diff options
author | Simon McVittie <smcv@collabora.com> | 2020-11-23 13:23:12 +0000 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2020-11-23 13:23:12 +0000 |
commit | c7ad138a2168125758a12688be9b734ffa747eaa (patch) | |
tree | c10f313a360bb28b2ba8e96b183d74e19011956d | |
parent | 8e028f2002b0ba2921e25f6a3a8b00229416f866 (diff) | |
parent | 2d5d40d5a598f033c46d1fad9b4062c3725964fc (diff) | |
download | dbus-c7ad138a2168125758a12688be9b734ffa747eaa.tar.gz |
Merge branch 'update-selinux-auditing' into 'master'
bus/selinux: Fix audit message types.
See merge request dbus/dbus!173
-rw-r--r-- | bus/selinux.c | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/bus/selinux.c b/bus/selinux.c index 7e63348c..42017e7a 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -96,7 +96,7 @@ log_callback (int type, const char *fmt, ...) { va_list ap; #ifdef HAVE_LIBAUDIT - int audit_fd; + int audit_fd, audit_type; #endif va_start(ap, fmt); @@ -114,9 +114,33 @@ log_callback (int type, const char *fmt, ...) /* FIXME: need to change this to show real user */ vsnprintf(buf, sizeof(buf), fmt, ap); - audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, + + switch (type) + { + case SELINUX_AVC: + audit_type = AUDIT_USER_AVC; + break; +#if defined(SELINUX_POLICYLOAD) && defined(AUDIT_USER_MAC_POLICY_LOAD) + case SELINUX_POLICYLOAD: + audit_type = AUDIT_USER_MAC_POLICY_LOAD; + break; +#endif +#if defined(SELINUX_SETENFORCE) && defined(AUDIT_USER_MAC_STATUS) + case SELINUX_SETENFORCE: + audit_type = AUDIT_USER_MAC_STATUS; + break; +#endif + default: + /* Not auditable */ + audit_type = 0; + break; + } + + if (audit_type > 0) { + audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL, NULL, getuid()); - goto out; + goto out; + } } #endif /* HAVE_LIBAUDIT */ |