|
@@ -136,8 +136,7 @@ static int selinux_set_mapping(struct policydb *pol,
|
|
|
|
|
|
|
|
p_out->value = string_to_security_class(pol, p_in->name);
|
|
p_out->value = string_to_security_class(pol, p_in->name);
|
|
|
if (!p_out->value) {
|
|
if (!p_out->value) {
|
|
|
- printk(KERN_INFO
|
|
|
|
|
- "SELinux: Class %s not defined in policy.\n",
|
|
|
|
|
|
|
+ pr_info("SELinux: Class %s not defined in policy.\n",
|
|
|
p_in->name);
|
|
p_in->name);
|
|
|
if (pol->reject_unknown)
|
|
if (pol->reject_unknown)
|
|
|
goto err;
|
|
goto err;
|
|
@@ -156,8 +155,7 @@ static int selinux_set_mapping(struct policydb *pol,
|
|
|
p_out->perms[k] = string_to_av_perm(pol, p_out->value,
|
|
p_out->perms[k] = string_to_av_perm(pol, p_out->value,
|
|
|
p_in->perms[k]);
|
|
p_in->perms[k]);
|
|
|
if (!p_out->perms[k]) {
|
|
if (!p_out->perms[k]) {
|
|
|
- printk(KERN_INFO
|
|
|
|
|
- "SELinux: Permission %s in class %s not defined in policy.\n",
|
|
|
|
|
|
|
+ pr_info("SELinux: Permission %s in class %s not defined in policy.\n",
|
|
|
p_in->perms[k], p_in->name);
|
|
p_in->perms[k], p_in->name);
|
|
|
if (pol->reject_unknown)
|
|
if (pol->reject_unknown)
|
|
|
goto err;
|
|
goto err;
|
|
@@ -170,7 +168,7 @@ static int selinux_set_mapping(struct policydb *pol,
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if (print_unknown_handle)
|
|
if (print_unknown_handle)
|
|
|
- printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
|
|
|
|
|
|
|
+ pr_info("SELinux: the above unknown classes and permissions will be %s\n",
|
|
|
pol->allow_unknown ? "allowed" : "denied");
|
|
pol->allow_unknown ? "allowed" : "denied");
|
|
|
|
|
|
|
|
out_map->size = i;
|
|
out_map->size = i;
|
|
@@ -644,7 +642,7 @@ static void context_struct_compute_av(struct policydb *policydb,
|
|
|
|
|
|
|
|
if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
|
|
if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
|
|
|
if (printk_ratelimit())
|
|
if (printk_ratelimit())
|
|
|
- printk(KERN_WARNING "SELinux: Invalid class %hu\n", tclass);
|
|
|
|
|
|
|
+ pr_warn("SELinux: Invalid class %hu\n", tclass);
|
|
|
return;
|
|
return;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -793,7 +791,7 @@ static int security_compute_validatetrans(struct selinux_state *state,
|
|
|
|
|
|
|
|
ocontext = sidtab_search(sidtab, oldsid);
|
|
ocontext = sidtab_search(sidtab, oldsid);
|
|
|
if (!ocontext) {
|
|
if (!ocontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, oldsid);
|
|
__func__, oldsid);
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
goto out;
|
|
goto out;
|
|
@@ -801,7 +799,7 @@ static int security_compute_validatetrans(struct selinux_state *state,
|
|
|
|
|
|
|
|
ncontext = sidtab_search(sidtab, newsid);
|
|
ncontext = sidtab_search(sidtab, newsid);
|
|
|
if (!ncontext) {
|
|
if (!ncontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, newsid);
|
|
__func__, newsid);
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
goto out;
|
|
goto out;
|
|
@@ -809,7 +807,7 @@ static int security_compute_validatetrans(struct selinux_state *state,
|
|
|
|
|
|
|
|
tcontext = sidtab_search(sidtab, tasksid);
|
|
tcontext = sidtab_search(sidtab, tasksid);
|
|
|
if (!tcontext) {
|
|
if (!tcontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, tasksid);
|
|
__func__, tasksid);
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
goto out;
|
|
goto out;
|
|
@@ -883,7 +881,7 @@ int security_bounded_transition(struct selinux_state *state,
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
old_context = sidtab_search(sidtab, old_sid);
|
|
old_context = sidtab_search(sidtab, old_sid);
|
|
|
if (!old_context) {
