selinux: add force_audit sysfs node to enable logging of dontaudit

* for kernel selinux debugging * to enable: * echo Y > /sys/module/selinux/parameters/force_audit Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
author: imoseyon <imoseyon@gmail.com> 2015-01-16 21:37:47 -0800
committer: Mister Oyster <oysterized@gmail.com> 2017-05-24 02:49:28 +0200
commit: baafda9652f3f719dd89aaa8ade1ee25bf752d4b (patch)
tree: 2bff3de64f6d9e5ca35baf4b721148b7ae173581 /security/selinux/include/avc.h
parent: 048f92f42d042161896d3f0e3eb785050bec117e (diff)
download: android_kernel_m2note-baafda9652f3f719dd89aaa8ade1ee25bf752d4b.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index af09f84e5..55d124495 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -59,6 +59,8 @@ struct selinux_audit_data {
 	int result;
 };
 
+extern bool force_audit;
+
 /*
  * AVC operations
  */
@@ -93,6 +95,7 @@ static inline u32 avc_audit_required(u32 requested,
 		 */
 		if (auditdeny && !(auditdeny & avd->auditdeny))
 			audited = 0;
+		if (force_audit) audited = 1;
 	} else if (result)
 		audited = denied = requested;
 	else
author	imoseyon <imoseyon@gmail.com>	2015-01-16 21:37:47 -0800
committer	Mister Oyster <oysterized@gmail.com>	2017-05-24 02:49:28 +0200
commit	baafda9652f3f719dd89aaa8ade1ee25bf752d4b (patch)
tree	2bff3de64f6d9e5ca35baf4b721148b7ae173581 /security/selinux/include/avc.h
parent	048f92f42d042161896d3f0e3eb785050bec117e (diff)
download	android_kernel_m2note-baafda9652f3f719dd89aaa8ade1ee25bf752d4b.tar.gz