summaryrefslogtreecommitdiff
path: root/include/linux/audit.h
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2012-09-11 13:18:08 +0400
committerEric W. Biederman <ebiederm@xmission.com>2012-09-18 05:08:09 +0400
commitca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7 (patch)
tree874ac71ed75f3c9b44eca7dbd8efef16d481827d /include/linux/audit.h
parent860c0aaff75e714c21d325f32d36a37572b4fffb (diff)
downloadlinux-ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7.tar.xz
audit: Add typespecific uid and gid comparators
The audit filter code guarantees that uid are always compared with uids and gids are always compared with gids, as the comparason operations are type specific. Take advantage of this proper to define audit_uid_comparator and audit_gid_comparator which use the type safe comparasons from uidgid.h. Build on audit_uid_comparator and audit_gid_comparator and replace audit_compare_id with audit_compare_uid and audit_compare_gid. This is one of those odd cases where being type safe and duplicating code leads to simpler shorter and more concise code. Don't allow bitmask operations in uid and gid comparisons in audit_data_to_entry. Bitmask operations are already denined in audit_rule_to_entry. Convert constants in audit_rule_to_entry and audit_data_to_entry into kuids and kgids when appropriate. Convert the uid and gid field in struct audit_names to be of type kuid_t and kgid_t respectively, so that the new uid and gid comparators can be applied in a type safe manner. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'include/linux/audit.h')
-rw-r--r--include/linux/audit.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index b9c5b22e34a5..ca019bb74da3 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -442,6 +442,8 @@ struct audit_krule {
struct audit_field {
u32 type;
u32 val;
+ kuid_t uid;
+ kgid_t gid;
u32 op;
char *lsm_str;
void *lsm_rule;