aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/selinux/selinuxfs.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 245160373dab..c0cadbc5f85c 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -168,10 +168,12 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
168 if (length) 168 if (length)
169 goto out; 169 goto out;
170 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 170 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
171 "enforcing=%d old_enforcing=%d auid=%u ses=%u", 171 "enforcing=%d old_enforcing=%d auid=%u ses=%u"
172 " enabled=%d old-enabled=%d lsm=selinux res=1",
172 new_value, old_value, 173 new_value, old_value,
173 from_kuid(&init_user_ns, audit_get_loginuid(current)), 174 from_kuid(&init_user_ns, audit_get_loginuid(current)),
174 audit_get_sessionid(current)); 175 audit_get_sessionid(current),
176 selinux_enabled, selinux_enabled);
175 enforcing_set(state, new_value); 177 enforcing_set(state, new_value);
176 if (new_value) 178 if (new_value)
177 avc_ss_reset(state->avc, 0); 179 avc_ss_reset(state->avc, 0);
@@ -279,6 +281,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
279 char *page; 281 char *page;
280 ssize_t length; 282 ssize_t length;
281 int new_value; 283 int new_value;
284 int enforcing;
282 285
283 if (count >= PAGE_SIZE) 286 if (count >= PAGE_SIZE)
284 return -ENOMEM; 287 return -ENOMEM;
@@ -296,13 +299,16 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
296 goto out; 299 goto out;
297 300
298 if (new_value) { 301 if (new_value) {
302 enforcing = enforcing_enabled(fsi->state);
299 length = selinux_disable(fsi->state); 303 length = selinux_disable(fsi->state);
300 if (length) 304 if (length)
301 goto out; 305 goto out;
302 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 306 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
303 "selinux=0 auid=%u ses=%u", 307 "enforcing=%d old_enforcing=%d auid=%u ses=%u"
308 " enabled=%d old-enabled=%d lsm=selinux res=1",
309 enforcing, enforcing,
304 from_kuid(&init_user_ns, audit_get_loginuid(current)), 310 from_kuid(&init_user_ns, audit_get_loginuid(current)),
305 audit_get_sessionid(current)); 311 audit_get_sessionid(current), 0, 1);
306 } 312 }
307 313
308 length = count; 314 length = count;
@@ -453,7 +459,7 @@ out:
453 return ret; 459 return ret;
454} 460}
455 461
456static int sel_mmap_policy_fault(struct vm_fault *vmf) 462static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf)
457{ 463{
458 struct policy_load_memory *plm = vmf->vma->vm_file->private_data; 464 struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
459 unsigned long offset; 465 unsigned long offset;
@@ -576,7 +582,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
576 582
577out1: 583out1:
578 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 584 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
579 "policy loaded auid=%u ses=%u", 585 "auid=%u ses=%u lsm=selinux res=1",
580 from_kuid(&init_user_ns, audit_get_loginuid(current)), 586 from_kuid(&init_user_ns, audit_get_loginuid(current)),
581 audit_get_sessionid(current)); 587 audit_get_sessionid(current));
582out: 588out:
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-08 21:30:29 -0500