Description of problem: In /security/selinux/hooks.c whenever there is a SELINUX_ERR event, invalid_context is logged as untrusted_string. In security/selinux/ss/services.c in the function security_sid_mls_copy() it is logged as a normal string. Version-Release number of selected component (if applicable): 4.3
Closing this BZ as we are now tracking this upstream: * https://github.com/linux-audit/audit-kernel/issues/57