PERFORCE change 67101 for review

Wayne Salamon wsalamon at FreeBSD.org
Wed Dec 15 02:17:57 GMT 2004 

http://perforce.freebsd.org/chv.cgi?CH=67101

Change 67101 by wsalamon at rickenbacker on 2004/12/15 02:17:46

	Fixup the auditing of the open() event: First, because we rely on
	userspace (auditd) to set the kernel's event->class mapping, we
	don't need kern_bsm_klib::au_evclassmap_inuit() to do it for the
	specific AUE_OPEN events.
	Second: Use the AUE_OPEN_RWTC, an event that covers all types of
	open-related classes, as the event to associate with the open()
	system call. Any open call will therefore be covered by preselection.
	Change this event mapping for freebsd32 and linux compat as well.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/compat/freebsd32/freebsd32_sysent.c#5 edit
.. //depot/projects/trustedbsd/audit3/sys/compat/freebsd32/syscalls.master#5 edit
.. //depot/projects/trustedbsd/audit3/sys/i386/linux/linux_sysent.c#5 edit
.. //depot/projects/trustedbsd/audit3/sys/i386/linux/syscalls.master#5 edit
.. //depot/projects/trustedbsd/audit3/sys/kern/init_sysent.c#10 edit
.. //depot/projects/trustedbsd/audit3/sys/kern/syscalls.master#10 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#14 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#8 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/compat/freebsd32/freebsd32_sysent.c#5 (text+ko) ====

@@ -31,7 +31,7 @@
 	{ SYF_MPSAFE | 0, (sy_call_t *)fork, AUE_FORK },	/* 2 = fork */
 	{ SYF_MPSAFE | AS(read_args), (sy_call_t *)read, AUE_NULL },	/* 3 = read */
 	{ SYF_MPSAFE | AS(write_args), (sy_call_t *)write, AUE_NULL },	/* 4 = write */
-	{ AS(open_args), (sy_call_t *)open, AUE_OPEN },	/* 5 = open */
+	{ AS(open_args), (sy_call_t *)open, AUE_OPEN_RWTC },	/* 5 = open */
 	{ SYF_MPSAFE | AS(close_args), (sy_call_t *)close, AUE_CLOSE },	/* 6 = close */
 	{ SYF_MPSAFE | AS(freebsd32_wait4_args), (sy_call_t *)freebsd32_wait4, AUE_NULL },	/* 7 = freebsd32_wait4 */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 8 = obsolete old creat */
@@ -44,7 +44,7 @@
 	{ AS(chmod_args), (sy_call_t *)chmod, AUE_NULL },	/* 15 = chmod */
 	{ AS(chown_args), (sy_call_t *)chown, AUE_NULL },	/* 16 = chown */
 	{ SYF_MPSAFE | AS(obreak_args), (sy_call_t *)obreak, AUE_NULL },	/* 17 = break */
-	{ compat4(AS(freebsd4_freebsd32_getfsstat_args),freebsd32_getfsstat) },	/* 18 = old freebsd32_getfsstat */
+	{ compat4(AS(freebsd4_freebsd32_getfsstat_args),freebsd32_getfsstat), AUE_NULL },	/* 18 = old freebsd32_getfsstat */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 19 = obsolete olseek */
 	{ SYF_MPSAFE | 0, (sy_call_t *)getpid, AUE_NULL },	/* 20 = getpid */
 	{ AS(mount_args), (sy_call_t *)mount, AUE_NULL },	/* 21 = mount */
@@ -183,8 +183,8 @@
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 154 = nosys */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 155 = nfssvc */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 156 = obsolete ogetdirentries */
-	{ compat4(AS(freebsd4_freebsd32_statfs_args),freebsd32_statfs) },	/* 157 = old freebsd32_statfs */
-	{ compat4(AS(freebsd4_freebsd32_fstatfs_args),freebsd32_fstatfs) },	/* 158 = old freebsd32_fstatfs */
+	{ compat4(AS(freebsd4_freebsd32_statfs_args),freebsd32_statfs), AUE_NULL },	/* 157 = old freebsd32_statfs */
+	{ compat4(AS(freebsd4_freebsd32_fstatfs_args),freebsd32_fstatfs), AUE_NULL },	/* 158 = old freebsd32_fstatfs */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 159 = nosys */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 160 = nosys */
 	{ AS(getfh_args), (sy_call_t *)getfh, AUE_NULL },	/* 161 = getfh */
@@ -323,7 +323,7 @@
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 294 = nosys */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 295 = nosys */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 296 = nosys */
-	{ compat4(AS(freebsd4_freebsd32_fhstatfs_args),freebsd32_fhstatfs) },	/* 297 = old freebsd32_fhstatfs */
+	{ compat4(AS(freebsd4_freebsd32_fhstatfs_args),freebsd32_fhstatfs), AUE_NULL },	/* 297 = old freebsd32_fhstatfs */
 	{ AS(fhopen_args), (sy_call_t *)fhopen, AUE_NULL },	/* 298 = fhopen */
 	{ AS(fhstat_args), (sy_call_t *)fhstat, AUE_NULL },	/* 299 = fhstat */
 	{ SYF_MPSAFE | AS(modnext_args), (sy_call_t *)modnext, AUE_NULL },	/* 300 = modnext */
@@ -362,15 +362,15 @@
 	{ SYF_MPSAFE | AS(sched_get_priority_min_args), (sy_call_t *)sched_get_priority_min, AUE_NULL },	/* 333 = sched_get_priority_min */
 	{ SYF_MPSAFE | AS(sched_rr_get_interval_args), (sy_call_t *)sched_rr_get_interval, AUE_NULL },	/* 334 = sched_rr_get_interval */
 	{ SYF_MPSAFE | AS(utrace_args), (sy_call_t *)utrace, AUE_NULL },	/* 335 = utrace */
-	{ compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sendfile_args),freebsd32_sendfile) },	/* 336 = old freebsd32_sendfile */
+	{ compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sendfile_args),freebsd32_sendfile), AUE_NULL },	/* 336 = old freebsd32_sendfile */
 	{ AS(kldsym_args), (sy_call_t *)kldsym, AUE_NULL },	/* 337 = kldsym */
 	{ SYF_MPSAFE | AS(jail_args), (sy_call_t *)jail, AUE_NULL },	/* 338 = jail */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 339 = pioctl */
 	{ SYF_MPSAFE | AS(sigprocmask_args), (sy_call_t *)sigprocmask, AUE_NULL },	/* 340 = sigprocmask */
 	{ SYF_MPSAFE | AS(sigsuspend_args), (sy_call_t *)sigsuspend, AUE_NULL },	/* 341 = sigsuspend */
-	{ compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sigaction_args),freebsd32_sigaction) },	/* 342 = old freebsd32_sigaction */
+	{ compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sigaction_args),freebsd32_sigaction), AUE_NULL },	/* 342 = old freebsd32_sigaction */
 	{ SYF_MPSAFE | AS(sigpending_args), (sy_call_t *)sigpending, AUE_NULL },	/* 343 = sigpending */
-	{ compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sigreturn_args),freebsd32_sigreturn) },	/* 344 = old freebsd32_sigreturn */
+	{ compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sigreturn_args),freebsd32_sigreturn), AUE_NULL },	/* 344 = old freebsd32_sigreturn */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 345 = sigtimedwait */
 	{ 0, (sy_call_t *)nosys, AUE_NULL },			/* 346 = sigwaitinfo */
 	{ SYF_MPSAFE | AS(__acl_get_file_args), (sy_call_t *)__acl_get_file, AUE_NULL },	/* 347 = __acl_get_file */

