From: Eric Paris <eparis@redhat.com>
To: linux-audit@redhat.com
Subject: Re: [PATCH 2/5] audit: complex interfield comparison helper
Date: Wed, 04 Jan 2012 15:51:55 -0500 [thread overview]
Message-ID: <1325710315.17118.3.camel@localhost> (raw)
In-Reply-To: <1325710033-32133-2-git-send-email-eparis@redhat.com>
On Wed, 2012-01-04 at 15:47 -0500, Eric Paris wrote:
> Rather than code the same loop over and over implement a helper function which
> uses some pointer magic to make it generic enough to be used numerous places
> as we implement more audit interfield comparisons
>
> Signed-off-by: Eric Paris <eparis@redhat.com>
> ---
The change from the last version is simply to take a uid_t and a pointer
to a struct audit_name instead of taking two pointers. This allows us
to get the first uid from either a cred or the task struct.
> kernel/auditsc.c | 50 +++++++++++++++++++++++++++++++++++++++-----------
> 1 files changed, 39 insertions(+), 11 deletions(-)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index efb1763..45c13c5 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -463,25 +463,53 @@ static int match_tree_refs(struct audit_context *ctx, struct audit_tree *tree)
> return 0;
> }
>
> +static int audit_compare_id(uid_t uid1,
> + struct audit_names *name,
> + unsigned long name_offset,
> + struct audit_field *f,
> + struct audit_context *ctx)
> +{
> + struct audit_names *n;
> + unsigned long addr;
> + uid_t uid2;
> + int rc;
> +
> + if (name) {
> + addr = (unsigned long)name;
> + addr += name_offset;
> +
> + uid2 = *(uid_t *)addr;
> + rc = audit_comparator(uid1, f->op, uid2);
> + if (rc)
> + return rc;
> + }
> +
> + if (ctx) {
> + list_for_each_entry(n, &ctx->names_list, list) {
> + addr = (unsigned long)n;
> + addr += name_offset;
> +
> + uid2 = *(uid_t *)addr;
> +
> + rc = audit_comparator(uid1, f->op, uid2);
> + if (rc)
> + return rc;
> + }
> + }
> + return 0;
> +}
> +
> static int audit_field_compare(struct task_struct *tsk,
> const struct cred *cred,
> struct audit_field *f,
> struct audit_context *ctx,
> struct audit_names *name)
> {
> - struct audit_names *n;
> -
> switch (f->val) {
> case AUDIT_COMPARE_UID_TO_OBJ_UID:
> - if (name) {
> - return audit_comparator(cred->uid, f->op, name->uid);
> - } else if (ctx) {
> - list_for_each_entry(n, &ctx->names_list, list) {
> - if (audit_comparator(cred->uid, f->op, n->uid))
> - return 1;
> - }
> - }
> - break;
> + return audit_compare_id(cred->uid,
> + name, offsetof(struct audit_names, uid),
> + f, ctx);
> default:
> WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");
> return 0;
next prev parent reply other threads:[~2012-01-04 20:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-04 20:47 [PATCH 1/5] audit: allow interfield comparison in audit rules Eric Paris
2012-01-04 20:47 ` [PATCH 2/5] audit: complex interfield comparison helper Eric Paris
2012-01-04 20:51 ` Eric Paris [this message]
2012-01-04 20:47 ` [PATCH 3/5] audit: allow interfield comparison between gid and ogid Eric Paris
2012-01-04 20:47 ` [PATCH 4/5] audit: implement all object interfield comparisons Eric Paris
2012-01-04 20:47 ` [PATCH 5/5] audit: comparison on interprocess fields Eric Paris
2012-01-04 20:55 ` Eric Paris
2012-01-04 21:12 ` Peter Moody
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1325710315.17118.3.camel@localhost \
--to=eparis@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.