aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorMatvejchikov Ilya <matvejchikov@gmail.com>2011-12-13 15:09:08 -0500
committerEric Paris <eparis@redhat.com>2013-04-08 16:19:15 -0400
commit37eebe39c9731a76535f08de455db97eb93894ae (patch)
tree5a31d3cab8c015302a2b4b9f542e838ba61c1bc5 /kernel/auditsc.c
parent19f949f52599ba7c3f67a5897ac6be14bfcb1200 (diff)
audit: improve GID/EGID comparation logic
It is useful to extend GID/EGID comparation logic to be able to match not only the exact EID/EGID values but the group/egroup also. Signed-off-by: Matvejchikov Ilya <matvejchikov@gmail.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index a371f857a0a9..77c705c302f7 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -633,9 +633,23 @@ static int audit_filter_rules(struct task_struct *tsk,
633 break; 633 break;
634 case AUDIT_GID: 634 case AUDIT_GID:
635 result = audit_gid_comparator(cred->gid, f->op, f->gid); 635 result = audit_gid_comparator(cred->gid, f->op, f->gid);
636 if (f->op == Audit_equal) {
637 if (!result)
638 result = in_group_p(f->gid);
639 } else if (f->op == Audit_not_equal) {
640 if (result)
641 result = !in_group_p(f->gid);
642 }
636 break; 643 break;
637 case AUDIT_EGID: 644 case AUDIT_EGID:
638 result = audit_gid_comparator(cred->egid, f->op, f->gid); 645 result = audit_gid_comparator(cred->egid, f->op, f->gid);
646 if (f->op == Audit_equal) {
647 if (!result)
648 result = in_egroup_p(f->gid);
649 } else if (f->op == Audit_not_equal) {
650 if (result)
651 result = !in_egroup_p(f->gid);
652 }
639 break; 653 break;
640 case AUDIT_SGID: 654 case AUDIT_SGID:
641 result = audit_gid_comparator(cred->sgid, f->op, f->gid); 655 result = audit_gid_comparator(cred->sgid, f->op, f->gid);