audit: allow audit matching on inode gid

Much like the ability to filter audit on the uid of an inode collected, we should be able to filter on the gid of the inode. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2012-01-03 14:23:07 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2012-01-17 16:16:59 -0500
commit: 54d3218b31aee5bc9c859ae60fbde933d922448b (patch)
tree: ebc383920713c283133d885191d0c19cb049afd2 /kernel/auditsc.c
parent: efaffd6e4417860c67576ac760dd6e8bbd15f006 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 5cf3ecc01517..87b375fb12ff 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -598,6 +598,18 @@ static int audit_filter_rules(struct task_struct *tsk,
                                }
                        }
                        break;
+                case AUDIT_OBJ_GID:
+                        if (name) {
+                                result = audit_comparator(name->gid, f->op, f->val);
+                        } else if (ctx) {
+                                list_for_each_entry(n, &ctx->names_list, list) {
+                                        if (audit_comparator(n->gid, f->op, f->val)) {
+                                                ++result;
+                                                break;
+                                        }
+                                }
+                        }
+                        break;
                case AUDIT_WATCH:
                        if (name)
                                result = audit_watch_compare(rule->watch, name->ino, name->dev);
author	Eric Paris <eparis@redhat.com>	2012-01-03 14:23:07 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2012-01-17 16:16:59 -0500
commit	54d3218b31aee5bc9c859ae60fbde933d922448b (patch)
tree	ebc383920713c283133d885191d0c19cb049afd2 /kernel/auditsc.c
parent	efaffd6e4417860c67576ac760dd6e8bbd15f006 (diff)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 5cf3ecc01517..87b375fb12ff 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -598,6 +598,18 @@ static int audit_filter_rules(struct task_struct *tsk,
598	}	598	}
599	}	599	}
600	break;	600	break;
		601	case AUDIT_OBJ_GID:
		602	if (name) {
		603	result = audit_comparator(name->gid, f->op, f->val);
		604	} else if (ctx) {
		605	list_for_each_entry(n, &ctx->names_list, list) {
		606	if (audit_comparator(n->gid, f->op, f->val)) {
		607	++result;
		608	break;
		609	}
		610	}
		611	}
		612	break;
601	case AUDIT_WATCH:	613	case AUDIT_WATCH:
602	if (name)	614	if (name)
603	result = audit_watch_compare(rule->watch, name->ino, name->dev);	615	result = audit_watch_compare(rule->watch, name->ino, name->dev);