PERFORCE change 141513 for review
Vincenzo Iozzo
snagg at FreeBSD.org
Mon May 12 15:39:49 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=141513
Change 141513 by snagg at snagg_macosx on 2008/05/12 15:39:07
Did some bug-fix. The KPI is changed. audit_pipe_submit has now a new argument as well as audit_pipe_preselect. Callers of this function were modified in order to use the new KPI.
This is the new
Affected files ...
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit.c#2 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#5 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#5 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_private.h#2 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#2 edit
Differences ...
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit.c#2 (text) ====
@@ -385,7 +385,7 @@
if (au_preselect(event, class, aumask, sorf) != 0)
ar->k_ar_commit |= AR_PRESELECT_TRAIL;
if (audit_pipe_preselect(auid, event, class, sorf,
- ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0)
+ ar->k_ar_commit & AR_PRESELECT_TRAIL, ar->k_ar.ar_subj_pid) != 0)
ar->k_ar_commit |= AR_PRESELECT_PIPE;
if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE |
AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE)) == 0) {
@@ -491,7 +491,7 @@
panic("audit_failing_stop: thread continued");
}
td->td_ar = audit_new(event, td);
- } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0))
+ } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0, td->td_proc->p_pid))
td->td_ar = audit_new(event, td);
else
td->td_ar = NULL;
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#5 (text) ====
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#5 (text) ====
@@ -99,12 +99,6 @@
* We may want to consider a more space/time-efficient data structure once
* usage patterns for per-auid specifications are clear.
*/
-struct audit_pipe_preselect {
- au_id_t app_auid;
- au_mask_t app_mask;
- TAILQ_ENTRY(audit_pipe_preselect) app_list;
-};
-
struct audit_pipe_preselect_event {
int app_event;
int app_flag;
@@ -247,16 +241,15 @@
TAILQ_FOREACH(app, &ap->ap_preselect_list, app_list) {
if(app->app_pid == app_pid) {
- if(event == -1)
+ if(app_event == -1)
return (app);
for(i = 0; i < app->app_event_len; i++)
- if((app->app_auevents + i)->app_event == app_event)
+ if((app->app_auevents + i)->app_event == app_event) {
if(event_flag == -1)
- return (app)
+ return (app);
else if ((app->app_auevents + i)->app_flag == event_flag)
return (app);
-
- return (app);
+ }
}
}
@@ -317,19 +310,19 @@
* exist, and allocate. We will free it if it is unneeded.
*/
app_new = malloc(sizeof(*app_new), M_AUDIT_PIPE_PRESELECT, M_WAITOK);
- app_new->app_events= malloc(sizeof(struct audit_pipe_preselect_event) * AUDIT_NEVENTS, M_AUDIT_PIPE_PRESELECT_EVENT, M_WAITOK);
+ app_new->app_auevents= malloc(sizeof(struct audit_pipe_preselect_event) * AUDIT_NEVENTS, M_AUDIT_PIPE_PRESELECT_EVENT, M_WAITOK);
mtx_lock(&audit_pipe_mtx);
/*
* First search for the entry by its pid
*/
- app = audit_pipe_preselect_find_event(ap, -1, pid, -1);
+ app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1);
found = (app != NULL) ? 1: 0;
if(found) {
- KASSERT(num <= app->app_event_len, "Number of events is out of range");
+ KASSERT(num <= app->app_event_len, ("Number of events is out of range"));
for (i = 0; i < num; i++) {
(app->app_auevents + i)->app_event = (events + i)->app_event;
- (app->app_auevents + i)->app-flag = (events + i)->app-flag;
+ (app->app_auevents + i)->app_flag = (events + i)->app_flag;
}
} else {
app = app_new;
@@ -338,7 +331,7 @@
app->app_event_len = AUDIT_NEVENTS;
for (i = 0; i < num; i++) {
(app->app_auevents + i)->app_event = (events + i)->app_event;
- (app->app_auevents + i)->app-flag = (events + i)->app-flag;
