selinux: fix avc audit messages

stephensmalley · pcmoore · commit 45189a1998e0 · 2019-02-05T12:34:33.000-05:00
commit a2c5138 ("selinux: inline some AVC functions used only once") introduced usage of audit_log_string() in place of audit_log_format() for fixed strings. However, audit_log_string() quotes the string. This breaks the avc audit message format and userspace audit parsers. Switch back to using audit_log_format(). Fixes: a2c5138 ("selinux: inline some AVC functions used only once") Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
@@ -674,13 +674,13 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
 	audit_log_format(ab, "avc:  %s ", sad->denied ? "denied" : "granted");
 
 	if (av == 0) {
-		audit_log_string(ab, " null");
+		audit_log_format(ab, " null");
 		return;
 	}
 
 	perms = secclass_map[sad->tclass-1].perms;
 
-	audit_log_string(ab, " {");
+	audit_log_format(ab, " {");
 	i = 0;
 	perm = 1;
 	while (i < (sizeof(av) * 8)) {
@@ -695,7 +695,7 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
 	if (av)
 		audit_log_format(ab, " 0x%x", av);
 
-	audit_log_string(ab, " } for ");
+	audit_log_format(ab, " } for ");
 }
 
 /**
