netlabel,smack: use lsm_prop for audit data

cschaufler · pcmoore · commit 05a344e54d0b · 2024-10-11T14:34:16.000-04:00
Replace the secid in the netlbl_audit structure with an lsm_prop.
Remove scaffolding that was required when the value was a secid.

Signed-off-by: Casey Schaufler &lt;casey@schaufler-ca.com&gt;
[PM: fix the subject line]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
@@ -97,7 +97,7 @@ struct calipso_doi;
 
 /* NetLabel audit information */
 struct netlbl_audit {
-	u32 secid;
+	struct lsm_prop prop;
 	kuid_t loginuid;
 	unsigned int sessionid;
 };
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
@@ -1534,14 +1534,11 @@ int __init netlbl_unlabel_defconf(void)
 	int ret_val;
 	struct netlbl_dom_map *entry;
 	struct netlbl_audit audit_info;
-	struct lsm_prop prop;
 
 	/* Only the kernel is allowed to call this function and the only time
 	 * it is called is at bootup before the audit subsystem is reporting
 	 * messages so don't worry to much about these values. */
-	security_current_getlsmprop_subj(&prop);
-	/* scaffolding */
-	audit_info.secid = prop.scaffold.secid;
+	security_current_getlsmprop_subj(&audit_info.prop);
 	audit_info.loginuid = GLOBAL_ROOT_UID;
 	audit_info.sessionid = 0;
 
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
@@ -98,10 +98,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 			 from_kuid(&init_user_ns, audit_info->loginuid),
 			 audit_info->sessionid);
 
-	if (audit_info->secid != 0 &&
-	    security_secid_to_secctx(audit_info->secid,
-				     &secctx,
-				     &secctx_len) == 0) {
+	if (lsmprop_is_set(&audit_info->prop) &&
+	    security_lsmprop_to_secctx(&audit_info->prop, &secctx,
+				       &secctx_len) == 0) {
 		audit_log_format(audit_buf, " subj=%s", secctx);
 		security_release_secctx(secctx, secctx_len);
 	}
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
@@ -32,11 +32,7 @@
  */
 static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)
 {
-	struct lsm_prop prop;
-
-	security_current_getlsmprop_subj(&prop);
-	/* scaffolding */
-	audit_info->secid = prop.scaffold.secid;
+	security_current_getlsmprop_subj(&audit_info->prop);
 	audit_info->loginuid = audit_get_loginuid(current);
 	audit_info->sessionid = audit_get_sessionid(current);
 }
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
@@ -182,11 +182,9 @@ static inline void smack_catset_bit(unsigned int cat, char *catsetp)
  */
 static void smk_netlabel_audit_set(struct netlbl_audit *nap)
 {
-	struct smack_known *skp = smk_of_current();
-
 	nap->loginuid = audit_get_loginuid(current);
 	nap->sessionid = audit_get_sessionid(current);
-	nap->secid = skp->smk_secid;
+	nap->prop.smack.skp = smk_of_current();
 }
 
 /*

Original file line number	Diff line number	Diff line change
`@@ -32,11 +32,7 @@`
`32`	`32`	`*/`
`33`	`33`	`static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)`
`34`	`34`	`{`
`35`		`- struct lsm_prop prop;`
`36`		`-`
`37`		`- security_current_getlsmprop_subj(&prop);`
`38`		`- /* scaffolding */`
`39`		`- audit_info->secid = prop.scaffold.secid;`
	`35`	`+ security_current_getlsmprop_subj(&audit_info->prop);`
`40`	`36`	`audit_info->loginuid = audit_get_loginuid(current);`
`41`	`37`	`audit_info->sessionid = audit_get_sessionid(current);`
`42`	`38`	`}`
Original file line number	Diff line number	Diff line change
`@@ -182,11 +182,9 @@ static inline void smack_catset_bit(unsigned int cat, char *catsetp)`
`182`	`182`	`*/`
`183`	`183`	`static void smk_netlabel_audit_set(struct netlbl_audit *nap)`
`184`	`184`	`{`
`185`		`- struct smack_known *skp = smk_of_current();`
`186`		`-`
`187`	`185`	`nap->loginuid = audit_get_loginuid(current);`
`188`	`186`	`nap->sessionid = audit_get_sessionid(current);`
`189`		`- nap->secid = skp->smk_secid;`
	`187`	`+ nap->prop.smack.skp = smk_of_current();`
`190`	`188`	`}`
`191`	`189`
`192`	`190`	`/*`