1 files changed, 20 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 8aca4ab4aa27..d3d97d28b69a 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -58,6 +58,7 @@
 #include <linux/security.h>
 #include <linux/list.h>
 #include <linux/tty.h>
+#include <linux/selinux.h>
 #include "audit.h"
@@ -168,6 +169,9 @@ static int audit_filter_rules(struct task_struct *tsk,
                              enum audit_state *state)
 {
        int i, j;
+        u32 sid;
+        selinux_task_ctxid(tsk, &sid);
        for (i = 0; i < rule->field_count; i++) {
                struct audit_field *f = &rule->fields[i];
@@ -257,6 +261,22 @@ static int audit_filter_rules(struct task_struct *tsk,
                        if (ctx)
                                result = audit_comparator(ctx->loginuid, f->op, f->val);
                        break;
+                case AUDIT_SE_USER:
+                case AUDIT_SE_ROLE:
+                case AUDIT_SE_TYPE:
+                case AUDIT_SE_SEN:
+                case AUDIT_SE_CLR:
+                        /* NOTE: this may return negative values indicating
+                           a temporary error.  We simply treat this as a
+                           match for now to avoid losing information that
+                           may be wanted.   An error message will also be
+                           logged upon error */
+                        if (f->se_rule)
+                                result = selinux_audit_rule_match(sid, f->type,
+                                                                  f->op,
+                                                                  f->se_rule,
+                                                                  ctx);
+                        break;
                case AUDIT_ARG0:
                case AUDIT_ARG1:
                case AUDIT_ARG2:

diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 8aca4ab4aa27..d3d97d28b69a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -58,6 +58,7 @@
58	#include <linux/security.h>	58	#include <linux/security.h>
59	#include <linux/list.h>	59	#include <linux/list.h>
60	#include <linux/tty.h>	60	#include <linux/tty.h>
		61	#include <linux/selinux.h>
61		62
62	#include "audit.h"	63	#include "audit.h"
63		64
@@ -168,6 +169,9 @@ static int audit_filter_rules(struct task_struct *tsk,
168	enum audit_state *state)	169	enum audit_state *state)
169	{	170	{
170	int i, j;	171	int i, j;
		172	u32 sid;
		173
		174	selinux_task_ctxid(tsk, &sid);
171		175
172	for (i = 0; i < rule->field_count; i++) {	176	for (i = 0; i < rule->field_count; i++) {
173	struct audit_field *f = &rule->fields[i];	177	struct audit_field *f = &rule->fields[i];
@@ -257,6 +261,22 @@ static int audit_filter_rules(struct task_struct *tsk,
257	if (ctx)	261	if (ctx)
258	result = audit_comparator(ctx->loginuid, f->op, f->val);	262	result = audit_comparator(ctx->loginuid, f->op, f->val);
259	break;	263	break;
		264	case AUDIT_SE_USER:
		265	case AUDIT_SE_ROLE:
		266	case AUDIT_SE_TYPE:
		267	case AUDIT_SE_SEN:
		268	case AUDIT_SE_CLR:
		269	/* NOTE: this may return negative values indicating
		270	a temporary error. We simply treat this as a
		271	match for now to avoid losing information that
		272	may be wanted. An error message will also be
		273	logged upon error */
		274	if (f->se_rule)
		275	result = selinux_audit_rule_match(sid, f->type,
		276	f->op,
		277	f->se_rule,
		278	ctx);
		279	break;
260	case AUDIT_ARG0:	280	case AUDIT_ARG0:
261	case AUDIT_ARG1:	281	case AUDIT_ARG1:
262	case AUDIT_ARG2:	282	case AUDIT_ARG2: