Date: Wed, 29 Mar 2017 23:31:35 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r316185 - in head/sys: kern security/audit Message-ID: <201703292331.v2TNVZkN037757@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Wed Mar 29 23:31:35 2017 New Revision: 316185 URL: https://svnweb.freebsd.org/changeset/base/316185 Log: When handling msgsys(2), semsys(2), and shmsys(2) multiplex system calls, map the 'which' argument into a suitable audit event identifier for the specific operation requested. Obtained from: TrustedBSD Project MFC after: 3 weeks Sponsored by: DARPA, AFRL Modified: head/sys/kern/sysv_msg.c head/sys/kern/sysv_sem.c head/sys/kern/sysv_shm.c head/sys/security/audit/audit.c head/sys/security/audit/audit.h head/sys/security/audit/audit_arg.c head/sys/security/audit/audit_bsm_klib.c head/sys/security/audit/audit_private.h Modified: head/sys/kern/sysv_msg.c ============================================================================== --- head/sys/kern/sysv_msg.c Wed Mar 29 23:13:04 2017 (r316184) +++ head/sys/kern/sysv_msg.c Wed Mar 29 23:31:35 2017 (r316185) @@ -73,6 +73,7 @@ __FBSDID("$FreeBSD$"); #include <sys/malloc.h> #include <sys/jail.h> +#include <security/audit/audit.h> #include <security/mac/mac_framework.h> FEATURE(sysv_msg, "System V message queues support"); @@ -1639,6 +1640,7 @@ freebsd32_msgsys(struct thread *td, stru #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) + AUDIT_ARG_SVIPC_WHICH(uap->which); switch (uap->which) { case 0: return (freebsd7_freebsd32_msgctl(td, @@ -1810,6 +1812,7 @@ sys_msgsys(td, uap) { int error; + AUDIT_ARG_SVIPC_WHICH(uap->which); if (uap->which < 0 || uap->which >= nitems(msgcalls)) return (EINVAL); error = (*msgcalls[uap->which])(td, &uap->a2); Modified: head/sys/kern/sysv_sem.c ============================================================================== --- head/sys/kern/sysv_sem.c Wed Mar 29 23:13:04 2017 (r316184) +++ head/sys/kern/sysv_sem.c Wed Mar 29 23:31:35 2017 (r316185) @@ -62,6 +62,7 @@ __FBSDID("$FreeBSD$"); #include <sys/malloc.h> #include <sys/jail.h> +#include <security/audit/audit.h> #include <security/mac/mac_framework.h> FEATURE(sysv_sem, "System V semaphores support"); @@ -1692,6 +1693,7 @@ sys_semsys(td, uap) { int error; + AUDIT_ARG_SVIPC_WHICH(uap->which); if (uap->which < 0 || uap->which >= nitems(semcalls)) return (EINVAL); error = (*semcalls[uap->which])(td, &uap->a2); @@ -1791,6 +1793,7 @@ freebsd32_semsys(struct thread *td, stru #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) + AUDIT_ARG_SVIPC_WHICH(uap->which); switch (uap->which) { case 0: return (freebsd7_freebsd32_semctl(td, Modified: head/sys/kern/sysv_shm.c ============================================================================== --- head/sys/kern/sysv_shm.c Wed Mar 29 23:13:04 2017 (r316184) +++ head/sys/kern/sysv_shm.c Wed Mar 29 23:31:35 2017 (r316185) @@ -87,6 +87,7 @@ __FBSDID("$FreeBSD$"); #include <sys/sysproto.h> #include <sys/jail.h> +#include <security/audit/audit.h> #include <security/mac/mac_framework.h> #include <vm/vm.h> @@ -1300,6 +1301,7 @@ int sys_shmsys(struct thread *td, struct shmsys_args *uap) { + AUDIT_ARG_SVIPC_WHICH(uap->which); if (uap->which < 0 || uap->which >= nitems(shmcalls)) return (EINVAL); return ((*shmcalls[uap->which])(td, &uap->a2)); @@ -1315,6 +1317,7 @@ freebsd32_shmsys(struct thread *td, stru #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) + AUDIT_ARG_SVIPC_WHICH(uap->which); switch (uap->which) { case 0: { /* shmat */ struct shmat_args ap; Modified: head/sys/security/audit/audit.c ============================================================================== --- head/sys/security/audit/audit.c Wed Mar 29 23:13:04 2017 (r316184) +++ head/sys/security/audit/audit.c Wed Mar 29 23:31:35 2017 (r316185) @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2005 Apple Inc. - * Copyright (c) 2006-2007, 2016 Robert N. M. Watson + * Copyright (c) 2006-2007, 2016-2017 Robert N. M. Watson * All rights reserved. * * Portions of this software were developed by BAE Systems, the University of @@ -472,6 +472,24 @@ audit_commit(struct kaudit_record *ar, i /* Convert the auditon() command to an event. */ ar->k_ar.ar_event = auditon_command_event(ar->k_ar.ar_arg_cmd); break; + + case AUE_MSGSYS: + if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH)) + ar->k_ar.ar_event = + audit_msgsys_to_event(ar->k_ar.ar_arg_svipc_which); + break; + + case AUE_SEMSYS: + if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH)) + ar->k_ar.ar_event = + audit_semsys_to_event(ar->k_ar.ar_arg_svipc_which); + break; + + case AUE_SHMSYS: + if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH)) + ar->k_ar.ar_event = + audit_shmsys_to_event(ar->k_ar.ar_arg_svipc_which); + break; } auid = ar->k_ar.ar_subj_auid; Modified: head/sys/security/audit/audit.h ============================================================================== --- head/sys/security/audit/audit.h Wed Mar 29 23:13:04 2017 (r316184) +++ head/sys/security/audit/audit.h Wed Mar 29 23:31:35 2017 (r316185) @@ -1,7 +1,13 @@ /*- * Copyright (c) 1999-2005 Apple Inc. + * Copyright (c) 2016-2017 Robert N. M. Watson * All rights reserved. * + * This software was developed by BAE Systems, the University of Cambridge + * Computer Laboratory, and Memorial University under DARPA/AFRL contract + * FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent Computing + * (TC) research program. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -109,6 +115,7 @@ void audit_arg_svipc_cmd(int cmd); void audit_arg_svipc_perm(struct ipc_perm *perm); void audit_arg_svipc_id(int id); void audit_arg_svipc_addr(void *addr); +void audit_arg_svipc_which(int which); void audit_arg_posix_ipc_perm(uid_t uid, gid_t gid, mode_t mode); void audit_arg_auditon(union auditon_udata *udata); void audit_arg_file(struct proc *p, struct file *fp); @@ -282,6 +289,11 @@ void audit_thread_free(struct thread *t audit_arg_suid((suid)); \ } while (0) +#define AUDIT_ARG_SVIPC_WHICH(which) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_svipc_which((which)); \ +} while (0) + #define AUDIT_ARG_TEXT(text) do { \ if (AUDITING_TD(curthread)) \ audit_arg_text((text)); \ @@ -373,6 +385,7 @@ void audit_thread_free(struct thread *t #define AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol) #define AUDIT_ARG_SOCKADDR(td, dirfd, sa) #define AUDIT_ARG_SUID(suid) +#define AUDIT_ARG_SVIPC_WHICH(which) #define AUDIT_ARG_TEXT(text) #define AUDIT_ARG_UID(uid) #define AUDIT_ARG_UPATH1(td, dirfd, upath) Modified: head/sys/security/audit/audit_arg.c ============================================================================== --- head/sys/security/audit/audit_arg.c Wed Mar 29 23:13:04 2017 (r316184) +++ head/sys/security/audit/audit_arg.c Wed Mar 29 23:31:35 2017 (r316185) @@ -1,7 +1,13 @@ /*- * Copyright (c) 1999-2005 Apple Inc. + * Copyright (c) 2016-2017 Robert N. M. Watson * All rights reserved. * + * Portions of this software were developed by BAE Systems, the University of + * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL + * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent + * Computing (TC) research program. