selinux: fix avc audit messages
authorStephen Smalley <sds@tycho.nsa.gov>
Tue, 5 Feb 2019 16:49:32 +0000 (11:49 -0500)
committerPaul Moore <paul@paul-moore.com>
Tue, 5 Feb 2019 17:34:33 +0000 (12:34 -0500)
commit a2c513835bb6c6 ("selinux: inline some AVC functions used only once")
introduced usage of audit_log_string() in place of audit_log_format()
for fixed strings.  However, audit_log_string() quotes the string.
This breaks the avc audit message format and userspace audit parsers.
Switch back to using audit_log_format().

Fixes: a2c513835bb6c6 ("selinux: inline some AVC functions used only once")
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/avc.c

index 33863298a9b5f4fa48e71bcfc01478f94e306955..8346a4f7c5d7802289371f2dc786d02133be863b 100644 (file)
@@ -674,13 +674,13 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
        audit_log_format(ab, "avc:  %s ", sad->denied ? "denied" : "granted");
 
        if (av == 0) {
-               audit_log_string(ab, " null");
+               audit_log_format(ab, " null");
                return;
        }
 
        perms = secclass_map[sad->tclass-1].perms;
 
-       audit_log_string(ab, " {");
+       audit_log_format(ab, " {");
        i = 0;
        perm = 1;
        while (i < (sizeof(av) * 8)) {
@@ -695,7 +695,7 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
        if (av)
                audit_log_format(ab, " 0x%x", av);
 
-       audit_log_string(ab, " } for ");
+       audit_log_format(ab, " } for ");
 }
 
 /**