提交 10d68360 编写于 作者: P Peter Moody 提交者: Al Viro

audit: comparison on interprocess fields

This allows audit to specify rules in which we compare two fields of a
process.  Such as is the running process uid != to the running process
euid?
Signed-off-by: NPeter Moody <pmoody@google.com>
Signed-off-by: NEric Paris <eparis@redhat.com>
上级 4a6633ed
...@@ -193,7 +193,29 @@ ...@@ -193,7 +193,29 @@
#define AUDIT_COMPARE_FSUID_TO_OBJ_UID 8 #define AUDIT_COMPARE_FSUID_TO_OBJ_UID 8
#define AUDIT_COMPARE_FSGID_TO_OBJ_GID 9 #define AUDIT_COMPARE_FSGID_TO_OBJ_GID 9
#define AUDIT_MAX_FIELD_COMPARE AUDIT_COMPARE_FSGID_TO_OBJ_GID #define AUDIT_COMPARE_UID_TO_AUID 10
#define AUDIT_COMPARE_UID_TO_EUID 11
#define AUDIT_COMPARE_UID_TO_FSUID 12
#define AUDIT_COMPARE_UID_TO_SUID 13
#define AUDIT_COMPARE_AUID_TO_FSUID 14
#define AUDIT_COMPARE_AUID_TO_SUID 15
#define AUDIT_COMPARE_AUID_TO_EUID 16
#define AUDIT_COMPARE_EUID_TO_SUID 17
#define AUDIT_COMPARE_EUID_TO_FSUID 18
#define AUDIT_COMPARE_SUID_TO_FSUID 19
#define AUDIT_COMPARE_GID_TO_EGID 20
#define AUDIT_COMPARE_GID_TO_FSGID 21
#define AUDIT_COMPARE_GID_TO_SGID 22
#define AUDIT_COMPARE_EGID_TO_FSGID 23
#define AUDIT_COMPARE_EGID_TO_SGID 24
#define AUDIT_COMPARE_SGID_TO_FSGID 25
#define AUDIT_MAX_FIELD_COMPARE AUDIT_COMPARE_SGID_TO_FSGID
/* Rule fields */ /* Rule fields */
/* These are useful when checking the /* These are useful when checking the
......
...@@ -545,6 +545,45 @@ static int audit_field_compare(struct task_struct *tsk, ...@@ -545,6 +545,45 @@ static int audit_field_compare(struct task_struct *tsk,
return audit_compare_id(cred->fsgid, return audit_compare_id(cred->fsgid,
name, offsetof(struct audit_names, gid), name, offsetof(struct audit_names, gid),
f, ctx); f, ctx);
/* uid comparisons */
case AUDIT_COMPARE_UID_TO_AUID:
return audit_comparator(cred->uid, f->op, tsk->loginuid);
case AUDIT_COMPARE_UID_TO_EUID:
return audit_comparator(cred->uid, f->op, cred->euid);
case AUDIT_COMPARE_UID_TO_SUID:
return audit_comparator(cred->uid, f->op, cred->suid);
case AUDIT_COMPARE_UID_TO_FSUID:
return audit_comparator(cred->uid, f->op, cred->fsuid);
/* auid comparisons */
case AUDIT_COMPARE_AUID_TO_EUID:
return audit_comparator(tsk->loginuid, f->op, cred->euid);
case AUDIT_COMPARE_AUID_TO_SUID:
return audit_comparator(tsk->loginuid, f->op, cred->suid);
case AUDIT_COMPARE_AUID_TO_FSUID:
return audit_comparator(tsk->loginuid, f->op, cred->fsuid);
/* euid comparisons */
case AUDIT_COMPARE_EUID_TO_SUID:
return audit_comparator(cred->euid, f->op, cred->suid);
case AUDIT_COMPARE_EUID_TO_FSUID:
return audit_comparator(cred->euid, f->op, cred->fsuid);
/* suid comparisons */
case AUDIT_COMPARE_SUID_TO_FSUID:
return audit_comparator(cred->suid, f->op, cred->fsuid);
/* gid comparisons */
case AUDIT_COMPARE_GID_TO_EGID:
return audit_comparator(cred->gid, f->op, cred->egid);
case AUDIT_COMPARE_GID_TO_SGID:
return audit_comparator(cred->gid, f->op, cred->sgid);
case AUDIT_COMPARE_GID_TO_FSGID:
return audit_comparator(cred->gid, f->op, cred->fsgid);
/* egid comparisons */
case AUDIT_COMPARE_EGID_TO_SGID:
return audit_comparator(cred->egid, f->op, cred->sgid);
case AUDIT_COMPARE_EGID_TO_FSGID:
return audit_comparator(cred->egid, f->op, cred->fsgid);
/* sgid comparison */
case AUDIT_COMPARE_SGID_TO_FSGID:
return audit_comparator(cred->sgid, f->op, cred->fsgid);
default: default:
WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n"); WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");
return 0; return 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册