Date: Wed, 15 Dec 2004 02:17:57 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 67101 for review Message-ID: <200412150217.iBF2Hvv3094503@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=67101 Change 67101 by wsalamon@rickenbacker on 2004/12/15 02:17:46 Fixup the auditing of the open() event: First, because we rely on userspace (auditd) to set the kernel's event->class mapping, we don't need kern_bsm_klib::au_evclassmap_inuit() to do it for the specific AUE_OPEN events. Second: Use the AUE_OPEN_RWTC, an event that covers all types of open-related classes, as the event to associate with the open() system call. Any open call will therefore be covered by preselection. Change this event mapping for freebsd32 and linux compat as well. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/compat/freebsd32/freebsd32_sysent.c#5 edit .. //depot/projects/trustedbsd/audit3/sys/compat/freebsd32/syscalls.master#5 edit .. //depot/projects/trustedbsd/audit3/sys/i386/linux/linux_sysent.c#5 edit .. //depot/projects/trustedbsd/audit3/sys/i386/linux/syscalls.master#5 edit .. //depot/projects/trustedbsd/audit3/sys/kern/init_sysent.c#10 edit .. //depot/projects/trustedbsd/audit3/sys/kern/syscalls.master#10 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#14 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#8 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/compat/freebsd32/freebsd32_sysent.c#5 (text+ko) ==== @@ -31,7 +31,7 @@ { SYF_MPSAFE | 0, (sy_call_t *)fork, AUE_FORK }, /* 2 = fork */ { SYF_MPSAFE | AS(read_args), (sy_call_t *)read, AUE_NULL }, /* 3 = read */ { SYF_MPSAFE | AS(write_args), (sy_call_t *)write, AUE_NULL }, /* 4 = write */ - { AS(open_args), (sy_call_t *)open, AUE_OPEN }, /* 5 = open */ + { AS(open_args), (sy_call_t *)open, AUE_OPEN_RWTC }, /* 5 = open */ { SYF_MPSAFE | AS(close_args), (sy_call_t *)close, AUE_CLOSE }, /* 6 = close */ { SYF_MPSAFE | AS(freebsd32_wait4_args), (sy_call_t *)freebsd32_wait4, AUE_NULL }, /* 7 = freebsd32_wait4 */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 8 = obsolete old creat */ @@ -44,7 +44,7 @@ { AS(chmod_args), (sy_call_t *)chmod, AUE_NULL }, /* 15 = chmod */ { AS(chown_args), (sy_call_t *)chown, AUE_NULL }, /* 16 = chown */ { SYF_MPSAFE | AS(obreak_args), (sy_call_t *)obreak, AUE_NULL }, /* 17 = break */ - { compat4(AS(freebsd4_freebsd32_getfsstat_args),freebsd32_getfsstat) }, /* 18 = old freebsd32_getfsstat */ + { compat4(AS(freebsd4_freebsd32_getfsstat_args),freebsd32_getfsstat), AUE_NULL }, /* 18 = old freebsd32_getfsstat */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 19 = obsolete olseek */ { SYF_MPSAFE | 0, (sy_call_t *)getpid, AUE_NULL }, /* 20 = getpid */ { AS(mount_args), (sy_call_t *)mount, AUE_NULL }, /* 21 = mount */ @@ -183,8 +183,8 @@ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 154 = nosys */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 155 = nfssvc */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 156 = obsolete ogetdirentries */ - { compat4(AS(freebsd4_freebsd32_statfs_args),freebsd32_statfs) }, /* 157 = old freebsd32_statfs */ - { compat4(AS(freebsd4_freebsd32_fstatfs_args),freebsd32_fstatfs) }, /* 158 = old freebsd32_fstatfs */ + { compat4(AS(freebsd4_freebsd32_statfs_args),freebsd32_statfs), AUE_NULL }, /* 157 = old freebsd32_statfs */ + { compat4(AS(freebsd4_freebsd32_fstatfs_args),freebsd32_fstatfs), AUE_NULL }, /* 158 = old freebsd32_fstatfs */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 159 = nosys */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 160 = nosys */ { AS(getfh_args), (sy_call_t *)getfh, AUE_NULL }, /* 161 = getfh */ @@ -323,7 +323,7 @@ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 294 = nosys */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 295 = nosys */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 296 = nosys */ - { compat4(AS(freebsd4_freebsd32_fhstatfs_args),freebsd32_fhstatfs) }, /* 297 = old freebsd32_fhstatfs */ + { compat4(AS(freebsd4_freebsd32_fhstatfs_args),freebsd32_fhstatfs), AUE_NULL }, /* 297 = old freebsd32_fhstatfs */ { AS(fhopen_args), (sy_call_t *)fhopen, AUE_NULL }, /* 298 = fhopen */ { AS(fhstat_args), (sy_call_t *)fhstat, AUE_NULL }, /* 299 = fhstat */ { SYF_MPSAFE | AS(modnext_args), (sy_call_t *)modnext, AUE_NULL }, /* 300 = modnext */ @@ -362,15 +362,15 @@ { SYF_MPSAFE | AS(sched_get_priority_min_args), (sy_call_t *)sched_get_priority_min, AUE_NULL }, /* 333 = sched_get_priority_min */ { SYF_MPSAFE | AS(sched_rr_get_interval_args), (sy_call_t *)sched_rr_get_interval, AUE_NULL }, /* 334 = sched_rr_get_interval */ { SYF_MPSAFE | AS(utrace_args), (sy_call_t *)utrace, AUE_NULL }, /* 335 = utrace */ - { compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sendfile_args),freebsd32_sendfile) }, /* 336 = old freebsd32_sendfile */ + { compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sendfile_args),freebsd32_sendfile), AUE_NULL }, /* 336 = old freebsd32_sendfile */ { AS(kldsym_args), (sy_call_t *)kldsym, AUE_NULL }, /* 337 = kldsym */ { SYF_MPSAFE | AS(jail_args), (sy_call_t *)jail, AUE_NULL }, /* 338 = jail */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 339 = pioctl */ { SYF_MPSAFE | AS(sigprocmask_args), (sy_call_t *)sigprocmask, AUE_NULL }, /* 340 = sigprocmask */ { SYF_MPSAFE | AS(sigsuspend_args), (sy_call_t *)sigsuspend, AUE_NULL }, /* 341 = sigsuspend */ - { compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sigaction_args),freebsd32_sigaction) }, /* 342 = old freebsd32_sigaction */ + { compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sigaction_args),freebsd32_sigaction), AUE_NULL }, /* 342 = old freebsd32_sigaction */ { SYF_MPSAFE | AS(sigpending_args), (sy_call_t *)sigpending, AUE_NULL }, /* 343 = sigpending */ - { compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sigreturn_args),freebsd32_sigreturn) }, /* 344 = old freebsd32_sigreturn */ + { compat4(SYF_MPSAFE | AS(freebsd4_freebsd32_sigreturn_args),freebsd32_sigreturn), AUE_NULL }, /* 344 = old freebsd32_sigreturn */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 345 = sigtimedwait */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 346 = sigwaitinfo */ { SYF_MPSAFE | AS(__acl_get_file_args), (sy_call_t *)__acl_get_file, AUE_NULL }, /* 347 = __acl_get_file */ ==== //depot/projects/trustedbsd/audit3/sys/compat/freebsd32/syscalls.master#5 (text+ko) ==== @@ -57,7 +57,7 @@ 3 MNOPROTO { ssize_t read(int fd, void *buf, size_t nbyte); } AUE_NULL 4 MNOPROTO { ssize_t write(int fd, const void *buf, \ size_t nbyte); } AUE_NULL -5 NOPROTO { int open(char *path, int flags, int mode); } AUE_OPEN +5 NOPROTO { int open(char *path, int flags, int mode); } AUE_OPEN_RWTC 6 MNOPROTO { int close(int fd); } AUE_CLOSE 7 MSTD { int freebsd32_wait4(int pid, int *status, int options, \ struct rusage32 *rusage); } AUE_NULL ==== //depot/projects/trustedbsd/audit3/sys/i386/linux/linux_sysent.c#5 (text+ko) ==== @@ -23,7 +23,7 @@ { SYF_MPSAFE | 0, (sy_call_t *)linux_fork, AUE_FORK }, /* 2 = linux_fork */ { SYF_MPSAFE | AS(read_args), (sy_call_t *)read, AUE_NULL }, /* 3 = read */ { SYF_MPSAFE | AS(write_args), (sy_call_t *)write, AUE_NULL }, /* 4 = write */ - { AS(linux_open_args), (sy_call_t *)linux_open, AUE_OPEN }, /* 5 = linux_open */ + { AS(linux_open_args), (sy_call_t *)linux_open, AUE_OPEN_RWTC }, /* 5 = linux_open */ { SYF_MPSAFE | AS(close_args), (sy_call_t *)close, AUE_CLOSE }, /* 6 = close */ { SYF_MPSAFE | AS(linux_waitpid_args), (sy_call_t *)linux_waitpid, AUE_NULL }, /* 7 = linux_waitpid */ { AS(linux_creat_args), (sy_call_t *)linux_creat, AUE_O_CREAT }, /* 8 = linux_creat */ ==== //depot/projects/trustedbsd/audit3/sys/i386/linux/syscalls.master#5 (text+ko) ==== @@ -40,7 +40,8 @@ 2 MSTD { int linux_fork(void); } AUE_FORK 3 MNOPROTO { int read(int fd, char *buf, u_int nbyte); } AUE_NULL 4 MNOPROTO { int write(int fd, char *buf, u_int nbyte); } AUE_NULL -5 STD { int linux_open(char *path, l_int flags, l_int mode); } AUE_OPEN +5 STD { int linux_open(char *path, l_int flags, l_int mode); } \ + AUE_OPEN_RWTC 6 MNOPROTO { int close(int fd); } AUE_CLOSE 7 MSTD { int linux_waitpid(l_pid_t pid, \ l_int *status, l_int options); } AUE_NULL ==== //depot/projects/trustedbsd/audit3/sys/kern/init_sysent.c#10 (text+ko) ==== @@ -34,7 +34,7 @@ { SYF_MPSAFE | 0, (sy_call_t *)fork, AUE_FORK }, /* 2 = fork */ { SYF_MPSAFE | AS(read_args), (sy_call_t *)read, AUE_NULL }, /* 3 = read */ { SYF_MPSAFE | AS(write_args), (sy_call_t *)write, AUE_NULL }, /* 4 = write */ - { SYF_MPSAFE | AS(open_args), (sy_call_t *)open, AUE_OPEN }, /* 5 = open */ + { SYF_MPSAFE | AS(open_args), (sy_call_t *)open, AUE_OPEN_RWTC }, /* 5 = open */ { SYF_MPSAFE | AS(close_args), (sy_call_t *)close, AUE_CLOSE }, /* 6 = close */ { SYF_MPSAFE | AS(wait_args), (sy_call_t *)wait4, AUE_NULL }, /* 7 = wait4 */ { compat(SYF_MPSAFE | AS(ocreat_args),creat), AUE_O_CREAT }, /* 8 = old creat */ ==== //depot/projects/trustedbsd/audit3/sys/kern/syscalls.master#10 (text+ko) ==== @@ -56,7 +56,7 @@ 3 MSTD { ssize_t read(int fd, void *buf, size_t nbyte); } AUE_NULL 4 MSTD { ssize_t write(int fd, const void *buf, size_t nbyte); } \ AUE_NULL -5 MSTD { int open(char *path, int flags, int mode); } AUE_OPEN +5 MSTD { int open(char *path, int flags, int mode); } AUE_OPEN_RWTC ; XXX should be { int open(const char *path, int flags, ...); } ; but we're not ready for `const' or varargs. ; XXX man page says `mode_t mode'. ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#14 (text+ko) ==== @@ -1276,12 +1276,13 @@ switch(ar->k_ar.ar_event) { - case AUE_OPEN: - /* The open syscall always writes a AUE_OPEN event; change it - * to the proper type of event based on the flags and the error - * value. + case AUE_OPEN_RWTC: + /* The open syscall always writes a AUE_OPEN_RWTC event; change + * it to the proper type of event based on the flags and the + * error value. */ - ar->k_ar.ar_event = flags_and_error_to_openevent(ar->k_ar.ar_arg_fflags, error); + ar->k_ar.ar_event = flags_and_error_to_openevent( + ar->k_ar.ar_arg_fflags, error); break; case AUE_SYSCTL: ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#8 (text+ko) ==== @@ -112,19 +112,6 @@ } } - /* Add the specific open events to the mapping. */ - au_evclassmap_insert(AUE_OPEN_R, AU_FREAD); - au_evclassmap_insert(AUE_OPEN_RC, AU_FREAD|AU_FCREATE); - au_evclassmap_insert(AUE_OPEN_RTC, AU_FREAD|AU_FCREATE|AU_FDELETE); - au_evclassmap_insert(AUE_OPEN_RT, AU_FREAD|AU_FDELETE); - au_evclassmap_insert(AUE_OPEN_RW, AU_FREAD|AU_FWRITE); - au_evclassmap_insert(AUE_OPEN_RWC, AU_FREAD|AU_FWRITE|AU_FCREATE); - au_evclassmap_insert(AUE_OPEN_RWTC, AU_FREAD|AU_FWRITE|AU_FCREATE|AU_FDELETE); - au_evclassmap_insert(AUE_OPEN_RWT, AU_FREAD|AU_FWRITE|AU_FDELETE); - au_evclassmap_insert(AUE_OPEN_W, AU_FWRITE); - au_evclassmap_insert(AUE_OPEN_WC, AU_FWRITE|AU_FCREATE); - au_evclassmap_insert(AUE_OPEN_WTC, AU_FWRITE|AU_FCREATE|AU_FDELETE); - au_evclassmap_insert(AUE_OPEN_WT, AU_FWRITE|AU_FDELETE); } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412150217.iBF2Hvv3094503>