forked from luck/tmp_suning_uos_patched
37ca5389b8
Per Steve Grubb's observation that there are some remaining cases where avc_audit() directly logs untrusted strings without escaping them, here is a patch that changes avc_audit() to use audit_log_untrustedstring() or audit_log_hex() as appropriate. Note that d_name.name is nul- terminated by d_alloc(), and that sun_path is nul-terminated by unix_mkname(), so it is not necessary for the AVC to create nul- terminated copies or to alter audit_log_untrustedstring to take a length argument. In the case of an abstract name, we use audit_log_hex() with an explicit length. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David Woodhouse <dwmw2@infradead.org> |
||
|---|---|---|
| .. | ||
| include | ||
| ss | ||
| avc.c | ||
| hooks.c | ||
| Kconfig | ||
| Makefile | ||
| netif.c | ||
| netlink.c | ||
| nlmsgtab.c | ||
| selinuxfs.c | ||