selinux: Report permissive mode in avc: denied messages.

We cannot presently tell from an avc: denied message whether access was in fact denied or was allowed due to global or per-domain permissive mode. Add a permissive= field to the avc message to reflect this information. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Stephen Smalley <sds@tycho.nsa.gov> 2014-04-29 14:29:04 -0400
committer: Paul Moore <pmoore@redhat.com> 2014-05-01 14:56:14 -0400
commit: 626b9740fa73cad043e136bfb3b6fca68a4f8a7c (patch)
tree: 2f28ff59a691edcc8874b460a4f4e2f8075f611d /security/selinux/include
parent: 6d32c850621b0be75777b9102b14f6268bbd9f0f (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index f53ee3c58d0f..ddf8eec03f21 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -102,7 +102,7 @@ static inline u32 avc_audit_required(u32 requested,
 }
 int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
-                   u32 requested, u32 audited, u32 denied,
+                   u32 requested, u32 audited, u32 denied, int result,
                   struct common_audit_data *a,
                   unsigned flags);
@@ -137,7 +137,7 @@ static inline int avc_audit(u32 ssid, u32 tsid,
        if (likely(!audited))
                return 0;
        return slow_avc_audit(ssid, tsid, tclass,
-                              requested, audited, denied,
+                              requested, audited, denied, result,
                              a, 0);
 }
author	Stephen Smalley <sds@tycho.nsa.gov>	2014-04-29 14:29:04 -0400
committer	Paul Moore <pmoore@redhat.com>	2014-05-01 14:56:14 -0400
commit	626b9740fa73cad043e136bfb3b6fca68a4f8a7c (patch)
tree	2f28ff59a691edcc8874b460a4f4e2f8075f611d /security/selinux/include
parent	6d32c850621b0be75777b9102b14f6268bbd9f0f (diff)

diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index f53ee3c58d0f..ddf8eec03f21 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h
@@ -102,7 +102,7 @@ static inline u32 avc_audit_required(u32 requested,
102	}	102	}
103		103
104	int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,	104	int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
105	u32 requested, u32 audited, u32 denied,	105	u32 requested, u32 audited, u32 denied, int result,
106	struct common_audit_data *a,	106	struct common_audit_data *a,
107	unsigned flags);	107	unsigned flags);
108		108
@@ -137,7 +137,7 @@ static inline int avc_audit(u32 ssid, u32 tsid,
137	if (likely(!audited))	137	if (likely(!audited))
138	return 0;	138	return 0;
139	return slow_avc_audit(ssid, tsid, tclass,	139	return slow_avc_audit(ssid, tsid, tclass,
140	requested, audited, denied,	140	requested, audited, denied, result,
141	a, 0);	141	a, 0);
142	}	142	}
143		143