diff options
-rw-r--r-- | security/selinux/avc.c | 2 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 18f4103e02b7..f2dde268165a 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -117,7 +117,7 @@ static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av) | |||
117 | i = 0; | 117 | i = 0; |
118 | perm = 1; | 118 | perm = 1; |
119 | while (i < (sizeof(av) * 8)) { | 119 | while (i < (sizeof(av) * 8)) { |
120 | if (perm & av) { | 120 | if ((perm & av) && perms[i]) { |
121 | audit_log_format(ab, " %s", perms[i]); | 121 | audit_log_format(ab, " %s", perms[i]); |
122 | av &= ~perm; | 122 | av &= ~perm; |
123 | } | 123 | } |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 77f6e54bb43f..d6bb20cbad62 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -239,6 +239,13 @@ static void map_decision(u16 tclass, struct av_decision *avd, | |||
239 | if (!allow_unknown && !current_mapping[tclass].perms[i]) | 239 | if (!allow_unknown && !current_mapping[tclass].perms[i]) |
240 | result |= 1<<i; | 240 | result |= 1<<i; |
241 | } | 241 | } |
242 | /* | ||
243 | * In case the kernel has a bug and requests a permission | ||
244 | * between num_perms and the maximum permission number, we | ||
245 | * should audit that denial | ||
246 | */ | ||
247 | for (; i < (sizeof(u32)*8); i++) | ||
248 | result |= 1<<i; | ||
242 | avd->auditdeny = result; | 249 | avd->auditdeny = result; |
243 | } | 250 | } |
244 | } | 251 | } |