From owner-p4-projects@FreeBSD.ORG Thu Apr 20 14:34:37 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2750616A409; Thu, 20 Apr 2006 14:34:37 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8EAF16A407 for ; Thu, 20 Apr 2006 14:34:36 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE80943D98 for ; Thu, 20 Apr 2006 14:34:19 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k3KEYJvi055076 for ; Thu, 20 Apr 2006 14:34:19 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k3KEYJTF055070 for perforce@freebsd.org; Thu, 20 Apr 2006 14:34:19 GMT (envelope-from millert@freebsd.org) Date: Thu, 20 Apr 2006 14:34:19 GMT Message-Id: <200604201434.k3KEYJTF055070@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 95676 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2006 14:34:37 -0000 http://perforce.freebsd.org/chv.cgi?CH=95676 Change 95676 by millert@millert_g5tower on 2006/04/20 14:33:20 Emulate Linux audit api instead of using printk. We now hold the mutex for a much short period. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#7 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#12 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#6 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc_audit.c#1 add .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#9 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#13 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#7 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#7 (text+ko) ==== @@ -8,7 +8,7 @@ POLICY_SRCS+= ss/avtab.c ss/ebitmap.c ss/hashtab.c ss/init.c ss/policydb.c \ ss/queue.c ss/services.c ss/sidtab.c ss/symtab.c ss/mach_av.c \ ss/conditional.c -POLICY_SRCS+= avc/avc.c +POLICY_SRCS+= avc/avc.c avc/avc_audit.c CFLAGS+= -DSEFOS_DEBUG -I.. ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#12 (text+ko) ==== @@ -73,7 +73,7 @@ }; static mutex_t *avc_lock; -static mutex_t *avc_log_lock; +extern mutex_t *avc_log_lock; uint64_t avc_msg_cost, avc_msg_burst; static struct avc_node *avc_node_freelist; static struct avc_cache avc_cache; @@ -111,14 +111,14 @@ * @tclass: target security class * @av: access vector */ -void avc_dump_av(u16 tclass, u32 av) +void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av) { char **common_pts = NULLL; u32 common_base = NULL; int i, i2, perm; if (av == 0) { - printk(" null"); + audit_log_end(ab); return; } @@ -130,12 +130,12 @@ } } - printk(" {"); + audit_log_format(ab, " {"); i = 0; perm = 1; while (perm < common_base) { if (perm & av) - printk(" %s", common_pts[i]); + audit_log_format(ab, " %s", common_pts[i]); i++; perm <<= 1; } @@ -148,13 +148,13 @@ break; } if (i2 < ARRAY_SIZE(av_perm_to_string)) - printk(" %s", av_perm_to_string[i2].name); + audit_log_format(ab, " %s", av_perm_to_string[i2].name); } i++; perm <<= 1; } - printk(" }"); + audit_log_format(ab, " }"); } #endif @@ -164,7 +164,7 @@ * @tsid: target security identifier * @tclass: target security class */ -void avc_dump_query(u32 ssid, u32 tsid, u16 tclass) +void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass) { int rc; char *scontext; @@ -172,20 +172,20 @@ rc = security_sid_to_context(ssid, &scontext, &scontext_len); if (rc) - printk("ssid=%d", ssid); + audit_log_format(ab, "ssid=%d", ssid); else { - printk("scontext=%s", scontext); + audit_log_format(ab, "scontext=%s", scontext); kfree(scontext); } rc = security_sid_to_context(tsid, &scontext, &scontext_len); if (rc) - printk(" tsid=%d", tsid); + audit_log_format(ab, " tsid=%d", tsid); else { - printk(" tcontext=%s", scontext); + audit_log_format(ab, " tcontext=%s", scontext); kfree(scontext); } - printk(" tclass=%s", security_class_to_string(tclass)); + audit_log_format(ab, " tclass=%s", security_class_to_string(tclass)); } /** @@ -457,23 +457,24 @@ } #if 0 -static inline void avc_print_ipv6_addr(struct in6_addr *addr, u16 port, +static inline void avc_print_ipv6_addr(struct audit_buffer *ab, + struct in6_addr *addr, u16 port, char *name1, char *name2) { if (!ipv6_addr_any(addr)) - printk(" %s=%04x:%04x:%04x:%04x:%04x:" + audit_log_format(ab, " %s=%04x:%04x:%04x:%04x:%04x:" "%04x:%04x:%04x", name1, NIP6(*addr)); if (port) - printk(" %s=%d", name2, ntohs(port)); + audit_log_format(ab, " %s=%d", name2, ntohs(port)); } -static inline void avc_print_ipv4_addr(u32 addr, u16 port, - char *name1, char *name2) +static inline void avc_print_ipv4_addr(struct audit_buffer *ab, u32 addr, + u16 port, char *name1, char *name2) { if (addr) - printk(" %s=%d.%d.%d.%d", name1, NIPQUAD(addr)); + audit_log_format(ab, " %s=%d.%d.%d.%d", name1, NIPQUAD(addr)); if (port) - printk(" %s=%d", name2, ntohs(port)); + audit_log_format(ab, " %s=%d", name2, ntohs(port)); } #endif @@ -566,6 +567,7 @@ { struct proc *tsk = current_proc(); u32 denied, audited; + struct audit_buffer *ab; denied = requested & ~avd->allowed; if (denied) { @@ -583,30 +585,32 @@ if (!check_avc_ratelimit()) return; - /* prevent overlapping printks */ - spin_lock_irqsave(&avc_log_lock,flags); - - printk("\navc: %s ", denied ? "denied" : "granted"); - avc_dump_av(tclass,audited); - printk(" for "); + ab = audit_log_start(); + if (!ab) + return; /* audit_panic has been called */ + audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); + avc_dump_av(ab, tclass,audited); + audit_log_format(ab, " for "); /* if (a && a->tsk) tsk = a->tsk;*/ if (tsk && tsk->p_pid) { - printk(" pid=%d comm=%s", tsk->p_pid, tsk->p_comm); + audit_log_format(ab, " pid=%d comm=%s", tsk->p_pid, tsk->p_comm); } if (a) { switch (a->type) { case AVC_AUDIT_DATA_IPC: - printk(" key=%d", a->u.ipc_id); + audit_log_format(ab, " key=%d", a->u.ipc_id); break; #ifdef CAPABILITIES case AVC_AUDIT_DATA_CAP: { const char *capt = capv_to_text (a->u.cap); if (capt[7] == '!') - printk (" capability=<%lld>", a->u.cap); + audit_log_format(ab, + " capability=<%lld>", a->u.cap); else - printk(" capability=%s", capv_to_text (a->u.cap)); + audit_log_format(ab, " capability=%s", + capv_to_text(a->u.cap)); } break; #endif @@ -618,11 +622,13 @@ !VOP_GETATTR(vp, &va, tsk->p_ucred, tsk)) { - printk(" inode=%ld, mountpoint=%s, ", + audit_log_format(ab, + " inode=%ld, mountpoint=%s, ", va.va_fileid, vp->v_mount->mnt_stat.f_mntonname); } else { - printk(" fs/inode info not available"); + audit_log_format(ab, + " fs/inode info not available"); } } break; @@ -631,11 +637,9 @@ break; } } - printk(" "); - avc_dump_query(ssid, tsid, tclass); - printk("\n"); - - spin_unlock_irqrestore(&avc_log_lock,flags); + audit_log_format(ab, " "); + avc_dump_query(ab, ssid, tsid, tclass); + audit_log_end(ab); } /** ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#6 (text+ko) ==== @@ -106,10 +106,12 @@ * AVC display support */ void avc_dump_av( + struct audit_buffer *ab, u16 tclass, /* IN */ u32 av); /* IN */ void avc_dump_query( + struct audit_buffer *ab, u32 ssid, /* IN */ u32 tsid, /* IN */ u16 tclass); /* IN */ ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#9 (text+ko) ==== @@ -248,6 +248,7 @@ siginh setrlimit rlimitinh + dyntransition } ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#13 (text+ko) ==== @@ -114,6 +114,14 @@ #define spin_lock_irqsave(m,flags) mutex_lock(*(m)) #define spin_unlock_irqrestore(m,flags) mutex_unlock(*(m)) +/* emulate linux audit support */ +struct audit_buffer; +struct audit_buffer *audit_log_start(void); +void audit_log(const char *, ...); +void audit_log_end(struct audit_buffer *); +void audit_log_format(struct audit_buffer *, const char *, ...); +void audit_log_untrustedstring(struct audit_buffer *, const char *); + #endif /* _KERNEL */ #define BUG() printf("BUG: %s:%d", __FILE__, __LINE__) ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#7 (text+ko) ==== @@ -1847,7 +1847,7 @@ * @tclass: target security class * @av: access vector */ -void avc_dump_av(u16 tclass, u32 av) +void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av) { char **common_pts = 0; struct class_datum *cls; @@ -1856,14 +1856,14 @@ int i, i2; if (av == 0) { - printk(" null "); + audit_log_format(ab, " null "); return; } cls = policydb.class_val_to_struct[tclass-1]; clb = cls->comdatum; - printk(" {"); + audit_log_format(ab, " {"); for (i = 0, perm = 1; i < sizeof(av) * 8; i++, perm <<= 1) { if (perm & av) { const char *pstr; @@ -1872,14 +1872,14 @@ if (!pstr && clb) pstr = findperm(clb->permissions.table, i); if (!pstr) - printk(" %s:%d", + audit_log_format(ab, " %s:%d", policydb.p_class_val_to_name[tclass-1], i); else - printk(" %s", pstr); + audit_log_format(ab, " %s", pstr); } } - printk(" }"); + audit_log_format(ab, " }"); } const char *security_class_to_string(int tclass)