mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-06-20 13:41:30 +00:00
[PATCH] audit string fields interface + consumer
Updated patch to dynamically allocate audit rule fields in kernel's internal representation. Added unlikely() calls for testing memory allocation result. Amy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST] > Modify audit's kernel-userspace interface to allow the specification > of string fields in audit rules. > > Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> (cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)
This commit is contained in:
Amy Griffis
Al Viro
parent
af601e4623
commit
93315ed6dd
6 changed files with 451 additions and 148 deletions
|
|
@ -162,70 +162,68 @@ struct audit_context {
|
|||
/* Compare a task_struct with an audit_rule. Return 1 on match, 0
|
||||
* otherwise. */
|
||||
static int audit_filter_rules(struct task_struct *tsk,
|
||||
struct audit_rule *rule,
|
||||
struct audit_krule *rule,
|
||||
struct audit_context *ctx,
|
||||
enum audit_state *state)
|
||||
{
|
||||
int i, j;
|
||||
|
||||
for (i = 0; i < rule->field_count; i++) {
|
||||
u32 field = rule->fields[i] & ~AUDIT_OPERATORS;
|
||||
u32 op = rule->fields[i] & AUDIT_OPERATORS;
|
||||
u32 value = rule->values[i];
|
||||
struct audit_field *f = &rule->fields[i];
|
||||
int result = 0;
|
||||
|
||||
switch (field) {
|
||||
switch (f->type) {
|
||||
case AUDIT_PID:
|
||||
result = audit_comparator(tsk->pid, op, value);
|
||||
result = audit_comparator(tsk->pid, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_UID:
|
||||
result = audit_comparator(tsk->uid, op, value);
|
||||
result = audit_comparator(tsk->uid, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_EUID:
|
||||
result = audit_comparator(tsk->euid, op, value);
|
||||
result = audit_comparator(tsk->euid, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_SUID:
|
||||
result = audit_comparator(tsk->suid, op, value);
|
||||
result = audit_comparator(tsk->suid, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_FSUID:
|
||||
result = audit_comparator(tsk->fsuid, op, value);
|
||||
result = audit_comparator(tsk->fsuid, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_GID:
|
||||
result = audit_comparator(tsk->gid, op, value);
|
||||
result = audit_comparator(tsk->gid, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_EGID:
|
||||
result = audit_comparator(tsk->egid, op, value);
|
||||
result = audit_comparator(tsk->egid, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_SGID:
|
||||
result = audit_comparator(tsk->sgid, op, value);
|
||||
result = audit_comparator(tsk->sgid, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_FSGID:
|
||||
result = audit_comparator(tsk->fsgid, op, value);
|
||||
result = audit_comparator(tsk->fsgid, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_PERS:
|
||||
result = audit_comparator(tsk->personality, op, value);
|
||||
result = audit_comparator(tsk->personality, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_ARCH:
|
||||
if (ctx)
|
||||
result = audit_comparator(ctx->arch, op, value);
|
||||
result = audit_comparator(ctx->arch, f->op, f->val);
|
||||
break;
|
||||
|
||||
case AUDIT_EXIT:
|
||||
if (ctx && ctx->return_valid)
|
||||
result = audit_comparator(ctx->return_code, op, value);
|
||||
result = audit_comparator(ctx->return_code, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_SUCCESS:
|
||||
if (ctx && ctx->return_valid) {
|
||||
if (value)
|
||||
result = audit_comparator(ctx->return_valid, op, AUDITSC_SUCCESS);
|
||||
if (f->val)
|
||||
result = audit_comparator(ctx->return_valid, f->op, AUDITSC_SUCCESS);
|
||||
else
|
||||
result = audit_comparator(ctx->return_valid, op, AUDITSC_FAILURE);
|
||||
result = audit_comparator(ctx->return_valid, f->op, AUDITSC_FAILURE);
|
||||
}
|
||||
break;
|
||||
case AUDIT_DEVMAJOR:
|
||||
if (ctx) {
|
||||
for (j = 0; j < ctx->name_count; j++) {
|
||||
if (audit_comparator(MAJOR(ctx->names[j].dev), op, value)) {
|
||||
if (audit_comparator(MAJOR(ctx->names[j].dev), f->op, f->val)) {
|
||||
++result;
|
||||
break;
|
||||
}
|
||||
|
|
@ -235,7 +233,7 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
case AUDIT_DEVMINOR:
|
||||
if (ctx) {
|
||||
for (j = 0; j < ctx->name_count; j++) {
|
||||
if (audit_comparator(MINOR(ctx->names[j].dev), op, value)) {
|
||||
if (audit_comparator(MINOR(ctx->names[j].dev), f->op, f->val)) {
|
||||
++result;
|
||||
break;
|
||||
}
|
||||
|
|
@ -245,8 +243,8 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
case AUDIT_INODE:
|
||||
if (ctx) {
|
||||
for (j = 0; j < ctx->name_count; j++) {
|
||||
if (audit_comparator(ctx->names[j].ino, op, value) ||
|
||||
audit_comparator(ctx->names[j].pino, op, value)) {
|
||||
if (audit_comparator(ctx->names[j].ino, f->op, f->val) ||
|
||||
audit_comparator(ctx->names[j].pino, f->op, f->val)) {
|
||||
++result;
|
||||
break;
|
||||
}
|
||||
|
|
@ -256,14 +254,14 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
case AUDIT_LOGINUID:
|
||||
result = 0;
|
||||
if (ctx)
|
||||
result = audit_comparator(ctx->loginuid, op, value);
|
||||
result = audit_comparator(ctx->loginuid, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_ARG0:
|
||||
case AUDIT_ARG1:
|
||||
case AUDIT_ARG2:
|
||||
case AUDIT_ARG3:
|
||||
if (ctx)
|
||||
result = audit_comparator(ctx->argv[field-AUDIT_ARG0], op, value);
|
||||
result = audit_comparator(ctx->argv[f->type-AUDIT_ARG0], f->op, f->val);
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue