From owner-p4-projects@FreeBSD.ORG Sat Jun 24 00:51:51 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 7DAEC16A494; Sat, 24 Jun 2006 00:51:51 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5087816A47E for ; Sat, 24 Jun 2006 00:51:51 +0000 (UTC) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 070A243D45 for ; Sat, 24 Jun 2006 00:51:51 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k5O0pooM081374 for ; Sat, 24 Jun 2006 00:51:50 GMT (envelope-from wsalamon@computer.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k5O0poZZ081371 for perforce@freebsd.org; Sat, 24 Jun 2006 00:51:50 GMT (envelope-from wsalamon@computer.org) Date: Sat, 24 Jun 2006 00:51:50 GMT Message-Id: <200606240051.k5O0poZZ081371@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to wsalamon@computer.org using -f From: Wayne Salamon To: Perforce Change Reviews Cc: Subject: PERFORCE change 99910 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jun 2006 00:51:51 -0000 http://perforce.freebsd.org/chv.cgi?CH=99910 Change 99910 by wsalamon@vh3 on 2006/06/24 00:51:45 Audit the extattr system calls. Re-gen the system call table and related files with the AUE_ events. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#23 integrate .. //depot/projects/trustedbsd/audit3/sys/kern/init_sysent.c#30 edit .. //depot/projects/trustedbsd/audit3/sys/kern/syscalls.c#21 edit .. //depot/projects/trustedbsd/audit3/sys/kern/syscalls.master#34 edit .. //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#33 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#15 edit .. //depot/projects/trustedbsd/audit3/sys/sys/syscall.h#20 edit .. //depot/projects/trustedbsd/audit3/sys/sys/syscall.mk#21 edit .. //depot/projects/trustedbsd/audit3/sys/sys/sysproto.h#24 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#23 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#22 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#23 $ * $FreeBSD: src/sys/bsm/audit_kevents.h,v 1.5 2006/02/06 01:12:46 rwatson Exp $ */ @@ -384,7 +384,24 @@ #define AUE_ACL_DELETE_FD 403 /* FreeBSD. */ #define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */ #define AUE_ACL_CHECK_FD 405 /* FreeBSD. */ -#define AUE_SYSARCH 406 /* FreeBSD. */ +#define AUE_ACL_GET_LINK 406 /* FreeBSD. */ +#define AUE_ACL_SET_LINK 407 /* FreeBSD. */ +#define AUE_ACL_DELETE_LINK 408 /* FreeBSD. */ +#define AUE_ACL_CHECK_LINK 409 /* FreeBSD. */ +#define AUE_SYSARCH 410 /* FreeBSD. */ +#define AUE_EXTATTRCTL 411 /* FreeBSD. */ +#define AUE_EXTATTR_GET_FILE 412 /* FreeBSD. */ +#define AUE_EXTATTR_SET_FILE 413 /* FreeBSD. */ +#define AUE_EXTATTR_LIST_FILE 414 /* FreeBSD. */ +#define AUE_EXTATTR_DELETE_FILE 415 /* FreeBSD. */ +#define AUE_EXTATTR_GET_FD 416 /* FreeBSD. */ +#define AUE_EXTATTR_SET_FD 417 /* FreeBSD. */ +#define AUE_EXTATTR_LIST_FD 418 /* FreeBSD. */ +#define AUE_EXTATTR_DELETE_FD 419 /* FreeBSD. */ +#define AUE_EXTATTR_GET_LINK 420 /* FreeBSD. */ +#define AUE_EXTATTR_SET_LINK 421 /* FreeBSD. */ +#define AUE_EXTATTR_LIST_LINK 422 /* FreeBSD. */ +#define AUE_EXTATTR_DELETE_LINK 423 /* FreeBSD. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the ==== //depot/projects/trustedbsd/audit3/sys/kern/init_sysent.c#30 (text+ko) ==== @@ -2,8 +2,8 @@ * System call switch table. