Add audit messages on type boundary violations
authorKaiGai Kohei <kaigai@ak.jp.nec.com>
Thu, 18 Jun 2009 08:26:13 +0000 (17:26 +0900)
committerJames Morris <jmorris@namei.org>
Thu, 18 Jun 2009 14:12:28 +0000 (00:12 +1000)
commit44c2d9bdd7022ca7d240d5adc009296fc1c6ce08
tree33115ee8d7e167d2a26558c2af8e0edfdca099d5
parentcaabbdc07df4249f2ed516b2c3e2d6b0973bcbb3
Add audit messages on type boundary violations

The attached patch adds support to generate audit messages on two cases.

The first one is a case when a multi-thread process tries to switch its
performing security context using setcon(3), but new security context is
not bounded by the old one.

  type=SELINUX_ERR msg=audit(1245311998.599:17):        \
      op=security_bounded_transition result=denied      \
      oldcontext=system_u:system_r:httpd_t:s0           \
      newcontext=system_u:system_r:guest_webapp_t:s0

The other one is a case when security_compute_av() masked any permissions
due to the type boundary violation.

  type=SELINUX_ERR msg=audit(1245312836.035:32): \
      op=security_compute_av reason=bounds              \
      scontext=system_u:object_r:user_webapp_t:s0       \
      tcontext=system_u:object_r:shadow_t:s0:c0         \
      tclass=file perms=getattr,open

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/avc.c
security/selinux/include/avc.h
security/selinux/ss/services.c