diff options
Diffstat (limited to 'security/selinux/avc.c')
| -rw-r--r-- | security/selinux/avc.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 5ebad47391c9..3a27418b20d7 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -734,6 +734,21 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) | |||
| 734 | 734 | ||
| 735 | if (sad->denied) | 735 | if (sad->denied) |
| 736 | audit_log_format(ab, " permissive=%u", sad->result ? 0 : 1); | 736 | audit_log_format(ab, " permissive=%u", sad->result ? 0 : 1); |
| 737 | |||
| 738 | /* in case of invalid context report also the actual context string */ | ||
| 739 | rc = security_sid_to_context_inval(sad->state, sad->ssid, &scontext, | ||
| 740 | &scontext_len); | ||
| 741 | if (!rc && scontext) { | ||
| 742 | audit_log_format(ab, " srawcon=%s", scontext); | ||
| 743 | kfree(scontext); | ||
| 744 | } | ||
| 745 | |||
| 746 | rc = security_sid_to_context_inval(sad->state, sad->tsid, &scontext, | ||
| 747 | &scontext_len); | ||
| 748 | if (!rc && scontext) { | ||
| 749 | audit_log_format(ab, " trawcon=%s", scontext); | ||
| 750 | kfree(scontext); | ||
| 751 | } | ||
| 737 | } | 752 | } |
| 738 | 753 | ||
| 739 | /* This is the slow part of avc audit with big stack footprint */ | 754 | /* This is the slow part of avc audit with big stack footprint */ |