audit: validate comparison operations, store them in sane form

Don't store the field->op in the messy (and very inconvenient for e.g. audit_comparator()) form; translate to dense set of values and do full validation of userland-submitted value while we are at it. ->audit_init_rule() and ->audit_match_rule() get new values now; in-tree instances updated. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2008-12-16 05:59:26 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2009-01-04 15:14:42 -0500
commit: 5af75d8d58d0f9f7b7c0515b35786b22892d5f12 (patch)
tree: 65707c5309133a33140c39145ae91b7c1679a877 /include
parent: 36c4f1b18c8a7d0adb4085e7f531860b837bb6b0 (diff)
download: linux-5af75d8d58d0f9f7b7c0515b35786b22892d5f12.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index cc71fdb56ae2..67e5dbfc2961 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -247,6 +247,18 @@
 #define AUDIT_GREATER_THAN_OR_EQUAL	(AUDIT_GREATER_THAN|AUDIT_EQUAL)
 #define AUDIT_OPERATORS			(AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK)
 
+enum {
+	Audit_equal,
+	Audit_not_equal,
+	Audit_bitmask,
+	Audit_bittest,
+	Audit_lt,
+	Audit_gt,
+	Audit_le,
+	Audit_ge,
+	Audit_bad
+};
+
 /* Status symbols */
 				/* Mask values */
 #define AUDIT_STATUS_ENABLED		0x0001
author	Al Viro <viro@zeniv.linux.org.uk>	2008-12-16 05:59:26 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2009-01-04 15:14:42 -0500
commit	5af75d8d58d0f9f7b7c0515b35786b22892d5f12 (patch)
tree	65707c5309133a33140c39145ae91b7c1679a877 /include
parent	36c4f1b18c8a7d0adb4085e7f531860b837bb6b0 (diff)
download	linux-5af75d8d58d0f9f7b7c0515b35786b22892d5f12.tar.gz