[PATCH] fix se_sen audit filter
authorDarrel Goeddel <dgoeddel@trustedcs.com>
Wed, 24 May 2006 14:38:25 +0000 (09:38 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Tue, 20 Jun 2006 09:25:26 +0000 (05:25 -0400)
Fix a broken comparison that causes the process clearance to be checked for
both se_clr and se_sen audit filters.

Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
security/selinux/ss/services.c

index c284dbb8b8c02fbba51aa562d5e4fd4551e641f3..e9548bc049e1d9020161b92fb362743ee7261957 100644 (file)
@@ -1980,7 +1980,7 @@ int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
                break;
        case AUDIT_SE_SEN:
        case AUDIT_SE_CLR:
-               level = (op == AUDIT_SE_SEN ?
+               level = (field == AUDIT_SE_SEN ?
                         &ctxt->range.level[0] : &ctxt->range.level[1]);
                switch (op) {
                case AUDIT_EQUAL: