From owner-p4-projects@FreeBSD.ORG Mon Aug 25 00:23:17 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6CADE1065679; Mon, 25 Aug 2008 00:23:17 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18866106566B for ; Mon, 25 Aug 2008 00:23:17 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 23D208FC12 for ; Mon, 25 Aug 2008 00:23:17 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m7P0NGWt088006 for ; Mon, 25 Aug 2008 00:23:16 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m7P0NGmC088004 for perforce@freebsd.org; Mon, 25 Aug 2008 00:23:16 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 25 Aug 2008 00:23:16 GMT Message-Id: <200808250023.m7P0NGmC088004@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 148306 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2008 00:23:17 -0000 http://perforce.freebsd.org/chv.cgi?CH=148306 Change 148306 by rwatson@rwatson_freebsd_capabilities on 2008/08/25 00:22:52 Teach the audit subsystem about capability rights masks, which are encoded as a 64-bit argument token. Audit various capability system calls. Audit fexecve(2) (to merge to SVN). Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#19 edit .. //depot/projects/trustedbsd/capabilities/src/sys/security/audit/audit.h#4 edit .. //depot/projects/trustedbsd/capabilities/src/sys/security/audit/audit_arg.c#5 edit .. //depot/projects/trustedbsd/capabilities/src/sys/security/audit/audit_bsm.c#4 edit .. //depot/projects/trustedbsd/capabilities/src/sys/security/audit/audit_private.h#5 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#19 (text+ko) ==== @@ -50,7 +50,7 @@ #include "opt_capabilities.h" #include -__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#18 $"); +__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#19 $"); #include #include @@ -65,6 +65,8 @@ #include #include +#include + #include #ifdef CAPABILITIES @@ -228,6 +230,8 @@ struct file *fp, *fp_cap, *fp_object; int error, fd_cap; + AUDIT_ARG(fd, uap->fd); + AUDIT_ARG(rights, uap->rights); if ((uap->rights | CAP_MASK_VALID) != CAP_MASK_VALID) return (EINVAL); @@ -309,6 +313,7 @@ struct file *fp; int error; + AUDIT_ARG(fd, uap->fd); error = fgetcap(td, uap->fd, &fp); if (error) return (error); ==== //depot/projects/trustedbsd/capabilities/src/sys/security/audit/audit.h#4 (text) ==== @@ -114,6 +114,7 @@ #define ARG_IOVECSTR 0x0000800000000000ULL #define ARG_ARGV 0x0001000000000000ULL #define ARG_ENVV 0x0002000000000000ULL +#define ARG_RIGHTS 0x0004000000000000ULL #define ARG_NONE 0x0000000000000000ULL #define ARG_ALL 0xFFFFFFFFFFFFFFFFULL @@ -171,6 +172,7 @@ void audit_arg_file(struct proc *p, struct file *fp); void audit_arg_argv(char *argv, int argc, int length); void audit_arg_envv(char *envv, int envc, int length); +void audit_arg_rights(cap_rights_t rights); void audit_sysclose(struct thread *td, int fd); void audit_cred_copy(struct ucred *src, struct ucred *dest); void audit_cred_destroy(struct ucred *cred); ==== //depot/projects/trustedbsd/capabilities/src/sys/security/audit/audit_arg.c#5 (text) ==== @@ -823,6 +823,19 @@ ARG_SET_VALID(ar, ARG_ENVV); } +void +audit_arg_rights(cap_rights_t rights) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + + ar->k_ar.ar_arg_rights = rights; + ARG_SET_VALID(ar, ARG_RIGHTS); +} + /* * The close() system call uses it's own audit call to capture the path/vnode * information because those pieces are not easily obtained within the system ==== //depot/projects/trustedbsd/capabilities/src/sys/security/audit/audit_bsm.c#4 (text) ==== @@ -762,6 +762,7 @@ EXTATTR_TOKENS; break; + case AUE_FEXECVE: case AUE_EXECVE: if (ARG_IS_VALID(kar, ARG_ARGV)) { tok = au_to_exec_args(ar->ar_arg_argv, @@ -1416,6 +1417,28 @@ } break; + case AUE_CAP_NEW: + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(1, "fd", ar->ar_arg_fd); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_RIGHTS)) { + tok = au_to_arg64(2, "rights", ar->ar_arg_rights); + kau_write(rec, tok); + } + break; + + case AUE_CAP_GETRIGHTS: + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(1, "fd", ar->ar_arg_fd); + kau_write(rec, tok); + } + break; + + case AUE_CAP_ENTER: + case AUE_CAP_GETMODE: + break; + case AUE_NULL: default: printf("BSM conversion requested for unknown event %d\n", ==== //depot/projects/trustedbsd/capabilities/src/sys/security/audit/audit_private.h#5 (text) ==== @@ -209,6 +209,7 @@ int ar_arg_exitstatus; int ar_arg_exitretval; struct sockaddr_storage ar_arg_sockaddr; + cap_rights_t ar_arg_rights; }; /*