]> bbs.cooldavid.org Git - net-next-2.6.git/blobdiff - kernel/auditfilter.c
git://bbs.cooldavid.org / net-next-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Audit: add support to match lsm labels on user audit messages
[net-next-2.6.git] / kernel / auditfilter.c
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index eb7675499fb5de7e59058478efbe221fa6f054f6..add2819af71bb2a050907a49c2d228fbf0c1d00d 100644 (file)
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1252,6 +1252,18 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
                case AUDIT_LOGINUID:
                        result = audit_comparator(cb->loginuid, f->op, f->val);
                        break;
+               case AUDIT_SUBJ_USER:
+               case AUDIT_SUBJ_ROLE:
+               case AUDIT_SUBJ_TYPE:
+               case AUDIT_SUBJ_SEN:
+               case AUDIT_SUBJ_CLR:
+                       if (f->lsm_rule)
+                               result = security_audit_rule_match(cb->sid,
+                                                                  f->type,
+                                                                  f->op,
+                                                                  f->lsm_rule,
+                                                                  NULL);
+                       break;
                }
 
                if (!result)
Clone of davem's net-next-2.6 tree