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/kern/init_sysent.c,v 1.211 2006/03/23 08:48:37 davidxu Exp $ - * created from FreeBSD: src/sys/kern/syscalls.master,v 1.213 2006/03/23 08:46:41 davidxu Exp + * $FreeBSD$ + * created from FreeBSD: src/sys/kern/syscalls.master,v 1.215 2006/03/28 14:32:37 des Exp */ #include "opt_compat.h" @@ -384,10 +384,10 @@ { SYF_MPSAFE | AS(__acl_delete_fd_args), (sy_call_t *)__acl_delete_fd, AUE_NULL }, /* 352 = __acl_delete_fd */ { SYF_MPSAFE | AS(__acl_aclcheck_file_args), (sy_call_t *)__acl_aclcheck_file, AUE_NULL }, /* 353 = __acl_aclcheck_file */ { SYF_MPSAFE | AS(__acl_aclcheck_fd_args), (sy_call_t *)__acl_aclcheck_fd, AUE_NULL }, /* 354 = __acl_aclcheck_fd */ - { SYF_MPSAFE | AS(extattrctl_args), (sy_call_t *)extattrctl, AUE_NULL }, /* 355 = extattrctl */ - { SYF_MPSAFE | AS(extattr_set_file_args), (sy_call_t *)extattr_set_file, AUE_NULL }, /* 356 = extattr_set_file */ - { SYF_MPSAFE | AS(extattr_get_file_args), (sy_call_t *)extattr_get_file, AUE_NULL }, /* 357 = extattr_get_file */ - { SYF_MPSAFE | AS(extattr_delete_file_args), (sy_call_t *)extattr_delete_file, AUE_NULL }, /* 358 = extattr_delete_file */ + { SYF_MPSAFE | AS(extattrctl_args), (sy_call_t *)extattrctl, AUE_EXTATTRCTL }, /* 355 = extattrctl */ + { SYF_MPSAFE | AS(extattr_set_file_args), (sy_call_t *)extattr_set_file, AUE_EXTATTR_SET_FILE }, /* 356 = extattr_set_file */ + { SYF_MPSAFE | AS(extattr_get_file_args), (sy_call_t *)extattr_get_file, AUE_EXTATTR_GET_FILE }, /* 357 = extattr_get_file */ + { SYF_MPSAFE | AS(extattr_delete_file_args), (sy_call_t *)extattr_delete_file, AUE_EXTATTR_DELETE_FILE }, /* 358 = extattr_delete_file */ { SYF_MPSAFE | AS(aio_waitcomplete_args), (sy_call_t *)lkmressys, AUE_NULL }, /* 359 = aio_waitcomplete */ { SYF_MPSAFE | AS(getresuid_args), (sy_call_t *)getresuid, AUE_GETRESUID }, /* 360 = getresuid */ { SYF_MPSAFE | AS(getresgid_args), (sy_call_t *)getresgid, AUE_GETRESGID }, /* 361 = getresgid */ @@ -400,9 +400,9 @@ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 368 = __cap_set_fd */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 369 = __cap_set_file */ { AS(nosys_args), (sy_call_t *)lkmressys, AUE_NULL }, /* 370 = lkmressys */ - { SYF_MPSAFE | AS(extattr_set_fd_args), (sy_call_t *)extattr_set_fd, AUE_NULL }, /* 371 = extattr_set_fd */ - { SYF_MPSAFE | AS(extattr_get_fd_args), (sy_call_t *)extattr_get_fd, AUE_NULL }, /* 372 = extattr_get_fd */ - { SYF_MPSAFE | AS(extattr_delete_fd_args), (sy_call_t *)extattr_delete_fd, AUE_NULL }, /* 373 = extattr_delete_fd */ + { SYF_MPSAFE | AS(extattr_set_fd_args), (sy_call_t *)extattr_set_fd, AUE_EXTATTR_SET_FD }, /* 371 = extattr_set_fd */ + { SYF_MPSAFE | AS(extattr_get_fd_args), (sy_call_t *)extattr_get_fd, AUE_EXTATTR_GET_FD }, /* 372 = extattr_get_fd */ + { SYF_MPSAFE | AS(extattr_delete_fd_args), (sy_call_t *)extattr_delete_fd, AUE_EXTATTR_DELETE_FD }, /* 373 = extattr_delete_fd */ { SYF_MPSAFE | AS(__setugid_args), (sy_call_t *)__setugid, AUE_NULL }, /* 374 = __setugid */ { AS(nfsclnt_args), (sy_call_t *)nosys, AUE_NULL }, /* 375 = nfsclnt */ { SYF_MPSAFE | AS(eaccess_args), (sy_call_t *)eaccess, AUE_EACCESS }, /* 376 = eaccess */ @@ -441,9 +441,9 @@ { SYF_MPSAFE | AS(__mac_get_pid_args), (sy_call_t *)__mac_get_pid, AUE_NULL }, /* 409 = __mac_get_pid */ { SYF_MPSAFE | AS(__mac_get_link_args), (sy_call_t *)__mac_get_link, AUE_NULL }, /* 410 = __mac_get_link */ { SYF_MPSAFE | AS(__mac_set_link_args), (sy_call_t *)__mac_set_link, AUE_NULL }, /* 411 = __mac_set_link */ - { SYF_MPSAFE | AS(extattr_set_link_args), (sy_call_t *)extattr_set_link, AUE_NULL }, /* 412 = extattr_set_link */ - { SYF_MPSAFE | AS(extattr_get_link_args), (sy_call_t *)extattr_get_link, AUE_NULL }, /* 413 = extattr_get_link */ - { SYF_MPSAFE | AS(extattr_delete_link_args), (sy_call_t *)extattr_delete_link, AUE_NULL }, /* 414 = extattr_delete_link */ + { SYF_MPSAFE | AS(extattr_set_link_args), (sy_call_t *)extattr_set_link, AUE_EXTATTR_SET_LINK }, /* 412 = extattr_set_link */ + { SYF_MPSAFE | AS(extattr_get_link_args), (sy_call_t *)extattr_get_link, AUE_EXTATTR_GET_LINK }, /* 413 = extattr_get_link */ + { SYF_MPSAFE | AS(extattr_delete_link_args), (sy_call_t *)extattr_delete_link, AUE_EXTATTR_DELETE_LINK }, /* 414 = extattr_delete_link */ { SYF_MPSAFE | AS(__mac_execve_args), (sy_call_t *)__mac_execve, AUE_NULL }, /* 415 = __mac_execve */ { SYF_MPSAFE | AS(sigaction_args), (sy_call_t *)sigaction, AUE_SIGACTION }, /* 416 = sigaction */ { SYF_MPSAFE | AS(sigreturn_args), (sy_call_t *)sigreturn, AUE_SIGRETURN }, /* 417 = sigreturn */ @@ -466,9 +466,9 @@ { SYF_MPSAFE | AS(_umtx_lock_args), (sy_call_t *)_umtx_lock, AUE_NULL }, /* 434 = _umtx_lock */ { SYF_MPSAFE | AS(_umtx_unlock_args), (sy_call_t *)_umtx_unlock, AUE_NULL }, /* 435 = _umtx_unlock */ { SYF_MPSAFE | AS(jail_attach_args), (sy_call_t *)jail_attach, AUE_NULL }, /* 436 = jail_attach */ - { SYF_MPSAFE | AS(extattr_list_fd_args), (sy_call_t *)extattr_list_fd, AUE_NULL }, /* 437 = extattr_list_fd */ - { SYF_MPSAFE | AS(extattr_list_file_args), (sy_call_t *)extattr_list_file, AUE_NULL }, /* 438 = extattr_list_file */ - { SYF_MPSAFE | AS(extattr_list_link_args), (sy_call_t *)extattr_list_link, AUE_NULL }, /* 439 = extattr_list_link */ + { SYF_MPSAFE | AS(extattr_list_fd_args), (sy_call_t *)extattr_list_fd, AUE_EXTATTR_LIST_FD }, /* 437 = extattr_list_fd */ + { SYF_MPSAFE | AS(extattr_list_file_args), (sy_call_t *)extattr_list_file, AUE_EXTATTR_LIST_FILE }, /* 438 = extattr_list_file */ + { SYF_MPSAFE | AS(extattr_list_link_args), (sy_call_t *)extattr_list_link, AUE_EXTATTR_LIST_LINK }, /* 439 = extattr_list_link */ { SYF_MPSAFE | AS(kse_switchin_args), (sy_call_t *)kse_switchin, AUE_NULL }, /* 440 = kse_switchin */ { SYF_MPSAFE | AS(ksem_timedwait_args), (sy_call_t *)lkmressys, AUE_NULL }, /* 441 = ksem_timedwait */ { SYF_MPSAFE | AS(thr_suspend_args), (sy_call_t *)thr_suspend, AUE_NULL }, /* 442 = thr_suspend */ ==== //depot/projects/trustedbsd/audit3/sys/kern/syscalls.c#21 (text+ko) ==== @@ -2,8 +2,8 @@ * System call names. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/kern/syscalls.c,v 1.195 2006/03/23 08:48:37 davidxu Exp $ - * created from FreeBSD: src/sys/kern/syscalls.master,v 1.213 2006/03/23 08:46:41 davidxu Exp + * $FreeBSD$ + * created from FreeBSD: src/sys/kern/syscalls.master,v 1.215 2006/03/28 14:32:37 des Exp */ const char *syscallnames[] = { ==== //depot/projects/trustedbsd/audit3/sys/kern/syscalls.master#34 (text+ko) ==== @@ -610,24 +610,26 @@ acl_type_t type, struct acl *aclp); } 350 AUE_NULL MSTD { int __acl_set_fd(int filedes, \ acl_type_t type, struct acl *aclp); } -351 AUE_NULL MSTD { int __acl_delete_file(const char *path, \ - acl_type_t type); } +351 AUE_NULL MSTD { int __acl_delete_file( \ + const char *path, acl_type_t type); } 352 AUE_NULL MSTD { int __acl_delete_fd(int filedes, \ acl_type_t type); } 353 AUE_NULL MSTD { int __acl_aclcheck_file(const char *path, \ acl_type_t type, struct acl *aclp); } 354 AUE_NULL MSTD { int __acl_aclcheck_fd(int filedes, \ acl_type_t type, struct acl *aclp); } -355 AUE_NULL MSTD { int extattrctl(const char *path, int cmd, \ +355 AUE_EXTATTRCTL MSTD { int extattrctl(const char *path, int cmd, \ const char *filename, int attrnamespace, \ const char *attrname); } -356 AUE_NULL MSTD { int extattr_set_file(const char *path, \ - int attrnamespace, const char *attrname, \ - void *data, size_t nbytes); } -357 AUE_NULL MSTD { ssize_t extattr_get_file(const char *path, \ - int attrnamespace, const char *attrname, \ - void *data, size_t nbytes); } -358 AUE_NULL MSTD { int extattr_delete_file(const char *path, \ +356 AUE_EXTATTR_SET_FILE MSTD { int extattr_set_file( \ + const char *path, int attrnamespace, \ + const char *attrname, void *data, \ + size_t nbytes); } +357 AUE_EXTATTR_GET_FILE MSTD { ssize_t extattr_get_file( \ + const char *path, int attrnamespace, \ + const char *attrname, void *data, \ + size_t nbytes); } +358 AUE_EXTATTR_DELETE_FILE MSTD { int extattr_delete_file(const char *path, \ int attrnamespace, \ const char *attrname); } 359 AUE_NULL MNOSTD { int aio_waitcomplete( \ @@ -649,13 +651,13 @@ 368 AUE_NULL UNIMPL __cap_set_fd 369 AUE_NULL UNIMPL __cap_set_file 370 AUE_NULL NODEF lkmressys lkmressys nosys_args int -371 AUE_NULL MSTD { int extattr_set_fd(int fd, \ +371 AUE_EXTATTR_SET_FD MSTD { int extattr_set_fd(int fd, \ int attrnamespace, const char *attrname, \ void *data, size_t nbytes); } -372 AUE_NULL MSTD { ssize_t extattr_get_fd(int fd, \ +372 AUE_EXTATTR_GET_FD MSTD { ssize_t extattr_get_fd(int fd, \ int attrnamespace, const char *attrname, \ void *data, size_t nbytes); } -373 AUE_NULL MSTD { int extattr_delete_fd(int fd, \ +373 AUE_EXTATTR_DELETE_FD MSTD { int extattr_delete_fd(int fd, \ int attrnamespace, \ const char *attrname); } 374 AUE_NULL MSTD { int __setugid(int flag); } @@ -718,14 +720,16 @@ struct mac *mac_p); } 411 AUE_NULL MSTD { int __mac_set_link(const char *path_p, \ struct mac *mac_p); } -412 AUE_NULL MSTD { int extattr_set_link(const char *path, \ - int attrnamespace, const char *attrname, \ - void *data, size_t nbytes); } -413 AUE_NULL MSTD { ssize_t extattr_get_link(const char *path, \ - int attrnamespace, const char *attrname, \ - void *data, size_t nbytes); } -414 AUE_NULL MSTD { int extattr_delete_link(const char *path, \ - int attrnamespace, \ +412 AUE_EXTATTR_SET_LINK MSTD { int extattr_set_link( \ + const char *path, int attrnamespace, \ + const char *attrname, void *data, \ + size_t nbytes); } +413 AUE_EXTATTR_GET_LINK MSTD { ssize_t extattr_get_link( \ + const char *path, int attrnamespace, \ + const char *attrname, void *data, \ + size_t nbytes); } +414 AUE_EXTATTR_DELETE_LINK MSTD { int extattr_delete_link( \ + const char *path, int attrnamespace, \ const char *attrname); } 415 AUE_NULL MSTD { int __mac_execve(char *fname, char **argv, \ char **envv, struct mac *mac_p); } @@ -761,13 +765,13 @@ 434 AUE_NULL MSTD { int _umtx_lock(struct umtx *umtx); } 435 AUE_NULL MSTD { int _umtx_unlock(struct umtx *umtx); } 436 AUE_NULL MSTD { int jail_attach(int jid); } -437 AUE_NULL MSTD { ssize_t extattr_list_fd(int fd, \ +437 AUE_EXTATTR_LIST_FD MSTD { ssize_t extattr_list_fd(int fd, \ int attrnamespace, void *data, \ size_t nbytes); } -438 AUE_NULL MSTD { ssize_t extattr_list_file( \ +438 AUE_EXTATTR_LIST_FILE MSTD { ssize_t extattr_list_file( \ const char *path, int