From 8ba8e0fbe6321961f6ba04e2fd7215b37d935c83 Mon Sep 17 00:00:00 2001
From: Darrel Goeddel <dgoeddel@trustedcs.com>
Date: Wed, 24 May 2006 09:38:25 -0500
Subject: [PATCH] fix se_sen audit filter

Fix a broken comparison that causes the process clearance to be checked for
both se_clr and se_sen audit filters.

Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/selinux/ss/services.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index c284dbb8b8c0..e9548bc049e1 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1980,7 +1980,7 @@ int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
 		break;
 	case AUDIT_SE_SEN:
 	case AUDIT_SE_CLR:
-		level = (op == AUDIT_SE_SEN ?
+		level = (field == AUDIT_SE_SEN ?
 		         &ctxt->range.level[0] : &ctxt->range.level[1]);
 		switch (op) {
 		case AUDIT_EQUAL:
-- 
cgit v1.2.3