Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history 
yaml
---
r: 169173
b: refs/heads/master
c: 0bce952
h: refs/heads/master
i:
  169171: bd75ba0
v: v3
  • Loading branch information
Eric Paris authored and James Morris committed Nov 24, 2009
1 parent b50d37e commit 3060768
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 2 deletions.
2 changes: 1 addition & 1 deletion [refs]
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: c4a5af54c8ef277a59189fc9358e190f3c1b8206
refs/heads/master: 0bce95279909aa4cc401a2e3140b4295ca22e72a
2 changes: 1 addition & 1 deletion trunk/security/selinux/avc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
i = 0;
perm = 1;
while (i < (sizeof(av) * 8)) {
if (perm & av) {
if ((perm & av) && perms[i]) {
audit_log_format(ab, " %s", perms[i]);
av &= ~perm;
}
Expand Down
7 changes: 7 additions & 0 deletions trunk/security/selinux/ss/services.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,13 @@ static void map_decision(u16 tclass, struct av_decision *avd,
if (!allow_unknown && !current_mapping[tclass].perms[i])
result |= 1<<i;
}
/*
* In case the kernel has a bug and requests a permission
* between num_perms and the maximum permission number, we
* should audit that denial
*/
for (; i < (sizeof(u32)*8); i++)
result |= 1<<i;
avd->auditdeny = result;
}
}
Expand Down

0 comments on commit 3060768

Please sign in to comment.