selinux: Print 'sclass' as string when unrecognized netlink message occurs

This prints the 'sclass' field as string instead of index in unrecognized netlink message. The textual representation makes it easier to distinguish the right class. Signed-off-by: Marek Milkovic <mmilkovi@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> [PM: 80-char width fixes] Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Marek Milkovic <mmilkovi@redhat.com> 2015-04-02 17:58:14 +0200
committer: Paul Moore <pmoore@redhat.com> 2015-05-04 14:44:34 -0400
commit: 8f944efb5bbfaeceb9c54d331418060eae92b5f5 (patch)
tree: 317acd5e5879848060d7f58e76d894979e60e327 /security
parent: cf7b6c0205f11cdb015384244c0b423b00e35c69 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4d1a54190388..a0844b8af5d3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4780,8 +4780,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
 		if (err == -EINVAL) {
 			printk(KERN_WARNING
 			       "SELinux: unrecognized netlink message:"
-			       " protocol=%hu nlmsg_type=%hu sclass=%hu\n",
-			       sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
+			       " protocol=%hu nlmsg_type=%hu sclass=%s\n",
+			       sk->sk_protocol, nlh->nlmsg_type,
+			       secclass_map[sksec->sclass - 1].name);
 			if (!selinux_enforcing || security_get_allow_unknown())
 				err = 0;
 		}
author	Marek Milkovic <mmilkovi@redhat.com>	2015-04-02 17:58:14 +0200
committer	Paul Moore <pmoore@redhat.com>	2015-05-04 14:44:34 -0400
commit	8f944efb5bbfaeceb9c54d331418060eae92b5f5 (patch)
tree	317acd5e5879848060d7f58e76d894979e60e327 /security
parent	cf7b6c0205f11cdb015384244c0b423b00e35c69 (diff)