[PATCH] audit: AUDIT_PERM support

add support for AUDIT_PERM predicate Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2006-08-31 19:26:40 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2006-09-11 13:32:30 -0400
commit: 55669bfa141b488be865341ed12e188967d11308 (patch)
tree: efeec37a93f46c48937eb849c083da9a42ed3709 /kernel/auditsc.c
parent: dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8 (diff)
1 files changed, 51 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index efc1b74bebf3..1bd8827a0102 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -209,6 +209,54 @@ struct audit_context {
 #endif
 };
+#define ACC_MODE(x) ("\004\002\006\006"[(x)&O_ACCMODE])
+static inline int open_arg(int flags, int mask)
+{
+        int n = ACC_MODE(flags);
+        if (flags & (O_TRUNC | O_CREAT))
+                n |= AUDIT_PERM_WRITE;
+        return n & mask;
+}
+static int audit_match_perm(struct audit_context *ctx, int mask)
+{
+        unsigned n = ctx->major;
+        switch (audit_classify_syscall(ctx->arch, n)) {
+        case 0: /* native */
+                if ((mask & AUDIT_PERM_WRITE) &&
+                     audit_match_class(AUDIT_CLASS_WRITE, n))
+                        return 1;
+                if ((mask & AUDIT_PERM_READ) &&
+                     audit_match_class(AUDIT_CLASS_READ, n))
+                        return 1;
+                if ((mask & AUDIT_PERM_ATTR) &&
+                     audit_match_class(AUDIT_CLASS_CHATTR, n))
+                        return 1;
+                return 0;
+        case 1: /* 32bit on biarch */
+                if ((mask & AUDIT_PERM_WRITE) &&
+                     audit_match_class(AUDIT_CLASS_WRITE_32, n))
+                        return 1;
+                if ((mask & AUDIT_PERM_READ) &&
+                     audit_match_class(AUDIT_CLASS_READ_32, n))
+                        return 1;
+                if ((mask & AUDIT_PERM_ATTR) &&
+                     audit_match_class(AUDIT_CLASS_CHATTR_32, n))
+                        return 1;
+                return 0;
+        case 2: /* open */
+                return mask & ACC_MODE(ctx->argv[1]);
+        case 3: /* openat */
+                return mask & ACC_MODE(ctx->argv[2]);
+        case 4: /* socketcall */
+                return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND);
+        case 5: /* execve */
+                return mask & AUDIT_PERM_EXEC;
+        default:
+                return 0;
+        }
+}
 /* Determine if any context name data matches a rule's watch data */
 /* Compare a task_struct with an audit_rule.  Return 1 on match, 0
 * otherwise. */
@@ -397,6 +445,9 @@ static int audit_filter_rules(struct task_struct *tsk,
                        /* ignore this field for filtering */
                        result = 1;
                        break;
+                case AUDIT_PERM:
+                        result = audit_match_perm(ctx, f->val);
+                        break;
                }
                if (!result)
author	Al Viro <viro@zeniv.linux.org.uk>	2006-08-31 19:26:40 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2006-09-11 13:32:30 -0400
commit	55669bfa141b488be865341ed12e188967d11308 (patch)
tree	efeec37a93f46c48937eb849c083da9a42ed3709 /kernel/auditsc.c
parent	dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8 (diff)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c index efc1b74bebf3..1bd8827a0102 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -209,6 +209,54 @@ struct audit_context {
209	#endif	209	#endif
210	};	210	};
211		211
		212	#define ACC_MODE(x) ("\004\002\006\006"[(x)&O_ACCMODE])
		213	static inline int open_arg(int flags, int mask)
		214	{
		215	int n = ACC_MODE(flags);
		216	if (flags & (O_TRUNC \| O_CREAT))
		217	n \|= AUDIT_PERM_WRITE;
		218	return n & mask;
		219	}
		220
		221	static int audit_match_perm(struct audit_context *ctx, int mask)
		222	{
		223	unsigned n = ctx->major;
		224	switch (audit_classify_syscall(ctx->arch, n)) {
		225	case 0: /* native */
		226	if ((mask & AUDIT_PERM_WRITE) &&
		227	audit_match_class(AUDIT_CLASS_WRITE, n))
		228	return 1;
		229	if ((mask & AUDIT_PERM_READ) &&
		230	audit_match_class(AUDIT_CLASS_READ, n))
		231	return 1;
		232	if ((mask & AUDIT_PERM_ATTR) &&
		233	audit_match_class(AUDIT_CLASS_CHATTR, n))
		234	return 1;
		235	return 0;
		236	case 1: /* 32bit on biarch */
		237	if ((mask & AUDIT_PERM_WRITE) &&
		238	audit_match_class(AUDIT_CLASS_WRITE_32, n))
		239	return 1;
		240	if ((mask & AUDIT_PERM_READ) &&
		241	audit_match_class(AUDIT_CLASS_READ_32, n))
		242	return 1;
		243	if ((mask & AUDIT_PERM_ATTR) &&
		244	audit_match_class(AUDIT_CLASS_CHATTR_32, n))
		245	return 1;
		246	return 0;
		247	case 2: /* open */
		248	return mask & ACC_MODE(ctx->argv[1]);
		249	case 3: /* openat */
		250	return mask & ACC_MODE(ctx->argv[2]);
		251	case 4: /* socketcall */
		252	return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND);
		253	case 5: /* execve */
		254	return mask & AUDIT_PERM_EXEC;
		255	default:
		256	return 0;
		257	}
		258	}
		259
212	/* Determine if any context name data matches a rule's watch data */	260	/* Determine if any context name data matches a rule's watch data */
213	/* Compare a task_struct with an audit_rule. Return 1 on match, 0	261	/* Compare a task_struct with an audit_rule. Return 1 on match, 0
214	* otherwise. */	262	* otherwise. */
@@ -397,6 +445,9 @@ static int audit_filter_rules(struct task_struct *tsk,
397	/* ignore this field for filtering */	445	/* ignore this field for filtering */
398	result = 1;	446	result = 1;
399	break;	447	break;
		448	case AUDIT_PERM:
		449	result = audit_match_perm(ctx, f->val);
		450	break;
400	}	451	}
401		452
402	if (!result)	453	if (!result)