mbox series

[v3,0/4] Report raw context in AVCs + refactoring

Message ID 20190125100651.21753-1-omosnace@redhat.com (mailing list archive)
Headers show
Series Report raw context in AVCs + refactoring | expand

Message

Ondrej Mosnacek Jan. 25, 2019, 10:06 a.m. UTC
Changes in v3:
- do some minor refactoring while there
- move new fields to the end of the record
- introduce a new security_sid_to_context_inval() function to get the raw
  context instead of (ab)using strcmp() to check if the raw context is
  different from the effective one

v2: https://lore.kernel.org/selinux/20190121153605.26847-1-omosnace@redhat.com/T/
Changes in v2:
- rename new fields to *rawcon

v1: https://lore.kernel.org/selinux/20190118100429.11703-1-omosnace@redhat.com/T/

Ondrej Mosnacek (4):
  selinux: inline some AVC functions used only once
  selinux: replace some BUG_ON()s with a WARN_ON()
  selinux: remove some useless BUG_ONs
  selinux: log invalid contexts in AVCs

 security/selinux/avc.c              | 159 +++++++++++++---------------
 security/selinux/include/security.h |   3 +
 security/selinux/ss/services.c      |  37 ++++++-
 3 files changed, 109 insertions(+), 90 deletions(-)