diff options
Diffstat (limited to 'security/selinux/avc.c')
| -rw-r--r-- | security/selinux/avc.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index fc3e6628a864..a18f1fa6440b 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -444,11 +444,15 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) | |||
| 444 | avc_dump_query(ab, ad->selinux_audit_data->ssid, | 444 | avc_dump_query(ab, ad->selinux_audit_data->ssid, |
| 445 | ad->selinux_audit_data->tsid, | 445 | ad->selinux_audit_data->tsid, |
| 446 | ad->selinux_audit_data->tclass); | 446 | ad->selinux_audit_data->tclass); |
| 447 | if (ad->selinux_audit_data->denied) { | ||
| 448 | audit_log_format(ab, " permissive=%u", | ||
| 449 | ad->selinux_audit_data->result ? 0 : 1); | ||
| 450 | } | ||
| 447 | } | 451 | } |
| 448 | 452 | ||
| 449 | /* This is the slow part of avc audit with big stack footprint */ | 453 | /* This is the slow part of avc audit with big stack footprint */ |
| 450 | noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, | 454 | noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, |
| 451 | u32 requested, u32 audited, u32 denied, | 455 | u32 requested, u32 audited, u32 denied, int result, |
| 452 | struct common_audit_data *a, | 456 | struct common_audit_data *a, |
| 453 | unsigned flags) | 457 | unsigned flags) |
| 454 | { | 458 | { |
| @@ -477,6 +481,7 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, | |||
| 477 | sad.tsid = tsid; | 481 | sad.tsid = tsid; |
| 478 | sad.audited = audited; | 482 | sad.audited = audited; |
| 479 | sad.denied = denied; | 483 | sad.denied = denied; |
| 484 | sad.result = result; | ||
| 480 | 485 | ||
| 481 | a->selinux_audit_data = &sad; | 486 | a->selinux_audit_data = &sad; |
| 482 | 487 | ||