PERFORCE change 164840 for review

Mon Jun 22 09:48:50 UTC 2009

http://perforce.freebsd.org/chv.cgi?CH=164840

Change 164840 by marinosi at marinosi_redrum on 2009/06/22 09:48:39

	Special device node management added along with slice management
	(creation/initialization/removal etc).

Affected files ...

.. //depot/projects/soc2009/marinosi_appaudit/src/sys/conf/files#2 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#6 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#2 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#4 edit

Differences ...

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/conf/files#2 (text+ko) ====

@@ -2537,6 +2537,7 @@
 security/audit/audit_syscalls.c	standard
 security/audit/audit_trigger.c	optional audit
 security/audit/audit_worker.c	optional audit
+security/audit/audit_slice.c	optional audit
 security/mac/mac_atalk.c	optional mac netatalk
 security/mac/mac_audit.c	optional mac audit
 security/mac/mac_cred.c		optional mac

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#6 (text) ====

@@ -89,6 +89,9 @@
  */
 struct audit_slice 		*audit_base_slice = NULL;
 
+/* Audit slice ptr -helper */
+struct audit_slice 		*as_ptr = NULL;
+
 /* Audit slices queue */
 struct audit_slice_queue	audit_slice_q;
 
@@ -631,18 +634,22 @@
 audit_slice_create(char *name)
 {
 	struct audit_slice *as = NULL;
-	int ret;
+	int err;
 
-	ret = 0;
+	err = 0;
 	as = malloc(sizeof(*as), M_AUDITSLICE, M_WAITOK | M_ZERO);
 	if ( as == NULL )
-		ret = 1; /* Failed to allocate slice */
+		err = 1; /* Failed to allocate slice */
 
+	as_ptr = as;
 	TAILQ_INSERT_TAIL(&audit_slice_q, as, as_q);
 
 	/* Initialize the base slice */
 	audit_slice_init(as, name);
 
+	/* Create the special device node */
+	audit_slice_cdev_init(as);
+
 	/* Start audit worker thread. */
 	audit_worker_init(as);
 }
@@ -675,6 +682,8 @@
 	as->audit_nae_mask.am_success = 0;
 	as->audit_nae_mask.am_failure = 0;
 
+	as->as_dev = NULL;
+
 	TAILQ_INIT(&(as->audit_q));
 	as->audit_q_len = 0;
 	as->audit_pre_q_len = 0;
@@ -706,6 +715,7 @@
 {
 	if (as != NULL) {
 		TAILQ_REMOVE(&audit_slice_q, as, as_q);
+		destroy_dev(as->as_dev);
 		free(as, M_AUDITSLICE);
 	}
 }

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#2 (text+ko) ====

@@ -47,9 +47,11 @@
 #include <sys/unistd.h>
 
 
-#include <security/appaudit/audit_slice_private.h>
+#include <security/audit/audit_slice.h>
+
+
+
 
-#define AUDIT_SLICE_DEV_MINOR	0
 #define AUDIT_SLICE_DEV_NAME	"something"
 
 
@@ -78,14 +80,11 @@
 	.d_name = 	"AUDIT_SLICE_DEV_NAME", /* to be changed */
 };
 
-/* For use with make_dev(9)/destroy_dev(9). 
- */
-static struct cdev *audit_slice_dev;
-
 /*
  * Special device methods.
  */
 
+
 /*
  * Audit slice's device open method.  Explicit privilege check isn't used as 
  * this allows file permissions on the special device to be used to grant 
@@ -93,10 +92,19 @@
  */
 static int
 audit_slice_dev_open(struct cdev *dev, int oflags, int devtype, 
-		struct thread *td, struct audit_slice *as)
+		struct thread *td)
 {
+	struct audit_slice *as;
 	int error;
 
