Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 45189a19 authored by Stephen Smalley's avatar Stephen Smalley Committed by Paul Moore
Browse files

selinux: fix avc audit messages 



commit a2c51383 ("selinux: inline some AVC functions used only once")
introduced usage of audit_log_string() in place of audit_log_format()
for fixed strings.  However, audit_log_string() quotes the string.
This breaks the avc audit message format and userspace audit parsers.
Switch back to using audit_log_format().

Fixes: a2c51383 ("selinux: inline some AVC functions used only once")
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent e6f2f381

security/selinux/avc.c

+3 −3
Original line number Diff line number Diff line
@@ -674,13 +674,13 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) 
	audit_log_format(ab, "avc:  %s ", sad->denied ? "denied" : "granted");



	if (av == 0) {

		audit_log_string(ab, " null");

		audit_log_format(ab, " null");

		return;

	}



	perms = secclass_map[sad->tclass-1].perms;



	audit_log_string(ab, " {");

	audit_log_format(ab, " {");

	i = 0;

	perm = 1;

	while (i < (sizeof(av) * 8)) {
@@ -695,7 +695,7 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) 
	if (av)

		audit_log_format(ab, " 0x%x", av);



	audit_log_string(ab, " } for ");

	audit_log_format(ab, " } for ");

}



/**