aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDarrel Goeddel <dgoeddel@trustedcs.com>2006-05-24 09:38:25 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-06-20 05:25:26 -0400
commit8ba8e0fbe6321961f6ba04e2fd7215b37d935c83 (patch)
tree040b02209b21a06fc0c45cafce599773c905ef75
parent[PATCH] deprecate AUDIT_POSSBILE (diff)
downloadlinux-dev-8ba8e0fbe6321961f6ba04e2fd7215b37d935c83.tar.xz
linux-dev-8ba8e0fbe6321961f6ba04e2fd7215b37d935c83.zip
[PATCH] fix se_sen audit filter
Fix a broken comparison that causes the process clearance to be checked for both se_clr and se_sen audit filters. Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--security/selinux/ss/services.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index c284dbb8b8c0..e9548bc049e1 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1980,7 +1980,7 @@ int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
break;
case AUDIT_SE_SEN:
case AUDIT_SE_CLR:
- level = (op == AUDIT_SE_SEN ?
+ level = (field == AUDIT_SE_SEN ?
&ctxt->range.level[0] : &ctxt->range.level[1]);
switch (op) {
case AUDIT_EQUAL: