PERFORCE change 141541 for review
Vincenzo Iozzo
snagg at FreeBSD.org
Tue May 13 00:03:54 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=141541
Change 141541 by snagg at snagg_macosx on 2008/05/13 00:03:44
Sync missing.
Affected files ...
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#7 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#7 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#4 edit
Differences ...
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#7 (text) ====
@@ -38,11 +38,24 @@
* structures, add new revised ones to be used by new ioctls, and keep the
* old structures and ioctls for backwards compatibility.
*/
+struct auditpipe_ioctl_preselect_event {
+ int app_event;
+ int app_flag;
+};
+
struct auditpipe_ioctl_preselect {
au_id_t aip_auid;
au_mask_t aip_mask;
+ pid_t app_pid;
+ struct auditpipe_ioctl_preselect_event *app_auevents;
+ int app_event_len;
};
+struct auditpipe_ioctl_preselect_old {
+ au_id_t aip_auid;
+ au_mask_t aip_mask;
+};
+
/*
* Possible modes of operation for audit pipe preselection.
*/
@@ -72,6 +85,12 @@
#define AUDITPIPE_SET_PRESELECT_MODE _IOW(AUDITPIPE_IOBASE, 15, int)
#define AUDITPIPE_FLUSH _IO(AUDITPIPE_IOBASE, 16)
#define AUDITPIPE_GET_MAXAUDITDATA _IOR(AUDITPIPE_IOBASE, 17, u_int)
+#define AUDITPIPE_GET_PRESELECT_EVENT_LIST _IOR(AUDITPIPE_IOBASE, 18, \
+ struct auditpipe_ioctl_preselect)
+#define AUDITPIPE_SET_PRESELECT_EVENTS _IOW(AUDITPIPE_IOBASE, 19, \
+ struct auditpipe_ioctl_preselect)
+#define AUDITPIPE_DELETE_PRESELECT_PID _IOW(AUDITPIPE_IOBASE, 20, pid_t)
+#define AUDITPIPE_FLUSH_PRESELECT_EVENTS _IO(AUDITPIPE_IOBASE, 21)
/*
* Ioctls to retrieve audit pipe statistics.
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#7 (text) ====
@@ -104,8 +104,7 @@
int app_flag;
};
-struct audit_pipe_preselect
-{
+struct audit_pipe_preselect {
au_id_t app_auid;
au_mask_t app_mask;
pid_t app_pid;
@@ -274,6 +273,27 @@
}
/*
+ * Query the per-pipe events list for a specific pid.
+ */
+static int
+audit_pipe_preselect_get_events_list(struct audit_pipe *ap,
+ pid_t app_pid, struct audit_pipe_preselect_event *app_events)
+{
+ struct audit_pipe_preselect *app;
+ int error;
+
+ mtx_lock(&audit_pipe_mtx);
+ app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1);
+ if (app != NULL) {
+ app_events = app->app_auevents;
+ error = 0;
+ } else
+ error = ENOENT;
+ mtx_unlock(&audit_pipe_mtx);
+ return (error);
+}
+
+/*
* Query the per-pipe mask for a specific auid.
*/
static int
@@ -373,8 +393,9 @@
}
/*
- * Delete a per-event entry on an audit pipe.
+ * Delete a per-event entry on an audit pipe. DON'T KNOW WHETHER IT IS USEFUL OR NOT
*/
+/*
static int
audit_pipe_preselect_delete_event(struct audit_pipe *ap, int app_event, pid_t pid, int app_flag)
{
@@ -398,6 +419,7 @@
return (ENOENT);
}
+*/
/*
* Delete a per-pid entry on an audit pipe wiping the whole entry.
@@ -871,7 +893,8 @@
au_mask_t *maskp;
int error, mode;
au_id_t auid;
-
+ pid_t app_pid;
+
ap = dev->si_drv1;
KASSERT(ap != NULL, ("audit_pipe_ioctl: ap == NULL"));
@@ -988,7 +1011,19 @@
error = audit_pipe_preselect_get(ap, aip->aip_auid,
&aip->aip_mask);
break;
+
+ case AUDITPIPE_GET_PRESELECT_EVENT_LIST:
+ aip = (struct auditpipe_ioctl_preselect *)data;
+ error = audit_pipe_preselect_get_events_list(ap, aip->app_pid,
+ (struct audit_pipe_preselect_event *)aip->app_auevents);
+ break;
+ case AUDITPIPE_SET_PRESELECT_EVENTS:
+ aip = (struct auditpipe_ioctl_preselect *)data;
+ audit_pipe_preselect_set_events(ap, aip->app_pid, (struct audit_pipe_preselect_event *)taip->app_auevents, aip->app_event_len);
+ error = 0;
+ break;
+
case AUDITPIPE_SET_PRESELECT_AUID:
aip = (struct auditpipe_ioctl_preselect *)data;
audit_pipe_preselect_set(ap, aip->aip_auid, aip->aip_mask);
@@ -1000,11 +1035,21 @@
error = audit_pipe_preselect_delete(ap, auid);
break;
+ case AUDITPIPE_DELETE_PRESELECT_PID:
+ app_pid = *(pid_t *)data;
+ error = audit_pipe_preselect_delete_pid(ap, app_pid);
+ break;
+
case AUDITPIPE_FLUSH_PRESELECT_AUID:
audit_pipe_preselect_flush(ap);
error = 0;
break;
+ case AUDITPIPE_FLUSH_PRESELECT_EVENTS:
+ audit_pipe_preselect_events_flush(ap);
+ error = 0;
+ break;
+
case AUDITPIPE_GET_PRESELECT_MODE:
mtx_lock(&audit_pipe_mtx);
*(int *)data = ap->ap_preselect_mode;
@@ -1017,6 +1062,7 @@
switch (mode) {
case AUDITPIPE_PRESELECT_MODE_TRAIL:
case AUDITPIPE_PRESELECT_MODE_LOCAL:
+ case AUDITPIPE_PRESELECT_MODE_SYSCALL:
mtx_lock(&audit_pipe_mtx);
ap->ap_preselect_mode = mode;
mtx_unlock(&audit_pipe_mtx);
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#4 (text) ====
@@ -365,7 +365,7 @@
if (ar->k_ar_commit & AR_PRESELECT_PIPE)
audit_pipe_submit(auid, event, class, sorf,
ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data,
- bsm->len, ar->ar_subj_pid);
+ bsm->len, ar->k_ar.ar_subj_pid);
kau_free(bsm);
out:
More information about the p4-projects
mailing list