audit: comparison on interprocess fields

This allows audit to specify rules in which we compare two fields of a process. Such as is the running process uid != to the running process euid? Signed-off-by: Peter Moody <pmoody@google.com> Signed-off-by: Eric Paris <eparis@redhat.com>
author: Peter Moody <pmoody@google.com> 2012-01-04 15:24:31 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2012-01-17 16:17:03 -0500
commit: 10d68360871657204885371cdf2594412675d2f9 (patch)
tree: 85a4fa8d3b0dc0a7bc525475325f955f75d3881d /include
parent: 4a6633ed08af5ba67790b4d1adcdeb8ceb55677e (diff)
1 files changed, 23 insertions, 1 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 67113cb4bc15..9ff7a2c48b50 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -193,7 +193,29 @@
 #define AUDIT_COMPARE_FSUID_TO_OBJ_UID  8
 #define AUDIT_COMPARE_FSGID_TO_OBJ_GID  9
-#define AUDIT_MAX_FIELD_COMPARE         AUDIT_COMPARE_FSGID_TO_OBJ_GID
+#define AUDIT_COMPARE_UID_TO_AUID       10
+#define AUDIT_COMPARE_UID_TO_EUID       11
+#define AUDIT_COMPARE_UID_TO_FSUID      12
+#define AUDIT_COMPARE_UID_TO_SUID       13
+#define AUDIT_COMPARE_AUID_TO_FSUID     14
+#define AUDIT_COMPARE_AUID_TO_SUID      15
+#define AUDIT_COMPARE_AUID_TO_EUID      16
+#define AUDIT_COMPARE_EUID_TO_SUID      17
+#define AUDIT_COMPARE_EUID_TO_FSUID     18
+#define AUDIT_COMPARE_SUID_TO_FSUID     19
+#define AUDIT_COMPARE_GID_TO_EGID       20
+#define AUDIT_COMPARE_GID_TO_FSGID      21
+#define AUDIT_COMPARE_GID_TO_SGID       22
+#define AUDIT_COMPARE_EGID_TO_FSGID     23
+#define AUDIT_COMPARE_EGID_TO_SGID      24
+#define AUDIT_COMPARE_SGID_TO_FSGID     25
+#define AUDIT_MAX_FIELD_COMPARE         AUDIT_COMPARE_SGID_TO_FSGID
 /* Rule fields */
                                /* These are useful when checking the
author	Peter Moody <pmoody@google.com>	2012-01-04 15:24:31 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2012-01-17 16:17:03 -0500
commit	10d68360871657204885371cdf2594412675d2f9 (patch)
tree	85a4fa8d3b0dc0a7bc525475325f955f75d3881d /include
parent	4a6633ed08af5ba67790b4d1adcdeb8ceb55677e (diff)

diff --git a/include/linux/audit.h b/include/linux/audit.h index 67113cb4bc15..9ff7a2c48b50 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -193,7 +193,29 @@
193	#define AUDIT_COMPARE_FSUID_TO_OBJ_UID 8	193	#define AUDIT_COMPARE_FSUID_TO_OBJ_UID 8
194	#define AUDIT_COMPARE_FSGID_TO_OBJ_GID 9	194	#define AUDIT_COMPARE_FSGID_TO_OBJ_GID 9
195		195
196	#define AUDIT_MAX_FIELD_COMPARE AUDIT_COMPARE_FSGID_TO_OBJ_GID	196	#define AUDIT_COMPARE_UID_TO_AUID 10
		197	#define AUDIT_COMPARE_UID_TO_EUID 11
		198	#define AUDIT_COMPARE_UID_TO_FSUID 12
		199	#define AUDIT_COMPARE_UID_TO_SUID 13
		200
		201	#define AUDIT_COMPARE_AUID_TO_FSUID 14
		202	#define AUDIT_COMPARE_AUID_TO_SUID 15
		203	#define AUDIT_COMPARE_AUID_TO_EUID 16
		204
		205	#define AUDIT_COMPARE_EUID_TO_SUID 17
		206	#define AUDIT_COMPARE_EUID_TO_FSUID 18
		207
		208	#define AUDIT_COMPARE_SUID_TO_FSUID 19
		209
		210	#define AUDIT_COMPARE_GID_TO_EGID 20
		211	#define AUDIT_COMPARE_GID_TO_FSGID 21
		212	#define AUDIT_COMPARE_GID_TO_SGID 22
		213
		214	#define AUDIT_COMPARE_EGID_TO_FSGID 23
		215	#define AUDIT_COMPARE_EGID_TO_SGID 24
		216	#define AUDIT_COMPARE_SGID_TO_FSGID 25
		217
		218	#define AUDIT_MAX_FIELD_COMPARE AUDIT_COMPARE_SGID_TO_FSGID
197		219
198	/* Rule fields */	220	/* Rule fields */
199	/* These are useful when checking the	221	/* These are useful when checking the