git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Stephen Smalley <stephen.smalley.work@gmail.com>
	Fri, 10 Apr 2026 19:29:50 +0000 (15:29 -0400)
committer	Paul Moore <paul@paul-moore.com>
	Tue, 28 Apr 2026 22:13:58 +0000 (18:13 -0400)
commit	f92d542577db878acfd21cc18dab23d03023b217
tree	9389026788b522aa6795b8aaa8e897840d3de5ff	tree \| snapshot
parent	1e5a8eed7821e7a43a31b4c1b3675a91be6bc6f6	commit \| diff

selinux: fix avdcache auditing

The per-task avdcache was incorrectly saving and reusing the
audited vector computed by avc_audit_required() rather than
recomputing based on the currently requested permissions and
distinguishing the denied versus allowed cases. As a result,
some permission checks were not being audited, e.g.
directory write checks after a previously cached directory
search check.

Cc: stable@vger.kernel.org
Fixes: dde3a5d0f4dce ("selinux: move avdcache to per-task security struct")
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
[PM: line wrap tweaks]
Signed-off-by: Paul Moore <paul@paul-moore.com>

security/selinux/hooks.c		diff \| blob \| blame \| history
security/selinux/include/objsec.h		diff \| blob \| blame \| history