[PATCH 2/5] audit: complex interfield comparison helper
Eric Paris
eparis at redhat.com
Wed Jan 4 20:51:55 UTC 2012
On Wed, 2012-01-04 at 15:47 -0500, Eric Paris wrote:
> Rather than code the same loop over and over implement a helper function which
> uses some pointer magic to make it generic enough to be used numerous places
> as we implement more audit interfield comparisons
>
> Signed-off-by: Eric Paris <eparis at redhat.com>
> ---
The change from the last version is simply to take a uid_t and a pointer
to a struct audit_name instead of taking two pointers. This allows us
to get the first uid from either a cred or the task struct.
> kernel/auditsc.c | 50 +++++++++++++++++++++++++++++++++++++++-----------
> 1 files changed, 39 insertions(+), 11 deletions(-)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index efb1763..45c13c5 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -463,25 +463,53 @@ static int match_tree_refs(struct audit_context *ctx, struct audit_tree *tree)
> return 0;
> }
>
> +static int audit_compare_id(uid_t uid1,
> + struct audit_names *name,
> + unsigned long name_offset,
> + struct audit_field *f,
> + struct audit_context *ctx)
> +{
> + struct audit_names *n;
> + unsigned long addr;
> + uid_t uid2;
> + int rc;
> +
> + if (name) {
> + addr = (unsigned long)name;
> + addr += name_offset;
> +
> + uid2 = *(uid_t *)addr;
> + rc = audit_comparator(uid1, f->op, uid2);
> + if (rc)
> + return rc;
> + }
> +
> + if (ctx) {
> + list_for_each_entry(n, &ctx->names_list, list) {
> + addr = (unsigned long)n;
> + addr += name_offset;
> +
> + uid2 = *(uid_t *)addr;
> +
> + rc = audit_comparator(uid1, f->op, uid2);
> + if (rc)
> + return rc;
> + }
> + }
> + return 0;
> +}
> +
> static int audit_field_compare(struct task_struct *tsk,
> const struct cred *cred,
> struct audit_field *f,
> struct audit_context *ctx,
> struct audit_names *name)
> {
> - struct audit_names *n;
> -
> switch (f->val) {
> case AUDIT_COMPARE_UID_TO_OBJ_UID:
> - if (name) {
> - return audit_comparator(cred->uid, f->op, name->uid);
> - } else if (ctx) {
> - list_for_each_entry(n, &ctx->names_list, list) {
> - if (audit_comparator(cred->uid, f->op, n->uid))
> - return 1;
> - }
> - }
> - break;
> + return audit_compare_id(cred->uid,
> + name, offsetof(struct audit_names, uid),
> + f, ctx);
> default:
> WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");
> return 0;
More information about the Linux-audit
mailing list