audit: comparison on interprocess fields
This allows audit to specify rules in which we compare two fields of a process. Such as is the running process uid != to the running process euid? Signed-off-by: Peter Moody <pmoody@google.com> Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
4a6633ed08
commit
10d6836087
2 changed files with 62 additions and 1 deletions
|
@ -193,7 +193,29 @@
|
|||
#define AUDIT_COMPARE_FSUID_TO_OBJ_UID 8
|
||||
#define AUDIT_COMPARE_FSGID_TO_OBJ_GID 9
|
||||
|
||||
#define AUDIT_MAX_FIELD_COMPARE AUDIT_COMPARE_FSGID_TO_OBJ_GID
|
||||
#define AUDIT_COMPARE_UID_TO_AUID 10
|
||||
#define AUDIT_COMPARE_UID_TO_EUID 11
|
||||
#define AUDIT_COMPARE_UID_TO_FSUID 12
|
||||
#define AUDIT_COMPARE_UID_TO_SUID 13
|
||||
|
||||
#define AUDIT_COMPARE_AUID_TO_FSUID 14
|
||||
#define AUDIT_COMPARE_AUID_TO_SUID 15
|
||||
#define AUDIT_COMPARE_AUID_TO_EUID 16
|
||||
|
||||
#define AUDIT_COMPARE_EUID_TO_SUID 17
|
||||
#define AUDIT_COMPARE_EUID_TO_FSUID 18
|
||||
|
||||
#define AUDIT_COMPARE_SUID_TO_FSUID 19
|
||||
|
||||
#define AUDIT_COMPARE_GID_TO_EGID 20
|
||||
#define AUDIT_COMPARE_GID_TO_FSGID 21
|
||||
#define AUDIT_COMPARE_GID_TO_SGID 22
|
||||
|
||||
#define AUDIT_COMPARE_EGID_TO_FSGID 23
|
||||
#define AUDIT_COMPARE_EGID_TO_SGID 24
|
||||
#define AUDIT_COMPARE_SGID_TO_FSGID 25
|
||||
|
||||
#define AUDIT_MAX_FIELD_COMPARE AUDIT_COMPARE_SGID_TO_FSGID
|
||||
|
||||
/* Rule fields */
|
||||
/* These are useful when checking the
|
||||
|
|
|
@ -545,6 +545,45 @@ static int audit_field_compare(struct task_struct *tsk,
|
|||
return audit_compare_id(cred->fsgid,
|
||||
name, offsetof(struct audit_names, gid),
|
||||
f, ctx);
|
||||
/* uid comparisons */
|
||||
case AUDIT_COMPARE_UID_TO_AUID:
|
||||
return audit_comparator(cred->uid, f->op, tsk->loginuid);
|
||||
case AUDIT_COMPARE_UID_TO_EUID:
|
||||
return audit_comparator(cred->uid, f->op, cred->euid);
|
||||
case AUDIT_COMPARE_UID_TO_SUID:
|
||||
return audit_comparator(cred->uid, f->op, cred->suid);
|
||||
case AUDIT_COMPARE_UID_TO_FSUID:
|
||||
return audit_comparator(cred->uid, f->op, cred->fsuid);
|
||||
/* auid comparisons */
|
||||
case AUDIT_COMPARE_AUID_TO_EUID:
|
||||
return audit_comparator(tsk->loginuid, f->op, cred->euid);
|
||||
case AUDIT_COMPARE_AUID_TO_SUID:
|
||||
return audit_comparator(tsk->loginuid, f->op, cred->suid);
|
||||
case AUDIT_COMPARE_AUID_TO_FSUID:
|
||||
return audit_comparator(tsk->loginuid, f->op, cred->fsuid);
|
||||
/* euid comparisons */
|
||||
case AUDIT_COMPARE_EUID_TO_SUID:
|
||||
return audit_comparator(cred->euid, f->op, cred->suid);
|
||||
case AUDIT_COMPARE_EUID_TO_FSUID:
|
||||
return audit_comparator(cred->euid, f->op, cred->fsuid);
|
||||
/* suid comparisons */
|
||||
case AUDIT_COMPARE_SUID_TO_FSUID:
|
||||
return audit_comparator(cred->suid, f->op, cred->fsuid);
|
||||
/* gid comparisons */
|
||||
case AUDIT_COMPARE_GID_TO_EGID:
|
||||
return audit_comparator(cred->gid, f->op, cred->egid);
|
||||
case AUDIT_COMPARE_GID_TO_SGID:
|
||||
return audit_comparator(cred->gid, f->op, cred->sgid);
|
||||
case AUDIT_COMPARE_GID_TO_FSGID:
|
||||
return audit_comparator(cred->gid, f->op, cred->fsgid);
|
||||
/* egid comparisons */
|
||||
case AUDIT_COMPARE_EGID_TO_SGID:
|
||||
return audit_comparator(cred->egid, f->op, cred->sgid);
|
||||
case AUDIT_COMPARE_EGID_TO_FSGID:
|
||||
return audit_comparator(cred->egid, f->op, cred->fsgid);
|
||||
/* sgid comparison */
|
||||
case AUDIT_COMPARE_SGID_TO_FSGID:
|
||||
return audit_comparator(cred->sgid, f->op, cred->fsgid);
|
||||
default:
|
||||
WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");
|
||||
return 0;
|
||||
|
|
Loading…
Reference in a new issue