attrnamespace, \ void *data, size_t nbytes); } -439 AUE_NULL MSTD { ssize_t extattr_list_link( \ +439 AUE_EXTATTR_LIST_LINK MSTD { ssize_t extattr_list_link( \ const char *path, int attrnamespace, \ void *data, size_t nbytes); } 440 AUE_NULL MSTD { int kse_switchin( \ ==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#33 (text+ko) ==== @@ -4371,6 +4371,8 @@ char attrname[EXTATTR_MAXNAMELEN]; int vfslocked, fnvfslocked, error; + AUDIT_ARG(cmd, uap->cmd); + AUDIT_ARG(value, uap->attrnamespace); /* * uap->attrname is not always defined. We check again later when we * invoke the VFS call so as to pass in NULL there if needed. @@ -4381,6 +4383,7 @@ if (error) return (error); } + AUDIT_ARG(text, attrname); vfslocked = fnvfslocked = 0; /* @@ -4509,9 +4512,12 @@ char attrname[EXTATTR_MAXNAMELEN]; int vfslocked, error; + AUDIT_ARG(fd, uap->fd); + AUDIT_ARG(value, uap->attrnamespace); error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL); if (error) return (error); + AUDIT_ARG(text, attrname); error = getvnode(td->td_proc->p_fd, uap->fd, &fp); if (error) @@ -4541,9 +4547,11 @@ char attrname[EXTATTR_MAXNAMELEN]; int vfslocked, error; + AUDIT_ARG(value, uap->attrnamespace); error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL); if (error) return (error); + AUDIT_ARG(text, attrname); NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); @@ -4576,9 +4584,11 @@ char attrname[EXTATTR_MAXNAMELEN]; int vfslocked, error; + AUDIT_ARG(value, uap->attrnamespace); error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL); if (error) return (error); + AUDIT_ARG(text, attrname); NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); @@ -4683,9 +4693,12 @@ char attrname[EXTATTR_MAXNAMELEN]; int vfslocked, error; + AUDIT_ARG(fd, uap->fd); + AUDIT_ARG(value, uap->attrnamespace); error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL); if (error) return (error); + AUDIT_ARG(text, attrname); error = getvnode(td->td_proc->p_fd, uap->fd, &fp); if (error) @@ -4715,9 +4728,11 @@ char attrname[EXTATTR_MAXNAMELEN]; int vfslocked, error; + AUDIT_ARG(value, uap->attrnamespace); error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL); if (error) return (error); + AUDIT_ARG(text, attrname); NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); @@ -4750,9 +4765,11 @@ char attrname[EXTATTR_MAXNAMELEN]; int vfslocked, error; + AUDIT_ARG(value, uap->attrnamespace); error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL); if (error) return (error); + AUDIT_ARG(text, attrname); NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); @@ -4827,9 +4844,12 @@ char attrname[EXTATTR_MAXNAMELEN]; int vfslocked, error; + AUDIT_ARG(fd, uap->fd); + AUDIT_ARG(value, uap->attrnamespace); error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL); if (error) return (error); + AUDIT_ARG(text, attrname); error = getvnode(td->td_proc->p_fd, uap->fd, &fp); if (error) @@ -4856,9 +4876,11 @@ char attrname[EXTATTR_MAXNAMELEN]; int vfslocked, error; + AUDIT_ARG(value, uap->attrnamespace); error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL); if (error) return(error); + AUDIT_ARG(text, attrname); NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); @@ -4887,9 +4909,11 @@ char attrname[EXTATTR_MAXNAMELEN]; int vfslocked, error; + AUDIT_ARG(value, uap->attrnamespace); error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL); if (error) return(error); + AUDIT_ARG(text, attrname); NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); @@ -4985,6 +5009,8 @@ struct file *fp; int vfslocked, error; + AUDIT_ARG(fd, uap->fd); + AUDIT_ARG(value, uap->attrnamespace); error = getvnode(td->td_proc->p_fd, uap->fd, &fp); if (error) return (error); @@ -5011,6 +5037,7 @@ struct nameidata nd; int vfslocked, error; + AUDIT_ARG(value, uap->attrnamespace); NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); @@ -5040,6 +5067,7 @@ struct nameidata nd; int vfslocked, error; + AUDIT_ARG(value, uap->attrnamespace); NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#15 (text+ko) ==== @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -625,6 +626,54 @@ UPATH1_VNODE1_TOKENS; break; + case AUE_EXTATTR_GET_FILE: + case AUE_EXTATTR_SET_FILE: + case AUE_EXTATTR_LIST_FILE: + case AUE_EXTATTR_DELETE_FILE: + case AUE_EXTATTR_GET_LINK: + case AUE_EXTATTR_SET_LINK: + case AUE_EXTATTR_LIST_LINK: + case AUE_EXTATTR_DELETE_LINK: + case AUE_EXTATTRCTL: + UPATH1_VNODE1_TOKENS; + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd); + kau_write(rec, tok); + } + /* extattrctl(2) filename parameter is in upath2/vnode2 */ + UPATH2_TOKENS; + VNODE2_TOKENS; + /* fall through */ + case AUE_EXTATTR_GET_FD: + case AUE_EXTATTR_SET_FD: + case AUE_EXTATTR_LIST_FD: + case AUE_EXTATTR_DELETE_FD: + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(2, "fd", ar->ar_arg_fd); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_VALUE)) { + switch (ar->ar_arg_value) { + case EXTATTR_NAMESPACE_USER: + tok = au_to_text(EXTATTR_NAMESPACE_USER_STRING); + break; + case EXTATTR_NAMESPACE_SYSTEM: + tok = au_to_text(EXTATTR_NAMESPACE_SYSTEM_STRING); + break; + default: + tok = au_to_arg32(3, "attrnamespace", + ar->ar_arg_value); + break; + } + kau_write(rec, tok); + } + /* attrname is in the text field */ + if (ARG_IS_VALID(kar, ARG_TEXT)) { + tok = au_to_text(ar->ar_arg_text); + kau_write(rec, tok); + } + break; + case AUE_FCHMOD: if (ARG_IS_VALID(kar, ARG_MODE)) { tok = au_to_arg32(2, "new file mode", ==== //depot/projects/trustedbsd/audit3/sys/sys/syscall.h#20 (text+ko) ==== @@ -2,8 +2,8 @@ * System call numbers. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/sys/syscall.h,v 1.192 2006/03/23 08:48:37 davidxu Exp $ - * created from FreeBSD: src/sys/kern/syscalls.master,v 1.213 2006/03/23 08:46:41 davidxu Exp + * $FreeBSD$ + * created from FreeBSD: src/sys/kern/syscalls.master,v 1.215 2006/03/28 14:32:37 des Exp */ #define SYS_syscall 0 ==== //depot/projects/trustedbsd/audit3/sys/sys/syscall.mk#21 (text+ko) ==== @@ -1,7 +1,7 @@ # FreeBSD system call names. # DO NOT EDIT-- this file is automatically generated. -# $FreeBSD: src/sys/sys/syscall.mk,v 1.147 2006/03/23 08:48:37 davidxu Exp $ -# created from FreeBSD: src/sys/kern/syscalls.master,v 1.213 2006/03/23 08:46:41 davidxu Exp +# $FreeBSD$ +# created from FreeBSD: src/sys/kern/syscalls.master,v 1.215 2006/03/28 14:32:37 des Exp MIASM = \ syscall.o \ exit.o \ ==== //depot/projects/trustedbsd/audit3/sys/sys/sysproto.h#24 (text+ko) ==== @@ -2,8 +2,8 @@ * System call prototypes. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/sys/sysproto.h,v 1.194 2006/03/28 14:32:38 des Exp $ - * created from FreeBSD: src/sys/kern/syscalls.master,v 1.213 2006/03/23 08:46:41 davidxu Exp + * $FreeBSD$ + * created from FreeBSD: src/sys/kern/syscalls.master,v 1.215 2006/03/28 14:32:37 des Exp */ #ifndef _SYS_SYSPROTO_H_