lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

audit: validate comparison operations, store them in sane form

Browse Source 
Don't store the field->op in the messy (and very inconvenient for e.g.
audit_comparator()) form; translate to dense set of values and do full
validation of userland-submitted value while we are at it.

->audit_init_rule() and ->audit_match_rule() get new values now; in-tree
instances updated.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro
2008-12-16 05:59:26 -05:00
parent 36c4f1b18c
commit 5af75d8d58
5 changed files with 94 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
security/smack/smack_lsm.c
View File

@@ -2492,7 +2492,7 @@ static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
return -EINVAL;
if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
if (op != Audit_equal && op != Audit_not_equal)
return -EINVAL;
*rule = smk_import(rulestr, 0);
@@ -2556,9 +2556,9 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
* both pointers will point to the same smack_known
* label.
*/
if (op == AUDIT_EQUAL)
if (op == Audit_equal)
return (rule == smack);
if (op == AUDIT_NOT_EQUAL)
if (op == Audit_not_equal)
return (rule != smack);
return 0;