summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2007-06-04 17:00:14 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2007-07-22 09:57:02 -0400
commit74f2345b6be1410f824cb7dd638d2c10a9709379 (patch)
treea9cbdb517eb01b04de3e641d87ef42ad186e91e3 /kernel
parentc926e4f432af0f61ac2b9b637fb51a4871a3fc91 (diff)
downloadop-kernel-dev-74f2345b6be1410f824cb7dd638d2c10a9709379.zip
op-kernel-dev-74f2345b6be1410f824cb7dd638d2c10a9709379.tar.gz
[PATCH] allow audit filtering on bit & operations
Right now the audit filter can match on = != > < >= blah blah blah. This allow the filter to also look at bitwise AND operations, & Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditfilter.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 0ea96ba..359645c 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -456,6 +456,13 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
case AUDIT_DEVMINOR:
case AUDIT_EXIT:
case AUDIT_SUCCESS:
+ /* bit ops are only useful on syscall args */
+ if (f->op == AUDIT_BIT_MASK ||
+ f->op == AUDIT_BIT_TEST) {
+ err = -EINVAL;
+ goto exit_free;
+ }
+ break;
case AUDIT_ARG0:
case AUDIT_ARG1:
case AUDIT_ARG2:
@@ -1566,6 +1573,10 @@ int audit_comparator(const u32 left, const u32 op, const u32 right)
return (left > right);
case AUDIT_GREATER_THAN_OR_EQUAL:
return (left >= right);
+ case AUDIT_BIT_MASK:
+ return (left & right);
+ case AUDIT_BIT_TEST:
+ return ((left & right) == right);
}
BUG();
return 0;
OpenPOWER on IntegriCloud