audit: allow audit matching on inode gid (54d3218b) · Commits · 方亚芬 / raspberrypi_linux

include/linux/audit.h

+1 −0

+1 −0

Original line number	Diff line number	Diff line
		@@ -462,6 +462,7 @@ static struct audit_entry audit_data_to_entry(struct audit_rule_data data,
		case AUDIT_ARG2:
		case AUDIT_ARG3:
		case AUDIT_OBJ_UID:
		case AUDIT_OBJ_GID:
		break;
		case AUDIT_ARCH:
		entry->rule.arch_f = f;

+12 −0

Original line number	Diff line number	Diff line
		@@ -598,6 +598,18 @@ static int audit_filter_rules(struct task_struct *tsk,
		}
		}
		break;
		case AUDIT_OBJ_GID:
		if (name) {
		result = audit_comparator(name->gid, f->op, f->val);
		} else if (ctx) {
		list_for_each_entry(n, &ctx->names_list, list) {
		if (audit_comparator(n->gid, f->op, f->val)) {
		++result;
		break;
		}
		}
		}
		break;
		case AUDIT_WATCH:
		if (name)
		result = audit_watch_compare(rule->watch, name->ino, name->dev);