<div>Not sure if this is the right way to go about this, but I've got a couple of patches I'd like to be considered for inclusion.</div><div><br></div><div>This builds off of Eric's patches from November. Specifically the following patches:</div>


<div><br></div><div>[01/26] (<a href="http://www.redhat.com/archives/linux-audit/2011-November/msg00019.html" target="_blank">http://www.redhat.com/archives/linux-audit/2011-November/msg00019.html</a>)</div><div>[02/26] (<a href="http://www.redhat.com/archives/linux-audit/2011-November/msg00020.html" target="_blank">http://www.redhat.com/archives/linux-audit/2011-November/msg00020.html</a>)</div>


<div>[16/26] (<a href="http://www.redhat.com/archives/linux-audit/2011-November/msg00034.html" target="_blank">http://www.redhat.com/archives/linux-audit/2011-November/msg00034.html</a>)</div><div>[17/26] (<a href="http://www.redhat.com/archives/linux-audit/2011-November/msg00035.html" target="_blank">http://www.redhat.com/archives/linux-audit/2011-November/msg00035.html</a>)</div>


<div>[18/26] (<a href="http://www.redhat.com/archives/linux-audit/2011-November/msg00036.html" target="_blank">http://www.redhat.com/archives/linux-audit/2011-November/msg00036.html</a>)</div><div>[19/26] (<a href="http://www.redhat.com/archives/linux-audit/2011-November/msg00037.html" target="_blank">http://www.redhat.com/archives/linux-audit/2011-November/msg00037.html</a>)</div>


<div>[20/26] (<a href="http://www.redhat.com/archives/linux-audit/2011-November/msg00038.html" target="_blank">http://www.redhat.com/archives/linux-audit/2011-November/msg00038.html</a>)</div><div><br></div><div><br></div>

<div>Signed-off-by: Peter Moody <<a href="mailto:pmoody@google.com" target="_blank">pmoody@google.com</a>></div>
<div>---</div><div> include/linux/audit.h |    4 +++-</div><div> kernel/auditsc.c      |   18 ++++++++++++++++++</div><div> 2 files changed, 21 insertions(+), 1 deletions(-)</div><div><br></div><div>diff --git a/include/linux/audit.h b/include/linux/audit.h</div>


<div>index 4c5437f..cce8f35 100644</div><div>--- a/include/linux/audit.h</div><div>+++ b/include/linux/audit.h</div><div>@@ -182,8 +182,10 @@</div><div> /* AUDIT_FIELD_COMPARE rule list */</div><div> #define AUDIT_COMPARE_UID_TO_OBJ_UID   1</div>


<div> #define AUDIT_COMPARE_GID_TO_OBJ_GID   2</div><div>+#define AUDIT_COMPARE_UID_TO_EUID      3</div><div>+#define AUDIT_COMPARE_GID_TO_EGID      4</div><div> </div><div>-#define AUDIT_MAX_FIELD_COMPARE        AUDIT_COMPARE_GID_TO_OBJ_GID</div>


<div>+#define AUDIT_MAX_FIELD_COMPARE        AUDIT_COMPARE_GID_TO_EGID</div><div> /* Rule fields */</div><div> <span style="white-space:pre-wrap">                                </span>/* These are useful when checking the</div><div>
 <span style="white-space:pre-wrap">                            </span> * task structure at task creation time</div><div>diff --git a/kernel/auditsc.c b/kernel/auditsc.c</div><div>index 2be8bf3..08c8736 100644</div><div>--- a/kernel/auditsc.c</div>


<div>+++ b/kernel/auditsc.c</div><div>@@ -514,6 +514,24 @@ static int audit_field_compare(struct task_struct *tsk,</div><div> <span style="white-space:pre-wrap">         </span>       return audit_compare_id(cred, offsetof(struct cred, gid),</div>


<div> <span style="white-space:pre-wrap">                                 </span>       name, offsetof(struct audit_names, gid),</div><div> <span style="white-space:pre-wrap">                                 </span>       f, ctx);</div><div>
+<span style="white-space:pre-wrap">    </span>case AUDIT_COMPARE_UID_TO_EUID:</div><div>+<span style="white-space:pre-wrap">         </span>if(name)</div><div>+<span style="white-space:pre-wrap">                        </span>return audit_comparator(cred->euid, f->op, cred->uid);</div>


<div>+<span style="white-space:pre-wrap">         </span>else if(ctx) {</div><div>+<span style="white-space:pre-wrap">                  </span>struct audit_names *n;</div><div>+<span style="white-space:pre-wrap">                  </span>list_for_each_entry(n, &ctx->names_list, list)</div>


<div>+<span style="white-space:pre-wrap">                         </span>return audit_comparator(cred->euid, f->op, cred->uid);</div><div>+<span style="white-space:pre-wrap">         </span>}</div><div>+<span style="white-space:pre-wrap">               </span>break;</div>


<div>+<span style="white-space:pre-wrap"> </span>case AUDIT_COMPARE_GID_TO_EGID:</div><div>+<span style="white-space:pre-wrap">         </span>if(name)</div><div>+<span style="white-space:pre-wrap">                        </span>return audit_comparator(cred->egid, f->op, cred->gid);</div>


<div>+<span style="white-space:pre-wrap">         </span>else if(ctx) {</div><div>+<span style="white-space:pre-wrap">                  </span>struct audit_names *n;</div><div>+<span style="white-space:pre-wrap">                  </span>list_for_each_entry(n, &ctx->names_list, list) </div>


<div>+<span style="white-space:pre-wrap">                         </span>return audit_comparator(cred->egid, f->op, cred->gid);</div><div>+<span style="white-space:pre-wrap">         </span>}</div><div>+<span style="white-space:pre-wrap">               </span>break;</div>


<div> <span style="white-space:pre-wrap"> </span>default:</div><div> <span style="white-space:pre-wrap">                </span>return 0;</div><div> <span style="white-space:pre-wrap">       </span>}</div>
<div>-- </div><div>1.7.3.1</div><div><br></div><div><br></div>-- <br><font face="arial, helvetica, sans-serif">Peter Moody      Google    <a href="tel:1.650.253.7306" value="+16502537306" target="_blank">1.650.253.7306</a>     <br>

Security Engineer  pgp:0xC3410038</font><br><br>