==== //depot/projects/trustedbsd/audit3/sys/compat/freebsd32/syscalls.master#5 (text+ko) ====

@@ -57,7 +57,7 @@
 3	MNOPROTO { ssize_t read(int fd, void *buf, size_t nbyte); } AUE_NULL
 4	MNOPROTO { ssize_t write(int fd, const void *buf, \
 		    size_t nbyte); } AUE_NULL
-5	NOPROTO	{ int open(char *path, int flags, int mode); } AUE_OPEN
+5	NOPROTO	{ int open(char *path, int flags, int mode); } AUE_OPEN_RWTC
 6	MNOPROTO { int close(int fd); } AUE_CLOSE
 7	MSTD	{ int freebsd32_wait4(int pid, int *status, int options, \
 		    struct rusage32 *rusage); } AUE_NULL

==== //depot/projects/trustedbsd/audit3/sys/i386/linux/linux_sysent.c#5 (text+ko) ====

@@ -23,7 +23,7 @@
 	{ SYF_MPSAFE | 0, (sy_call_t *)linux_fork, AUE_FORK },	/* 2 = linux_fork */
 	{ SYF_MPSAFE | AS(read_args), (sy_call_t *)read, AUE_NULL },	/* 3 = read */
 	{ SYF_MPSAFE | AS(write_args), (sy_call_t *)write, AUE_NULL },	/* 4 = write */
-	{ AS(linux_open_args), (sy_call_t *)linux_open, AUE_OPEN },	/* 5 = linux_open */
+	{ AS(linux_open_args), (sy_call_t *)linux_open, AUE_OPEN_RWTC },	/* 5 = linux_open */
 	{ SYF_MPSAFE | AS(close_args), (sy_call_t *)close, AUE_CLOSE },	/* 6 = close */
 	{ SYF_MPSAFE | AS(linux_waitpid_args), (sy_call_t *)linux_waitpid, AUE_NULL },	/* 7 = linux_waitpid */
 	{ AS(linux_creat_args), (sy_call_t *)linux_creat, AUE_O_CREAT },	/* 8 = linux_creat */

==== //depot/projects/trustedbsd/audit3/sys/i386/linux/syscalls.master#5 (text+ko) ====

