audit: validate comparison operations, store them in sane form Don't store the field->op in the messy (and very inconvenient for e.g. audit_comparator()) form; translate to dense set of values and do full validation of userland-submitted value while we are at it. ->audit_init_rule() and ->audit_match_rule() get new values now; in-tree instances updated. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit: 5af75d8d58d0f9f7b7c0515b35786b22892d5f12 [log] [tgz]
author: Al Viro <viro@zeniv.linux.org.uk> Tue Dec 16 05:59:26 2008 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> Sun Jan 04 15:14:42 2009 -0500
tree: 65707c5309133a33140c39145ae91b7c1679a877
parent: 36c4f1b18c8a7d0adb4085e7f531860b837bb6b0 [diff] [blame]
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 48bddad..8ad9545 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c

@@ -618,7 +618,7 @@
 
 	if (pathname[0] != '/' ||
 	    rule->listnr != AUDIT_FILTER_EXIT ||
-	    op & ~AUDIT_EQUAL ||
+	    op != Audit_equal ||
 	    rule->inode_f || rule->watch || rule->tree)
 		return -EINVAL;
 	rule->tree = alloc_tree(pathname);
commit	5af75d8d58d0f9f7b7c0515b35786b22892d5f12	[log] [tgz]
author	Al Viro <viro@zeniv.linux.org.uk>	Tue Dec 16 05:59:26 2008 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	Sun Jan 04 15:14:42 2009 -0500
tree	65707c5309133a33140c39145ae91b7c1679a877
parent	36c4f1b18c8a7d0adb4085e7f531860b837bb6b0 [diff] [blame]