diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 3ee9b6a8beb6..db0fd9f33499 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -489,17 +489,14 @@ void avc_audit(u32 ssid, u32 tsid, | |||
489 | struct common_audit_data stack_data; | 489 | struct common_audit_data stack_data; |
490 | u32 denied, audited; | 490 | u32 denied, audited; |
491 | denied = requested & ~avd->allowed; | 491 | denied = requested & ~avd->allowed; |
492 | if (denied) { | 492 | if (denied) |
493 | audited = denied; | 493 | audited = denied & avd->auditdeny; |
494 | if (!(audited & avd->auditdeny)) | 494 | else if (result) |
495 | return; | ||
496 | } else if (result) { | ||
497 | audited = denied = requested; | 495 | audited = denied = requested; |
498 | } else { | 496 | else |
499 | audited = requested; | 497 | audited = requested & avd->auditallow; |
500 | if (!(audited & avd->auditallow)) | 498 | if (!audited) |
501 | return; | 499 | return; |
502 | } | ||
503 | if (!a) { | 500 | if (!a) { |
504 | a = &stack_data; | 501 | a = &stack_data; |
505 | memset(a, 0, sizeof(*a)); | 502 | memset(a, 0, sizeof(*a)); |