@@ -40,7 +40,8 @@
 2	MSTD	{ int linux_fork(void); } AUE_FORK
 3	MNOPROTO { int read(int fd, char *buf, u_int nbyte); } AUE_NULL
 4	MNOPROTO { int write(int fd, char *buf, u_int nbyte); } AUE_NULL
-5	STD	{ int linux_open(char *path, l_int flags, l_int mode); } AUE_OPEN
+5	STD	{ int linux_open(char *path, l_int flags, l_int mode); } \
+				AUE_OPEN_RWTC
 6	MNOPROTO { int close(int fd); } AUE_CLOSE
 7	MSTD	{ int linux_waitpid(l_pid_t pid, \
 				l_int *status, l_int options); } AUE_NULL

==== //depot/projects/trustedbsd/audit3/sys/kern/init_sysent.c#10 (text+ko) ====

@@ -34,7 +34,7 @@
 	{ SYF_MPSAFE | 0, (sy_call_t *)fork, AUE_FORK },	/* 2 = fork */
 	{ SYF_MPSAFE | AS(read_args), (sy_call_t *)read, AUE_NULL },	/* 3 = read */
 	{ SYF_MPSAFE | AS(write_args), (sy_call_t *)write, AUE_NULL },	/* 4 = write */
-	{ SYF_MPSAFE | AS(open_args), (sy_call_t *)open, AUE_OPEN },	/* 5 = open */
+	{ SYF_MPSAFE | AS(open_args), (sy_call_t *)open, AUE_OPEN_RWTC },	/* 5 = open */
 	{ SYF_MPSAFE | AS(close_args), (sy_call_t *)close, AUE_CLOSE },	/* 6 = close */
 	{ SYF_MPSAFE | AS(wait_args), (sy_call_t *)wait4, AUE_NULL },	/* 7 = wait4 */
 	{ compat(SYF_MPSAFE | AS(ocreat_args),creat), AUE_O_CREAT },	/* 8 = old creat */

==== //depot/projects/trustedbsd/audit3/sys/kern/syscalls.master#10 (text+ko) ====

@@ -56,7 +56,7 @@
 3	MSTD	{ ssize_t read(int fd, void *buf, size_t nbyte); } AUE_NULL
 4	MSTD	{ ssize_t write(int fd, const void *buf, size_t nbyte); } \
 			AUE_NULL
-5	MSTD	{ int open(char *path, int flags, int mode); } AUE_OPEN
+5	MSTD	{ int open(char *path, int flags, int mode); } AUE_OPEN_RWTC
 ; XXX should be		{ int open(const char *path, int flags, ...); }
 ; but we're not ready for `const' or varargs.
 ; XXX man page says `mode_t mode'.

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#14 (text+ko) ====

@@ -1276,12 +1276,13 @@
 
 	switch(ar->k_ar.ar_event) {
 
-	case AUE_OPEN:
-		/* The open syscall always writes a AUE_OPEN event; change it
-		 * to the proper type of event based on the flags and the error
-		 * value.
+	case AUE_OPEN_RWTC:
+		/* The open syscall always writes a AUE_OPEN_RWTC event; change
+		 * it to the proper type of event based on the flags and the 
+		 * error value.
 		 */
-		ar->k_ar.ar_event = flags_and_error_to_openevent(ar->k_ar.ar_arg_fflags, error);
+		ar->k_ar.ar_event = flags_and_error_to_openevent(
+		    ar->k_ar.ar_arg_fflags, error);
 		break;
 
 	case AUE_SYSCTL:

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#8 (text+ko) ====

@@ -112,19 +112,6 @@
 		}
 	}
 	
-	/* Add the specific open events to the mapping. */
-	au_evclassmap_insert(AUE_OPEN_R, AU_FREAD);
-        au_evclassmap_insert(AUE_OPEN_RC, AU_FREAD|AU_FCREATE);
-        au_evclassmap_insert(AUE_OPEN_RTC, AU_FREAD|AU_FCREATE|AU_FDELETE);
-        au_evclassmap_insert(AUE_OPEN_RT, AU_FREAD|AU_FDELETE);
-        au_evclassmap_insert(AUE_OPEN_RW, AU_FREAD|AU_FWRITE);
-        au_evclassmap_insert(AUE_OPEN_RWC, AU_FREAD|AU_FWRITE|AU_FCREATE);
-        au_evclassmap_insert(AUE_OPEN_RWTC, AU_FREAD|AU_FWRITE|AU_FCREATE|AU_FDELETE);
-        au_evclassmap_insert(AUE_OPEN_RWT, AU_FREAD|AU_FWRITE|AU_FDELETE);
-        au_evclassmap_insert(AUE_OPEN_W, AU_FWRITE);
-        au_evclassmap_insert(AUE_OPEN_WC, AU_FWRITE|AU_FCREATE);
-        au_evclassmap_insert(AUE_OPEN_WTC, AU_FWRITE|AU_FCREATE|AU_FDELETE);
-        au_evclassmap_insert(AUE_OPEN_WT, AU_FWRITE|AU_FDELETE);
 }
 
 /*
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list