From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Paris <eparis@redhat.com>
Subject: [PATCH 20/26] audit: allow interfield comparison between gid and ogid
Date: Thu, 17 Nov 2011 17:04:35 -0500
Message-ID: <20111117220435.23481.57197.stgit@paris.rdu.redhat.com>
References: <20111117220244.23481.96785.stgit@paris.rdu.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20111117220244.23481.96785.stgit@paris.rdu.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
Cc: viro@zeniv.linux.org.uk
List-Id: linux-audit@redhat.com

Allow audit rules to compare the gid of the running task to the gid of the
inode in question.

Signed-off-by: Eric Paris <eparis@redhat.com>
---

 include/linux/audit.h |    3 ++-
 kernel/auditsc.c      |    6 ++++++
 2 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 04295cb..9734b1e 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -184,8 +184,9 @@
 
 /* AUDIT_FIELD_COMPARE rule list */
 #define AUDIT_COMPARE_UID_TO_OBJ_UID	1
+#define AUDIT_COMPARE_GID_TO_OBJ_GID	2
 
-#define AUDIT_MAX_FIELD_COMPARE	AUDIT_COMPARE_UID_TO_OBJ_UID
+#define AUDIT_MAX_FIELD_COMPARE	AUDIT_COMPARE_GID_TO_OBJ_GID
 /* Rule fields */
 				/* These are useful when checking the
 				 * task structure at task creation time
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 848a84b..d0b388c 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -474,6 +474,8 @@ static int audit_compare_id(const struct cred *cred,
 	unsigned long addr;
 	uid_t cred_uid, name_uid;
 
+	BUILD_BUG_ON(sizeof(uid_t) != sizeof(gid_t));
+
 	addr = (unsigned long)cred;
 	addr += cred_offset;
 
@@ -511,6 +513,10 @@ static int audit_field_compare(struct task_struct *tsk,
 		return audit_compare_id(cred, offsetof(struct cred, uid),
 					name, offsetof(struct audit_names, uid),
 					f, ctx);
+	case AUDIT_COMPARE_GID_TO_OBJ_GID:
+		return audit_compare_id(cred, offsetof(struct cred, gid),
+					name, offsetof(struct audit_names, gid),
+					f, ctx);
 	default:
 		return 0;
 	}