1 files changed, 7 insertions, 0 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 77f6e54bb43f..d6bb20cbad62 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -239,6 +239,13 @@ static void map_decision(u16 tclass, struct av_decision *avd,
                        if (!allow_unknown && !current_mapping[tclass].perms[i])
                                result |= 1<<i;
                }
+                /*
+                 * In case the kernel has a bug and requests a permission
+                 * between num_perms and the maximum permission number, we
+                 * should audit that denial
+                 */
+                for (; i < (sizeof(u32)*8); i++)
+                        result |= 1<<i;
                avd->auditdeny = result;
        }
 }

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 77f6e54bb43f..d6bb20cbad62 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -239,6 +239,13 @@ static void map_decision(u16 tclass, struct av_decision *avd,
239	if (!allow_unknown && !current_mapping[tclass].perms[i])	239	if (!allow_unknown && !current_mapping[tclass].perms[i])
240	result \|= 1<<i;	240	result \|= 1<<i;
241	}	241	}
		242	/*
		243	* In case the kernel has a bug and requests a permission
		244	* between num_perms and the maximum permission number, we
		245	* should audit that denial
		246	*/
		247	for (; i < (sizeof(u32)*8); i++)
		248	result \|= 1<<i;
242	avd->auditdeny = result;	249	avd->auditdeny = result;
243	}	250	}
244	}	251	}