[PATCH] SELinux: audit any unmapped permissions

This patch changes SELinux to display any permission values that could not be mapped to names as a hex value when generating an audit message. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] SELinux: audit any unmapped permissions
This patch changes SELinux to display any permission values that could not be mapped to names as a hex value when generating an audit message. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
75c146da · Stephen D. Smalley · Linus Torvalds · 11787a9a · 75c146da
Commit 75c146da authored Feb 03, 2005 by Stephen D. Smalley Committed by Linus Torvalds Feb 03, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 2 deletions

security/selinux/avc.c security/selinux/avc.c +9 -2

No files found.
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -162,8 +162,10 @@ void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
 	i = 0;
 	perm = 1;
 	while (perm < common_base) {
-		if (perm & av)
+		if (perm & av) {
 			audit_log_format(ab, " %s", common_pts[i]);
+			av &= ~perm;
+		}
 		i++;
 		perm <<= 1;
 	}
@@ -175,14 +177,19 @@ void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
 				    (av_perm_to_string[i2].value == perm))
 					break;
 			}
-			if (i2 < ARRAY_SIZE(av_perm_to_string))
+			if (i2 < ARRAY_SIZE(av_perm_to_string)) {
 				audit_log_format(ab, " %s",
 						 av_perm_to_string[i2].name);
+				av &= ~perm;
+			}
 		}
 		i++;
 		perm <<= 1;
 	}

+	if (av)
+		audit_log_format(ab, " 0x%x", av);
+
 	audit_log_format(ab, " }");
 }