On Fri, Feb 21, 2020 at 7:05 PM Casey Schaufler <ca...@schaufler-ca.com> wrote: > > When more than one security module is exporting data to > audit and networking sub-systems a single 32 bit integer > is no longer sufficient to represent the data. Add a > structure to be used instead. > > The lsmblob structure is currently an array of > u32 "secids". There is an entry for each of the > security modules built into the system that would > use secids if active. The system assigns the module > a "slot" when it registers hooks. If modules are > compiled in but not registered there will be unused > slots. > > A new lsm_id structure, which contains the name > of the LSM and its slot number, is created. There > is an instance for each LSM, which assigns the name > and passes it to the infrastructure to set the slot. > > The audit rules data is expanded to use an array of > security module data rather than a single instance. > Because IMA uses the audit rule functions it is > affected as well. > > Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > include/linux/audit.h | 4 +- > include/linux/lsm_hooks.h | 12 ++++- > include/linux/security.h | 66 ++++++++++++++++++++++++-- > kernel/auditfilter.c | 27 ++++++----- > kernel/auditsc.c | 12 ++--- > security/apparmor/lsm.c | 7 ++- > security/commoncap.c | 7 ++- > security/integrity/ima/ima_policy.c | 34 +++++++++----- > security/loadpin/loadpin.c | 8 +++- > security/lockdown/lockdown.c | 7 ++- > security/safesetid/lsm.c | 8 +++- > security/security.c | 72 ++++++++++++++++++++++++----- > security/selinux/hooks.c | 8 +++- > security/smack/smack_lsm.c | 7 ++- > security/tomoyo/tomoyo.c | 8 +++- > security/yama/yama_lsm.c | 7 ++- > 16 files changed, 238 insertions(+), 56 deletions(-)
Heads-up that there is likely to be some merge fuzz in kernel/auditfilter.c; I just had to fix some of the code you are touching (it is in Linus' tree). The merge should be trivial, but if you are uncertain let me know. Acked-by: Paul Moore <p...@paul-moore.com> -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
