Sophie: kernel-2.6.18-238.el5 src

kernel-2.6.18-238.el5.src.rpm

From: Alexander Viro <aviro@redhat.com>
Date: Sat, 2 Aug 2008 12:01:35 -0400
Subject: [audit] new filter type, AUDIT_FILETYPE
Message-id: 20080802160135.GJ25141@devserv.devel.redhat.com
O-Subject: [rhel5] AUDIT_FILETYPE
Bugzilla: 446707
RH-Acked-by: Eric Paris <eparis@redhat.com>
RH-Acked-by: James Morris <jmorris@redhat.com>
RH-Acked-by: Josef Bacik <jbacik@redhat.com>

As in mainline, with missing check for ctx == NULL folded in; applies to
2.6.18-101.el5.

Argument is S_IF... | <index>, where index is normally 0 or 1.
Triggers if chosen element of ctx->names[] is present and the
mode of object in question matches the upper bits of argument.
I.e. for things like "is the argument of that chmod a directory",
etc.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/include/linux/audit.h b/include/linux/audit.h
index e61a65c..9a739ad 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -203,6 +203,7 @@
 #define AUDIT_WATCH	105
 #define AUDIT_PERM	106
 #define AUDIT_DIR	107
+#define AUDIT_FILETYPE	108
 
 #define AUDIT_ARG0      200
 #define AUDIT_ARG1      (AUDIT_ARG0+1)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 77c59b7..38ac5e3 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -481,6 +481,10 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
 			if (f->val & ~15)
 				goto exit_free;
 			break;
+		case AUDIT_FILETYPE:
+			if ((f->val & ~S_IFMT) > S_IFMT)
+				goto exit_free;
+			break;
 		case AUDIT_INODE:
 			err = audit_to_inode(&entry->rule, f);
 			if (err)
@@ -652,6 +656,10 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
 			if (f->val & ~15)
 				goto exit_free;
 			break;
+		case AUDIT_FILETYPE:
+			if ((f->val & ~S_IFMT) > S_IFMT)
+				goto exit_free;
+			break;
 		default:
 			goto exit_free;
 		}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index efc81cd..f91b7d6 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -290,6 +290,19 @@ static int audit_match_perm(struct audit_context *ctx, int mask)
 	}
 }
 
+static int audit_match_filetype(struct audit_context *ctx, int which)
+{
+	unsigned index = which & ~S_IFMT;
+	mode_t mode = which & S_IFMT;
+	if (index >= ctx->name_count)
+		return 0;
+	if (ctx->names[index].ino == -1)
+		return 0;
+	if ((ctx->names[index].mode ^ mode) & S_IFMT)
+		return 0;
+	return 1;
+}
+
 /*
  * We keep a linked list of fixed-sized (31 pointer) arrays of audit_chunk *;
  * ->first_trees points to its beginning, ->trees - to the current end of data.
@@ -593,6 +606,10 @@ static int audit_filter_rules(struct task_struct *tsk,
 		case AUDIT_PERM:
 			result = audit_match_perm(ctx, f->val);
 			break;
+		case AUDIT_FILETYPE:
+			if (ctx)
+				result = audit_match_filetype(ctx, f->val);
+			break;
 		}
 
 		if (!result)