From: Chris PeBenito Date: Mon, 14 Sep 2020 15:34:04 +0000 (-0400) Subject: bus/selinux: Fix audit message types. X-Git-Tag: dbus-1.13.20~46^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d5d40d5a598f033c46d1fad9b4062c3725964fc;p=thirdparty%2Fdbus.git bus/selinux: Fix audit message types. The SELinux log callback includes a message type. Not all messages are auditable and those that are have varying audit types. An audit message is a security-relevant event: security state changes, MAC permission denied, etc. A message that is auditable is not necessarily sensitive. Messages that are not auditable are not security-relevant, like messages about socket polling errors. Update the auditing accordingly. If the message is not auditable, fall through and write it to syslog. Signed-off-by: Chris PeBenito --- diff --git a/bus/selinux.c b/bus/selinux.c index 7e63348cc..42017e7a0 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -96,7 +96,7 @@ log_callback (int type, const char *fmt, ...) { va_list ap; #ifdef HAVE_LIBAUDIT - int audit_fd; + int audit_fd, audit_type; #endif va_start(ap, fmt); @@ -114,9 +114,33 @@ log_callback (int type, const char *fmt, ...) /* FIXME: need to change this to show real user */ vsnprintf(buf, sizeof(buf), fmt, ap); - audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, + + switch (type) + { + case SELINUX_AVC: + audit_type = AUDIT_USER_AVC; + break; +#if defined(SELINUX_POLICYLOAD) && defined(AUDIT_USER_MAC_POLICY_LOAD) + case SELINUX_POLICYLOAD: + audit_type = AUDIT_USER_MAC_POLICY_LOAD; + break; +#endif +#if defined(SELINUX_SETENFORCE) && defined(AUDIT_USER_MAC_STATUS) + case SELINUX_SETENFORCE: + audit_type = AUDIT_USER_MAC_STATUS; + break; +#endif + default: + /* Not auditable */ + audit_type = 0; + break; + } + + if (audit_type > 0) { + audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL, NULL, getuid()); - goto out; + goto out; + } } #endif /* HAVE_LIBAUDIT */