Date: Sun, 6 Aug 2006 10:18:31 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 103317 for review Message-ID: <200608061018.k76AIVDj037505@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=103317 Change 103317 by rwatson@rwatson_zoo on 2006/08/06 10:17:32 Initial placement of MAC checks in audit system calls. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#19 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#19 (text+ko) ==== @@ -29,7 +29,17 @@ * $FreeBSD: src/sys/security/audit/audit_syscalls.c,v 1.4 2006/06/05 22:36:12 rwatson Exp $ */ +/* + * XXXRW: The MAC checks here vary in location based on when the arguments + * they need have been copied in. Probably, we should universally adopt the + * order: (1) copy in arguments (2) audit arguments (3) MAC check + * (4) suser() check. + */ + +#include "opt_mac.h" + #include <sys/param.h> +#include <sys/mac.h> #include <sys/mount.h> #include <sys/namei.h> #include <sys/proc.h> @@ -112,6 +122,12 @@ goto free_out; } +#ifdef MAC + error = mac_check_system_audit(td->td_ucred, rec, uap->length); + if (error) + goto free_out; +#endif + /* * Attach the user audit record to the kernel audit record. Because * this system call is an auditable event, we will write the user @@ -148,6 +164,13 @@ struct proc *tp; AUDIT_ARG(cmd, uap->cmd); + +#ifdef MAC + error = mac_check_system_auditon(td->td_ucred, uap->cmd); + if (error) + return (error); +#endif + error = suser(td); if (error) return (error); @@ -394,6 +417,12 @@ int error; au_id_t id; +#ifdef MAC + error = mac_check_proc_getauid(td->td_ucred); + if (error) + return (error); +#endif + error = suser(td); if (error) return (error); @@ -426,6 +455,12 @@ audit_arg_auid(id); +#ifdef MAC + error = mac_check_proc_setauid(td->td_ucred, id); + if (error) + return (error); +#endif + /* * XXX: Integer write on static pointer dereference: doesn't need * locking? @@ -454,6 +489,12 @@ struct auditinfo ai; int error; +#ifdef MAC + error = mac_check_proc_getaudit(td->td_ucred); + if (error) + return (error); +#endif + error = suser(td); if (error) return (error); @@ -483,6 +524,12 @@ audit_arg_auditinfo(&ai); +#ifdef MAC + error = mac_check_proc_setaudit(td->td_ucred, &ai); + if (error) + return (error); +#endif + /* * XXXRW: Test privilege while holding the proc lock? */ @@ -500,6 +547,12 @@ { int error; +#ifdef MAC + error = mac_check_proc_getaudit(td->td_ucred); + if (error) + return (error); +#endif + error = suser(td); if (error) return (error); @@ -516,6 +569,13 @@ error = suser(td); if (error) return (error); + +#ifdef MAC + error = mac_check_proc_setaudit(td->td_ucred, NULL); + if (error) + return (error); +#endif + return (ENOSYS); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608061018.k76AIVDj037505>