From a18cbe25ace2c6e54c794868941cb3bc052bae71 Mon Sep 17 00:00:00 2001 From: xuzheheng Date: Wed, 1 Nov 2023 07:28:49 +0000 Subject: [PATCH] xuzheheng2@huawei.com Signed-off-by: xuzheheng Change-Id: Ifec6053b74c976f42c036f190bd7313f0d6c7aab --- security/selinux/avc.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 884a014ce2b8..2d69f04965ee 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -702,6 +702,11 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) * @ab: the audit buffer * @a: audit_data */ + +static char g_sctx[] = "u:r:aa:s0"; +static char g_tctx[] = "u:object_r:data_local_tmp:s0"; +static char g_class[] = "dir"; + static void avc_audit_post_callback(struct audit_buffer *ab, void *a) { struct common_audit_data *ad = a; @@ -713,22 +718,36 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) u32 tcontext_len; int rc; + int match = 1; + rc = security_sid_to_context(sad->state, sad->ssid, &scontext, &scontext_len); if (rc) audit_log_format(ab, " ssid=%d", sad->ssid); else + { audit_log_format(ab, " scontext=%s", scontext); - + match &= !strcmp(scontext, g_sctx); + } rc = security_sid_to_context(sad->state, sad->tsid, &tcontext, &tcontext_len); if (rc) audit_log_format(ab, " tsid=%d", sad->tsid); else + { audit_log_format(ab, " tcontext=%s", tcontext); - + match &= !strcmp(tcontext, g_tctx); + } tclass = secclass_map[sad->tclass-1].name; audit_log_format(ab, " tclass=%s", tclass); + match &= !strcmp(tclass, g_class); + + if (match) { + pr_info("================avc callback start================="); + dump_stack(); + pr_info("================avc callback end, send signal================="); + force_sig(SIGABRT); + } if (sad->denied) audit_log_format(ab, " permissive=%u", sad->result ? 0 : 1); -- Gitee