diff options
| author | Mark Brown <broonie@linaro.org> | 2014-05-12 17:43:10 +0100 |
|---|---|---|
| committer | Mark Brown <broonie@linaro.org> | 2014-05-12 17:43:10 +0100 |
| commit | 8de7c4692ef0fe23d29c522a9dd347dba172087c (patch) | |
| tree | 11c912a6c39bb167f7fc37b768c97f3ba87bc056 /security | |
| parent | 42d795e5d462d6c76d3fe386ebb91c037a0eb683 (diff) | |
| parent | 95b9600d1e7bf019288db013e1a79f9ba0971f25 (diff) | |
Merge remote-tracking branch 'lsk/v3.10/topic/aosp' into linux-linaro-lsk-android
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/avc.c | 7 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 5 | ||||
| -rw-r--r-- | security/selinux/include/avc.h | 4 |
3 files changed, 11 insertions, 5 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index dad36a6ab45f..c223a32c0bb3 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -444,11 +444,15 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) avc_dump_query(ab, ad->selinux_audit_data->ssid, ad->selinux_audit_data->tsid, ad->selinux_audit_data->tclass); + if (ad->selinux_audit_data->denied) { + audit_log_format(ab, " permissive=%u", + ad->selinux_audit_data->result ? 0 : 1); + } } /* This is the slow part of avc audit with big stack footprint */ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, - u32 requested, u32 audited, u32 denied, + u32 requested, u32 audited, u32 denied, int result, struct common_audit_data *a, unsigned flags) { @@ -477,6 +481,7 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, sad.tsid = tsid; sad.audited = audited; sad.denied = denied; + sad.result = result; a->selinux_audit_data = &sad; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 574d9edf7b1e..e00585266536 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2733,6 +2733,7 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na static noinline int audit_inode_permission(struct inode *inode, u32 perms, u32 audited, u32 denied, + int result, unsigned flags) { struct common_audit_data ad; @@ -2743,7 +2744,7 @@ static noinline int audit_inode_permission(struct inode *inode, ad.u.inode = inode; rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, - audited, denied, &ad, flags); + audited, denied, result, &ad, flags); if (rc) return rc; return 0; @@ -2785,7 +2786,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) if (likely(!audited)) return rc; - rc2 = audit_inode_permission(inode, perms, audited, denied, flags); + rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags); if (rc2) return rc2; return rc; diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 92d0ab561db8..28a08a891704 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -102,7 +102,7 @@ static inline u32 avc_audit_required(u32 requested, } int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, - u32 requested, u32 audited, u32 denied, + u32 requested, u32 audited, u32 denied, int result, struct common_audit_data *a, unsigned flags); @@ -137,7 +137,7 @@ static inline int avc_audit(u32 ssid, u32 tsid, if (likely(!audited)) return 0; return slow_avc_audit(ssid, tsid, tclass, - requested, audited, denied, + requested, audited, denied, result, a, flags); } |