Date: Thu, 8 May 2008 22:52:51 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 141344 for review Message-ID: <200805082252.m48Mqpku007567@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=141344 Change 141344 by wsalamon@vh2 on 2008/05/08 22:52:25 Add definitions and stubs for MAC polict audit pre/post selection of events. Drop a comment in Audit to remove the setting of a flag to force an audit event to be committed. Affected files ... .. //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#6 edit .. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_audit.c#3 edit .. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_framework.h#3 edit .. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_policy.h#4 edit Differences ... ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#6 (text) ==== @@ -408,6 +408,7 @@ event = ar->k_ar.ar_event; class = au_event_class(event); +//WWW Take this out... ar->k_ar_commit |= AR_COMMIT_KERNEL; if (au_preselect(event, class, aumask, sorf) != 0) ar->k_ar_commit |= AR_PRESELECT_TRAIL; ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_audit.c#3 (text+ko) ==== @@ -146,3 +146,22 @@ return (audit_mac_data(MAC_AUDIT_TEXT_TYPE, size, sanitized)); } + +int +mac_audit_check_preselect(struct ucred *cred, au_event_t event) +{ + int ret; + + ret = MAC_AUDIT_DEFAULT; + return (ret); +} + +int +mac_audit_check_postselect(struct ucred *cred, au_event_t event, int error, + int retval) +{ + int ret; + + ret = MAC_AUDIT_DEFAULT; + return (ret); +} ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_framework.h#3 (text+ko) ==== @@ -88,6 +88,12 @@ #include <sys/acl.h> /* XXX acl_type_t */ +#include <bsm/audit.h> /* au_event_t */ + +int mac_audit_check_preselect(struct ucred *cred, au_event_t event); +int mac_audit_check_postselect(struct ucred *cred, au_event_t event, + int error, int retval); + /* * Entry points to the TrustedBSD MAC Framework from the remainder of the * kernel: entry points are named based on a principle object type and an ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_policy.h#4 (text+ko) ==== @@ -115,6 +115,10 @@ /* * Operations sorted alphabetically by primary object type and then method. */ +typedef int (*mpo_audit_check_preselect_t)(struct ucred *cred, + au_event_t event); +typedef int (*mpo_audit_check_postselect_t)(struct ucred *cred, + au_event_t event, int error, int retval); typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d, struct label *dlabel, struct ifnet *ifp, struct label *ifplabel);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805082252.m48Mqpku007567>