summaryrefslogtreecommitdiff
path: root/security/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/avc.c4
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/selinux/nlmsgtab.c8
-rw-r--r--security/selinux/ss/services.c4
4 files changed, 13 insertions, 5 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 9e71a1bbe011..042f91e9f9d2 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -242,7 +242,7 @@ void __init avc_init(void)
avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
0, SLAB_PANIC, NULL, NULL);
- audit_log(current->audit_context, "AVC INITIALIZED\n");
+ audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n");
}
int avc_get_hash_stats(char *page)
@@ -549,7 +549,7 @@ void avc_audit(u32 ssid, u32 tsid,
return;
}
- ab = audit_log_start(current->audit_context, AUDIT_KERNEL, 0);
+ ab = audit_log_start(current->audit_context, AUDIT_AVC);
if (!ab)
return; /* audit_panic has been called */
audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index aae1e794fe48..db845cbd5841 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3419,7 +3419,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
if (err) {
if (err == -EINVAL) {
- audit_log(current->audit_context,
+ audit_log(current->audit_context, AUDIT_SELINUX_ERR,
"SELinux: unrecognized netlink message"
" type=%hu for sclass=%hu\n",
nlh->nlmsg_type, isec->sclass);
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index deac14367d43..67e77acc4795 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -98,6 +98,14 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
{ AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
{ AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
{ AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
+ { AUDIT_USER_AUTH, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
+ { AUDIT_USER_ACCT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
+ { AUDIT_USER_MGMT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
+ { AUDIT_CRED_ACQ, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
+ { AUDIT_CRED_DISP, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
+ { AUDIT_USER_START, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
+ { AUDIT_USER_END, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
+ { AUDIT_USER_AVC, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
};
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 5a820cf88c9c..07fdf6ee6148 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
goto out;
if (context_struct_to_string(tcontext, &t, &tlen) < 0)
goto out;
- audit_log(current->audit_context,
+ audit_log(current->audit_context, AUDIT_SELINUX_ERR,
"security_validate_transition: denied for"
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
o, n, t, policydb.p_class_val_to_name[tclass-1]);
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context(
goto out;
if (context_struct_to_string(newcontext, &n, &nlen) < 0)
goto out;
- audit_log(current->audit_context,
+ audit_log(current->audit_context, AUDIT_SELINUX_ERR,
"security_compute_sid: invalid context %s"
" for scontext=%s"
" tcontext=%s"