[PATCH] Inter-field comparisons between uid/euid and gid/egid

Not sure if this is the right way to go about this, but I've got a couple of patches I'd like to be considered for inclusion. This builds off of Eric's patches from November. Specifically the following patches: [01/26] ( http://www.redhat.com/archives/linux-audit/2011-November/msg00019.html) [02/26] ( http://www.redhat.com/archives/linux-audit/2011-November/msg00020.html) [16/26] ( http://www.redhat.com/archives/linux-audit/2011-November/msg00034.html) [17/26] ( http://www.redhat.com/archives/linux-audit/2011-November/msg00035.html) [18/26] ( http://www.redhat.com/archives/linux-audit/2011-November/msg00036.html) [19/26] ( http://www.redhat.com/archives/linux-audit/2011-November/msg00037.html) [20/26] ( http://www.redhat.com/archives/linux-audit/2011-November/msg00038.html) Signed-off-by: Peter Moody <pmoody(a)google.com&gt; --- include/linux/audit.h | 4 +++- kernel/auditsc.c | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 4c5437f..cce8f35 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -182,8 +182,10 @@ /* AUDIT_FIELD_COMPARE rule list */ #define AUDIT_COMPARE_UID_TO_OBJ_UID 1 #define AUDIT_COMPARE_GID_TO_OBJ_GID 2 +#define AUDIT_COMPARE_UID_TO_EUID 3 +#define AUDIT_COMPARE_GID_TO_EGID 4 -#define AUDIT_MAX_FIELD_COMPARE AUDIT_COMPARE_GID_TO_OBJ_GID +#define AUDIT_MAX_FIELD_COMPARE AUDIT_COMPARE_GID_TO_EGID /* Rule fields */ /* These are useful when checking the * task structure at task creation time diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2be8bf3..08c8736 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -514,6 +514,24 @@ static int audit_field_compare(struct task_struct *tsk, return audit_compare_id(cred, offsetof(struct cred, gid), name, offsetof(struct audit_names, gid), f, ctx); + case AUDIT_COMPARE_UID_TO_EUID: + if(name) + return audit_comparator(cred->euid, f->op, cred->uid); + else if(ctx) { + struct audit_names *n; + list_for_each_entry(n, &ctx->names_list, list) + return audit_comparator(cred->euid, f->op, cred->uid); + } + break; + case AUDIT_COMPARE_GID_TO_EGID: + if(name) + return audit_comparator(cred->egid, f->op, cred->gid); + else if(ctx) { + struct audit_names *n; + list_for_each_entry(n, &ctx->names_list, list) + return audit_comparator(cred->egid, f->op, cred->gid); + } + break; default: return 0; } -- 1.7.3.1 -- Peter Moody Google 1.650.253.7306 Security Engineer pgp:0xC3410038