diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-11 02:18:08 -0700 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-17 18:08:09 -0700 |
commit | ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7 (patch) | |
tree | 874ac71ed75f3c9b44eca7dbd8efef16d481827d /kernel/audit.h | |
parent | 860c0aaff75e714c21d325f32d36a37572b4fffb (diff) | |
download | linux-stable-ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7.tar.gz linux-stable-ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7.tar.bz2 linux-stable-ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7.zip |
audit: Add typespecific uid and gid comparators
The audit filter code guarantees that uid are always compared with
uids and gids are always compared with gids, as the comparason
operations are type specific. Take advantage of this proper to define
audit_uid_comparator and audit_gid_comparator which use the type safe
comparasons from uidgid.h.
Build on audit_uid_comparator and audit_gid_comparator and replace
audit_compare_id with audit_compare_uid and audit_compare_gid. This
is one of those odd cases where being type safe and duplicating code
leads to simpler shorter and more concise code.
Don't allow bitmask operations in uid and gid comparisons in
audit_data_to_entry. Bitmask operations are already denined in
audit_rule_to_entry.
Convert constants in audit_rule_to_entry and audit_data_to_entry into
kuids and kgids when appropriate.
Convert the uid and gid field in struct audit_names to be of type
kuid_t and kgid_t respectively, so that the new uid and gid comparators
can be applied in a type safe manner.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'kernel/audit.h')
-rw-r--r-- | kernel/audit.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index 816766803371..4b428bb41ea3 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -76,6 +76,8 @@ static inline int audit_hash_ino(u32 ino) extern int audit_match_class(int class, unsigned syscall); extern int audit_comparator(const u32 left, const u32 op, const u32 right); +extern int audit_uid_comparator(kuid_t left, u32 op, kuid_t right); +extern int audit_gid_comparator(kgid_t left, u32 op, kgid_t right); extern int audit_compare_dname_path(const char *dname, const char *path, int *dirlen); extern struct sk_buff * audit_make_reply(int pid, int seq, int type, |