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -616,6 +622,19 @@ audit_arg_svipc_addr(void * addr) } void +audit_arg_svipc_which(int which) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + + ar->k_ar.ar_arg_svipc_which = which; + ARG_SET_VALID(ar, ARG_SVIPC_WHICH); +} + +void audit_arg_posix_ipc_perm(uid_t uid, gid_t gid, mode_t mode) { struct kaudit_record *ar; Modified: head/sys/security/audit/audit_bsm_klib.c ============================================================================== --- head/sys/security/audit/audit_bsm_klib.c Wed Mar 29 23:13:04 2017 (r316184) +++ head/sys/security/audit/audit_bsm_klib.c Wed Mar 29 23:31:35 2017 (r316185) @@ -1,6 +1,6 @@ /* * Copyright (c) 1999-2009 Apple Inc. - * Copyright (c) 2005, 2016 Robert N. M. Watson + * Copyright (c) 2005, 2016-2017 Robert N. M. Watson * All rights reserved. * * Portions of this software were developed by BAE Systems, the University of @@ -141,6 +141,29 @@ static const struct aue_open_event aue_o { (O_WRONLY | O_TRUNC), AUE_OPENAT_WT }, }; +static const int aue_msgsys[] = { + /* 0 */ AUE_MSGCTL, + /* 1 */ AUE_MSGGET, + /* 2 */ AUE_MSGSND, + /* 3 */ AUE_MSGRCV, +}; +static const int aue_msgsys_count = sizeof(aue_msgsys) / sizeof(int); + +static const int aue_semsys[] = { + /* 0 */ AUE_SEMCTL, + /* 1 */ AUE_SEMGET, + /* 2 */ AUE_SEMOP, +}; +static const int aue_semsys_count = sizeof(aue_semsys) / sizeof(int); + +static const int aue_shmsys[] = { + /* 0 */ AUE_SHMAT, + /* 1 */ AUE_SHMDT, + /* 2 */ AUE_SHMGET, + /* 3 */ AUE_SHMCTL, +}; +static const int aue_shmsys_count = sizeof(aue_shmsys) / sizeof(int); + /* * Look up the class for an audit event in the class mapping table. */ @@ -555,6 +578,43 @@ audit_semctl_to_event(int cmd) } /* + * Convert msgsys(2), semsys(2), and shmsys(2) system-call variations into + * audit events, if possible. + */ +au_event_t +audit_msgsys_to_event(int which) +{ + + if ((which >= 0) && (which < aue_msgsys_count)) + return (aue_msgsys[which]); + + /* Audit a bad command. */ + return (AUE_MSGSYS); +} + +au_event_t +audit_semsys_to_event(int which) +{ + + if ((which >= 0) && (which < aue_semsys_count)) + return (aue_semsys[which]); + + /* Audit a bad command. */ + return (AUE_SEMSYS); +} + +au_event_t +audit_shmsys_to_event(int which) +{ + + if ((which >= 0) && (which < aue_shmsys_count)) + return (aue_shmsys[which]); + + /* Audit a bad command. */ + return (AUE_SHMSYS); +} + +/* * Convert a command for the auditon() system call to a audit event. */ au_event_t Modified: head/sys/security/audit/audit_private.h ============================================================================== --- head/sys/security/audit/audit_private.h Wed Mar 29 23:13:04 2017 (r316184) +++ head/sys/security/audit/audit_private.h Wed Mar 29 23:31:35 2017 (r316185) @@ -226,6 +226,7 @@ struct audit_record { struct vnode_au_info ar_arg_vnode1; struct vnode_au_info ar_arg_vnode2; int ar_arg_cmd; + int ar_arg_svipc_which; int ar_arg_svipc_cmd; struct ipc_perm ar_arg_svipc_perm; int ar_arg_svipc_id; @@ -303,6 +304,7 @@ struct audit_record { #define ARG_ATFD2 0x0008000000000000ULL #define ARG_RIGHTS 0x0010000000000000ULL #define ARG_FCNTL_RIGHTS 0x0020000000000000ULL +#define ARG_SVIPC_WHICH 0x0200000000000000ULL #define ARG_NONE 0x0000000000000000ULL #define ARG_ALL 0xFFFFFFFFFFFFFFFFULL @@ -463,7 +465,10 @@ au_event_t audit_ctlname_to_sysctlevent au_event_t audit_flags_and_error_to_openevent(int oflags, int error); au_event_t audit_flags_and_error_to_openatevent(int oflags, int error); au_event_t audit_msgctl_to_event(int cmd); -au_event_t audit_semctl_to_event(int cmr); +au_event_t audit_msgsys_to_event(int which); +au_event_t audit_semctl_to_event(int cmd); +au_event_t audit_semsys_to_event(int which); +au_event_t audit_shmsys_to_event(int which); void audit_canon_path(struct thread *td, int dirfd, char *path, char *cpath); au_event_t auditon_command_event(int cmd);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703292331.v2TNVZkN037757>