Date: Mon, 12 May 2008 15:39:48 GMT From: Vincenzo Iozzo <snagg@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 141513 for review Message-ID: <200805121539.m4CFdmu1031612@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=141513 Change 141513 by snagg@snagg_macosx on 2008/05/12 15:39:07 Did some bug-fix. The KPI is changed. audit_pipe_submit has now a new argument as well as audit_pipe_preselect. Callers of this function were modified in order to use the new KPI. This is the new Affected files ... .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit.c#2 edit .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#5 edit .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#5 edit .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_private.h#2 edit .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#2 edit Differences ... ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit.c#2 (text) ==== @@ -385,7 +385,7 @@ if (au_preselect(event, class, aumask, sorf) != 0) ar->k_ar_commit |= AR_PRESELECT_TRAIL; if (audit_pipe_preselect(auid, event, class, sorf, - ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0) + ar->k_ar_commit & AR_PRESELECT_TRAIL, ar->k_ar.ar_subj_pid) != 0) ar->k_ar_commit |= AR_PRESELECT_PIPE; if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE | AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE)) == 0) { @@ -491,7 +491,7 @@ panic("audit_failing_stop: thread continued"); } td->td_ar = audit_new(event, td); - } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) + } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0, td->td_proc->p_pid)) td->td_ar = audit_new(event, td); else td->td_ar = NULL; ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#5 (text) ==== ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#5 (text) ==== @@ -99,12 +99,6 @@ * We may want to consider a more space/time-efficient data structure once * usage patterns for per-auid specifications are clear. */ -struct audit_pipe_preselect { - au_id_t app_auid; - au_mask_t app_mask; - TAILQ_ENTRY(audit_pipe_preselect) app_list; -}; - struct audit_pipe_preselect_event { int app_event; int app_flag; @@ -247,16 +241,15 @@ TAILQ_FOREACH(app, &ap->ap_preselect_list, app_list) { if(app->app_pid == app_pid) { - if(event == -1) + if(app_event == -1) return (app); for(i = 0; i < app->app_event_len; i++) - if((app->app_auevents + i)->app_event == app_event) + if((app->app_auevents + i)->app_event == app_event) { if(event_flag == -1) - return (app) + return (app); else if ((app->app_auevents + i)->app_flag == event_flag) return (app); - - return (app); + } } } @@ -317,19 +310,19 @@ * exist, and allocate. We will free it if it is unneeded. */ app_new = malloc(sizeof(*app_new), M_AUDIT_PIPE_PRESELECT, M_WAITOK); - app_new->app_events= malloc(sizeof(struct audit_pipe_preselect_event) * AUDIT_NEVENTS, M_AUDIT_PIPE_PRESELECT_EVENT, M_WAITOK); + app_new->app_auevents= malloc(sizeof(struct audit_pipe_preselect_event) * AUDIT_NEVENTS, M_AUDIT_PIPE_PRESELECT_EVENT, M_WAITOK); mtx_lock(&audit_pipe_mtx); /* * First search for the entry by its pid */ - app = audit_pipe_preselect_find_event(ap, -1, pid, -1); + app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1); found = (app != NULL) ? 1: 0; if(found) { - KASSERT(num <= app->app_event_len, "Number of events is out of range"); + KASSERT(num <= app->app_event_len, ("Number of events is out of range")); for (i = 0; i < num; i++) { (app->app_auevents + i)->app_event = (events + i)->app_event; - (app->app_auevents + i)->app-flag = (events + i)->app-flag; + (app->app_auevents + i)->app_flag = (events + i)->app_flag; } } else { app = app_new; @@ -338,7 +331,7 @@ app->app_event_len = AUDIT_NEVENTS; for (i = 0; i < num; i++) { (app->app_auevents + i)->app_event = (events + i)->app_event; - (app->app_auevents + i)->app-flag = (events + i)->app-flag; + (app->app_auevents + i)->app_flag = (events + i)->app_flag; } TAILQ_INSERT_TAIL(&ap->ap_preselect_list, app, app_list); } @@ -347,7 +340,7 @@ mtx_unlock(&audit_pipe_mtx); if (app_new != NULL) { free(app_new, M_AUDIT_PIPE_PRESELECT); - free(app_new->app_auevents, M_AUDIT_PIPE_PRESELECT_ENTRY); + free(app_new->app_auevents, M_AUDIT_PIPE_PRESELECT_EVENT); } } @@ -389,11 +382,11 @@ int i; mtx_lock(&audit_pipe_mtx); - app = audit_pipe_preselect_find(ap, event, pid, -1); + app = audit_pipe_preselect_find_event(ap, app_event, pid, -1); if (app != NULL) { for( i = 0; i < app->app_event_len; i++) { if((app->app_auevents + i)->app_event == app_event && (app->app_auevents + i)->app_flag == app_flag) { - free((app->app_auevents + i), M_AUDIT_PIPE_EVENT); + free((app->app_auevents + i), M_AUDIT_PIPE_PRESELECT_EVENT); break; } } @@ -416,7 +409,7 @@ int i; mtx_lock(&audit_pipe_mtx); - app = audit_pipe_preselect_find(ap, -1, pid, -1); + app = audit_pipe_preselect_find_event(ap, -1, pid, -1); if (app != NULL) { TAILQ_REMOVE(&ap->ap_preselect_list, app, app_list); mtx_unlock(&audit_pipe_mtx); @@ -521,7 +514,7 @@ */ static int audit_pipe_preselect_check(struct audit_pipe *ap, au_id_t auid, - au_event_t event, au_class_t class, int sorf, int trail_preselect, pid_t pid) + au_event_t event, au_class_t class, int sorf, int trail_preselect, pid_t app_pid) { struct audit_pipe_preselect *app; @@ -545,7 +538,7 @@ sorf)); case AUDITPIPE_PRESELECT_MODE_SYSCALL: - app = audit_pipe_preselect_find_event(ap, event, pid, sorf); + app = audit_pipe_preselect_find_event(ap, event, app_pid, sorf); if(app != NULL) return (1); @@ -559,19 +552,19 @@ /* * Determine whether there exists a pipe interested in a record with specific - * properties. MISS the PID in the declaration, to be done later, just don't know to change the whole kernel:P + * properties. * */ int audit_pipe_preselect(au_id_t auid, au_event_t event, au_class_t class, - int sorf, int trail_preselect) + int sorf, int trail_preselect, pid_t app_pid) { struct audit_pipe *ap; mtx_lock(&audit_pipe_mtx); TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) { if (audit_pipe_preselect_check(ap, auid, event, class, sorf, - trail_preselect, -1)) { + trail_preselect, app_pid)) { mtx_unlock(&audit_pipe_mtx); return (1); } @@ -635,7 +628,7 @@ */ void audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, int sorf, - int trail_select, void *record, u_int record_len, pid_t pid) + int trail_select, void *record, u_int record_len, pid_t app_pid) { struct audit_pipe *ap; @@ -648,7 +641,7 @@ mtx_lock(&audit_pipe_mtx); TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) { if (audit_pipe_preselect_check(ap, auid, event, class, sorf, - trail_select, pid)) + trail_select, app_pid)) audit_pipe_append(ap, record, record_len); } audit_pipe_records++; ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_private.h#2 (text) ==== @@ -331,9 +331,9 @@ * Audit pipe functions. */ int audit_pipe_preselect(au_id_t auid, au_event_t event, - au_class_t class, int sorf, int trail_select); + au_class_t class, int sorf, int trail_select, pid_t app_pid); void audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, - int sorf, int trail_select, void *record, u_int record_len); + int sorf, int trail_select, void *record, u_int record_len, pid_t app_pid); void audit_pipe_submit_user(void *record, u_int record_len); #endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */ ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#2 (text) ==== @@ -365,7 +365,7 @@ if (ar->k_ar_commit & AR_PRESELECT_PIPE) audit_pipe_submit(auid, event, class, sorf, ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data, - bsm->len); + bsm->len, ar->ar_subj_pid); kau_free(bsm); out:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805121539.m4CFdmu1031612>