return s[0];
}
+#ifdef CONFIG_AUDIT
/*
* security_dump_masked_av - dumps masked permissions during
* security_compute_av due to RBAC, MLS/Constraint and Type bounds.
return;
}
+#endif
/*
* security_boundary_permission - drops violated permissions
/* mask violated permissions */
avd->allowed &= ~masked;
+#ifdef CONFIG_AUDIT
/* audit masked permissions */
security_dump_masked_av(scontext, tcontext,
tclass, masked, "bounds");
+#endif
}
}
tclass, avd);
}
-static int security_validtrans_handle_fail(struct context *ocontext,
+static inline int security_validtrans_handle_fail(struct context *ocontext,
struct context *ncontext,
struct context *tcontext,
u16 tclass)
{
+#ifdef CONFIG_AUDIT
char *o = NULL, *n = NULL, *t = NULL;
u32 olen, nlen, tlen;
kfree(o);
kfree(n);
kfree(t);
+#endif
if (!selinux_enforcing)
return 0;
index = type->bounds;
}
+#ifdef CONFIG_AUDIT
if (rc) {
char *old_name = NULL;
char *new_name = NULL;
kfree(new_name);
kfree(old_name);
}
+#endif
out:
read_unlock(&policy_rwlock);
sid, SECSID_NULL, GFP_KERNEL, 1);
}
-static int compute_sid_handle_invalid_context(
+static inline int compute_sid_handle_invalid_context(
struct context *scontext,
struct context *tcontext,
u16 tclass,
struct context *newcontext)
{
+#ifdef CONFIG_AUDIT
char *s = NULL, *t = NULL, *n = NULL;
u32 slen, tlen, nlen;
kfree(s);
kfree(t);
kfree(n);
+#endif
+
if (!selinux_enforcing)
return 0;
return -EACCES;
static inline int convert_context_handle_invalid_context(struct context *context)
{
+#ifdef CONFIG_AUDIT
char *s;
u32 len;
+#endif
if (selinux_enforcing)
return -EINVAL;
+#ifdef CONFIG_AUDIT
if (!context_struct_to_string(context, &s, &len)) {
printk(KERN_WARNING "SELinux: Context %s would be invalid if enforcing\n", s);
kfree(s);
}
+#endif
return 0;
}
struct type_datum *typdatum;
struct user_datum *usrdatum;
char *s;
- u32 len;
int rc = 0;
+#ifdef CONFIG_AUDIT
+ u32 len;
+#endif
if (key <= SECINITSID_NUM)
goto out;
out:
return rc;
bad:
+#ifdef CONFIG_AUDIT
/* Map old representation to string and save it. */
rc = context_struct_to_string(&oldc, &s, &len);
if (rc)
c->str);
rc = 0;
goto out;
+#else
+ return 0;
+#endif
}
static void security_load_policycaps(void)
struct context *context1;
struct context *context2;
struct context newcon;
+ int rc;
+#ifdef CONFIG_AUDIT
char *s;
u32 len;
- int rc;
+#endif
rc = 0;
if (!ss_initialized || !policydb.mls_enabled) {
if (!policydb_context_isvalid(&policydb, &newcon)) {
rc = convert_context_handle_invalid_context(&newcon);
if (rc) {
+#ifdef CONFIG_AUDIT
if (!context_struct_to_string(&newcon, &s, &len)) {
audit_log(current->audit_context,
GFP_ATOMIC, AUDIT_SELINUX_ERR,
"invalid_context=%s", s);
kfree(s);
}
+#endif
goto out_unlock;
}
}