From owner-p4-projects@FreeBSD.ORG Thu May 8 22:52:52 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E32EF106567F; Thu, 8 May 2008 22:52:51 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B5431065678 for ; Thu, 8 May 2008 22:52:51 +0000 (UTC) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 49D258FC16 for ; Thu, 8 May 2008 22:52:51 +0000 (UTC) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m48MqpwK007569 for ; Thu, 8 May 2008 22:52:51 GMT (envelope-from wsalamon@computer.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m48Mqpku007567 for perforce@freebsd.org; Thu, 8 May 2008 22:52:51 GMT (envelope-from wsalamon@computer.org) Date: Thu, 8 May 2008 22:52:51 GMT Message-Id: <200805082252.m48Mqpku007567@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to wsalamon@computer.org using -f From: Wayne Salamon To: Perforce Change Reviews Cc: Subject: PERFORCE change 141344 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 May 2008 22:52:52 -0000 http://perforce.freebsd.org/chv.cgi?CH=141344 Change 141344 by wsalamon@vh2 on 2008/05/08 22:52:25 Add definitions and stubs for MAC polict audit pre/post selection of events. Drop a comment in Audit to remove the setting of a flag to force an audit event to be committed. Affected files ... .. //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#6 edit .. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_audit.c#3 edit .. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_framework.h#3 edit .. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_policy.h#4 edit Differences ... ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#6 (text) ==== @@ -408,6 +408,7 @@ event = ar->k_ar.ar_event; class = au_event_class(event); +//WWW Take this out... ar->k_ar_commit |= AR_COMMIT_KERNEL; if (au_preselect(event, class, aumask, sorf) != 0) ar->k_ar_commit |= AR_PRESELECT_TRAIL; ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_audit.c#3 (text+ko) ==== @@ -146,3 +146,22 @@ return (audit_mac_data(MAC_AUDIT_TEXT_TYPE, size, sanitized)); } + +int +mac_audit_check_preselect(struct ucred *cred, au_event_t event) +{ + int ret; + + ret = MAC_AUDIT_DEFAULT; + return (ret); +} + +int +mac_audit_check_postselect(struct ucred *cred, au_event_t event, int error, + int retval) +{ + int ret; + + ret = MAC_AUDIT_DEFAULT; + return (ret); +} ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_framework.h#3 (text+ko) ==== @@ -88,6 +88,12 @@ #include /* XXX acl_type_t */ +#include /* au_event_t */ + +int mac_audit_check_preselect(struct ucred *cred, au_event_t event); +int mac_audit_check_postselect(struct ucred *cred, au_event_t event, + int error, int retval); + /* * Entry points to the TrustedBSD MAC Framework from the remainder of the * kernel: entry points are named based on a principle object type and an ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_policy.h#4 (text+ko) ==== @@ -115,6 +115,10 @@ /* * Operations sorted alphabetically by primary object type and then method. */ +typedef int (*mpo_audit_check_preselect_t)(struct ucred *cred, + au_event_t event); +typedef int (*mpo_audit_check_postselect_t)(struct ucred *cred, + au_event_t event, int error, int retval); typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d, struct label *dlabel, struct ifnet *ifp, struct label *ifplabel);