[PATCH] fix se_sen audit filter

Fix a broken comparison that causes the process clearance to be checked for both se_clr and se_sen audit filters. Signed-off-by: N Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk>

[PATCH] fix se_sen audit filter
Fix a broken comparison that causes the process clearance to be checked for both se_clr and se_sen audit filters. Signed-off-by: N Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk>
8ba8e0fb · Darrel Goeddel · Al Viro · 014149cc · 8ba8e0fb
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

security/selinux/ss/services.c security/selinux/ss/services.c +1 -1

未找到文件。
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1980,7 +1980,7 @@ int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
 		break;
 	case AUDIT_SE_SEN:
 	case AUDIT_SE_CLR:
-		level = (op == AUDIT_SE_SEN ?
+		level = (field == AUDIT_SE_SEN ?
 		         &ctxt->range.level[0] : &ctxt->range.level[1]);
 		switch (op) {
 		case AUDIT_EQUAL: