selinux: log raw contexts as untrusted strings
authorOndrej Mosnacek <omosnace@redhat.com>
Tue, 11 Jun 2019 08:07:19 +0000 (10:07 +0200)
committerPaul Moore <paul@paul-moore.com>
Tue, 11 Jun 2019 22:35:51 +0000 (18:35 -0400)
commitaff7ed4851680d0d28ad9f52cd2f99213e1371b2
tree7cbf055d91e90dadc8116ab0da46148adb8bd1b7
parent05174c95b83f8aca0c47b87115abb7a6387aafa5
selinux: log raw contexts as untrusted strings

These strings may come from untrusted sources (e.g. file xattrs) so they
need to be properly escaped.

Reproducer:
    # setenforce 0
    # touch /tmp/test
    # setfattr -n security.selinux -v 'kuřecí řízek' /tmp/test
    # runcon system_u:system_r:sshd_t:s0 cat /tmp/test
    (look at the generated AVCs)

Actual result:
    type=AVC [...] trawcon=kuřecí řízek

Expected result:
    type=AVC [...] trawcon=6B75C5996563C3AD20C599C3AD7A656B

Fixes: fede148324c3 ("selinux: log invalid contexts in AVCs")
Cc: stable@vger.kernel.org # v5.1+
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/avc.c