Log under the SELinux debug configuration when a caller to the LSM hook
inode_init_security_anon does not pass a anonymous inode class name.
The class name allows policy writers to transition the anonymous inode
into a private type via a name based type transition.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
security/selinux/hooks.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b8a8a4f0f2ad..f6ffab9958b6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2918,6 +2918,17 @@ static int selinux_inode_init_security_anon(struct inode *inode,
if (unlikely(!selinux_initialized()))
return 0;
+#ifdef CONFIG_SECURITY_SELINUX_DEBUG
+ /*
+ * Allow policy writers to transition the anonymous inode into
+ * a private type via a name based type transition.
+ */
+ if (!name) {
+ pr_debug("SELinux: no class given for anonymous inode\n");
+ dump_stack();
+ }
+#endif
+
isec = selinux_inode(inode);
/*
--
2.40.1
