Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b34b0393 authored by Eric Paris's avatar Eric Paris Committed by Al Viro
Browse files

audit: complex interfield comparison helper 



Rather than code the same loop over and over implement a helper function which
uses some pointer magic to make it generic enough to be used numerous places
as we implement more audit interfield comparisons

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 02d86a56

kernel/auditsc.c

+39 −11
Original line number Diff line number Diff line
@@ -463,25 +463,53 @@ static int match_tree_refs(struct audit_context *ctx, struct audit_tree *tree) 
	return 0;

}



static int audit_field_compare(struct task_struct *tsk,

			       const struct cred *cred,

static int audit_compare_id(uid_t uid1,

			    struct audit_names *name,

			    unsigned long name_offset,

			    struct audit_field *f,

			       struct audit_context *ctx,

			       struct audit_names *name)

			    struct audit_context *ctx)

{

	struct audit_names *n;

	unsigned long addr;

	uid_t uid2;

	int rc;



	switch (f->val) {

	case AUDIT_COMPARE_UID_TO_OBJ_UID:

	if (name) {

			return audit_comparator(cred->uid, f->op, name->uid);

		} else if (ctx) {

		addr = (unsigned long)name;

		addr += name_offset;



		uid2 = *(uid_t *)addr;

		rc = audit_comparator(uid1, f->op, uid2);

		if (rc)

			return rc;

	}



	if (ctx) {

		list_for_each_entry(n, &ctx->names_list, list) {

				if (audit_comparator(cred->uid, f->op, n->uid))

					return 1;

			addr = (unsigned long)n;

			addr += name_offset;



			uid2 = *(uid_t *)addr;



			rc = audit_comparator(uid1, f->op, uid2);

			if (rc)

				return rc;

		}

	}

		break;

	return 0;

}



static int audit_field_compare(struct task_struct *tsk,

			       const struct cred *cred,

			       struct audit_field *f,

			       struct audit_context *ctx,

			       struct audit_names *name)

{

	switch (f->val) {

	case AUDIT_COMPARE_UID_TO_OBJ_UID:

		return audit_compare_id(cred->uid,

					name, offsetof(struct audit_names, uid),

					f, ctx);

	default:

		WARN(1, "Missing AUDIT_COMPARE define.  Report as a bug\n");

		return 0;