Commit c29722fa authored by Christian Göttsche's avatar Christian Göttsche Committed by Paul Moore
Browse files

selinux: log anon inode class name 



Log the anonymous inode class name in the security hook
inode_init_security_anon.  This name is the key for name based type
transitions on the anon_inode security class on creation.  Example:

    type=AVC msg=audit(02/16/22 22:02:50.585:216) : avc:  granted \
        { create } for  pid=2136 comm=mariadbd anonclass=[io_uring] \
        scontext=system_u:system_r:mysqld_t:s0 \
        tcontext=system_u:system_r:mysqld_iouring_t:s0 tclass=anon_inode

Add a new LSM audit data type holding the inode and the class name.

Signed-off-by: default avatarChristian Göttsche <cgzones@googlemail.com>
[PM: adjusted 'anonclass' to be a trusted string, cgzones approved]
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent ded34574

include/linux/lsm_audit.h

+2 −0
Original line number Diff line number Diff line
@@ -76,6 +76,7 @@ struct common_audit_data { 
#define LSM_AUDIT_DATA_IBENDPORT 14

#define LSM_AUDIT_DATA_LOCKDOWN 15

#define LSM_AUDIT_DATA_NOTIFICATION 16

#define LSM_AUDIT_DATA_ANONINODE	17

	union 	{

		struct path path;

		struct dentry *dentry;
@@ -96,6 +97,7 @@ struct common_audit_data { 
		struct lsm_ibpkey_audit *ibpkey;

		struct lsm_ibendport_audit *ibendport;

		int reason;

		const char *anonclass;

	} u;

	/* this union contains LSM specific data */

	union {

security/lsm_audit.c

+3 −0
Original line number Diff line number Diff line
@@ -433,6 +433,9 @@ static void dump_common_audit_data(struct audit_buffer *ab, 
		audit_log_format(ab, " lockdown_reason=\"%s\"",

				 lockdown_reasons[a->u.reason]);

		break;

	case LSM_AUDIT_DATA_ANONINODE:

		audit_log_format(ab, " anonclass=%s", a->u.anonclass);

		break;

	} /* switch (a->type) */

}

security/selinux/hooks.c

+2 −2
Original line number Diff line number Diff line
@@ -2964,8 +2964,8 @@ static int selinux_inode_init_security_anon(struct inode *inode, 
	 * allowed to actually create this type of anonymous inode.

	 */



	ad.type = LSM_AUDIT_DATA_INODE;

	ad.u.inode = inode;

	ad.type = LSM_AUDIT_DATA_ANONINODE;

	ad.u.anonclass = name ? (const char *)name->name : "?";



	return avc_has_perm(&selinux_state,

			    tsec->sid,