|
@@ -728,7 +728,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
|
|
|
if (context_struct_to_string(tcontext, &t, &tlen))
|
|
if (context_struct_to_string(tcontext, &t, &tlen))
|
|
|
goto out;
|
|
goto out;
|
|
|
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
|
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
|
|
- "security_validate_transition: denied for"
|
|
|
|
|
|
|
+ "op=security_validate_transition seresult=denied"
|
|
|
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
|
|
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
|
|
|
o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
|
|
o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
|
|
|
out:
|
|
out:
|
|
@@ -877,7 +877,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
|
|
|
audit_log(current->audit_context,
|
|
audit_log(current->audit_context,
|
|
|
GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
|
GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
|
|
"op=security_bounded_transition "
|
|
"op=security_bounded_transition "
|
|
|
- "result=denied "
|
|
|
|
|
|
|
+ "seresult=denied "
|
|
|
"oldcontext=%s newcontext=%s",
|
|
"oldcontext=%s newcontext=%s",
|
|
|
old_name, new_name);
|
|
old_name, new_name);
|
|
|
}
|
|
}
|
|
@@ -1351,8 +1351,8 @@ static int compute_sid_handle_invalid_context(
|
|
|
if (context_struct_to_string(newcontext, &n, &nlen))
|
|
if (context_struct_to_string(newcontext, &n, &nlen))
|
|
|
goto out;
|
|
goto out;
|
|
|
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
|
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
|
|
- "security_compute_sid: invalid context %s"
|
|
|
|
|
- " for scontext=%s"
|
|
|
|
|
|
|
+ "op=security_compute_sid invalid_context=%s"
|
|
|
|
|
+ " scontext=%s"
|
|
|
" tcontext=%s"
|
|
" tcontext=%s"
|
|
|
" tclass=%s",
|
|
" tclass=%s",
|
|
|
n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
|
|
n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
|
|
@@ -2607,8 +2607,10 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
|
|
|
rc = convert_context_handle_invalid_context(&newcon);
|
|
rc = convert_context_handle_invalid_context(&newcon);
|
|
|
if (rc) {
|
|
if (rc) {
|
|
|
if (!context_struct_to_string(&newcon, &s, &len)) {
|
|
if (!context_struct_to_string(&newcon, &s, &len)) {
|
|
|
- audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
|
|
|
|
- "security_sid_mls_copy: invalid context %s", s);
|
|
|
|
|
|
|
+ audit_log(current->audit_context,
|
|
|
|
|
+ GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
|
|
|
|
+ "op=security_sid_mls_copy "
|
|
|
|
|
+ "invalid_context=%s", s);
|
|
|
kfree(s);
|
|
kfree(s);
|
|
|
}
|
|
}
|
|
|
goto out_unlock;
|
|
goto out_unlock;
|
Richard Guy Briggs