|
|
if (!old_context) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %u\n",
|
|
|
__func__, old_sid);
|
|
__func__, old_sid);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
@@ -891,7 +889,7 @@ int security_bounded_transition(struct selinux_state *state,
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
new_context = sidtab_search(sidtab, new_sid);
|
|
new_context = sidtab_search(sidtab, new_sid);
|
|
|
if (!new_context) {
|
|
if (!new_context) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %u\n",
|
|
|
__func__, new_sid);
|
|
__func__, new_sid);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
@@ -1040,14 +1038,14 @@ void security_compute_xperms_decision(struct selinux_state *state,
|
|
|
|
|
|
|
|
scontext = sidtab_search(sidtab, ssid);
|
|
scontext = sidtab_search(sidtab, ssid);
|
|
|
if (!scontext) {
|
|
if (!scontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, ssid);
|
|
__func__, ssid);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
tcontext = sidtab_search(sidtab, tsid);
|
|
tcontext = sidtab_search(sidtab, tsid);
|
|
|
if (!tcontext) {
|
|
if (!tcontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, tsid);
|
|
__func__, tsid);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
@@ -1129,7 +1127,7 @@ void security_compute_av(struct selinux_state *state,
|
|
|
|
|
|
|
|
scontext = sidtab_search(sidtab, ssid);
|
|
scontext = sidtab_search(sidtab, ssid);
|
|
|
if (!scontext) {
|
|
if (!scontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, ssid);
|
|
__func__, ssid);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
@@ -1140,7 +1138,7 @@ void security_compute_av(struct selinux_state *state,
|
|
|
|
|
|
|
|
tcontext = sidtab_search(sidtab, tsid);
|
|
tcontext = sidtab_search(sidtab, tsid);
|
|
|
if (!tcontext) {
|
|
if (!tcontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, tsid);
|
|
__func__, tsid);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
@@ -1183,7 +1181,7 @@ void security_compute_av_user(struct selinux_state *state,
|
|
|
|
|
|
|
|
scontext = sidtab_search(sidtab, ssid);
|
|
scontext = sidtab_search(sidtab, ssid);
|
|
|
if (!scontext) {
|
|
if (!scontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, ssid);
|
|
__func__, ssid);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
@@ -1194,7 +1192,7 @@ void security_compute_av_user(struct selinux_state *state,
|
|
|
|
|
|
|
|
tcontext = sidtab_search(sidtab, tsid);
|
|
tcontext = sidtab_search(sidtab, tsid);
|
|
|
if (!tcontext) {
|
|
if (!tcontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, tsid);
|
|
__func__, tsid);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
@@ -1310,7 +1308,7 @@ static int security_sid_to_context_core(struct selinux_state *state,
|
|
|
*scontext = scontextp;
|
|
*scontext = scontextp;
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
|
- printk(KERN_ERR "SELinux: %s: called before initial "
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: called before initial "
|
|
|
"load_policy on unknown SID %d\n", __func__, sid);
|
|
"load_policy on unknown SID %d\n", __func__, sid);
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
goto out;
|
|
goto out;
|
|
@@ -1323,7 +1321,7 @@ static int security_sid_to_context_core(struct selinux_state *state,
|
|
|
else
|
|
else
|
|
|
context = sidtab_search(sidtab, sid);
|
|
context = sidtab_search(sidtab, sid);
|
|
|
if (!context) {
|
|
if (!context) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, sid);
|
|
__func__, sid);
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
goto out_unlock;
|
|
goto out_unlock;
|
|
