X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=blobdiff_plain;ds=sidebyside;f=security%2Fselinux%2Favc.c;h=187964e88af1513f79940e025a2353407eff107a;hb=ce4796d1e16cf3761dc2a02b8d588667d05b3078;hp=0e69adf63bdbffa522039f1df111ccb0dcbaca99;hpb=644b55ce889edd37d6406df26e2d96d7a7390749;p=linux-2.6 diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 0e69adf63b..187964e88a 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -568,10 +568,11 @@ void avc_audit(u32 ssid, u32 tsid, audit_log_format(ab, " capability=%d", a->u.cap); break; case AVC_AUDIT_DATA_FS: - if (a->u.fs.dentry) { - struct dentry *dentry = a->u.fs.dentry; - if (a->u.fs.mnt) { - audit_log_d_path(ab, "path=", dentry, a->u.fs.mnt); + if (a->u.fs.path.dentry) { + struct dentry *dentry = a->u.fs.path.dentry; + if (a->u.fs.path.mnt) { + audit_log_d_path(ab, "path=", + &a->u.fs.path); } else { audit_log_format(ab, " name="); audit_log_untrustedstring(ab, dentry->d_name.name); @@ -626,8 +627,12 @@ void avc_audit(u32 ssid, u32 tsid, case AF_UNIX: u = unix_sk(sk); if (u->dentry) { + struct path path = { + .dentry = u->dentry, + .mnt = u->mnt + }; audit_log_d_path(ab, "path=", - u->dentry, u->mnt); + &path); break; } if (!u->addr) @@ -661,9 +666,18 @@ void avc_audit(u32 ssid, u32 tsid, "daddr", "dest"); break; } - if (a->u.net.netif) - audit_log_format(ab, " netif=%s", - a->u.net.netif); + if (a->u.net.netif > 0) { + struct net_device *dev; + + /* NOTE: we always use init's namespace */ + dev = dev_get_by_index(&init_net, + a->u.net.netif); + if (dev) { + audit_log_format(ab, " netif=%s", + dev->name); + dev_put(dev); + } + } break; } } @@ -916,3 +930,8 @@ int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata); return rc; } + +u32 avc_policy_seqno(void) +{ + return avc_cache.latest_notif; +}