aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/audit.h
diff options
context:
space:
mode:
authorDustin Kirkland <dustin.kirkland@us.ibm.com>2005-11-03 10:41:46 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-03-20 14:08:53 -0500
commitb63862f46547487388e582e8ac9083830d34f058 (patch)
tree5aa0173c02535fdd9dfe302e9c8a8a225091ed56 /include/linux/audit.h
parentb0dd25a8263dde3c30b0d7d72a8bd92d7ba0e3f5 (diff)
[PATCH] Filter rule comparators
Currently, audit only supports the "=" and "!=" operators in the -F filter rules. This patch reworks the support for "=" and "!=", and adds support for ">", ">=", "<", and "<=". This turned out to be a pretty clean, and simply process. I ended up using the high order bits of the "field", as suggested by Steve and Amy. This allowed for no changes whatsoever to the netlink communications. See the documentation within the patch in the include/linux/audit.h area, where there is a table that explains the reasoning of the bitmask assignments clearly. The patch adds a new function, audit_comparator(left, op, right). This function will perform the specified comparison (op, which defaults to "==" for backward compatibility) between two values (left and right). If the negate bit is on, it will negate whatever that result was. This value is returned. Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'include/linux/audit.h')
-rw-r--r--include/linux/audit.h29
1 files changed, 28 insertions, 1 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index da3c01955f3d..2408cb77899c 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -98,6 +98,13 @@
98#define AUDIT_WORD(nr) ((__u32)((nr)/32)) 98#define AUDIT_WORD(nr) ((__u32)((nr)/32))
99#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32)) 99#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
100 100
101/* This bitmask is used to validate user input. It represents all bits that
102 * are currently used in an audit field constant understood by the kernel.
103 * If you are adding a new #define AUDIT_<whatever>, please ensure that
104 * AUDIT_UNUSED_BITS is updated if need be. */
105#define AUDIT_UNUSED_BITS 0x0FFFFC00
106
107
101/* Rule fields */ 108/* Rule fields */
102 /* These are useful when checking the 109 /* These are useful when checking the
103 * task structure at task creation time 110 * task structure at task creation time
@@ -128,8 +135,28 @@
128#define AUDIT_ARG2 (AUDIT_ARG0+2) 135#define AUDIT_ARG2 (AUDIT_ARG0+2)
129#define AUDIT_ARG3 (AUDIT_ARG0+3) 136#define AUDIT_ARG3 (AUDIT_ARG0+3)
130 137
131#define AUDIT_NEGATE 0x80000000 138#define AUDIT_NEGATE 0x80000000
132 139
140/* These are the supported operators.
141 * 4 2 1
142 * = > <
143 * -------
144 * 0 0 0 0 nonsense
145 * 0 0 1 1 <
146 * 0 1 0 2 >
147 * 0 1 1 3 !=
148 * 1 0 0 4 =
149 * 1 0 1 5 <=
150 * 1 1 0 6 >=
151 * 1 1 1 7 all operators
152 */
153#define AUDIT_LESS_THAN 0x10000000
154#define AUDIT_GREATER_THAN 0x20000000
155#define AUDIT_NOT_EQUAL 0x30000000
156#define AUDIT_EQUAL 0x40000000
157#define AUDIT_LESS_THAN_OR_EQUAL (AUDIT_LESS_THAN|AUDIT_EQUAL)
158#define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL)
159#define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL)
133 160
134/* Status symbols */ 161/* Status symbols */
135 /* Mask values */ 162 /* Mask values */