diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2016-06-24 16:35:46 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-06-27 11:01:00 -0400 |
commit | 86b2efbe3a390e07dbba725ef700b0d143e9a385 (patch) | |
tree | 6f29eca2803a82292ca3fd0f282b37764445d547 /kernel/audit.c | |
parent | da7f750c1ef570c0a22e5a3fc1fdfd8d308d9a1a (diff) | |
download | linux-86b2efbe3a390e07dbba725ef700b0d143e9a385.tar.gz linux-86b2efbe3a390e07dbba725ef700b0d143e9a385.tar.bz2 linux-86b2efbe3a390e07dbba725ef700b0d143e9a385.zip |
audit: add fields to exclude filter by reusing user filter
RFE: add additional fields for use in audit filter exclude rules
https://github.com/linux-audit/audit-kernel/issues/5
Re-factor and combine audit_filter_type() with audit_filter_user() to
use audit_filter_user_rules() to enable the exclude filter to
additionally filter on PID, UID, GID, AUID, LOGINUID_SET, SUBJ_*.
The process of combining the similar audit_filter_user() and
audit_filter_type() functions, required inverting the meaning and
including the ALWAYS action of the latter.
Include audit_filter_user_rules() into audit_filter(), removing
unneeded logic in the process.
Keep the check to quit early if the list is empty.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: checkpatch.pl fixes - whitespace damage, wrapped description]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 678c3f000191..994588ef9489 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -934,7 +934,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (!audit_enabled && msg_type != AUDIT_USER_AVC) return 0; - err = audit_filter_user(msg_type); + err = audit_filter(msg_type, AUDIT_FILTER_USER); if (err == 1) { /* match or error */ err = 0; if (msg_type == AUDIT_USER_TTY) { @@ -1382,7 +1382,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, if (audit_initialized != AUDIT_INITIALIZED) return NULL; - if (unlikely(audit_filter_type(type))) + if (unlikely(!audit_filter(type, AUDIT_FILTER_TYPE))) return NULL; if (gfp_mask & __GFP_DIRECT_RECLAIM) { |