PERFORCE change 164840 for review
Ilias Marinos
marinosi at FreeBSD.org
Mon Jun 22 09:48:50 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164840
Change 164840 by marinosi at marinosi_redrum on 2009/06/22 09:48:39
Special device node management added along with slice management
(creation/initialization/removal etc).
Affected files ...
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/conf/files#2 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#6 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#2 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#4 edit
Differences ...
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/conf/files#2 (text+ko) ====
@@ -2537,6 +2537,7 @@
security/audit/audit_syscalls.c standard
security/audit/audit_trigger.c optional audit
security/audit/audit_worker.c optional audit
+security/audit/audit_slice.c optional audit
security/mac/mac_atalk.c optional mac netatalk
security/mac/mac_audit.c optional mac audit
security/mac/mac_cred.c optional mac
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#6 (text) ====
@@ -89,6 +89,9 @@
*/
struct audit_slice *audit_base_slice = NULL;
+/* Audit slice ptr -helper */
+struct audit_slice *as_ptr = NULL;
+
/* Audit slices queue */
struct audit_slice_queue audit_slice_q;
@@ -631,18 +634,22 @@
audit_slice_create(char *name)
{
struct audit_slice *as = NULL;
- int ret;
+ int err;
- ret = 0;
+ err = 0;
as = malloc(sizeof(*as), M_AUDITSLICE, M_WAITOK | M_ZERO);
if ( as == NULL )
- ret = 1; /* Failed to allocate slice */
+ err = 1; /* Failed to allocate slice */
+ as_ptr = as;
TAILQ_INSERT_TAIL(&audit_slice_q, as, as_q);
/* Initialize the base slice */
audit_slice_init(as, name);
+ /* Create the special device node */
+ audit_slice_cdev_init(as);
+
/* Start audit worker thread. */
audit_worker_init(as);
}
@@ -675,6 +682,8 @@
as->audit_nae_mask.am_success = 0;
as->audit_nae_mask.am_failure = 0;
+ as->as_dev = NULL;
+
TAILQ_INIT(&(as->audit_q));
as->audit_q_len = 0;
as->audit_pre_q_len = 0;
@@ -706,6 +715,7 @@
{
if (as != NULL) {
TAILQ_REMOVE(&audit_slice_q, as, as_q);
+ destroy_dev(as->as_dev);
free(as, M_AUDITSLICE);
}
}
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#2 (text+ko) ====
@@ -47,9 +47,11 @@
#include <sys/unistd.h>
-#include <security/appaudit/audit_slice_private.h>
+#include <security/audit/audit_slice.h>
+
+
+
-#define AUDIT_SLICE_DEV_MINOR 0
#define AUDIT_SLICE_DEV_NAME "something"
@@ -78,14 +80,11 @@
.d_name = "AUDIT_SLICE_DEV_NAME", /* to be changed */
};
-/* For use with make_dev(9)/destroy_dev(9).
- */
-static struct cdev *audit_slice_dev;
-
/*
* Special device methods.
*/
+
/*
* Audit slice's device open method. Explicit privilege check isn't used as
* this allows file permissions on the special device to be used to grant
@@ -93,10 +92,19 @@
*/
static int
audit_slice_dev_open(struct cdev *dev, int oflags, int devtype,
- struct thread *td, struct audit_slice *as)
+ struct thread *td)
{
+ struct audit_slice *as;
int error;
+ /*
+ * XXX: Using as_ptr to pass the audit_slice that "owns" the device.
+ * Refine the implementation and check for better ways to achieve
+ * that.
+ */
+ as = as_ptr;
+ dev->si_drv1 = as;
+
/* Only one process may open the device at a time. */
mtx_lock(&(as->as_dev_mtx));
if (!as->as_dev_isopen) {
@@ -114,9 +122,11 @@
*/
static int
audit_slice_dev_close(struct cdev *dev, int fflag, int devtype,
- struct thread *td, struct audit_slice *as)
+ struct thread *td)
+{
+ struct audit_slice *as;
-{
+ as = dev->si_drv1;
mtx_lock(&(as->as_dev_mtx));
as->as_dev_isopen = 1;
/* Do something here */
@@ -145,7 +155,6 @@
{
/* Actual work here */
-
int c, error = 0;
void *audit_slice_dev_buf;
@@ -157,7 +166,7 @@
error = uiomove(audit_slice_dev_buf, c, uio);
if (error)
break;
- (*random_systat.write)(random_buf, c);
+ //(*random_systat.write)(random_buf, c);
}
free(audit_slice_dev_buf, M_TEMP);
@@ -168,32 +177,36 @@
/*
* Ioctl method
*/
-audit_slice_dev_ioctl(struct cdev *dev, int events, struct thread *td)
+static int
+audit_slice_dev_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag,
+ struct thread *td)
{
-
/* Do we need ioctl ? */
+ return (0);
}
/*
- * poll method.(if needed)
+ * Poll method.(if needed)
*/
static int
audit_slice_dev_poll(struct cdev *dev, int events, struct thread *td)
{
-
+ return (0);
}
/* Init the character device */
-static void
+void
audit_slice_cdev_init(struct audit_slice *as)
{
/* Create the special device file. */
- audit_dev = make_dev(&audit_cdevsw, 0, as->uid, as->gid, as->perms,
- as->as_dev_name);
+ as->as_dev = make_dev(&audit_slice_cdevsw, as->unit, as->uid, as->gid,
+ as->perms, "%s", as->as_dev_name);
}
-/* Need to find a way to call the following with a new struct as arg every
- * time */
-SYSINIT(audit_slice_cdev_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE,
- audit_slice_cdev_init, NULL);
+/*
+ * Need to find a way to call the following with a new struct as arg every
+ * time
+ */
+//SYSINIT(audit_slice_cdev_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE,
+// audit_slice_cdev_init, NULL);
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#4 (text+ko) ====
@@ -35,6 +35,7 @@
#define AUDIT_SLICE_NAME_LEN 20
#define AUDIT_DEV_NAME_LEN 20
+
struct kaudit_record;
/*
@@ -146,13 +147,16 @@
* Applications need their slice device to submit their audit records.
* Device specific variables here.
*/
+ struct cdev *as_dev;
char as_dev_name[AUDIT_DEV_NAME_LEN];
- int as_dev_isopen;
- struct mtx as_dev_mtx;
+ int unit;
uid_t uid;
gid_t gid;
int perms;
+ struct mtx as_dev_mtx;
+ int as_dev_isopen;
+
/*
* Keep the several audit slices in a list
*/
@@ -165,6 +169,9 @@
/* Static allocation of the base slice */
extern struct audit_slice *audit_base_slice;
+/* Audit slice ptr - helper */
+extern struct audit_slice *as_ptr;
+
/* Audit slices queue */
extern struct audit_slice_queue audit_slice_q;
@@ -178,3 +185,4 @@
void audit_slice_init(struct audit_slice *as, char *name);
void audit_slice_create(char *name);
void audit_slice_destroy(struct audit_slice *as);
+void audit_slice_cdev_init(struct audit_slice *as);
More information about the p4-projects
mailing list