Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/apparmor/audit.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * AppArmor security module
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * This file contains AppArmor auditing functions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * Copyright (C) 1998-2008 Novell/SUSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  * Copyright 2009-2010 Canonical Ltd.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <linux/socket.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include "include/apparmor.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include "include/audit.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include "include/policy.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include "include/policy_ns.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include "include/secid.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) const char *const audit_mode_names[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 	"normal",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 	"quiet_denied",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 	"quiet",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 	"noquiet",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 	"all"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) static const char *const aa_audit_type[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 	"AUDIT",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 	"ALLOWED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 	"DENIED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 	"HINT",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 	"STATUS",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	"ERROR",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 	"KILLED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	"AUTO"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40)  * Currently AppArmor auditing is fed straight into the audit framework.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42)  * TODO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43)  * netlink interface for complain mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44)  * user auditing, - send user auditing to netlink interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45)  * system control of whether user audit messages go to system log
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49)  * audit_base - core AppArmor function.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50)  * @ab: audit buffer to fill (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51)  * @ca: audit structure containing data to audit (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53)  * Record common AppArmor audit data from @sa
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) static void audit_pre(struct audit_buffer *ab, void *ca)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	struct common_audit_data *sa = ca;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 	if (aa_g_audit_header) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 		audit_log_format(ab, "apparmor=\"%s\"",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 				 aa_audit_type[aad(sa)->type]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	if (aad(sa)->op) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 		audit_log_format(ab, " operation=\"%s\"", aad(sa)->op);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 	if (aad(sa)->info) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 		audit_log_format(ab, " info=\"%s\"", aad(sa)->info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 		if (aad(sa)->error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 			audit_log_format(ab, " error=%d", aad(sa)->error);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	if (aad(sa)->label) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 		struct aa_label *label = aad(sa)->label;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 		if (label_isprofile(label)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 			struct aa_profile *profile = labels_profile(label);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 			if (profile->ns != root_ns) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 				audit_log_format(ab, " namespace=");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 				audit_log_untrustedstring(ab,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 						       profile->ns->base.hname);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 			audit_log_format(ab, " profile=");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 			audit_log_untrustedstring(ab, profile->base.hname);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 		} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 			audit_log_format(ab, " label=");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 			aa_label_xaudit(ab, root_ns, label, FLAG_VIEW_SUBNS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 					GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 	if (aad(sa)->name) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 		audit_log_format(ab, " name=");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 		audit_log_untrustedstring(ab, aad(sa)->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101)  * aa_audit_msg - Log a message to the audit subsystem
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)  * @sa: audit event structure (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103)  * @cb: optional callback fn for type specific fields (MAYBE NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) void aa_audit_msg(int type, struct common_audit_data *sa,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 		  void (*cb) (struct audit_buffer *, void *))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	aad(sa)->type = type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	common_lsm_audit(sa, audit_pre, cb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113)  * aa_audit - Log a profile based audit event to the audit subsystem
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)  * @type: audit type for the message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115)  * @profile: profile to check against (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)  * @sa: audit event (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117)  * @cb: optional callback fn for type specific fields (MAYBE NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119)  * Handle default message switching based off of audit mode flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121)  * Returns: error on failure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 	     void (*cb) (struct audit_buffer *, void *))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	AA_BUG(!profile);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 	if (type == AUDIT_APPARMOR_AUTO) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 		if (likely(!aad(sa)->error)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 			if (AUDIT_MODE(profile) != AUDIT_ALL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 				return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 			type = AUDIT_APPARMOR_AUDIT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 		} else if (COMPLAIN_MODE(profile))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 			type = AUDIT_APPARMOR_ALLOWED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 			type = AUDIT_APPARMOR_DENIED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 	if (AUDIT_MODE(profile) == AUDIT_QUIET ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 	    (type == AUDIT_APPARMOR_DENIED &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	     AUDIT_MODE(profile) == AUDIT_QUIET))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 		return aad(sa)->error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 		type = AUDIT_APPARMOR_KILL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 	aad(sa)->label = &profile->label;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	aa_audit_msg(type, sa, cb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	if (aad(sa)->type == AUDIT_APPARMOR_KILL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 		(void)send_sig_info(SIGKILL, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 			sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 				    sa->u.tsk : current);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	if (aad(sa)->type == AUDIT_APPARMOR_ALLOWED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 		return complain_error(aad(sa)->error);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 	return aad(sa)->error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) struct aa_audit_rule {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	struct aa_label *label;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) void aa_audit_rule_free(void *vrule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	struct aa_audit_rule *rule = vrule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	if (rule) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 		if (!IS_ERR(rule->label))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 			aa_put_label(rule->label);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 		kfree(rule);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 	struct aa_audit_rule *rule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	switch (field) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	case AUDIT_SUBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 		if (op != Audit_equal && op != Audit_not_equal)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 	rule = kzalloc(sizeof(struct aa_audit_rule), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 	if (!rule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 	/* Currently rules are treated as coming from the root ns */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 	rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 				     GFP_KERNEL, true, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	if (IS_ERR(rule->label)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 		int err = PTR_ERR(rule->label);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 		aa_audit_rule_free(rule);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 		return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 	*vrule = rule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) int aa_audit_rule_known(struct audit_krule *rule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 	int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	for (i = 0; i < rule->field_count; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 		struct audit_field *f = &rule->fields[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 		switch (f->type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 		case AUDIT_SUBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 			return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	struct aa_audit_rule *rule = vrule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	struct aa_label *label;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 	int found = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 	label = aa_secid_to_label(sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	if (!label)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 		return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	if (aa_label_is_subset(label, rule->label))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 		found = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	switch (field) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	case AUDIT_SUBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 		switch (op) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 		case Audit_equal:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 			return found;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 		case Audit_not_equal:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 			return !found;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.