[PATCH] allow audit filtering on bit & operations Right now the audit filter can match on = != > < >= blah blah blah. This allow the filter to also look at bitwise AND operations, & Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit: 74f2345b6be1410f824cb7dd638d2c10a9709379 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Mon Jun 04 17:00:14 2007 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> Sun Jul 22 09:57:02 2007 -0400
tree: a9cbdb517eb01b04de3e641d87ef42ad186e91e3
parent: c926e4f432af0f61ac2b9b637fb51a4871a3fc91 [diff] [blame]
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 0ea96ba..359645c 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c

@@ -456,6 +456,13 @@
 		case AUDIT_DEVMINOR:
 		case AUDIT_EXIT:
 		case AUDIT_SUCCESS:
+			/* bit ops are only useful on syscall args */
+			if (f->op == AUDIT_BIT_MASK ||
+						f->op == AUDIT_BIT_TEST) {
+				err = -EINVAL;
+				goto exit_free;
+			}
+			break;
 		case AUDIT_ARG0:
 		case AUDIT_ARG1:
 		case AUDIT_ARG2:
@@ -1566,6 +1573,10 @@
 		return (left > right);
 	case AUDIT_GREATER_THAN_OR_EQUAL:
 		return (left >= right);
+	case AUDIT_BIT_MASK:
+		return (left & right);
+	case AUDIT_BIT_TEST:
+		return ((left & right) == right);
 	}
 	BUG();
 	return 0;
commit	74f2345b6be1410f824cb7dd638d2c10a9709379	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Mon Jun 04 17:00:14 2007 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	Sun Jul 22 09:57:02 2007 -0400
tree	a9cbdb517eb01b04de3e641d87ef42ad186e91e3
parent	c926e4f432af0f61ac2b9b637fb51a4871a3fc91 [diff] [blame]