Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c53fa1ed authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms 



Netlink message processing in the kernel is synchronous these days, the
session information can be collected when needed.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 06dc94b1

include/linux/netlink.h

+0 −3
Original line number Diff line number Diff line
@@ -161,9 +161,6 @@ struct netlink_skb_parms { 
	__u32			pid;

	__u32			dst_group;

	kernel_cap_t		eff_cap;

	__u32			loginuid;	/* Login (audit) uid */

	__u32			sessionid;	/* Session id (audit) */

	__u32			sid;		/* SELinux security id */

};



#define NETLINK_CB(skb)		(*(struct netlink_skb_parms*)&((skb)->cb))

kernel/audit.c

+3 −3
Original line number Diff line number Diff line
@@ -673,9 +673,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 


	pid  = NETLINK_CREDS(skb)->pid;

	uid  = NETLINK_CREDS(skb)->uid;

	loginuid = NETLINK_CB(skb).loginuid;

	sessionid = NETLINK_CB(skb).sessionid;

	sid  = NETLINK_CB(skb).sid;

	loginuid = audit_get_loginuid(current);

	sessionid = audit_get_sessionid(current);

	security_task_getsecid(current, &sid);

	seq  = nlh->nlmsg_seq;

	data = NLMSG_DATA(nlh);

kernel/auditfilter.c

+7 −3
Original line number Diff line number Diff line
@@ -1238,6 +1238,7 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb, 
	for (i = 0; i < rule->field_count; i++) {

		struct audit_field *f = &rule->fields[i];

		int result = 0;

		u32 sid;



		switch (f->type) {

		case AUDIT_PID:
@@ -1250,19 +1251,22 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb, 
			result = audit_comparator(cb->creds.gid, f->op, f->val);

			break;

		case AUDIT_LOGINUID:

			result = audit_comparator(cb->loginuid, f->op, f->val);

			result = audit_comparator(audit_get_loginuid(current),

						  f->op, f->val);

			break;

		case AUDIT_SUBJ_USER:

		case AUDIT_SUBJ_ROLE:

		case AUDIT_SUBJ_TYPE:

		case AUDIT_SUBJ_SEN:

		case AUDIT_SUBJ_CLR:

			if (f->lsm_rule)

				result = security_audit_rule_match(cb->sid,

			if (f->lsm_rule) {

				security_task_getsecid(current, &sid);

				result = security_audit_rule_match(sid,

								   f->type,

								   f->op,

								   f->lsm_rule,

								   NULL);

			}

			break;

		}

net/netlabel/netlabel_user.h

+3 −3
Original line number Diff line number Diff line
@@ -49,9 +49,9 @@ 
static inline void netlbl_netlink_auditinfo(struct sk_buff *skb,

					    struct netlbl_audit *audit_info)

{

	audit_info->secid = NETLINK_CB(skb).sid;

	audit_info->loginuid = NETLINK_CB(skb).loginuid;

	audit_info->sessionid = NETLINK_CB(skb).sessionid;

	security_task_getsecid(current, &audit_info->secid);

	audit_info->loginuid = audit_get_loginuid(current);

	audit_info->sessionid = audit_get_sessionid(current);

}



/* NetLabel NETLINK I/O functions */

net/netlink/af_netlink.c

+0 −3
Original line number Diff line number Diff line
@@ -1362,9 +1362,6 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, 


	NETLINK_CB(skb).pid	= nlk->pid;

	NETLINK_CB(skb).dst_group = dst_group;

	NETLINK_CB(skb).loginuid = audit_get_loginuid(current);

	NETLINK_CB(skb).sessionid = audit_get_sessionid(current);

	security_task_getsecid(current, &(NETLINK_CB(skb).sid));

	memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));



	/* What can I do? Netlink is asynchronous, so that