git: 6805e948c4ce - stable/13 - close_range: add audit support
Alex Richardson
arichardson at FreeBSD.org
Wed Mar 17 22:22:59 UTC 2021
The branch stable/13 has been updated by arichardson:
URL: https://cgit.FreeBSD.org/src/commit/?id=6805e948c4cecae74887fd6a4a08cf15c2f3061c
commit 6805e948c4cecae74887fd6a4a08cf15c2f3061c
Author: Alex Richardson <arichardson at FreeBSD.org>
AuthorDate: 2021-02-23 17:47:07 +0000
Commit: Alex Richardson <arichardson at FreeBSD.org>
CommitDate: 2021-03-17 22:22:48 +0000
close_range: add audit support
This fixes the closefrom test in sys/audit.
Includes cherry-picks of the following commits from openbsm:
https://github.com/openbsm/openbsm/commit/4dfc628aafe589d68848f7033f3d3488c4d979e0
https://github.com/openbsm/openbsm/commit/99ff6fe32aebc5a4b8d40d60062b8574697df557
https://github.com/openbsm/openbsm/commit/da48a0399e95448693d3fa2be48454ca564c1be8
Reviewed By: kevans
Differential Revision: https://reviews.freebsd.org/D28388
(cherry picked from commit fa32350347b4e351a144b5423f0fb2ca9d67f4ca)
---
contrib/openbsm/etc/audit_event | 2 ++
contrib/openbsm/sys/bsm/audit_kevents.h | 2 ++
sys/kern/kern_descrip.c | 4 ++++
sys/security/audit/audit_bsm.c | 15 +++++++++++++++
tests/sys/audit/file-close.c | 4 ++--
5 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/contrib/openbsm/etc/audit_event b/contrib/openbsm/etc/audit_event
index b397674564c6..be3557597eee 100644
--- a/contrib/openbsm/etc/audit_event
+++ b/contrib/openbsm/etc/audit_event
@@ -614,6 +614,8 @@
43261:AUE_LGETUUID:lgetuuid(2):ip
43262:AUE_EXECVEAT:execveat(2):pc,ex
43263:AUE_SHMRENAME:shm_rename(2):ip
+43264:AUE_REALPATHAT:realpathat(2):fa
+43265:AUE_CLOSERANGE:close_range(2):cl
#
# Solaris userspace events.
#
diff --git a/contrib/openbsm/sys/bsm/audit_kevents.h b/contrib/openbsm/sys/bsm/audit_kevents.h
index afa8c0f37a31..ec51f501e3a7 100644
--- a/contrib/openbsm/sys/bsm/audit_kevents.h
+++ b/contrib/openbsm/sys/bsm/audit_kevents.h
@@ -653,6 +653,8 @@
#define AUE_LGETUUID 43261 /* CADETS. */
#define AUE_EXECVEAT 43262 /* FreeBSD/Linux. */
#define AUE_SHMRENAME 43263 /* FreeBSD-specific. */
+#define AUE_REALPATHAT 43264 /* FreeBSD-specific. */
+#define AUE_CLOSERANGE 43265 /* FreeBSD-specific. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 0813b6c8f3b8..67350f4ad71e 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -1422,6 +1422,10 @@ int
sys_close_range(struct thread *td, struct close_range_args *uap)
{
+ AUDIT_ARG_FD(uap->lowfd);
+ AUDIT_ARG_CMD(uap->highfd);
+ AUDIT_ARG_FFLAGS(uap->flags);
+
/* No flags currently defined */
if (uap->flags != 0)
return (EINVAL);
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c
index 6742470c9578..d350ef3cf3c2 100644
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@@ -941,6 +941,21 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
break;
+ case AUE_CLOSERANGE:
+ if (ARG_IS_VALID(kar, ARG_FD)) {
+ tok = au_to_arg32(1, "lowfd", ar->ar_arg_fd);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(2, "highfd", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
+ break;
+
case AUE_CORE:
if (ARG_IS_VALID(kar, ARG_SIGNUM)) {
tok = au_to_arg32(1, "signal", ar->ar_arg_signum);
diff --git a/tests/sys/audit/file-close.c b/tests/sys/audit/file-close.c
index 54d0e60977e3..f85a8e39b67d 100644
--- a/tests/sys/audit/file-close.c
+++ b/tests/sys/audit/file-close.c
@@ -154,10 +154,10 @@ ATF_TC_HEAD(closefrom_success, tc)
ATF_TC_BODY(closefrom_success, tc)
{
- const char *regex = "closefrom.*return,success";
+ const char *regex = "close_range\\(2\\),.*,0x7fffffff,lowfd,.*"
+ "0xffffffff,highfd,.*return,success";
FILE *pipefd = setup(fds, auclass);
- atf_tc_expect_fail("closefrom was converted to close_range");
/* closefrom(2) returns 'void' */
closefrom(INT_MAX);
check_audit(fds, regex, pipefd);
More information about the dev-commits-src-all
mailing list