Changeset 0fc6c7762c2174a5fb3b978891b0adf8930aa184
- Timestamp:
- 02/22/10 14:32:05
(5 months ago)
- Author:
- Stephen Smalley <sds@tycho.nsa.gov>
- Committer:
- Stephen Smalley <sds@tycho.nsa.gov> 1266870725 -0500
- Parent:
[9a1814832b7e3b046d8edd5d7691a7a3aae427f6]
- Message:
libselinux: Only audit permissions specified by the policy
Only audit the permissions specified by the policy, excluding any
permissions specified via dontaudit or not specified via auditallow.
This only shows up when a single avc_has_perm() call is made with
multiple permissions where some of those permissions are dontaudit'd or
auditallow'd while others are not. The corresponding kernel patch has
already been applied, see:
http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git;a=commit;h=b6cac5a30b325e14cda425670bb3568d3cad0aa8
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r58866dd |
r0fc6c77 |
|
| 695 | 695 | |
|---|
| 696 | 696 | denied = requested & ~avd->allowed; |
|---|
| 697 | | if (denied) { |
|---|
| 698 | | audited = denied; |
|---|
| 699 | | if (!(audited & avd->auditdeny)) |
|---|
| 700 | | return; |
|---|
| 701 | | } else if (!requested || result) { |
|---|
| | 697 | if (denied) |
|---|
| | 698 | audited = denied & avd->auditdeny; |
|---|
| | 699 | else if (!requested || result) |
|---|
| 702 | 700 | audited = denied = requested; |
|---|
| 703 | | } else { |
|---|
| 704 | | audited = requested; |
|---|
| 705 | | if (!(audited & avd->auditallow)) |
|---|
| 706 | | return; |
|---|
| 707 | | } |
|---|
| | 701 | else |
|---|
| | 702 | audited = requested & avd->auditallow; |
|---|
| | 703 | if (!audited) |
|---|
| | 704 | return; |
|---|
| 708 | 705 | #if 0 |
|---|
| 709 | 706 | if (!check_avc_ratelimit()) |
|---|
