audit: implement all object interfield comparisons

This completes the matrix of interfield comparisons between uid/gid information for the current task and the uid/gid information for inodes. aka I can audit based on differences between the euid of the process and the uid of fs objects. Signed-off-by: Peter Moody <pmoody@google.com> Signed-off-by: Eric Paris <eparis@redhat.com>
author: Peter Moody <pmoody@google.com> 2011-12-13 19:17:51 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2012-01-17 16:17:02 -0500
commit: 4a6633ed08af5ba67790b4d1adcdeb8ceb55677e (patch)
tree: 8b658f732f742d3d3a40f84b39ce4aa42f70d538 /kernel/auditsc.c
parent: c9fe685f7a17a0ee8bf3fbe51e40b1c8b8e65896 (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 861c7b9c565a..b8cee462b99e 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -508,6 +508,7 @@ static int audit_field_compare(struct task_struct *tsk,
                               struct audit_names *name)
 {
        switch (f->val) {
+        /* process to file object comparisons */
        case AUDIT_COMPARE_UID_TO_OBJ_UID:
                return audit_compare_id(cred->uid,
                                        name, offsetof(struct audit_names, uid),
@@ -516,6 +517,34 @@ static int audit_field_compare(struct task_struct *tsk,
                return audit_compare_id(cred->gid,
                                        name, offsetof(struct audit_names, gid),
                                        f, ctx);
+        case AUDIT_COMPARE_EUID_TO_OBJ_UID:
+                return audit_compare_id(cred->euid,
+                                        name, offsetof(struct audit_names, uid),
+                                        f, ctx);
+        case AUDIT_COMPARE_EGID_TO_OBJ_GID:
+                return audit_compare_id(cred->egid,
+                                        name, offsetof(struct audit_names, gid),
+                                        f, ctx);
+        case AUDIT_COMPARE_AUID_TO_OBJ_UID:
+                return audit_compare_id(tsk->loginuid,
+                                        name, offsetof(struct audit_names, uid),
+                                        f, ctx);
+        case AUDIT_COMPARE_SUID_TO_OBJ_UID:
+                return audit_compare_id(cred->suid,
+                                        name, offsetof(struct audit_names, uid),
+                                        f, ctx);
+        case AUDIT_COMPARE_SGID_TO_OBJ_GID:
+                return audit_compare_id(cred->sgid,
+                                        name, offsetof(struct audit_names, gid),
+                                        f, ctx);
+        case AUDIT_COMPARE_FSUID_TO_OBJ_UID:
+                return audit_compare_id(cred->fsuid,
+                                        name, offsetof(struct audit_names, uid),
+                                        f, ctx);
+        case AUDIT_COMPARE_FSGID_TO_OBJ_GID:
+                return audit_compare_id(cred->fsgid,
+                                        name, offsetof(struct audit_names, gid),
+                                        f, ctx);
        default:
                WARN(1, "Missing AUDIT_COMPARE define.  Report as a bug\n");
                return 0;
author	Peter Moody <pmoody@google.com>	2011-12-13 19:17:51 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2012-01-17 16:17:02 -0500
commit	4a6633ed08af5ba67790b4d1adcdeb8ceb55677e (patch)
tree	8b658f732f742d3d3a40f84b39ce4aa42f70d538 /kernel/auditsc.c
parent	c9fe685f7a17a0ee8bf3fbe51e40b1c8b8e65896 (diff)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 861c7b9c565a..b8cee462b99e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -508,6 +508,7 @@ static int audit_field_compare(struct task_struct *tsk,
508	struct audit_names *name)	508	struct audit_names *name)
509	{	509	{
510	switch (f->val) {	510	switch (f->val) {
		511	/* process to file object comparisons */
511	case AUDIT_COMPARE_UID_TO_OBJ_UID:	512	case AUDIT_COMPARE_UID_TO_OBJ_UID:
512	return audit_compare_id(cred->uid,	513	return audit_compare_id(cred->uid,
513	name, offsetof(struct audit_names, uid),	514	name, offsetof(struct audit_names, uid),
@@ -516,6 +517,34 @@ static int audit_field_compare(struct task_struct *tsk,
516	return audit_compare_id(cred->gid,	517	return audit_compare_id(cred->gid,
517	name, offsetof(struct audit_names, gid),	518	name, offsetof(struct audit_names, gid),
518	f, ctx);	519	f, ctx);
		520	case AUDIT_COMPARE_EUID_TO_OBJ_UID:
		521	return audit_compare_id(cred->euid,
		522	name, offsetof(struct audit_names, uid),
		523	f, ctx);
		524	case AUDIT_COMPARE_EGID_TO_OBJ_GID:
		525	return audit_compare_id(cred->egid,
		526	name, offsetof(struct audit_names, gid),
		527	f, ctx);
		528	case AUDIT_COMPARE_AUID_TO_OBJ_UID:
		529	return audit_compare_id(tsk->loginuid,
		530	name, offsetof(struct audit_names, uid),
		531	f, ctx);
		532	case AUDIT_COMPARE_SUID_TO_OBJ_UID:
		533	return audit_compare_id(cred->suid,
		534	name, offsetof(struct audit_names, uid),
		535	f, ctx);
		536	case AUDIT_COMPARE_SGID_TO_OBJ_GID:
		537	return audit_compare_id(cred->sgid,
		538	name, offsetof(struct audit_names, gid),
		539	f, ctx);
		540	case AUDIT_COMPARE_FSUID_TO_OBJ_UID:
		541	return audit_compare_id(cred->fsuid,
		542	name, offsetof(struct audit_names, uid),
		543	f, ctx);
		544	case AUDIT_COMPARE_FSGID_TO_OBJ_GID:
		545	return audit_compare_id(cred->fsgid,
		546	name, offsetof(struct audit_names, gid),
		547	f, ctx);
519	default:	548	default:
520	WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");	549	WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");
521	return 0;	550	return 0;