PERFORCE change 118464 for review
Robert Watson
rwatson at FreeBSD.org
Fri Apr 20 11:39:01 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=118464
Change 118464 by rwatson at rwatson_zoo on 2007/04/20 11:38:00
Move audit-related MAC check definitions from old mac_policy (now
removed) to new mac_policy.h.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#3 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#3 (text+ko) ====
@@ -607,6 +607,21 @@
typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv);
typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv);
+/*
+ * XXXRW: Audit checks should be above, but list them here to make a more
+ * sensible diff for now.
+ */
+typedef int (*mpo_check_system_audit_t)(struct ucred *cred, void *record,
+ int length);
+typedef int (*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
+typedef int (*mpo_check_system_auditctl_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel);
+typedef int (*mpo_check_proc_getauid_t)(struct ucred *cred);
+typedef int (*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
+typedef int (*mpo_check_proc_getaudit_t)(struct ucred *cred);
+typedef int (*mpo_check_proc_setaudit_t)(struct ucred *cred,
+ struct auditinfo *ai);
+
struct mac_policy_ops {
/*
* Policy module operations.
@@ -902,6 +917,18 @@
mpo_create_mbuf_from_syncache_t mpo_create_mbuf_from_syncache;
mpo_priv_check_t mpo_priv_check;
mpo_priv_grant_t mpo_priv_grant;
+
+ /*
+ * XXXRW: Audit checks should be above, but list them here to make a
+ * more sensible diff for now.
+ */
+ mpo_check_system_audit_t mpo_check_system_audit;
+ mpo_check_system_auditon_t mpo_check_system_auditon;
+ mpo_check_system_auditctl_t mpo_check_system_auditctl;
+ mpo_check_proc_getauid_t mpo_check_proc_getauid;
+ mpo_check_proc_setauid_t mpo_check_proc_setauid;
+ mpo_check_proc_getaudit_t mpo_check_proc_getaudit;
+ mpo_check_proc_setaudit_t mpo_check_proc_setaudit;
};
/*
More information about the p4-projects
mailing list