audit: validate comparison operations, store them in sane form
Don't store the field->op in the messy (and very inconvenient for e.g. audit_comparator()) form; translate to dense set of values and do full validation of userland-submitted value while we are at it. ->audit_init_rule() and ->audit_match_rule() get new values now; in-tree instances updated. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro
@@ -247,6 +247,18 @@
|
||||
#define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL)
|
||||
#define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK)
|
||||
|
||||
enum {
|
||||
Audit_equal,
|
||||
Audit_not_equal,
|
||||
Audit_bitmask,
|
||||
Audit_bittest,
|
||||
Audit_lt,
|
||||
Audit_gt,
|
||||
Audit_le,
|
||||
Audit_ge,
|
||||
Audit_bad
|
||||
};
|
||||
|
||||
/* Status symbols */
|
||||
/* Mask values */
|
||||
#define AUDIT_STATUS_ENABLED 0x0001
|
||||
|
||||
Reference in New Issue
Block a user