From: Eric Paris <eparis@redhat.com>
To: linux-audit@redhat.com
Subject: Re: [PATCH 2/5] audit: complex interfield comparison helper
Date: Wed, 04 Jan 2012 15:51:55 -0500 [thread overview]
Message-ID: <1325710315.17118.3.camel@localhost> (raw)
In-Reply-To: <1325710033-32133-2-git-send-email-eparis@redhat.com>
On Wed, 2012-01-04 at 15:47 -0500, Eric Paris wrote:
> Rather than code the same loop over and over implement a helper function which
> uses some pointer magic to make it generic enough to be used numerous places
> as we implement more audit interfield comparisons
>
> Signed-off-by: Eric Paris <eparis@redhat.com>
> ---
The change from the last version is simply to take a uid_t and a pointer
to a struct audit_name instead of taking two pointers. This allows us
to get the first uid from either a cred or the task struct.
> kernel/auditsc.c | 50 +++++++++++++++++++++++++++++++++++++++-----------
> 1 files changed, 39 insertions(+), 11 deletions(-)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index efb1763..45c13c5 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -463,25 +463,53 @@ static int match_tree_refs(struct audit_context *ctx, struct audit_tree *tree)
> return 0;
> }
>
> +static int audit_compare_id(uid_t uid1,
> + struct audit_names *name,
> + unsigned long name_offset,
> + struct audit_field *f,
> + struct audit_context *ctx)
> +{
> + struct audit_names *n;
> + unsigned long addr;
> + uid_t uid2;
> + int rc;
> +
> + if (name) {
> + addr = (unsigned long)name;
> + addr += name_offset;
> +
> + uid2 = *(uid_t *)addr;
> + rc = audit_comparator(uid1, f->op, uid2);
> + if (rc)
> + return rc;
> + }
> +
> + if (ctx) {
> + list_for_each_entry(n, &ctx->names_list, list) {
> + addr = (unsigned long)n;
> + addr += name_offset;
> +
> + uid2 = *(uid_t *)addr;
> +
> + rc = audit_comparator(uid1, f->op, uid2);
> + if (rc)
> + return rc;
> + }
> + }
> + return 0;
> +}
> +
> static int audit_field_compare(struct task_struct *tsk,
> const struct cred *cred,
> struct audit_field *f,
> struct audit_context *ctx,
> struct audit_names *name)
> {
> - struct audit_names *n;
> -
> switch (f->val) {
> case AUDIT_COMPARE_UID_TO_OBJ_UID:
> - if (name) {
> - return audit_comparator(cred->uid, f->op, name->uid);
> - } else if (ctx) {
> - list_for_each_entry(n, &ctx->names_list, list) {
> - if (audit_comparator(cred->uid, f->op, n->uid))
> - return 1;
> - }
> - }
> - break;
> + return audit_compare_id(cred->uid,
> + name, offsetof(struct audit_names, uid),
> + f, ctx);
> default:
> WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");
> return 0;
next prev parent reply other threads:[~2012-01-04 20:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-04 20:47 [PATCH 1/5] audit: allow interfield comparison in audit rules Eric Paris
2012-01-04 20:47 ` [PATCH 2/5] audit: complex interfield comparison helper Eric Paris
2012-01-04 20:51 ` Eric Paris [this message]
2012-01-04 20:47 ` [PATCH 3/5] audit: allow interfield comparison between gid and ogid Eric Paris
2012-01-04 20:47 ` [PATCH 4/5] audit: implement all object interfield comparisons Eric Paris
2012-01-04 20:47 ` [PATCH 5/5] audit: comparison on interprocess fields Eric Paris
2012-01-04 20:55 ` Eric Paris
2012-01-04 21:12 ` Peter Moody
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1325710315.17118.3.camel@localhost \
--to=eparis@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox