audit: validate comparison operations, store them in sane form

Don't store the field->op in the messy (and very inconvenient for e.g. audit_comparator()) form; translate to dense set of values and do full validation of userland-submitted value while we are at it. ->audit_init_rule() and ->audit_match_rule() get new values now; in-tree instances updated. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2008-12-16 05:59:26 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2009-01-04 15:14:42 -0500
commit: 5af75d8d58d0f9f7b7c0515b35786b22892d5f12 (patch)
tree: 65707c5309133a33140c39145ae91b7c1679a877 /security/smack
parent: 36c4f1b18c8a7d0adb4085e7f531860b837bb6b0 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1b5551dfc1f7..848212fd4845 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2492,7 +2492,7 @@ static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
        if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
                return -EINVAL;
-        if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
+        if (op != Audit_equal && op != Audit_not_equal)
                return -EINVAL;
        *rule = smk_import(rulestr, 0);
@@ -2556,9 +2556,9 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
         * both pointers will point to the same smack_known
         * label.
         */
-        if (op == AUDIT_EQUAL)
+        if (op == Audit_equal)
                return (rule == smack);
-        if (op == AUDIT_NOT_EQUAL)
+        if (op == Audit_not_equal)
                return (rule != smack);
        return 0;
author	Al Viro <viro@zeniv.linux.org.uk>	2008-12-16 05:59:26 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2009-01-04 15:14:42 -0500
commit	5af75d8d58d0f9f7b7c0515b35786b22892d5f12 (patch)
tree	65707c5309133a33140c39145ae91b7c1679a877 /security/smack
parent	36c4f1b18c8a7d0adb4085e7f531860b837bb6b0 (diff)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1b5551dfc1f7..848212fd4845 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -2492,7 +2492,7 @@ static int smack_audit_rule_init(u32 field, u32 op, char rulestr, void *vrule)
2492	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)	2492	if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
2493	return -EINVAL;	2493	return -EINVAL;
2494		2494
2495	if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)	2495	if (op != Audit_equal && op != Audit_not_equal)
2496	return -EINVAL;	2496	return -EINVAL;
2497		2497
2498	*rule = smk_import(rulestr, 0);	2498	*rule = smk_import(rulestr, 0);
@@ -2556,9 +2556,9 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
2556	* both pointers will point to the same smack_known	2556	* both pointers will point to the same smack_known
2557	* label.	2557	* label.
2558	*/	2558	*/
2559	if (op == AUDIT_EQUAL)	2559	if (op == Audit_equal)
2560	return (rule == smack);	2560	return (rule == smack);
2561	if (op == AUDIT_NOT_EQUAL)	2561	if (op == Audit_not_equal)
2562	return (rule != smack);	2562	return (rule != smack);
2563		2563
2564	return 0;	2564	return 0;