From baafda9652f3f719dd89aaa8ade1ee25bf752d4b Mon Sep 17 00:00:00 2001
From: imoseyon <imoseyon@gmail.com>
Date: Fri, 16 Jan 2015 21:37:47 -0800
Subject: selinux: add force_audit sysfs node to enable logging of dontaudit

* for kernel selinux debugging
* to enable:
* echo Y > /sys/module/selinux/parameters/force_audit

Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
---
 security/selinux/avc.c         | 4 ++++
 security/selinux/include/avc.h | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 54b87f26c..572eb5e8d 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -29,6 +29,7 @@
 #include <linux/ip.h>
 #include <linux/audit.h>
 #include <linux/ipv6.h>
+#include <linux/moduleparam.h>
 #include <net/ipv6.h>
 #include "avc.h"
 #include "avc_ss.h"
@@ -44,6 +45,9 @@
 #define avc_cache_stats_incr(field)	do {} while (0)
 #endif
 
+bool force_audit = false;
+module_param(force_audit, bool, 0644);
+
 struct avc_entry {
 	u32			ssid;
 	u32			tsid;
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index af09f84e5..55d124495 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -59,6 +59,8 @@ struct selinux_audit_data {
 	int result;
 };
 
+extern bool force_audit;
+
 /*
  * AVC operations
  */
@@ -93,6 +95,7 @@ static inline u32 avc_audit_required(u32 requested,
 		 */
 		if (auditdeny && !(auditdeny & avd->auditdeny))
 			audited = 0;
+		if (force_audit) audited = 1;
 	} else if (result)
 		audited = denied = requested;
 	else
-- 
cgit v1.2.3