+ (app->app_auevents + i)->app_flag = (events + i)->app_flag;
}
TAILQ_INSERT_TAIL(&ap->ap_preselect_list, app, app_list);
}
@@ -347,7 +340,7 @@
mtx_unlock(&audit_pipe_mtx);
if (app_new != NULL) {
free(app_new, M_AUDIT_PIPE_PRESELECT);
- free(app_new->app_auevents, M_AUDIT_PIPE_PRESELECT_ENTRY);
+ free(app_new->app_auevents, M_AUDIT_PIPE_PRESELECT_EVENT);
}
}
@@ -389,11 +382,11 @@
int i;
mtx_lock(&audit_pipe_mtx);
- app = audit_pipe_preselect_find(ap, event, pid, -1);
+ app = audit_pipe_preselect_find_event(ap, app_event, pid, -1);
if (app != NULL) {
for( i = 0; i < app->app_event_len; i++) {
if((app->app_auevents + i)->app_event == app_event && (app->app_auevents + i)->app_flag == app_flag) {
- free((app->app_auevents + i), M_AUDIT_PIPE_EVENT);
+ free((app->app_auevents + i), M_AUDIT_PIPE_PRESELECT_EVENT);
break;
}
}
@@ -416,7 +409,7 @@
int i;
mtx_lock(&audit_pipe_mtx);
- app = audit_pipe_preselect_find(ap, -1, pid, -1);
+ app = audit_pipe_preselect_find_event(ap, -1, pid, -1);
if (app != NULL) {
TAILQ_REMOVE(&ap->ap_preselect_list, app, app_list);
mtx_unlock(&audit_pipe_mtx);
@@ -521,7 +514,7 @@
*/
static int
audit_pipe_preselect_check(struct audit_pipe *ap, au_id_t auid,
- au_event_t event, au_class_t class, int sorf, int trail_preselect, pid_t pid)
+ au_event_t event, au_class_t class, int sorf, int trail_preselect, pid_t app_pid)
{
struct audit_pipe_preselect *app;
@@ -545,7 +538,7 @@
sorf));
case AUDITPIPE_PRESELECT_MODE_SYSCALL:
- app = audit_pipe_preselect_find_event(ap, event, pid, sorf);
+ app = audit_pipe_preselect_find_event(ap, event, app_pid, sorf);
if(app != NULL)
return (1);
@@ -559,19 +552,19 @@
/*
* Determine whether there exists a pipe interested in a record with specific
- * properties. MISS the PID in the declaration, to be done later, just don't know to change the whole kernel:P
+ * properties.
*
*/
int
audit_pipe_preselect(au_id_t auid, au_event_t event, au_class_t class,
- int sorf, int trail_preselect)
+ int sorf, int trail_preselect, pid_t app_pid)
{
struct audit_pipe *ap;
mtx_lock(&audit_pipe_mtx);
TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) {
if (audit_pipe_preselect_check(ap, auid, event, class, sorf,
- trail_preselect, -1)) {
+ trail_preselect, app_pid)) {
mtx_unlock(&audit_pipe_mtx);
return (1);
}
@@ -635,7 +628,7 @@
*/
void
audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, int sorf,
- int trail_select, void *record, u_int record_len, pid_t pid)
+ int trail_select, void *record, u_int record_len, pid_t app_pid)
{
struct audit_pipe *ap;
@@ -648,7 +641,7 @@
mtx_lock(&audit_pipe_mtx);
TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) {
if (audit_pipe_preselect_check(ap, auid, event, class, sorf,
- trail_select, pid))
+ trail_select, app_pid))
audit_pipe_append(ap, record, record_len);
}
audit_pipe_records++;
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_private.h#2 (text) ====
@@ -331,9 +331,9 @@
* Audit pipe functions.
*/
int audit_pipe_preselect(au_id_t auid, au_event_t event,
- au_class_t class, int sorf, int trail_select);
+ au_class_t class, int sorf, int trail_select, pid_t app_pid);
void audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class,
- int sorf, int trail_select, void *record, u_int record_len);
+ int sorf, int trail_select, void *record, u_int record_len, pid_t app_pid);
void audit_pipe_submit_user(void *record, u_int record_len);
#endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#2 (text) ====
@@ -365,7 +365,7 @@
if (ar->k_ar_commit & AR_PRESELECT_PIPE)
audit_pipe_submit(auid, event, class, sorf,
ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data,
- bsm->len);
+ bsm->len, ar->ar_subj_pid);
kau_free(bsm);
out:
More information about the p4-projects
mailing list