audit: implement all object interfield comparisons (4a6633ed) · Commits · e / devices / android_kernel_sony_msm8998

include/linux/audit.h

+9 −1

Original line number	Diff line number	Diff line
		@@ -185,8 +185,16 @@
		/* AUDIT_FIELD_COMPARE rule list */
		#define AUDIT_COMPARE_UID_TO_OBJ_UID 1
		#define AUDIT_COMPARE_GID_TO_OBJ_GID 2
		#define AUDIT_COMPARE_EUID_TO_OBJ_UID 3
		#define AUDIT_COMPARE_EGID_TO_OBJ_GID 4
		#define AUDIT_COMPARE_AUID_TO_OBJ_UID 5
		#define AUDIT_COMPARE_SUID_TO_OBJ_UID 6
		#define AUDIT_COMPARE_SGID_TO_OBJ_GID 7
		#define AUDIT_COMPARE_FSUID_TO_OBJ_UID 8
		#define AUDIT_COMPARE_FSGID_TO_OBJ_GID 9

		#define AUDIT_MAX_FIELD_COMPARE AUDIT_COMPARE_FSGID_TO_OBJ_GID

		#define AUDIT_MAX_FIELD_COMPARE AUDIT_COMPARE_GID_TO_OBJ_GID
		/* Rule fields */
		/* These are useful when checking the
		* task structure at task creation time

+29 −0

Original line number	Diff line number	Diff line
		@@ -508,6 +508,7 @@ static int audit_field_compare(struct task_struct *tsk,
		struct audit_names *name)
		{
		switch (f->val) {
		/* process to file object comparisons */
		case AUDIT_COMPARE_UID_TO_OBJ_UID:
		return audit_compare_id(cred->uid,
		name, offsetof(struct audit_names, uid),
		@@ -516,6 +517,34 @@ static int audit_field_compare(struct task_struct *tsk,
		return audit_compare_id(cred->gid,
		name, offsetof(struct audit_names, gid),
		f, ctx);
		case AUDIT_COMPARE_EUID_TO_OBJ_UID:
		return audit_compare_id(cred->euid,
		name, offsetof(struct audit_names, uid),
		f, ctx);
		case AUDIT_COMPARE_EGID_TO_OBJ_GID:
		return audit_compare_id(cred->egid,
		name, offsetof(struct audit_names, gid),
		f, ctx);
		case AUDIT_COMPARE_AUID_TO_OBJ_UID:
		return audit_compare_id(tsk->loginuid,
		name, offsetof(struct audit_names, uid),
		f, ctx);
		case AUDIT_COMPARE_SUID_TO_OBJ_UID:
		return audit_compare_id(cred->suid,
		name, offsetof(struct audit_names, uid),
		f, ctx);
		case AUDIT_COMPARE_SGID_TO_OBJ_GID:
		return audit_compare_id(cred->sgid,
		name, offsetof(struct audit_names, gid),
		f, ctx);
		case AUDIT_COMPARE_FSUID_TO_OBJ_UID:
		return audit_compare_id(cred->fsuid,
		name, offsetof(struct audit_names, uid),
		f, ctx);
		case AUDIT_COMPARE_FSGID_TO_OBJ_GID:
		return audit_compare_id(cred->fsgid,
		name, offsetof(struct audit_names, gid),
		f, ctx);
		default:
		WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");
		return 0;