PERFORCE change 141979 for review

Vincenzo Iozzo snagg at FreeBSD.org
Wed May 21 16:13:00 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=141979

Change 141979 by snagg at snagg_macosx on 2008/05/21 16:12:47

	Added AUDITPIPE_PRESELECT_MODE_PID that way we could select all 	events for a given pid.

Affected files ...

.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#10 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#12 edit

Differences ...

==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#10 (text) ====

@@ -49,7 +49,7 @@
 	pid_t		app_pid;
 	struct 	auditpipe_ioctl_preselect_event *app_auevents;
 	int		app_event_len;
-}auditpipe_ioctl_preselect;
+};
 
 struct auditpipe_ioctl_preselect_old {
 	au_id_t		aip_auid;
@@ -61,8 +61,8 @@
  */
 #define	AUDITPIPE_PRESELECT_MODE_TRAIL	1	/* Global audit trail. */
 #define	AUDITPIPE_PRESELECT_MODE_LOCAL	2	/* Local audit trail. */
-#define	AUDITPIPE_PRESELECT_MODE_EVENT	3 /* Events based audit trail */
-
+#define	AUDITPIPE_PRESELECT_MODE_EVENT	3 /* Events-pid based audit trail */
+#define AUDITPIPE_PRESELECT_MODE_PID	4 /*Pid based audit trail*/
 /*
  * Ioctls to read and control the behavior of individual audit pipe devices.
  */

==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#12 (text) ====

@@ -299,7 +299,7 @@
 	
 	TAILQ_FOREACH(app, &ap->ap_preselect_list, app_list) {
 		if(app->app_pid == app_pid) {
-			if(app_event == -1)
+			if(app_event == -1) /* Just return the entry for a given pid*/
 				return (app);
 			else {
 				if(audit_pipe_find_preselect_event(app->app_auevents, 
@@ -624,7 +624,10 @@
 		app = audit_pipe_preselect_find_event(ap, event, app_pid, sorf);
 		if(app != NULL)
 			return (1);
-			
+	case AUDITPIPE_PRESELECT_MODE_PID:
+		app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1);
+		if(app != NULL)
+			return (1);
 	default:
 		panic("audit_pipe_preselect_check: mode %d",
 		    ap->ap_preselect_mode);
@@ -1126,6 +1129,7 @@
 		case AUDITPIPE_PRESELECT_MODE_TRAIL:
 		case AUDITPIPE_PRESELECT_MODE_LOCAL:
 		case AUDITPIPE_PRESELECT_MODE_EVENT:
+		case AUDITPIPE_PRESELECT_MODE_PID:
 			mtx_lock(&audit_pipe_mtx);
 			ap->ap_preselect_mode = mode;
 			mtx_unlock(&audit_pipe_mtx);

More information about the p4-projects mailing list