[PATCH/RFC] audit: improve GID/EGID comparation logic

[Matvejchikov Ilya]

It is useful to extend GID/EGID comparation logic to be able to
match not only the exact EID/EGID values but the group/egroup also.

Signed-off-by: Matvejchikov Ilya <matvejchikov at gmail.com>
---
 kernel/auditsc.c |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 47b7fc1..a233faf 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -491,9 +491,23 @@ static int audit_filter_rules(struct task_struct *tsk,
 			break;
 		case AUDIT_GID:
 			result = audit_comparator(cred->gid, f->op, f->val);
+			if (f->op == Audit_equal) {
+				if (!result)
+					result = in_group_p((gid_t)f->val);
+			} else if (f->op == Audit_not_equal) {
+				if (result)
+					result = !in_group_p((gid_t)f->val);
+			}
 			break;
 		case AUDIT_EGID:
 			result = audit_comparator(cred->egid, f->op, f->val);
+			if (f->op == Audit_equal) {
+				if (!result)
+					result = in_egroup_p((gid_t)f->val);
+			} else if (f->op == Audit_not_equal) {
+				if (result)
+					result = !in_egroup_p((gid_t)f->val);
+			}
 			break;
 		case AUDIT_SGID:
 			result = audit_comparator(cred->sgid, f->op, f->val);
-- 
1.7.3.4