diff options
author | Chris PeBenito <chpebeni@linux.microsoft.com> | 2020-09-14 11:34:04 -0400 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2020-11-23 13:07:19 +0000 |
commit | 2d5d40d5a598f033c46d1fad9b4062c3725964fc (patch) | |
tree | c10f313a360bb28b2ba8e96b183d74e19011956d /bus | |
parent | 8e028f2002b0ba2921e25f6a3a8b00229416f866 (diff) | |
download | dbus-2d5d40d5a598f033c46d1fad9b4062c3725964fc.tar.gz |
bus/selinux: Fix audit message types.
The SELinux log callback includes a message type. Not all messages are
auditable and those that are have varying audit types. An audit message is
a security-relevant event: security state changes, MAC permission denied,
etc. A message that is auditable is not necessarily sensitive. Messages
that are not auditable are not security-relevant, like messages about
socket polling errors. Update the auditing accordingly.
If the message is not auditable, fall through and write it to syslog.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Diffstat (limited to 'bus')
-rw-r--r-- | bus/selinux.c | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/bus/selinux.c b/bus/selinux.c index 7e63348c..42017e7a 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -96,7 +96,7 @@ log_callback (int type, const char *fmt, ...) { va_list ap; #ifdef HAVE_LIBAUDIT - int audit_fd; + int audit_fd, audit_type; #endif va_start(ap, fmt); @@ -114,9 +114,33 @@ log_callback (int type, const char *fmt, ...) /* FIXME: need to change this to show real user */ vsnprintf(buf, sizeof(buf), fmt, ap); - audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, + + switch (type) + { + case SELINUX_AVC: + audit_type = AUDIT_USER_AVC; + break; +#if defined(SELINUX_POLICYLOAD) && defined(AUDIT_USER_MAC_POLICY_LOAD) + case SELINUX_POLICYLOAD: + audit_type = AUDIT_USER_MAC_POLICY_LOAD; + break; +#endif +#if defined(SELINUX_SETENFORCE) && defined(AUDIT_USER_MAC_STATUS) + case SELINUX_SETENFORCE: + audit_type = AUDIT_USER_MAC_STATUS; + break; +#endif + default: + /* Not auditable */ + audit_type = 0; + break; + } + + if (audit_type > 0) { + audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL, NULL, getuid()); - goto out; + goto out; + } } #endif /* HAVE_LIBAUDIT */ |