audit: comparison on interprocess fields

This allows audit to specify rules in which we compare two fields of a process. Such as is the running process uid != to the running process euid? Signed-off-by: Peter Moody <pmoody@google.com> Signed-off-by: Eric Paris <eparis@redhat.com>
author: Peter Moody <pmoody@google.com> 2012-01-04 15:24:31 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2012-01-17 16:17:03 -0500
commit: 10d68360871657204885371cdf2594412675d2f9 (patch)
tree: 85a4fa8d3b0dc0a7bc525475325f955f75d3881d /kernel
parent: 4a6633ed08af5ba67790b4d1adcdeb8ceb55677e (diff)
1 files changed, 39 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b8cee462b99..593237e3654 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -545,6 +545,45 @@ static int audit_field_compare(struct task_struct *tsk,
                return audit_compare_id(cred->fsgid,
                                        name, offsetof(struct audit_names, gid),
                                        f, ctx);
+        /* uid comparisons */
+        case AUDIT_COMPARE_UID_TO_AUID:
+                return audit_comparator(cred->uid, f->op, tsk->loginuid);
+        case AUDIT_COMPARE_UID_TO_EUID:
+                return audit_comparator(cred->uid, f->op, cred->euid);
+        case AUDIT_COMPARE_UID_TO_SUID:
+                return audit_comparator(cred->uid, f->op, cred->suid);
+        case AUDIT_COMPARE_UID_TO_FSUID:
+                return audit_comparator(cred->uid, f->op, cred->fsuid);
+        /* auid comparisons */
+        case AUDIT_COMPARE_AUID_TO_EUID:
+                return audit_comparator(tsk->loginuid, f->op, cred->euid);
+        case AUDIT_COMPARE_AUID_TO_SUID:
+                return audit_comparator(tsk->loginuid, f->op, cred->suid);
+        case AUDIT_COMPARE_AUID_TO_FSUID:
+                return audit_comparator(tsk->loginuid, f->op, cred->fsuid);
+        /* euid comparisons */
+        case AUDIT_COMPARE_EUID_TO_SUID:
+                return audit_comparator(cred->euid, f->op, cred->suid);
+        case AUDIT_COMPARE_EUID_TO_FSUID:
+                return audit_comparator(cred->euid, f->op, cred->fsuid);
+        /* suid comparisons */
+        case AUDIT_COMPARE_SUID_TO_FSUID:
+                return audit_comparator(cred->suid, f->op, cred->fsuid);
+        /* gid comparisons */
+        case AUDIT_COMPARE_GID_TO_EGID:
+                return audit_comparator(cred->gid, f->op, cred->egid);
+        case AUDIT_COMPARE_GID_TO_SGID:
+                return audit_comparator(cred->gid, f->op, cred->sgid);
+        case AUDIT_COMPARE_GID_TO_FSGID:
+                return audit_comparator(cred->gid, f->op, cred->fsgid);
+        /* egid comparisons */
+        case AUDIT_COMPARE_EGID_TO_SGID:
+                return audit_comparator(cred->egid, f->op, cred->sgid);
+        case AUDIT_COMPARE_EGID_TO_FSGID:
+                return audit_comparator(cred->egid, f->op, cred->fsgid);
+        /* sgid comparison */
+        case AUDIT_COMPARE_SGID_TO_FSGID:
+                return audit_comparator(cred->sgid, f->op, cred->fsgid);
        default:
                WARN(1, "Missing AUDIT_COMPARE define.  Report as a bug\n");
                return 0;
author	Peter Moody <pmoody@google.com>	2012-01-04 15:24:31 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2012-01-17 16:17:03 -0500
commit	10d68360871657204885371cdf2594412675d2f9 (patch)
tree	85a4fa8d3b0dc0a7bc525475325f955f75d3881d /kernel
parent	4a6633ed08af5ba67790b4d1adcdeb8ceb55677e (diff)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b8cee462b99..593237e3654 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -545,6 +545,45 @@ static int audit_field_compare(struct task_struct *tsk,
545	return audit_compare_id(cred->fsgid,	545	return audit_compare_id(cred->fsgid,
546	name, offsetof(struct audit_names, gid),	546	name, offsetof(struct audit_names, gid),
547	f, ctx);	547	f, ctx);
		548	/* uid comparisons */
		549	case AUDIT_COMPARE_UID_TO_AUID:
		550	return audit_comparator(cred->uid, f->op, tsk->loginuid);
		551	case AUDIT_COMPARE_UID_TO_EUID:
		552	return audit_comparator(cred->uid, f->op, cred->euid);
		553	case AUDIT_COMPARE_UID_TO_SUID:
		554	return audit_comparator(cred->uid, f->op, cred->suid);
		555	case AUDIT_COMPARE_UID_TO_FSUID:
		556	return audit_comparator(cred->uid, f->op, cred->fsuid);
		557	/* auid comparisons */
		558	case AUDIT_COMPARE_AUID_TO_EUID:
		559	return audit_comparator(tsk->loginuid, f->op, cred->euid);
		560	case AUDIT_COMPARE_AUID_TO_SUID:
		561	return audit_comparator(tsk->loginuid, f->op, cred->suid);
		562	case AUDIT_COMPARE_AUID_TO_FSUID:
		563	return audit_comparator(tsk->loginuid, f->op, cred->fsuid);
		564	/* euid comparisons */
		565	case AUDIT_COMPARE_EUID_TO_SUID:
		566	return audit_comparator(cred->euid, f->op, cred->suid);
		567	case AUDIT_COMPARE_EUID_TO_FSUID:
		568	return audit_comparator(cred->euid, f->op, cred->fsuid);
		569	/* suid comparisons */
		570	case AUDIT_COMPARE_SUID_TO_FSUID:
		571	return audit_comparator(cred->suid, f->op, cred->fsuid);
		572	/* gid comparisons */
		573	case AUDIT_COMPARE_GID_TO_EGID:
		574	return audit_comparator(cred->gid, f->op, cred->egid);
		575	case AUDIT_COMPARE_GID_TO_SGID:
		576	return audit_comparator(cred->gid, f->op, cred->sgid);
		577	case AUDIT_COMPARE_GID_TO_FSGID:
		578	return audit_comparator(cred->gid, f->op, cred->fsgid);
		579	/* egid comparisons */
		580	case AUDIT_COMPARE_EGID_TO_SGID:
		581	return audit_comparator(cred->egid, f->op, cred->sgid);
		582	case AUDIT_COMPARE_EGID_TO_FSGID:
		583	return audit_comparator(cred->egid, f->op, cred->fsgid);
		584	/* sgid comparison */
		585	case AUDIT_COMPARE_SGID_TO_FSGID:
		586	return audit_comparator(cred->sgid, f->op, cred->fsgid);
548	default:	587	default:
549	WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");	588	WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");
550	return 0;	589	return 0;