@@ -1678,14 +1676,14 @@ static int security_compute_sid(struct selinux_state *state,
|
|
|
|
|
|
|
|
scontext = sidtab_search(sidtab, ssid);
|
|
scontext = sidtab_search(sidtab, ssid);
|
|
|
if (!scontext) {
|
|
if (!scontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, ssid);
|
|
__func__, ssid);
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
goto out_unlock;
|
|
goto out_unlock;
|
|
|
}
|
|
}
|
|
|
tcontext = sidtab_search(sidtab, tsid);
|
|
tcontext = sidtab_search(sidtab, tsid);
|
|
|
if (!tcontext) {
|
|
if (!tcontext) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, tsid);
|
|
__func__, tsid);
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
goto out_unlock;
|
|
goto out_unlock;
|
|
@@ -1911,7 +1909,8 @@ static inline int convert_context_handle_invalid_context(
|
|
|
return -EINVAL;
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (!context_struct_to_string(policydb, context, &s, &len)) {
|
|
if (!context_struct_to_string(policydb, context, &s, &len)) {
|
|
|
- printk(KERN_WARNING "SELinux: Context %s would be invalid if enforcing\n", s);
|
|
|
|
|
|
|
+ pr_warn("SELinux: Context %s would be invalid if enforcing\n",
|
|
|
|
|
+ s);
|
|
|
kfree(s);
|
|
kfree(s);
|
|
|
}
|
|
}
|
|
|
return 0;
|
|
return 0;
|
|
@@ -1962,7 +1961,7 @@ static int convert_context(u32 key,
|
|
|
c->len, &ctx, SECSID_NULL);
|
|
c->len, &ctx, SECSID_NULL);
|
|
|
kfree(s);
|
|
kfree(s);
|
|
|
if (!rc) {
|
|
if (!rc) {
|
|
|
- printk(KERN_INFO "SELinux: Context %s became valid (mapped).\n",
|
|
|
|
|
|
|
+ pr_info("SELinux: Context %s became valid (mapped).\n",
|
|
|
c->str);
|
|
c->str);
|
|
|
/* Replace string with mapped representation. */
|
|
/* Replace string with mapped representation. */
|
|
|
kfree(c->str);
|
|
kfree(c->str);
|
|
@@ -1974,7 +1973,7 @@ static int convert_context(u32 key,
|
|
|
goto out;
|
|
goto out;
|
|
|
} else {
|
|
} else {
|
|
|
/* Other error condition, e.g. ENOMEM. */
|
|
/* Other error condition, e.g. ENOMEM. */
|
|
|
- printk(KERN_ERR "SELinux: Unable to map context %s, rc = %d.\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: Unable to map context %s, rc = %d.\n",
|
|
|
c->str, -rc);
|
|
c->str, -rc);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
@@ -2033,7 +2032,7 @@ static int convert_context(u32 key,
|
|
|
oc = oc->next;
|
|
oc = oc->next;
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
if (!oc) {
|
|
if (!oc) {
|
|
|
- printk(KERN_ERR "SELinux: unable to look up"
|
|
|
|
|
|
|
+ pr_err("SELinux: unable to look up"
|
|
|
" the initial SIDs list\n");
|
|
" the initial SIDs list\n");
|
|
|
goto bad;
|
|
goto bad;
|
|
|
}
|
|
}
|
|
@@ -2065,7 +2064,7 @@ bad:
|
|
|
context_destroy(c);
|
|
context_destroy(c);
|
|
|
c->str = s;
|
|
c->str = s;
|
|
|
c->len = len;
|
|
c->len = len;
|
|
|
- printk(KERN_INFO "SELinux: Context %s became invalid (unmapped).\n",
|
|
|
|
|
|
|
+ pr_info("SELinux: Context %s became invalid (unmapped).\n",
|
|
|
c->str);
|
|
c->str);
|
|
|
rc = 0;
|
|
rc = 0;
|
|
|
goto out;
|
|
goto out;
|
|
@@ -2170,13 +2169,13 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
|
|
|
newpolicydb->len = len;
|
|
newpolicydb->len = len;
|
|
|
/* If switching between different policy types, log MLS status */
|
|
/* If switching between different policy types, log MLS status */
|
|
|
if (policydb->mls_enabled && !newpolicydb->mls_enabled)
|
|
if (policydb->mls_enabled && !newpolicydb->mls_enabled)
|
|
|
- printk(KERN_INFO "SELinux: Disabling MLS support...\n");
|
|
|
|
|
|
|
+ pr_info("SELinux: Disabling MLS support...\n");
|
|
|
else if (!policydb->mls_enabled && newpolicydb->mls_enabled)
|
|
else if (!policydb->mls_enabled && newpolicydb->mls_enabled)
