Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c9fe685f authored by Eric Paris's avatar Eric Paris Committed by Al Viro
Browse files

audit: allow interfield comparison between gid and ogid 



Allow audit rules to compare the gid of the running task to the gid of the
inode in question.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent b34b0393

include/linux/audit.h

+2 −1
Original line number Diff line number Diff line
@@ -184,8 +184,9 @@ 


/* AUDIT_FIELD_COMPARE rule list */

#define AUDIT_COMPARE_UID_TO_OBJ_UID	1

#define AUDIT_COMPARE_GID_TO_OBJ_GID	2



#define AUDIT_MAX_FIELD_COMPARE	AUDIT_COMPARE_UID_TO_OBJ_UID

#define AUDIT_MAX_FIELD_COMPARE	AUDIT_COMPARE_GID_TO_OBJ_GID

/* Rule fields */

				/* These are useful when checking the

				 * task structure at task creation time

kernel/auditsc.c

+6 −0
Original line number Diff line number Diff line
@@ -474,6 +474,8 @@ static int audit_compare_id(uid_t uid1, 
	uid_t uid2;

	int rc;



	BUILD_BUG_ON(sizeof(uid_t) != sizeof(gid_t));



	if (name) {

		addr = (unsigned long)name;

		addr += name_offset;
@@ -510,6 +512,10 @@ static int audit_field_compare(struct task_struct *tsk, 
		return audit_compare_id(cred->uid,

					name, offsetof(struct audit_names, uid),

					f, ctx);

	case AUDIT_COMPARE_GID_TO_OBJ_GID:

		return audit_compare_id(cred->gid,

					name, offsetof(struct audit_names, gid),

					f, ctx);

	default:

		WARN(1, "Missing AUDIT_COMPARE define.  Report as a bug\n");

		return 0;