PERFORCE change 141344 for review

Wayne Salamon wsalamon at FreeBSD.org
Thu May 8 22:52:52 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=141344

Change 141344 by wsalamon at vh2 on 2008/05/08 22:52:25

	Add definitions and stubs for MAC polict audit pre/post selection
	of events.
	Drop a comment in Audit to remove the setting of a flag to force an
	audit event to be committed.

Affected files ...

.. //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#6 edit
.. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_audit.c#3 edit
.. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_framework.h#3 edit
.. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_policy.h#4 edit

Differences ...

==== //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#6 (text) ====

@@ -408,6 +408,7 @@
 	event = ar->k_ar.ar_event;
 	class = au_event_class(event);
 
+//WWW Take this out...
 	ar->k_ar_commit |= AR_COMMIT_KERNEL;
 	if (au_preselect(event, class, aumask, sorf) != 0)
 		ar->k_ar_commit |= AR_PRESELECT_TRAIL;

==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_audit.c#3 (text+ko) ====

@@ -146,3 +146,22 @@
 
 	return (audit_mac_data(MAC_AUDIT_TEXT_TYPE, size, sanitized));
 }
+
+int                     
+mac_audit_check_preselect(struct ucred *cred, au_event_t event)
+{
+	int ret;
+
+	ret = MAC_AUDIT_DEFAULT;
+	return (ret);
+}
+
+int
+mac_audit_check_postselect(struct ucred *cred, au_event_t event, int error,
+    int retval)
+{
+	int ret;
+
+	ret = MAC_AUDIT_DEFAULT;
+	return (ret);
+}

==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_framework.h#3 (text+ko) ====

@@ -88,6 +88,12 @@
 
 #include <sys/acl.h>			/* XXX acl_type_t */
 
+#include <bsm/audit.h>			/* au_event_t */
+
+int	mac_audit_check_preselect(struct ucred *cred, au_event_t event);
+int	mac_audit_check_postselect(struct ucred *cred, au_event_t event,
+    int error, int retval);
+
 /*
  * Entry points to the TrustedBSD MAC Framework from the remainder of the
  * kernel: entry points are named based on a principle object type and an

==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_policy.h#4 (text+ko) ====

@@ -115,6 +115,10 @@
 /*
  * Operations sorted alphabetically by primary object type and then method.
  */
+typedef int	(*mpo_audit_check_preselect_t)(struct ucred *cred,
+		    au_event_t event);
+typedef int	(*mpo_audit_check_postselect_t)(struct ucred *cred,
+		    au_event_t event, int error, int retval);
 typedef	int	(*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
 		    struct label *dlabel, struct ifnet *ifp,
 		    struct label *ifplabel);

More information about the p4-projects mailing list