|
|
|
- printk(KERN_INFO "SELinux: Enabling MLS support...\n");
|
|
|
|
|
|
|
+ pr_info("SELinux: Enabling MLS support...\n");
|
|
|
|
|
|
|
|
rc = policydb_load_isids(newpolicydb, &newsidtab);
|
|
rc = policydb_load_isids(newpolicydb, &newsidtab);
|
|
|
if (rc) {
|
|
if (rc) {
|
|
|
- printk(KERN_ERR "SELinux: unable to load the initial SIDs\n");
|
|
|
|
|
|
|
+ pr_err("SELinux: unable to load the initial SIDs\n");
|
|
|
policydb_destroy(newpolicydb);
|
|
policydb_destroy(newpolicydb);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
@@ -2187,7 +2186,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
|
|
|
|
|
|
|
|
rc = security_preserve_bools(state, newpolicydb);
|
|
rc = security_preserve_bools(state, newpolicydb);
|
|
|
if (rc) {
|
|
if (rc) {
|
|
|
- printk(KERN_ERR "SELinux: unable to preserve booleans\n");
|
|
|
|
|
|
|
+ pr_err("SELinux: unable to preserve booleans\n");
|
|
|
goto err;
|
|
goto err;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -2207,7 +2206,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
|
|
|
args.newp = newpolicydb;
|
|
args.newp = newpolicydb;
|
|
|
rc = sidtab_map(&newsidtab, convert_context, &args);
|
|
rc = sidtab_map(&newsidtab, convert_context, &args);
|
|
|
if (rc) {
|
|
if (rc) {
|
|
|
- printk(KERN_ERR "SELinux: unable to convert the internal"
|
|
|
|
|
|
|
+ pr_err("SELinux: unable to convert the internal"
|
|
|
" representation of contexts in the new SID"
|
|
" representation of contexts in the new SID"
|
|
|
" table\n");
|
|
" table\n");
|
|
|
goto err;
|
|
goto err;
|
|
@@ -2999,7 +2998,7 @@ int security_sid_mls_copy(struct selinux_state *state,
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
context1 = sidtab_search(sidtab, sid);
|
|
context1 = sidtab_search(sidtab, sid);
|
|
|
if (!context1) {
|
|
if (!context1) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, sid);
|
|
__func__, sid);
|
|
|
goto out_unlock;
|
|
goto out_unlock;
|
|
|
}
|
|
}
|
|
@@ -3007,7 +3006,7 @@ int security_sid_mls_copy(struct selinux_state *state,
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
context2 = sidtab_search(sidtab, mls_sid);
|
|
context2 = sidtab_search(sidtab, mls_sid);
|
|
|
if (!context2) {
|
|
if (!context2) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, mls_sid);
|
|
__func__, mls_sid);
|
|
|
goto out_unlock;
|
|
goto out_unlock;
|
|
|
}
|
|
}
|
|
@@ -3104,14 +3103,14 @@ int security_net_peersid_resolve(struct selinux_state *state,
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
nlbl_ctx = sidtab_search(sidtab, nlbl_sid);
|
|
nlbl_ctx = sidtab_search(sidtab, nlbl_sid);
|
|
|
if (!nlbl_ctx) {
|
|
if (!nlbl_ctx) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, nlbl_sid);
|
|
__func__, nlbl_sid);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
xfrm_ctx = sidtab_search(sidtab, xfrm_sid);
|
|
xfrm_ctx = sidtab_search(sidtab, xfrm_sid);
|
|
|
if (!xfrm_ctx) {
|
|
if (!xfrm_ctx) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized SID %d\n",
|
|
|
__func__, xfrm_sid);
|
|
__func__, xfrm_sid);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
|
@@ -3202,7 +3201,7 @@ int security_get_permissions(struct selinux_state *state,
|
|
|
rc = -EINVAL;
|
|
rc = -EINVAL;
|
|
|
match = hashtab_search(policydb->p_classes.table, class);
|
|
match = hashtab_search(policydb->p_classes.table, class);
|
|
|
if (!match) {
|
|
if (!match) {
|
|
|
- printk(KERN_ERR "SELinux: %s: unrecognized class %s\n",
|
|
|
|
|
|
|
+ pr_err("SELinux: %s: unrecognized class %s\n",
|
|
|
__func__, class);
|
|
__func__, class);
|
|
|
goto out;
|
|
goto out;
|
|
|
}
|
|
}
|
peter enderborg