diff options
| author | Amy Griffis <amy.griffis@hp.com> | 2006-02-07 12:05:27 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-03-20 14:08:54 -0500 |
| commit | 93315ed6dd12dacfc941f9eb8ca0293aadf99793 (patch) | |
| tree | 4fc070c92a1de21d3befe4ce48c733c65d044bb3 /kernel/auditsc.c | |
| parent | af601e4623d0303bfafa54ec728b7ae8493a8e1b (diff) | |
[PATCH] audit string fields interface + consumer
Updated patch to dynamically allocate audit rule fields in kernel's
internal representation. Added unlikely() calls for testing memory
allocation result.
Amy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST]
> Modify audit's kernel-userspace interface to allow the specification
> of string fields in audit rules.
>
> Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 50 |
1 files changed, 24 insertions, 26 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 17719b303638..ba0878854777 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -162,70 +162,68 @@ struct audit_context { | |||
| 162 | /* Compare a task_struct with an audit_rule. Return 1 on match, 0 | 162 | /* Compare a task_struct with an audit_rule. Return 1 on match, 0 |
| 163 | * otherwise. */ | 163 | * otherwise. */ |
| 164 | static int audit_filter_rules(struct task_struct *tsk, | 164 | static int audit_filter_rules(struct task_struct *tsk, |
| 165 | struct audit_rule *rule, | 165 | struct audit_krule *rule, |
| 166 | struct audit_context *ctx, | 166 | struct audit_context *ctx, |
| 167 | enum audit_state *state) | 167 | enum audit_state *state) |
| 168 | { | 168 | { |
| 169 | int i, j; | 169 | int i, j; |
| 170 | 170 | ||
| 171 | for (i = 0; i < rule->field_count; i++) { | 171 | for (i = 0; i < rule->field_count; i++) { |
| 172 | u32 field = rule->fields[i] & ~AUDIT_OPERATORS; | 172 | struct audit_field *f = &rule->fields[i]; |
| 173 | u32 op = rule->fields[i] & AUDIT_OPERATORS; | ||
| 174 | u32 value = rule->values[i]; | ||
| 175 | int result = 0; | 173 | int result = 0; |
| 176 | 174 | ||
| 177 | switch (field) { | 175 | switch (f->type) { |
| 178 | case AUDIT_PID: | 176 | case AUDIT_PID: |
| 179 | result = audit_comparator(tsk->pid, op, value); | 177 | result = audit_comparator(tsk->pid, f->op, f->val); |
| 180 | break; | 178 | break; |
| 181 | case AUDIT_UID: | 179 | case AUDIT_UID: |
| 182 | result = audit_comparator(tsk->uid, op, value); | 180 | result = audit_comparator(tsk->uid, f->op, f->val); |
| 183 | break; | 181 | break; |
| 184 | case AUDIT_EUID: | 182 | case AUDIT_EUID: |
| 185 | result = audit_comparator(tsk->euid, op, value); | 183 | result = audit_comparator(tsk->euid, f->op, f->val); |
| 186 | break; | 184 | break; |
| 187 | case AUDIT_SUID: | 185 | case AUDIT_SUID: |
| 188 | result = audit_comparator(tsk->suid, op, value); | 186 | result = audit_comparator(tsk->suid, f->op, f->val); |
| 189 | break; | 187 | break; |
| 190 | case AUDIT_FSUID: | 188 | case AUDIT_FSUID: |
| 191 | result = audit_comparator(tsk->fsuid, op, value); | 189 | result = audit_comparator(tsk->fsuid, f->op, f->val); |
| 192 | break; | 190 | break; |
| 193 | case AUDIT_GID: | 191 | case AUDIT_GID: |
| 194 | result = audit_comparator(tsk->gid, op, value); | 192 | result = audit_comparator(tsk->gid, f->op, f->val); |
| 195 | break; | 193 | break; |
| 196 | case AUDIT_EGID: | 194 | case AUDIT_EGID: |
| 197 | result = audit_comparator(tsk->egid, op, value); | 195 | result = audit_comparator(tsk->egid, f->op, f->val); |
| 198 | break; | 196 | break; |
| 199 | case AUDIT_SGID: | 197 | case AUDIT_SGID: |
| 200 | result = audit_comparator(tsk->sgid, op, value); | 198 | result = audit_comparator(tsk->sgid, f->op, f->val); |
| 201 | break; | 199 | break; |
| 202 | case AUDIT_FSGID: | 200 | case AUDIT_FSGID: |
| 203 | result = audit_comparator(tsk->fsgid, op, value); | 201 | result = audit_comparator(tsk->fsgid, f->op, f->val); |
