From: Marek Milkovic <mmilkovi@redhat.com>
Date: Thu, 4 Jun 2015 20:22:16 +0000 (-0400)
Subject: selinux: Print 'sclass' as string when unrecognized netlink message occurs
X-Git-Tag: v4.2-rc1~77^2~11
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=cded3fffbeab777e6ad2ec05d4a3b62c5caca0f3;p=linux.git

selinux: Print 'sclass' as string when unrecognized netlink message occurs

This prints the 'sclass' field as string instead of index in unrecognized netlink message.
The textual representation makes it easier to distinguish the right class.

Signed-off-by: Marek Milkovic <mmilkovi@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: 80-char width fixes]
Signed-off-by: Paul Moore <pmoore@redhat.com>
---

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 06c9dd962c3c..99c4a00cce4e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4713,8 +4713,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
 		if (err == -EINVAL) {
 			printk(KERN_WARNING
 			       "SELinux: unrecognized netlink message:"
-			       " protocol=%hu nlmsg_type=%hu sclass=%hu\n",
-			       sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
+			       " protocol=%hu nlmsg_type=%hu sclass=%s\n",
+			       sk->sk_protocol, nlh->nlmsg_type,
+			       secclass_map[sksec->sclass - 1].name);
 			if (!selinux_enforcing || security_get_allow_unknown())
 				err = 0;
 		}