diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-12-16 05:59:26 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-01-04 15:14:42 -0500 |
commit | 5af75d8d58d0f9f7b7c0515b35786b22892d5f12 (patch) | |
tree | 65707c5309133a33140c39145ae91b7c1679a877 /kernel/audit_tree.c | |
parent | 36c4f1b18c8a7d0adb4085e7f531860b837bb6b0 (diff) | |
download | op-kernel-dev-5af75d8d58d0f9f7b7c0515b35786b22892d5f12.zip op-kernel-dev-5af75d8d58d0f9f7b7c0515b35786b22892d5f12.tar.gz |
audit: validate comparison operations, store them in sane form
Don't store the field->op in the messy (and very inconvenient for e.g.
audit_comparator()) form; translate to dense set of values and do full
validation of userland-submitted value while we are at it.
->audit_init_rule() and ->audit_match_rule() get new values now; in-tree
instances updated.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/audit_tree.c')
-rw-r--r-- | kernel/audit_tree.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 48bddad..8ad9545 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c @@ -618,7 +618,7 @@ int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op) if (pathname[0] != '/' || rule->listnr != AUDIT_FILTER_EXIT || - op & ~AUDIT_EQUAL || + op != Audit_equal || rule->inode_f || rule->watch || rule->tree) return -EINVAL; rule->tree = alloc_tree(pathname); |