| 204 | break; | 202 | break; |
| 205 | case AUDIT_PERS: | 203 | case AUDIT_PERS: |
| 206 | result = audit_comparator(tsk->personality, op, value); | 204 | result = audit_comparator(tsk->personality, f->op, f->val); |
| 207 | break; | 205 | break; |
| 208 | case AUDIT_ARCH: | 206 | case AUDIT_ARCH: |
| 209 | if (ctx) | 207 | if (ctx) |
| 210 | result = audit_comparator(ctx->arch, op, value); | 208 | result = audit_comparator(ctx->arch, f->op, f->val); |
| 211 | break; | 209 | break; |
| 212 | 210 | ||
| 213 | case AUDIT_EXIT: | 211 | case AUDIT_EXIT: |
| 214 | if (ctx && ctx->return_valid) | 212 | if (ctx && ctx->return_valid) |
| 215 | result = audit_comparator(ctx->return_code, op, value); | 213 | result = audit_comparator(ctx->return_code, f->op, f->val); |
| 216 | break; | 214 | break; |
| 217 | case AUDIT_SUCCESS: | 215 | case AUDIT_SUCCESS: |
| 218 | if (ctx && ctx->return_valid) { | 216 | if (ctx && ctx->return_valid) { |
| 219 | if (value) | 217 | if (f->val) |
| 220 | result = audit_comparator(ctx->return_valid, op, AUDITSC_SUCCESS); | 218 | result = audit_comparator(ctx->return_valid, f->op, AUDITSC_SUCCESS); |
| 221 | else | 219 | else |
| 222 | result = audit_comparator(ctx->return_valid, op, AUDITSC_FAILURE); | 220 | result = audit_comparator(ctx->return_valid, f->op, AUDITSC_FAILURE); |
| 223 | } | 221 | } |
| 224 | break; | 222 | break; |
| 225 | case AUDIT_DEVMAJOR: | 223 | case AUDIT_DEVMAJOR: |
| 226 | if (ctx) { | 224 | if (ctx) { |
| 227 | for (j = 0; j < ctx->name_count; j++) { | 225 | for (j = 0; j < ctx->name_count; j++) { |
| 228 | if (audit_comparator(MAJOR(ctx->names[j].dev), op, value)) { | 226 | if (audit_comparator(MAJOR(ctx->names[j].dev), f->op, f->val)) { |
| 229 | ++result; | 227 | ++result; |
| 230 | break; | 228 | break; |
| 231 | } | 229 | } |
| @@ -235,7 +233,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 235 | case AUDIT_DEVMINOR: | 233 | case AUDIT_DEVMINOR: |
| 236 | if (ctx) { | 234 | if (ctx) { |
| 237 | for (j = 0; j < ctx->name_count; j++) { | 235 | for (j = 0; j < ctx->name_count; j++) { |
| 238 | if (audit_comparator(MINOR(ctx->names[j].dev), op, value)) { | 236 | if (audit_comparator(MINOR(ctx->names[j].dev), f->op, f->val)) { |
| 239 | ++result; | 237 | ++result; |
| 240 | break; | 238 | break; |
| 241 | } | 239 | } |
| @@ -245,8 +243,8 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 245 | case AUDIT_INODE: | 243 | case AUDIT_INODE: |
| 246 | if (ctx) { | 244 | if (ctx) { |
| 247 | for (j = 0; j < ctx->name_count; j++) { | 245 | for (j = 0; j < ctx->name_count; j++) { |
| 248 | if (audit_comparator(ctx->names[j].ino, op, value) || | 246 | if (audit_comparator(ctx->names[j].ino, f->op, f->val) || |
| 249 | audit_comparator(ctx->names[j].pino, op, value)) { | 247 | audit_comparator(ctx->names[j].pino, f->op, f->val)) { |
| 250 | ++result; | 248 | ++result; |
| 251 | break; | 249 | break; |
| 252 | } | 250 | } |
| @@ -256,14 +254,14 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 256 | case AUDIT_LOGINUID: | 254 | case AUDIT_LOGINUID: |
| 257 | result = 0; | 255 | result = 0; |
| 258 | if (ctx) | 256 | if (ctx) |
| 259 | result = audit_comparator(ctx->loginuid, op, value); | 257 | result = audit_comparator(ctx->loginuid, f->op, f->val); |
| 260 | break; | 258 | break; |
| 261 | case AUDIT_ARG0: | 259 | case AUDIT_ARG0: |
| 262 | case AUDIT_ARG1: | 260 | case AUDIT_ARG1: |
| 263 | case AUDIT_ARG2: | 261 | case AUDIT_ARG2: |
| 264 | case AUDIT_ARG3: | 262 | case AUDIT_ARG3: |
| 265 | if (ctx) | 263 | if (ctx) |
| 266 | result = audit_comparator(ctx->argv[field-AUDIT_ARG0], op, value); | 264 | result = audit_comparator(ctx->argv[f->type-AUDIT_ARG0], f->op, f->val); |
| 267 | break; | 265 | break; |
| 268 | } | 266 | } |
| 269 | 267 | ||