diff options
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/avc.c | 2 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 18f4103e02b7..f2dde268165a 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -117,7 +117,7 @@ static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av) | |||
| 117 | i = 0; | 117 | i = 0; |
| 118 | perm = 1; | 118 | perm = 1; |
| 119 | while (i < (sizeof(av) * 8)) { | 119 | while (i < (sizeof(av) * 8)) { |
| 120 | if (perm & av) { | 120 | if ((perm & av) && perms[i]) { |
| 121 | audit_log_format(ab, " %s", perms[i]); | 121 | audit_log_format(ab, " %s", perms[i]); |
| 122 | av &= ~perm; | 122 | av &= ~perm; |
| 123 | } | 123 | } |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 77f6e54bb43f..d6bb20cbad62 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -239,6 +239,13 @@ static void map_decision(u16 tclass, struct av_decision *avd, | |||
| 239 | if (!allow_unknown && !current_mapping[tclass].perms[i]) | 239 | if (!allow_unknown && !current_mapping[tclass].perms[i]) |
| 240 | result |= 1<<i; | 240 | result |= 1<<i; |
| 241 | } | 241 | } |
| 242 | /* | ||
| 243 | * In case the kernel has a bug and requests a permission | ||
| 244 | * between num_perms and the maximum permission number, we | ||
| 245 | * should audit that denial | ||
| 246 | */ | ||
| 247 | for (; i < (sizeof(u32)*8); i++) | ||
| 248 | result |= 1<<i; | ||
| 242 | avd->auditdeny = result; | 249 | avd->auditdeny = result; |
| 243 | } | 250 | } |
| 244 | } | 251 | } |