Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c9fe685f authored by Eric Paris's avatar Eric Paris Committed by Al Viro
Browse files

audit: allow interfield comparison between gid and ogid



Allow audit rules to compare the gid of the running task to the gid of the
inode in question.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent b34b0393
Loading
Loading
Loading
Loading
+2 −1
Original line number Diff line number Diff line
@@ -184,8 +184,9 @@

/* AUDIT_FIELD_COMPARE rule list */
#define AUDIT_COMPARE_UID_TO_OBJ_UID	1
#define AUDIT_COMPARE_GID_TO_OBJ_GID	2

#define AUDIT_MAX_FIELD_COMPARE	AUDIT_COMPARE_UID_TO_OBJ_UID
#define AUDIT_MAX_FIELD_COMPARE	AUDIT_COMPARE_GID_TO_OBJ_GID
/* Rule fields */
				/* These are useful when checking the
				 * task structure at task creation time
+6 −0
Original line number Diff line number Diff line
@@ -474,6 +474,8 @@ static int audit_compare_id(uid_t uid1,
	uid_t uid2;
	int rc;

	BUILD_BUG_ON(sizeof(uid_t) != sizeof(gid_t));

	if (name) {
		addr = (unsigned long)name;
		addr += name_offset;
@@ -510,6 +512,10 @@ static int audit_field_compare(struct task_struct *tsk,
		return audit_compare_id(cred->uid,
					name, offsetof(struct audit_names, uid),
					f, ctx);
	case AUDIT_COMPARE_GID_TO_OBJ_GID:
		return audit_compare_id(cred->gid,
					name, offsetof(struct audit_names, gid),
					f, ctx);
	default:
		WARN(1, "Missing AUDIT_COMPARE define.  Report as a bug\n");
		return 0;