From owner-p4-projects@FreeBSD.ORG Wed Oct 27 21:25:18 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 97D7716A4D0; Wed, 27 Oct 2004 21:25:18 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7195916A4CE for ; Wed, 27 Oct 2004 21:25:18 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 650EF43D31 for ; Wed, 27 Oct 2004 21:25:18 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i9RLPIjs023265 for ; Wed, 27 Oct 2004 21:25:18 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i9RLPI6c023262 for perforce@freebsd.org; Wed, 27 Oct 2004 21:25:18 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 27 Oct 2004 21:25:18 GMT Message-Id: <200410272125.i9RLPI6c023262@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 63849 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Oct 2004 21:25:19 -0000 http://perforce.freebsd.org/chv.cgi?CH=63849 Change 63849 by rwatson@rwatson_tislabs on 2004/10/27 21:25:02 Use the per-process system call vector rather than the global vector, in order to permit auditing based on per-vector audit event types, which may not match the global ones. E.g., the FreeBSD system call number for open() is not the same as the Linux one. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#12 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#12 (text+ko) ==== @@ -1361,7 +1361,17 @@ int audit_event; struct au_mask *aumask; - audit_event = sysent[code].sy_auevent; + /* + * In FreeBSD, each ABI has its own system call table, and hence + * mapping of system call codes to audit events. Convert the code to + * an audit event identifier using the process system call table + * reference. In Darwin, there's only one, so we use the global + * symbol for the system call table. + */ + if (code >= td->td_proc->p_sysent->sv_size) + return; + + audit_event = td->td_proc->p_sysent->sv_table[code].sy_auevent; if (audit_event == AUE_NULL) return;