security/ipe/audit.c

Source file repositories/reference/linux-study-clean/security/ipe/audit.c

File Facts

System
Linux kernel
Corpus path
security/ipe/audit.c
Extension
.c
Size
7950 bytes
Lines
280
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: implementation source
Status
source implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

switch (ptr->type) {
		case IPE_PROP_DMV_ROOTHASH:
			audit_dmv_roothash(ab, ptr->value);
			break;
		case IPE_PROP_FSV_DIGEST:
			audit_fsv_digest(ab, ptr->value);
			break;
		default:
			audit_log_format(ab, "%s", audit_prop_names[ptr->type]);
			break;
		}

		audit_log_format(ab, " ");
	}

	audit_log_format(ab, "action=%s\"", ACTSTR(r->action));
}

/**
 * ipe_audit_match() - Audit a rule match in a policy evaluation.
 * @ctx: Supplies a pointer to the evaluation context that was used in the
 *	 evaluation.
 * @match_type: Supplies the scope of the match: rule, operation default,
 *		global default.
 * @act: Supplies the IPE's evaluation decision, deny or allow.
 * @r: Supplies a pointer to the rule that was matched, if possible.
 */
void ipe_audit_match(const struct ipe_eval_ctx *const ctx,
		     enum ipe_match match_type,
		     enum ipe_action_type act, const struct ipe_rule *const r)
{
	const char *op = audit_op_names[ctx->op];
	char comm[sizeof(current->comm)];
	struct audit_buffer *ab;
	struct inode *inode;

	if (act != IPE_ACTION_DENY && !READ_ONCE(success_audit))
		return;

	ab = audit_log_start(audit_context(), GFP_ATOMIC | __GFP_NOWARN,
			     AUDIT_IPE_ACCESS);
	if (!ab)
		return;

	audit_log_format(ab, "ipe_op=%s ipe_hook=%s enforcing=%d pid=%d comm=",
			 op, audit_hook_names[ctx->hook], READ_ONCE(enforce),
			 task_tgid_nr(current));
	audit_log_untrustedstring(ab, get_task_comm(comm, current));

	if (ctx->file) {
		audit_log_d_path(ab, " path=", &ctx->file->f_path);
		inode = file_inode(ctx->file);
		if (inode) {
			audit_log_format(ab, " dev=");
			audit_log_untrustedstring(ab, inode->i_sb->s_id);
			audit_log_format(ab, " ino=%llu", inode->i_ino);
		} else {
			audit_log_format(ab, " dev=? ino=?");
		}
	} else {
		audit_log_format(ab, " path=? dev=? ino=?");
	}

	if (match_type == IPE_MATCH_RULE)
		audit_rule(ab, r);
	else if (match_type == IPE_MATCH_TABLE)
		audit_log_format(ab, " rule=\"DEFAULT op=%s action=%s\"", op,
				 ACTSTR(act));
	else
		audit_log_format(ab, " rule=\"DEFAULT action=%s\"",
				 ACTSTR(act));

	audit_log_end(ab);
}

/**
 * audit_policy() - Audit a policy's name, version and thumbprint to @ab.
 * @ab: Supplies a pointer to the audit buffer to append to.
 * @audit_format: Supplies a pointer to the audit format string
 * @p: Supplies a pointer to the policy to audit.
 */
static void audit_policy(struct audit_buffer *ab,
			 const char *audit_format,
			 const struct ipe_policy *const p)
{
	u8 digest[SHA256_DIGEST_SIZE];

	sha256(p->pkcs7, p->pkcs7len, digest);

	audit_log_format(ab, audit_format, p->parsed->name,

Annotation

Implementation Notes