aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index a300736ee037..1c03a4ed1b27 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -168,11 +168,9 @@ static int audit_filter_rules(struct task_struct *tsk,
168 struct audit_context *ctx, 168 struct audit_context *ctx,
169 enum audit_state *state) 169 enum audit_state *state)
170{ 170{
171 int i, j; 171 int i, j, need_sid = 1;
172 u32 sid; 172 u32 sid;
173 173
174 selinux_task_ctxid(tsk, &sid);
175
176 for (i = 0; i < rule->field_count; i++) { 174 for (i = 0; i < rule->field_count; i++) {
177 struct audit_field *f = &rule->fields[i]; 175 struct audit_field *f = &rule->fields[i];
178 int result = 0; 176 int result = 0;
@@ -271,11 +269,16 @@ static int audit_filter_rules(struct task_struct *tsk,
271 match for now to avoid losing information that 269 match for now to avoid losing information that
272 may be wanted. An error message will also be 270 may be wanted. An error message will also be
273 logged upon error */ 271 logged upon error */
274 if (f->se_rule) 272 if (f->se_rule) {
273 if (need_sid) {
274 selinux_task_ctxid(tsk, &sid);
275 need_sid = 0;
276 }
275 result = selinux_audit_rule_match(sid, f->type, 277 result = selinux_audit_rule_match(sid, f->type,
276 f->op, 278 f->op,
277 f->se_rule, 279 f->se_rule,
278 ctx); 280 ctx);
281 }
279 break; 282 break;
280 case AUDIT_ARG0: 283 case AUDIT_ARG0:
281 case AUDIT_ARG1: 284 case AUDIT_ARG1:
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-30 02:18:30 -0500