aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/selinux/avc.c2
-rw-r--r--security/selinux/ss/services.c7
2 files changed, 8 insertions, 1 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 18f4103e02b7..f2dde268165a 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -117,7 +117,7 @@ static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
117 i = 0; 117 i = 0;
118 perm = 1; 118 perm = 1;
119 while (i < (sizeof(av) * 8)) { 119 while (i < (sizeof(av) * 8)) {
120 if (perm & av) { 120 if ((perm & av) && perms[i]) {
121 audit_log_format(ab, " %s", perms[i]); 121 audit_log_format(ab, " %s", perms[i]);
122 av &= ~perm; 122 av &= ~perm;
123 } 123 }
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 77f6e54bb43f..d6bb20cbad62 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -239,6 +239,13 @@ static void map_decision(u16 tclass, struct av_decision *avd,
239 if (!allow_unknown && !current_mapping[tclass].perms[i]) 239 if (!allow_unknown && !current_mapping[tclass].perms[i])
240 result |= 1<<i; 240 result |= 1<<i;
241 } 241 }
242 /*
243 * In case the kernel has a bug and requests a permission
244 * between num_perms and the maximum permission number, we
245 * should audit that denial
246 */
247 for (; i < (sizeof(u32)*8); i++)
248 result |= 1<<i;
242 avd->auditdeny = result; 249 avd->auditdeny = result;
243 } 250 }
244} 251}