PERFORCE change 58336 for review

Tue Jul 27 17:21:57 PDT 2004

http://perforce.freebsd.org/chv.cgi?CH=58336

Change 58336 by wsalamon at wsalamon_epi on 2004/07/28 00:21:45

	Add calls to allocate, clone, and free the audit structure for the 
	proc. Clean up audit_kernel.h, removing Darwin-specific remnants, and 
	updating the AUDIT_SYSCALL_EXIT macro.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#3 edit
.. //depot/projects/trustedbsd/audit3/sys/kern/init_main.c#2 edit
.. //depot/projects/trustedbsd/audit3/sys/kern/kern_exit.c#2 edit
.. //depot/projects/trustedbsd/audit3/sys/kern/kern_fork.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#3 (text+ko) ====

@@ -343,30 +343,13 @@
  * auditing is enabled, or we have a audit record on the thread. It is 
  * possible that an audit record was begun before auditing was turned off.
  */
-#define AUDIT_SYSCALL_EXIT(error, proc, uthread)	do {		\
-	if (audit_enabled | (uthread->uu_ar != NULL)) {			\
-		audit_syscall_exit(error, proc, uthread);		\
+#define AUDIT_SYSCALL_EXIT(error, td)	do {				\
+	if (audit_enabled | (td->td_ar != NULL)) {			\
+		audit_syscall_exit(error, td);				\
 	}								\
 	} while (0)
 
 /*
- * Wrap the audit_mach_syscall_enter() and audit_mach_syscall_exit()
- * functions in a manner similar to other system call enter/exit functions.
- */
-#define AUDIT_MACH_SYSCALL_ENTER(args...)       do {			\
-	if (audit_enabled) {						\
-		audit_mach_syscall_enter(args);				\
-	}								\
-	} while (0)
-
-#define AUDIT_MACH_SYSCALL_EXIT(retval) 	do {			\
-	struct uthread *uthread = get_bsdthread_info(current_act());	\
-	if (audit_enabled | (uthread->uu_ar != NULL)) {			\
-		audit_mach_syscall_exit(retval, uthread);		\
-	}								\
-	} while (0)
-
-/*
  * A Macro to wrap the audit_sysclose() function.
  */
 #define	AUDIT_SYSCLOSE(args...)	do {					\
@@ -378,13 +361,7 @@
 #define AUDIT_SYSCALL_ENTER(args...)	do {				\
 	} while (0)
 
-#define AUDIT_SYSCALL_EXIT(error, proc, uthread)	do {		\
-	} while (0)
-
-#define AUDIT_MACH_SYSCALL_ENTER(args...)       do {			\
-	} while (0)
-
-#define AUDIT_MACH_SYSCALL_EXIT(retval) 	do {			\
+#define AUDIT_SYSCALL_EXIT(error, td)	do {				\
 	} while (0)
 
 #define	AUDIT_SYSCLOSE(op, args...)	do {				\

==== //depot/projects/trustedbsd/audit3/sys/kern/init_main.c#2 (text+ko) ====

@@ -76,6 +76,8 @@
 
 #include <machine/cpu.h>
 
+#include <bsm/audit_kernel.h>
+
 #include <vm/vm.h>
 #include <vm/vm_param.h>
 #include <vm/pmap.h>
@@ -407,6 +409,10 @@
 	p->p_ucred->cr_uidinfo = uifind(0);
 	p->p_ucred->cr_ruidinfo = uifind(0);
 	p->p_ucred->cr_prison = NULL;	/* Don't jail it. */
+#ifdef AUDIT
+	audit_proc_alloc(p);
+	audit_proc_kproc0(p);
+#endif
 #ifdef MAC
 	mac_create_proc0(p->p_ucred);
 #endif
@@ -705,6 +711,9 @@
 #ifdef MAC
 	mac_create_proc1(newcred);
 #endif
+#ifdef AUDIT
+	audit_proc_init(initproc);
+#endif
 	initproc->p_ucred = newcred;
 	PROC_UNLOCK(initproc);
 	crfree(oldcred);

==== //depot/projects/trustedbsd/audit3/sys/kern/kern_exit.c#2 (text+ko) ====

@@ -69,6 +69,8 @@
 #include <sys/ktrace.h>
 #endif
 
+#include <bsm/audit_kernel.h>
+
 #include <vm/vm.h>
 #include <vm/vm_extern.h>
 #include <vm/vm_param.h>
@@ -178,6 +180,10 @@
 	p->p_flag |= P_WEXIT;
 	PROC_UNLOCK(p);
 
+#ifdef AUDIT
+	AUDIT_SYSCALL_EXIT(0, td);
+#endif
+
 	/* Are we a task leader? */
 	if (p == p->p_leader) {
 		mtx_lock(&ppeers_lock);
@@ -702,6 +708,9 @@
 #ifdef MAC
 			mac_destroy_proc(p);
 #endif
+#ifdef AUDIT
+			audit_proc_free(p);
+#endif
 			KASSERT(FIRST_THREAD_IN_PROC(p),
 			    ("kern_wait: no residual thread!"));
 			uma_zfree(proc_zone, p);

==== //depot/projects/trustedbsd/audit3/sys/kern/kern_fork.c#2 (text+ko) ====

@@ -65,6 +65,8 @@
 #include <sys/unistd.h>	
 #include <sys/sx.h>
 
+#include <bsm/audit_kernel.h>
+
 #include <vm/vm.h>
 #include <vm/pmap.h>
 #include <vm/vm_map.h>
@@ -287,6 +289,9 @@
 #ifdef MAC
 	mac_init_proc(newproc);
 #endif
+#ifdef AUDIT
+	audit_proc_alloc(newproc);
+#endif
 
 	/* We have to lock the process tree while we look for a pid. */
 	sx_slock(&proctree_lock);
@@ -520,7 +525,9 @@
 	mtx_unlock_spin(&sched_lock);
 	p2->p_ucred = crhold(td->td_ucred);
 	td2->td_ucred = crhold(p2->p_ucred);	/* XXXKSE */
-
+#ifdef AUDIT
+	audit_proc_fork(p1, p2);
+#endif
 	pargs_hold(p2->p_args);
 
 	if (flags & RFSIGSHARE) {
@@ -758,6 +765,9 @@
 #ifdef MAC
 	mac_destroy_proc(newproc);
 #endif
+#ifdef AUDIT
+	audit_proc_free(newproc);
+#endif
 	uma_zfree(proc_zone, newproc);
 	if (p1->p_flag & P_SA) {
 		PROC_LOCK(p1);
