From owner-p4-projects@FreeBSD.ORG Mon May 12 15:39:49 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6D2E81065680; Mon, 12 May 2008 15:39:49 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 164291065670 for ; Mon, 12 May 2008 15:39:49 +0000 (UTC) (envelope-from snagg@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 066448FC0C for ; Mon, 12 May 2008 15:39:49 +0000 (UTC) (envelope-from snagg@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m4CFdmtK031614 for ; Mon, 12 May 2008 15:39:48 GMT (envelope-from snagg@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m4CFdmu1031612 for perforce@freebsd.org; Mon, 12 May 2008 15:39:48 GMT (envelope-from snagg@FreeBSD.org) Date: Mon, 12 May 2008 15:39:48 GMT Message-Id: <200805121539.m4CFdmu1031612@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to snagg@FreeBSD.org using -f From: Vincenzo Iozzo To: Perforce Change Reviews Cc: Subject: PERFORCE change 141513 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2008 15:39:49 -0000 http://perforce.freebsd.org/chv.cgi?CH=141513 Change 141513 by snagg@snagg_macosx on 2008/05/12 15:39:07 Did some bug-fix. The KPI is changed. audit_pipe_submit has now a new argument as well as audit_pipe_preselect. Callers of this function were modified in order to use the new KPI. This is the new Affected files ... .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit.c#2 edit .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#5 edit .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#5 edit .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_private.h#2 edit .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#2 edit Differences ... ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit.c#2 (text) ==== @@ -385,7 +385,7 @@ if (au_preselect(event, class, aumask, sorf) != 0) ar->k_ar_commit |= AR_PRESELECT_TRAIL; if (audit_pipe_preselect(auid, event, class, sorf, - ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0) + ar->k_ar_commit & AR_PRESELECT_TRAIL, ar->k_ar.ar_subj_pid) != 0) ar->k_ar_commit |= AR_PRESELECT_PIPE; if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE | AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE)) == 0) { @@ -491,7 +491,7 @@ panic("audit_failing_stop: thread continued"); } td->td_ar = audit_new(event, td); - } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) + } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0, td->td_proc->p_pid)) td->td_ar = audit_new(event, td); else td->td_ar = NULL; ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#5 (text) ==== ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#5 (text) ==== @@ -99,12 +99,6 @@ * We may want to consider a more space/time-efficient data structure once * usage patterns for per-auid specifications are clear. */ -struct audit_pipe_preselect { - au_id_t app_auid; - au_mask_t app_mask; - TAILQ_ENTRY(audit_pipe_preselect) app_list; -}; - struct audit_pipe_preselect_event { int app_event; int app_flag; @@ -247,16 +241,15 @@ TAILQ_FOREACH(app, &ap->ap_preselect_list, app_list) { if(app->app_pid == app_pid) { - if(event == -1) + if(app_event == -1) return (app); for(i = 0; i < app->app_event_len; i++) - if((app->app_auevents + i)->app_event == app_event) + if((app->app_auevents + i)->app_event == app_event) { if(event_flag == -1) - return (app) + return (app); else if ((app->app_auevents + i)->app_flag == event_flag) return (app); - - return (app); + } } } @@ -317,19 +310,19 @@ * exist, and allocate. We will free it if it is unneeded. */ app_new = malloc(sizeof(*app_new), M_AUDIT_PIPE_PRESELECT, M_WAITOK); - app_new->app_events= malloc(sizeof(struct audit_pipe_preselect_event) * AUDIT_NEVENTS, M_AUDIT_PIPE_PRESELECT_EVENT, M_WAITOK); + app_new->app_auevents= malloc(sizeof(struct audit_pipe_preselect_event) * AUDIT_NEVENTS, M_AUDIT_PIPE_PRESELECT_EVENT, M_WAITOK); mtx_lock(&audit_pipe_mtx); /* * First search for the entry by its pid */ - app = audit_pipe_preselect_find_event(ap, -1, pid, -1); + app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1); found = (app != NULL) ? 1: 0; if(found) { - KASSERT(num <= app->app_event_len, "Number of events is out of range"); + KASSERT(num <= app->app_event_len, ("Number of events is out of range")); for (i = 0; i < num; i++) { (app->app_auevents + i)->app_event = (events + i)->app_event; - (app->app_auevents + i)->app-flag = (events + i)->app-flag; + (app->app_auevents + i)->app_flag = (events + i)->app_flag; } } else { app = app_new; @@ -338,7 +331,7 @@ app->app_event_len = AUDIT_NEVENTS; for (i = 0; i < num; i++) { (app->app_auevents + i)->app_event = (events + i)->app_event; - (app->app_auevents + i)->app-flag = (events + i)->app-flag; + (app->app_auevents + i)->app_flag = (events + i)->app_flag; } TAILQ_INSERT_TAIL(&ap->ap_preselect_list, app, app_list); } @@ -347,7 +340,7 @@ mtx_unlock(&audit_pipe_mtx); if (app_new != NULL) { free(app_new, M_AUDIT_PIPE_PRESELECT); - free(app_new->app_auevents, M_AUDIT_PIPE_PRESELECT_ENTRY); + free(app_new->app_auevents, M_AUDIT_PIPE_PRESELECT_EVENT); } } @@ -389,11 +382,11 @@ int i; mtx_lock(&audit_pipe_mtx); - app = audit_pipe_preselect_find(ap, event, pid, -1); + app = audit_pipe_preselect_find_event(ap, app_event, pid, -1); if (app != NULL) { for( i = 0; i < app->app_event_len; i++) { if((app->app_auevents + i)->app_event == app_event && (app->app_auevents + i)->app_flag == app_flag) { - free((app->app_auevents + i), M_AUDIT_PIPE_EVENT); + free((app->app_auevents + i), M_AUDIT_PIPE_PRESELECT_EVENT); break; } } @@ -416,7 +409,7 @@ int i; mtx_lock(&audit_pipe_mtx); - app = audit_pipe_preselect_find(ap, -1, pid, -1); + app = audit_pipe_preselect_find_event(ap, -1, pid, -1); if (app != NULL) { TAILQ_REMOVE(&ap->ap_preselect_list, app, app_list); mtx_unlock(&audit_pipe_mtx); @@ -521,7 +514,7 @@ */ static int audit_pipe_preselect_check(struct audit_pipe *ap, au_id_t auid, - au_event_t event, au_class_t class, int sorf, int trail_preselect, pid_t pid) + au_event_t event, au_class_t class, int sorf, int trail_preselect, pid_t app_pid) { struct audit_pipe_preselect *app; @@ -545,7 +538,7 @@ sorf)); case AUDITPIPE_PRESELECT_MODE_SYSCALL: - app = audit_pipe_preselect_find_event(ap, event, pid, sorf); + app = audit_pipe_preselect_find_event(ap, event, app_pid, sorf); if(app != NULL) return (1); @@ -559,19 +552,19 @@ /* * Determine whether there exists a pipe interested in a record with specific - * properties. MISS the PID in the declaration, to be done later, just don't know to change the whole kernel:P + * properties. * */ int audit_pipe_preselect(au_id_t auid, au_event_t event, au_class_t class, - int sorf, int trail_preselect) + int sorf, int trail_preselect, pid_t app_pid) { struct audit_pipe *ap; mtx_lock(&audit_pipe_mtx); TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) { if (audit_pipe_preselect_check(ap, auid, event, class, sorf, - trail_preselect, -1)) { + trail_preselect, app_pid)) { mtx_unlock(&audit_pipe_mtx); return (1); } @@ -635,7 +628,7 @@ */ void audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, int sorf, - int trail_select, void *record, u_int record_len, pid_t pid) + int trail_select, void *record, u_int record_len, pid_t app_pid) { struct audit_pipe *ap; @@ -648,7 +641,7 @@ mtx_lock(&audit_pipe_mtx); TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) { if (audit_pipe_preselect_check(ap, auid, event, class, sorf, - trail_select, pid)) + trail_select, app_pid)) audit_pipe_append(ap, record, record_len); } audit_pipe_records++; ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_private.h#2 (text) ==== @@ -331,9 +331,9 @@ * Audit pipe functions. */ int audit_pipe_preselect(au_id_t auid, au_event_t event, - au_class_t class, int sorf, int trail_select); + au_class_t class, int sorf, int trail_select, pid_t app_pid); void audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, - int sorf, int trail_select, void *record, u_int record_len); + int sorf, int trail_select, void *record, u_int record_len, pid_t app_pid); void audit_pipe_submit_user(void *record, u_int record_len); #endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */ ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#2 (text) ==== @@ -365,7 +365,7 @@ if (ar->k_ar_commit & AR_PRESELECT_PIPE) audit_pipe_submit(auid, event, class, sorf, ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data, - bsm->len); + bsm->len, ar->ar_subj_pid); kau_free(bsm); out: