->range.level[1]);
switch (op) {
case AUDIT_EQUAL:
-
--
Darrel
---
-redhat-lspp mailing list
-redhat-lspp at redhat.com
-https://www.redhat.com/mailman/listinfo/redhat-lspp
-
- Previous message (by thread): rpms/evolution/devel evolution-2.7.3-mailing-list-menu.patch, NONE, 1.1 evolution.spec, 1.156, 1.157
- Next message (by thread): rpms/kasumi/devel kasumi-2.0.1-errorcode.patch, NONE, 1.1 .cvsignore, 1.6, 1.7 kasumi.spec, 1.17, 1.18 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list