PERFORCE change 141541 for review

Tue May 13 00:03:54 UTC 2008

http://perforce.freebsd.org/chv.cgi?CH=141541

Change 141541 by snagg at snagg_macosx on 2008/05/13 00:03:44

	Sync missing. 

Affected files ...

.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#7 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#7 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#4 edit

Differences ...

==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#7 (text) ====

@@ -38,11 +38,24 @@
  * structures, add new revised ones to be used by new ioctls, and keep the
  * old structures and ioctls for backwards compatibility.
  */
+struct auditpipe_ioctl_preselect_event {
+	int		app_event; 
+	int		app_flag;	
+};
+
 struct auditpipe_ioctl_preselect {
 	au_id_t		aip_auid;
 	au_mask_t	aip_mask;
+	pid_t		app_pid;
+	struct 	auditpipe_ioctl_preselect_event *app_auevents;
+	int		app_event_len;
 };
 
+struct auditpipe_ioctl_preselect_old {
+	au_id_t		aip_auid;
+	au_mask_t	aip_mask;
+};
+
 /*
  * Possible modes of operation for audit pipe preselection.
  */
@@ -72,6 +85,12 @@
 #define	AUDITPIPE_SET_PRESELECT_MODE	_IOW(AUDITPIPE_IOBASE, 15, int)
 #define	AUDITPIPE_FLUSH			_IO(AUDITPIPE_IOBASE, 16)
 #define	AUDITPIPE_GET_MAXAUDITDATA	_IOR(AUDITPIPE_IOBASE, 17, u_int)
+#define	AUDITPIPE_GET_PRESELECT_EVENT_LIST	_IOR(AUDITPIPE_IOBASE, 18,	\
+					    struct auditpipe_ioctl_preselect)
+#define	AUDITPIPE_SET_PRESELECT_EVENTS	_IOW(AUDITPIPE_IOBASE, 19,	\
+					    struct auditpipe_ioctl_preselect)
+#define	AUDITPIPE_DELETE_PRESELECT_PID	_IOW(AUDITPIPE_IOBASE, 20, pid_t)
+#define	AUDITPIPE_FLUSH_PRESELECT_EVENTS	_IO(AUDITPIPE_IOBASE, 21)
 
 /*
  * Ioctls to retrieve audit pipe statistics.

==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#7 (text) ====

@@ -104,8 +104,7 @@
 	int		app_flag;	
 };
 
-struct audit_pipe_preselect
-{
+struct audit_pipe_preselect {
 	au_id_t		app_auid;
 	au_mask_t	app_mask;
 	pid_t		app_pid;
@@ -274,6 +273,27 @@
 }
 
 /*
+ * Query the per-pipe events list for a specific pid.
+ */
+static int
+audit_pipe_preselect_get_events_list(struct audit_pipe *ap, 
+	pid_t app_pid, struct audit_pipe_preselect_event *app_events)
+{
+	struct audit_pipe_preselect *app;
+	int error;
+
+	mtx_lock(&audit_pipe_mtx);
+	app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1);
+	if (app != NULL) {
+		app_events = app->app_auevents;
+		error = 0;
+	} else
+		error = ENOENT;
+	mtx_unlock(&audit_pipe_mtx);
+	return (error);
+}
+
+/*
  * Query the per-pipe mask for a specific auid.
  */
 static int
@@ -373,8 +393,9 @@
 }
 
 /*
- * Delete a per-event entry on an audit pipe.
+ * Delete a per-event entry on an audit pipe. DON'T KNOW WHETHER IT IS USEFUL OR NOT
  */
+/*
 static int
 audit_pipe_preselect_delete_event(struct audit_pipe *ap, int app_event, pid_t pid, int app_flag)
 {
@@ -398,6 +419,7 @@
 	return (ENOENT);
 
 }
+*/
 
 /*
  * Delete a per-pid entry on an audit pipe wiping the whole entry.
@@ -871,7 +893,8 @@
 	au_mask_t *maskp;
 	int error, mode;
 	au_id_t auid;
-
+	pid_t app_pid;
+	
 	ap = dev->si_drv1;
 	KASSERT(ap != NULL, ("audit_pipe_ioctl: ap == NULL"));
 
@@ -988,7 +1011,19 @@
 		error = audit_pipe_preselect_get(ap, aip->aip_auid,
 		    &aip->aip_mask);
 		break;
+	
+	case AUDITPIPE_GET_PRESELECT_EVENT_LIST:
+		aip = (struct auditpipe_ioctl_preselect *)data;
+		error = audit_pipe_preselect_get_events_list(ap, aip->app_pid,
+		    (struct audit_pipe_preselect_event *)aip->app_auevents);
+		break;
 
+	case AUDITPIPE_SET_PRESELECT_EVENTS:
+		aip = (struct auditpipe_ioctl_preselect *)data;
+		audit_pipe_preselect_set_events(ap, aip->app_pid, (struct audit_pipe_preselect_event *)taip->app_auevents, aip->app_event_len);
+		error = 0;
+		break;
+	
 	case AUDITPIPE_SET_PRESELECT_AUID:
 		aip = (struct auditpipe_ioctl_preselect *)data;
 		audit_pipe_preselect_set(ap, aip->aip_auid, aip->aip_mask);
@@ -1000,11 +1035,21 @@
 		error = audit_pipe_preselect_delete(ap, auid);
 		break;
 
+	case AUDITPIPE_DELETE_PRESELECT_PID:
+		app_pid = *(pid_t *)data;
+		error = audit_pipe_preselect_delete_pid(ap, app_pid);
+		break;
+	
 	case AUDITPIPE_FLUSH_PRESELECT_AUID:
 		audit_pipe_preselect_flush(ap);
 		error = 0;
 		break;
 
+	case AUDITPIPE_FLUSH_PRESELECT_EVENTS:
+		audit_pipe_preselect_events_flush(ap);
+		error = 0;
+		break;
+
 	case AUDITPIPE_GET_PRESELECT_MODE:
 		mtx_lock(&audit_pipe_mtx);
 		*(int *)data = ap->ap_preselect_mode;
@@ -1017,6 +1062,7 @@
 		switch (mode) {
 		case AUDITPIPE_PRESELECT_MODE_TRAIL:
 		case AUDITPIPE_PRESELECT_MODE_LOCAL:
+		case AUDITPIPE_PRESELECT_MODE_SYSCALL:
 			mtx_lock(&audit_pipe_mtx);
 			ap->ap_preselect_mode = mode;
 			mtx_unlock(&audit_pipe_mtx);

==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#4 (text) ====

@@ -365,7 +365,7 @@
 	if (ar->k_ar_commit & AR_PRESELECT_PIPE)
 		audit_pipe_submit(auid, event, class, sorf,
 		    ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data,
-		    bsm->len, ar->ar_subj_pid);
+		    bsm->len, ar->k_ar.ar_subj_pid);
 
 	kau_free(bsm);
 out:
