Date: Sat, 5 Aug 2006 23:59:20 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 103301 for review Message-ID: <200608052359.k75NxKEX068204@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=103301 Change 103301 by rwatson@rwatson_zoo on 2006/08/05 23:58:51 Audit entry point prototypes and mpo field. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/sys/mac.h#7 edit .. //depot/projects/trustedbsd/audit3/sys/sys/mac_policy.h#7 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/sys/mac.h#7 (text+ko) ==== @@ -110,6 +110,7 @@ /* * Kernel functions to manage and evaluate labels. */ +struct auditinfo; struct bpf_d; struct cdev; struct componentname; @@ -466,6 +467,18 @@ void mac_associate_nfsd_label(struct ucred *cred); /* + * XXXRW: Audit checks should be above, but list them here to make a more + * sensible diff for now. + */ +int mac_check_system_audit(struct ucred *cred, void *record, int length); +int mac_check_system_auditon(struct ucred *cred, int cmd); +int mac_check_system_auditctl(struct ucred *cred, struct vnode *vp); +int mac_check_proc_getauid(struct ucred *cred); +int mac_check_proc_setauid(struct ucred *cred, uid_t auid); +int mac_check_proc_getaudit(struct ucred *cred); +int mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai); + +/* * Calls to help various file systems implement labeling functionality * using their existing EA implementation. */ ==== //depot/projects/trustedbsd/audit3/sys/sys/mac_policy.h#7 (text+ko) ==== @@ -591,6 +591,21 @@ struct label *label); typedef int (*mpo_associate_nfsd_label_t)(struct ucred *cred); +/* + * XXXRW: Audit checks should be above, but list them here to make a more + * sensible diff for now. + */ +typedef int (*mpo_check_system_audit_t)(struct ucred *cred, void *record, + int length); +typedef int (*mpo_check_system_auditon_t)(struct ucred *cred, int cmd); +typedef int (*mpo_check_system_auditctl_t)(struct ucred *cred, + struct vnode *vp, struct label *vplabel); +typedef int (*mpo_check_proc_getauid_t)(struct ucred *cred); +typedef int (*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid); +typedef int (*mpo_check_proc_getaudit_t)(struct ucred *cred); +typedef int (*mpo_check_proc_setaudit_t)(struct ucred *cred, + struct auditinfo *ai); + struct mac_policy_ops { /* * Policy module operations. @@ -879,6 +894,18 @@ mpo_check_vnode_stat_t mpo_check_vnode_stat; mpo_check_vnode_write_t mpo_check_vnode_write; mpo_associate_nfsd_label_t mpo_associate_nfsd_label; + + /* + * XXXRW: Audit checks should be above, but list them here to make a + * more sensible diff for now. + */ + mpo_check_system_audit_t mpo_check_system_audit; + mpo_check_system_auditon_t mpo_check_system_auditon; + mpo_check_system_auditctl_t mpo_check_system_auditctl; + mpo_check_proc_getauid_t mpo_check_proc_getauid; + mpo_check_proc_setauid_t mpo_check_proc_setauid; + mpo_check_proc_getaudit_t mpo_check_proc_getaudit; + mpo_check_proc_setaudit_t mpo_check_proc_setaudit; }; /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608052359.k75NxKEX068204>