audit: allow not equal op for audit by executable · 2dde48178b - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

audit: allow not equal op for audit by executable

[ Upstream commit 23bcc480dac204c7dbdf49d96b2c918ed98223c2 ]

Current implementation of auditing by executable name only implements
the 'equal' operator. This patch extends it to also support the 'not
equal' operator.

See: https://github.com/linux-audit/audit-kernel/issues/53

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

This commit is contained in:

Ondrej Mosnáček

2018-04-09 10:00:06 +02:00

• committed by

Greg Kroah-Hartman

parent 7315e0d38a

commit 2dde48178b

2 changed files with 3 additions and 1 deletions

									
										2

kernel/auditfilter.c
									
										View file
										
				@ -406,7 +406,7 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)

							return -EINVAL;

						break;

					case AUDIT_EXE:

						if (f->op != Audit_equal)

						if (f->op != Audit_not_equal && f->op != Audit_equal)

							return -EINVAL;

						if (entry->rule.listnr != AUDIT_FILTER_EXIT)

							return -EINVAL;

									
										2

kernel/auditsc.c
									
										View file
										
				@ -470,6 +470,8 @@ static int audit_filter_rules(struct task_struct *tsk,

							break;

						case AUDIT_EXE:

							result = audit_exe_compare(tsk, rule->exe);

							if (f->op == Audit_not_equal)

								result = !result;

							break;

						case AUDIT_UID:

							result = audit_uid_comparator(cred->uid, f->op, f->uid);