Commit 4093a844 authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Paul Moore

selinux: normalize audit log formatting

Restructure to keyword=value pairs without spaces.  Drop superfluous words in
text.  Make invalid_context a keyword.  Change result= keyword to seresult=.
Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
[Minor rewrite to the patch subject line]
Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
parent e173fb26
...@@ -728,7 +728,7 @@ static int security_validtrans_handle_fail(struct context *ocontext, ...@@ -728,7 +728,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
if (context_struct_to_string(tcontext, &t, &tlen)) if (context_struct_to_string(tcontext, &t, &tlen))
goto out; goto out;
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
"security_validate_transition: denied for" "op=security_validate_transition seresult=denied"
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1)); o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
out: out:
...@@ -877,7 +877,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid) ...@@ -877,7 +877,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
audit_log(current->audit_context, audit_log(current->audit_context,
GFP_ATOMIC, AUDIT_SELINUX_ERR, GFP_ATOMIC, AUDIT_SELINUX_ERR,
"op=security_bounded_transition " "op=security_bounded_transition "
"result=denied " "seresult=denied "
"oldcontext=%s newcontext=%s", "oldcontext=%s newcontext=%s",
old_name, new_name); old_name, new_name);
} }
...@@ -1351,8 +1351,8 @@ static int compute_sid_handle_invalid_context( ...@@ -1351,8 +1351,8 @@ static int compute_sid_handle_invalid_context(
if (context_struct_to_string(newcontext, &n, &nlen)) if (context_struct_to_string(newcontext, &n, &nlen))
goto out; goto out;
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
"security_compute_sid: invalid context %s" "op=security_compute_sid invalid_context=%s"
" for scontext=%s" " scontext=%s"
" tcontext=%s" " tcontext=%s"
" tclass=%s", " tclass=%s",
n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1)); n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
...@@ -2607,8 +2607,10 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) ...@@ -2607,8 +2607,10 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
rc = convert_context_handle_invalid_context(&newcon); rc = convert_context_handle_invalid_context(&newcon);
if (rc) { if (rc) {
if (!context_struct_to_string(&newcon, &s, &len)) { if (!context_struct_to_string(&newcon, &s, &len)) {
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, audit_log(current->audit_context,
"security_sid_mls_copy: invalid context %s", s); GFP_ATOMIC, AUDIT_SELINUX_ERR,
"op=security_sid_mls_copy "
"invalid_context=%s", s);
kfree(s); kfree(s);
} }
goto out_unlock; goto out_unlock;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment