Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4093a844 authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Paul Moore
Browse files

selinux: normalize audit log formatting 



Restructure to keyword=value pairs without spaces.  Drop superfluous words in
text.  Make invalid_context a keyword.  Change result= keyword to seresult=.

Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
[Minor rewrite to the patch subject line]
Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
parent e173fb26

security/selinux/ss/services.c

+8 −6
Original line number Diff line number Diff line
@@ -728,7 +728,7 @@ static int security_validtrans_handle_fail(struct context *ocontext, 
	if (context_struct_to_string(tcontext, &t, &tlen))

		goto out;

	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,

		  "security_validate_transition:  denied for"

		  "op=security_validate_transition seresult=denied"

		  " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",

		  o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));

out:
@@ -877,7 +877,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid) 
			audit_log(current->audit_context,

				  GFP_ATOMIC, AUDIT_SELINUX_ERR,

				  "op=security_bounded_transition "

				  "result=denied "

				  "seresult=denied "

				  "oldcontext=%s newcontext=%s",

				  old_name, new_name);

		}
@@ -1351,8 +1351,8 @@ static int compute_sid_handle_invalid_context( 
	if (context_struct_to_string(newcontext, &n, &nlen))

		goto out;

	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,

		  "security_compute_sid:  invalid context %s"

		  " for scontext=%s"

		  "op=security_compute_sid invalid_context=%s"

		  " scontext=%s"

		  " tcontext=%s"

		  " tclass=%s",

		  n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
@@ -2607,8 +2607,10 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) 
		rc = convert_context_handle_invalid_context(&newcon);

		if (rc) {

			if (!context_struct_to_string(&newcon, &s, &len)) {

				audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,

					  "security_sid_mls_copy: invalid context %s", s);

				audit_log(current->audit_context,

					  GFP_ATOMIC, AUDIT_SELINUX_ERR,

					  "op=security_sid_mls_copy "

					  "invalid_context=%s", s);

				kfree(s);

			}

			goto out_unlock;