Date: Mon, 22 Jun 2009 09:48:48 GMT From: Ilias Marinos <marinosi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 164840 for review Message-ID: <200906220948.n5M9mmvg078717@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164840 Change 164840 by marinosi@marinosi_redrum on 2009/06/22 09:48:39 Special device node management added along with slice management (creation/initialization/removal etc). Affected files ... .. //depot/projects/soc2009/marinosi_appaudit/src/sys/conf/files#2 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#6 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#2 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#4 edit Differences ... ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/conf/files#2 (text+ko) ==== @@ -2537,6 +2537,7 @@ security/audit/audit_syscalls.c standard security/audit/audit_trigger.c optional audit security/audit/audit_worker.c optional audit +security/audit/audit_slice.c optional audit security/mac/mac_atalk.c optional mac netatalk security/mac/mac_audit.c optional mac audit security/mac/mac_cred.c optional mac ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#6 (text) ==== @@ -89,6 +89,9 @@ */ struct audit_slice *audit_base_slice = NULL; +/* Audit slice ptr -helper */ +struct audit_slice *as_ptr = NULL; + /* Audit slices queue */ struct audit_slice_queue audit_slice_q; @@ -631,18 +634,22 @@ audit_slice_create(char *name) { struct audit_slice *as = NULL; - int ret; + int err; - ret = 0; + err = 0; as = malloc(sizeof(*as), M_AUDITSLICE, M_WAITOK | M_ZERO); if ( as == NULL ) - ret = 1; /* Failed to allocate slice */ + err = 1; /* Failed to allocate slice */ + as_ptr = as; TAILQ_INSERT_TAIL(&audit_slice_q, as, as_q); /* Initialize the base slice */ audit_slice_init(as, name); + /* Create the special device node */ + audit_slice_cdev_init(as); + /* Start audit worker thread. */ audit_worker_init(as); } @@ -675,6 +682,8 @@ as->audit_nae_mask.am_success = 0; as->audit_nae_mask.am_failure = 0; + as->as_dev = NULL; + TAILQ_INIT(&(as->audit_q)); as->audit_q_len = 0; as->audit_pre_q_len = 0; @@ -706,6 +715,7 @@ { if (as != NULL) { TAILQ_REMOVE(&audit_slice_q, as, as_q); + destroy_dev(as->as_dev); free(as, M_AUDITSLICE); } } ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#2 (text+ko) ==== @@ -47,9 +47,11 @@ #include <sys/unistd.h> -#include <security/appaudit/audit_slice_private.h> +#include <security/audit/audit_slice.h> + + + -#define AUDIT_SLICE_DEV_MINOR 0 #define AUDIT_SLICE_DEV_NAME "something" @@ -78,14 +80,11 @@ .d_name = "AUDIT_SLICE_DEV_NAME", /* to be changed */ }; -/* For use with make_dev(9)/destroy_dev(9). - */ -static struct cdev *audit_slice_dev; - /* * Special device methods. */ + /* * Audit slice's device open method. Explicit privilege check isn't used as * this allows file permissions on the special device to be used to grant @@ -93,10 +92,19 @@ */ static int audit_slice_dev_open(struct cdev *dev, int oflags, int devtype, - struct thread *td, struct audit_slice *as) + struct thread *td) { + struct audit_slice *as; int error; + /* + * XXX: Using as_ptr to pass the audit_slice that "owns" the device. + * Refine the implementation and check for better ways to achieve + * that. + */ + as = as_ptr; + dev->si_drv1 = as; + /* Only one process may open the device at a time. */ mtx_lock(&(as->as_dev_mtx)); if (!as->as_dev_isopen) { @@ -114,9 +122,11 @@ */ static int audit_slice_dev_close(struct cdev *dev, int fflag, int devtype, - struct thread *td, struct audit_slice *as) + struct thread *td) +{ + struct audit_slice *as; -{ + as = dev->si_drv1; mtx_lock(&(as->as_dev_mtx)); as->as_dev_isopen = 1; /* Do something here */ @@ -145,7 +155,6 @@ { /* Actual work here */ - int c, error = 0; void *audit_slice_dev_buf; @@ -157,7 +166,7 @@ error = uiomove(audit_slice_dev_buf, c, uio); if (error) break; - (*random_systat.write)(random_buf, c); + //(*random_systat.write)(random_buf, c); } free(audit_slice_dev_buf, M_TEMP); @@ -168,32 +177,36 @@ /* * Ioctl method */ -audit_slice_dev_ioctl(struct cdev *dev, int events, struct thread *td) +static int +audit_slice_dev_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, + struct thread *td) { - /* Do we need ioctl ? */ + return (0); } /* - * poll method.(if needed) + * Poll method.(if needed) */ static int audit_slice_dev_poll(struct cdev *dev, int events, struct thread *td) { - + return (0); } /* Init the character device */ -static void +void audit_slice_cdev_init(struct audit_slice *as) { /* Create the special device file. */ - audit_dev = make_dev(&audit_cdevsw, 0, as->uid, as->gid, as->perms, - as->as_dev_name); + as->as_dev = make_dev(&audit_slice_cdevsw, as->unit, as->uid, as->gid, + as->perms, "%s", as->as_dev_name); } -/* Need to find a way to call the following with a new struct as arg every - * time */ -SYSINIT(audit_slice_cdev_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE, - audit_slice_cdev_init, NULL); +/* + * Need to find a way to call the following with a new struct as arg every + * time + */ +//SYSINIT(audit_slice_cdev_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE, +// audit_slice_cdev_init, NULL); ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#4 (text+ko) ==== @@ -35,6 +35,7 @@ #define AUDIT_SLICE_NAME_LEN 20 #define AUDIT_DEV_NAME_LEN 20 + struct kaudit_record; /* @@ -146,13 +147,16 @@ * Applications need their slice device to submit their audit records. * Device specific variables here. */ + struct cdev *as_dev; char as_dev_name[AUDIT_DEV_NAME_LEN]; - int as_dev_isopen; - struct mtx as_dev_mtx; + int unit; uid_t uid; gid_t gid; int perms; + struct mtx as_dev_mtx; + int as_dev_isopen; + /* * Keep the several audit slices in a list */ @@ -165,6 +169,9 @@ /* Static allocation of the base slice */ extern struct audit_slice *audit_base_slice; +/* Audit slice ptr - helper */ +extern struct audit_slice *as_ptr; + /* Audit slices queue */ extern struct audit_slice_queue audit_slice_q; @@ -178,3 +185,4 @@ void audit_slice_init(struct audit_slice *as, char *name); void audit_slice_create(char *name); void audit_slice_destroy(struct audit_slice *as); +void audit_slice_cdev_init(struct audit_slice *as);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906220948.n5M9mmvg078717>