diff options
| author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-11 14:43:17 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-11 14:43:17 -0400 |
| commit | 05ff0e291af086f4325bac76abad250690bbbd63 (patch) | |
| tree | 3ea47e8ef5bebc1261302e3d0775414fb78037c4 /kernel/auditsc.c | |
| parent | 5eea7ee2075b245d505285bb422e2fa8d686e5c8 (diff) | |
| parent | 55669bfa141b488be865341ed12e188967d11308 (diff) | |
Merge branch 'audit.b28' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b28' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[PATCH] audit: AUDIT_PERM support
[PATCH] audit: more syscall classes added
[PATCH] syscall classes hookup for ppc and s390
[PATCH] update audit rule change messages
[PATCH] sanity check audit_buffer
[PATCH] fix ppid bug in 2.6.18 kernel
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index efc1b74bebf3..1bd8827a0102 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -209,6 +209,54 @@ struct audit_context { | |||
| 209 | #endif | 209 | #endif |
| 210 | }; | 210 | }; |
| 211 | 211 | ||
| 212 | #define ACC_MODE(x) ("\004\002\006\006"[(x)&O_ACCMODE]) | ||
| 213 | static inline int open_arg(int flags, int mask) | ||
| 214 | { | ||
| 215 | int n = ACC_MODE(flags); | ||
| 216 | if (flags & (O_TRUNC | O_CREAT)) | ||
| 217 | n |= AUDIT_PERM_WRITE; | ||
| 218 | return n & mask; | ||
| 219 | } | ||
| 220 | |||
| 221 | static int audit_match_perm(struct audit_context *ctx, int mask) | ||
| 222 | { | ||
| 223 | unsigned n = ctx->major; | ||
| 224 | switch (audit_classify_syscall(ctx->arch, n)) { | ||
| 225 | case 0: /* native */ | ||
| 226 | if ((mask & AUDIT_PERM_WRITE) && | ||
| 227 | audit_match_class(AUDIT_CLASS_WRITE, n)) | ||
| 228 | return 1; | ||
| 229 | if ((mask & AUDIT_PERM_READ) && | ||
| 230 | audit_match_class(AUDIT_CLASS_READ, n)) | ||
| 231 | return 1; | ||
| 232 | if ((mask & AUDIT_PERM_ATTR) && | ||
| 233 | audit_match_class(AUDIT_CLASS_CHATTR, n)) | ||
| 234 | return 1; | ||
| 235 | return 0; | ||
| 236 | case 1: /* 32bit on biarch */ | ||
| 237 | if ((mask & AUDIT_PERM_WRITE) && | ||
| 238 | audit_match_class(AUDIT_CLASS_WRITE_32, n)) | ||
| 239 | return 1; | ||
| 240 | if ((mask & AUDIT_PERM_READ) && | ||
| 241 | audit_match_class(AUDIT_CLASS_READ_32, n)) | ||
| 242 | return 1; | ||
| 243 | if ((mask & AUDIT_PERM_ATTR) && | ||
| 244 | audit_match_class(AUDIT_CLASS_CHATTR_32, n)) | ||
| 245 | return 1; | ||
| 246 | return 0; | ||
| 247 | case 2: /* open */ | ||
| 248 | return mask & ACC_MODE(ctx->argv[1]); | ||
| 249 | case 3: /* openat */ | ||
| 250 | return mask & ACC_MODE(ctx->argv[2]); | ||
| 251 | case 4: /* socketcall */ | ||
| 252 | return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND); | ||
| 253 | case 5: /* execve */ | ||
| 254 | return mask & AUDIT_PERM_EXEC; | ||
| 255 | default: | ||
| 256 | return 0; | ||
| 257 | } | ||
| 258 | } | ||
| 259 | |||
| 212 | /* Determine if any context name data matches a rule's watch data */ | 260 | /* Determine if any context name data matches a rule's watch data */ |
| 213 | /* Compare a task_struct with an audit_rule. Return 1 on match, 0 | 261 | /* Compare a task_struct with an audit_rule. Return 1 on match, 0 |
| 214 | * otherwise. */ | 262 | * otherwise. */ |
| @@ -397,6 +445,9 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 397 | /* ignore this field for filtering */ | 445 | /* ignore this field for filtering */ |
| 398 | result = 1; | 446 | result = 1; |
| 399 | break; | 447 | break; |
| 448 | case AUDIT_PERM: | ||
| 449 | result = audit_match_perm(ctx, f->val); | ||
| 450 | break; | ||
| 400 | } | 451 | } |
| 401 | 452 | ||
| 402 | if (!result) | 453 | if (!result) |