diff options
author | Eric Paris <eparis@redhat.com> | 2007-06-04 17:00:14 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2007-07-22 09:57:02 -0400 |
commit | 74f2345b6be1410f824cb7dd638d2c10a9709379 (patch) | |
tree | a9cbdb517eb01b04de3e641d87ef42ad186e91e3 /kernel | |
parent | c926e4f432af0f61ac2b9b637fb51a4871a3fc91 (diff) | |
download | op-kernel-dev-74f2345b6be1410f824cb7dd638d2c10a9709379.zip op-kernel-dev-74f2345b6be1410f824cb7dd638d2c10a9709379.tar.gz |
[PATCH] allow audit filtering on bit & operations
Right now the audit filter can match on = != > < >= blah blah blah.
This allow the filter to also look at bitwise AND operations, &
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditfilter.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 0ea96ba..359645c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -456,6 +456,13 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) case AUDIT_DEVMINOR: case AUDIT_EXIT: case AUDIT_SUCCESS: + /* bit ops are only useful on syscall args */ + if (f->op == AUDIT_BIT_MASK || + f->op == AUDIT_BIT_TEST) { + err = -EINVAL; + goto exit_free; + } + break; case AUDIT_ARG0: case AUDIT_ARG1: case AUDIT_ARG2: @@ -1566,6 +1573,10 @@ int audit_comparator(const u32 left, const u32 op, const u32 right) return (left > right); case AUDIT_GREATER_THAN_OR_EQUAL: return (left >= right); + case AUDIT_BIT_MASK: + return (left & right); + case AUDIT_BIT_TEST: + return ((left & right) == right); } BUG(); return 0; |