f->val = rule->values[i];
entry->rule.vers_ops = (f->op & AUDIT_OPERATORS) ? 2 : 1;
+
+ /* Support for legacy operators where
+ * AUDIT_NEGATE bit signifies != and otherwise assumes == */
if (f->op & AUDIT_NEGATE)
- f->op |= AUDIT_NOT_EQUAL;
- else if (!(f->op & AUDIT_OPERATORS))
- f->op |= AUDIT_EQUAL;
- f->op &= ~AUDIT_NEGATE;
+ f->op = AUDIT_NOT_EQUAL;
+ else if (!f->op)
+ f->op = AUDIT_EQUAL;
+ else if (f->op == AUDIT_OPERATORS) {
+ err = -EINVAL;
+ goto exit_free;
+ }
}
exit_nofree:
}
/* Add rule to given filterlist if not a duplicate. Protected by
- * audit_netlink_sem. */
+ * audit_netlink_mutex. */
static inline int audit_add_rule(struct audit_entry *entry,
struct list_head *list)
{
}
/* Remove an existing rule from filterlist. Protected by
- * audit_netlink_sem. */
+ * audit_netlink_mutex. */
static inline int audit_del_rule(struct audit_entry *entry,
struct list_head *list)
{
seq = dest[1];
kfree(dest);
- down(&audit_netlink_sem);
+ mutex_lock(&audit_netlink_mutex);
/* The *_rcu iterators not needed here because we are
- always called with audit_netlink_sem held. */
+ always called with audit_netlink_mutex held. */
for (i=0; i<AUDIT_NR_FILTERS; i++) {
list_for_each_entry(entry, &audit_filter_list[i], list) {
struct audit_rule *rule;
}
audit_send_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0);
- up(&audit_netlink_sem);
+ mutex_unlock(&audit_netlink_mutex);
return 0;
}
seq = dest[1];
kfree(dest);
- down(&audit_netlink_sem);
+ mutex_lock(&audit_netlink_mutex);
/* The *_rcu iterators not needed here because we are
- always called with audit_netlink_sem held. */
+ always called with audit_netlink_mutex held. */
for (i=0; i<AUDIT_NR_FILTERS; i++) {
list_for_each_entry(e, &audit_filter_list[i], list) {
struct audit_rule_data *data;
}
audit_send_reply(pid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0);
- up(&audit_netlink_sem);
+ mutex_unlock(&audit_netlink_mutex);
return 0;
}
return (left > right);
case AUDIT_GREATER_THAN_OR_EQUAL:
return (left >= right);
- default:
- return -EINVAL;
}
+ BUG();
+ return 0;
}