selinux: log raw contexts as untrusted strings

These strings may come from untrusted sources (e.g. file xattrs) so they
need to be properly escaped.

    # setenforce 0
    # touch /tmp/test
    # setfattr -n security.selinux -v 'kuřecí řízek' /tmp/test
    # runcon system_u:system_r:sshd_t:s0 cat /tmp/test
    (look at the generated AVCs)

Actual result:
    type=AVC [...] trawcon=kuřecí řízek

Expected result:
    type=AVC [...] trawcon=6B75C5996563C3AD20C599C3AD7A656B

Fixes: fede148324c3 ("selinux: log invalid contexts in AVCs")
Cc: # v5.1+
Signed-off-by: Ondrej Mosnacek <>
Acked-by: Richard Guy Briggs <>
Signed-off-by: Paul Moore <>
1 file changed