+	/* 
+	 * XXX: Using as_ptr to pass the audit_slice that "owns" the device.
+	 * Refine the implementation and check for better ways to achieve
+	 * that.
+	 */
+	as = as_ptr;
+	dev->si_drv1 = as;
+
 	/* Only one process may open the device at a time. */
 	mtx_lock(&(as->as_dev_mtx));
 	if (!as->as_dev_isopen) {
@@ -114,9 +122,11 @@
  */
 static int
 audit_slice_dev_close(struct cdev *dev, int fflag, int devtype, 
-		struct thread *td, struct audit_slice *as)
+		struct thread *td)
+{
+	struct audit_slice	*as;
 
-{
+	as = dev->si_drv1;
 	mtx_lock(&(as->as_dev_mtx));
 	as->as_dev_isopen = 1;
 	/* Do something here */
@@ -145,7 +155,6 @@
 {
 
 	/* Actual work here */
-
 	int c, error = 0;
 	void *audit_slice_dev_buf;
 
@@ -157,7 +166,7 @@
 		error = uiomove(audit_slice_dev_buf, c, uio);
 		if (error)
 			break;
-		(*random_systat.write)(random_buf, c);
+		//(*random_systat.write)(random_buf, c);
 	}
 
 	free(audit_slice_dev_buf, M_TEMP);
@@ -168,32 +177,36 @@
 /*
  * Ioctl method
  */
-audit_slice_dev_ioctl(struct cdev *dev, int events, struct thread *td) 
+static int
+audit_slice_dev_ioctl(struct cdev *dev, u_long cmd, caddr_t data,  int flag, 
+		struct thread *td) 
 {
-
 	/* Do we need ioctl ? */
+	return (0);
 }
 
 /*
- * poll method.(if needed)
+ * Poll method.(if needed)
  */
 static int
 audit_slice_dev_poll(struct cdev *dev, int events, struct thread *td)
 {
-
+	return (0);
 }
 
 /* Init the character device */
-static void
+void
 audit_slice_cdev_init(struct audit_slice *as)
 {
 
 	/* Create the special device file. */
-	audit_dev = make_dev(&audit_cdevsw, 0, as->uid, as->gid, as->perms, 
-		       as->as_dev_name);
+	as->as_dev = make_dev(&audit_slice_cdevsw, as->unit, as->uid, as->gid, 
+			as->perms, "%s", as->as_dev_name);
 }
 
-/* Need to find a way to call the following with a new struct as arg every
- * time */
-SYSINIT(audit_slice_cdev_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE,
-    audit_slice_cdev_init, NULL);
+/* 
+ * Need to find a way to call the following with a new struct as arg every
+ * time 
+ */
+//SYSINIT(audit_slice_cdev_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE,
+//    audit_slice_cdev_init, NULL);

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#4 (text+ko) ====

@@ -35,6 +35,7 @@
 #define AUDIT_SLICE_NAME_LEN 20
 #define AUDIT_DEV_NAME_LEN 20
 
+
 struct kaudit_record;
 
 /*
@@ -146,13 +147,16 @@
 	 * Applications need their slice device to submit their audit records.
 	 * Device specific variables here.
 	 */
+	struct cdev			*as_dev;
 	char				as_dev_name[AUDIT_DEV_NAME_LEN]; 
-	int 				as_dev_isopen;
-	struct mtx 			as_dev_mtx;
+	int				unit;
 	uid_t				uid;
 	gid_t				gid;
 	int				perms;
 
+	struct mtx 			as_dev_mtx;
+	int 				as_dev_isopen;
+
 	/* 
 	 * Keep the several audit slices in a list 
 	 */
@@ -165,6 +169,9 @@
 /* Static allocation of the base slice */
 extern struct audit_slice		*audit_base_slice;
 
+/* Audit slice ptr - helper */
+extern struct audit_slice		*as_ptr;
+
 /* Audit slices queue */
 extern struct audit_slice_queue		audit_slice_q;
 
@@ -178,3 +185,4 @@
 void			audit_slice_init(struct audit_slice *as, char *name);
 void			audit_slice_create(char *name);
 void			audit_slice_destroy(struct audit_slice *as);
+void			audit_slice_cdev_init(struct audit_slice *as);
