selinux: fix avc audit messages

commit a2c51383 ("selinux: inline some AVC functions used only once") introduced usage of audit_log_string() in place of audit_log_format() for fixed strings. However, audit_log_string() quotes the string. This breaks the avc audit message format and userspace audit parsers. Switch back to using audit_log_format(). Fixes: a2c51383 ("selinux: inline some AVC functions used only once") Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>

selinux: fix avc audit messages
commit a2c51383 ("selinux: inline some AVC functions used only once") introduced usage of audit_log_string() in place of audit_log_format() for fixed strings. However, audit_log_string() quotes the string. This breaks the avc audit message format and userspace audit parsers. Switch back to using audit_log_format(). Fixes: a2c51383 ("selinux: inline some AVC functions used only once") Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
45189a19 · Stephen Smalley · Paul Moore · e6f2f381 · 45189a19
Commit 45189a19 authored Feb 05, 2019 by Stephen Smalley Committed by Paul Moore Feb 05, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

security/selinux/avc.c security/selinux/avc.c +3 -3

No files found.
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -674,13 +674,13 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
 	audit_log_format(ab, "avc:  %s ", sad->denied ? "denied" : "granted");
 	if (av == 0) {
-		audit_log_string(ab, " null");
+		audit_log_format(ab, " null");
 		return;
 	}
 	perms = secclass_map[sad->tclass-1].perms;
-	audit_log_string(ab, " {");
+	audit_log_format(ab, " {");
 	i = 0;
 	perm = 1;
 	while (i < (sizeof(av) * 8)) {
@@ -695,7 +695,7 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
 	if (av)
 		audit_log_format(ab, " 0x%x", av);
-	audit_log_string(ab, " } for ");
+	audit_log_format(ab, " } for ");
 }
 /**