Date: Wed, 27 Oct 2004 21:25:18 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 63849 for review Message-ID: <200410272125.i9RLPI6c023262@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=63849 Change 63849 by rwatson@rwatson_tislabs on 2004/10/27 21:25:02 Use the per-process system call vector rather than the global vector, in order to permit auditing based on per-vector audit event types, which may not match the global ones. E.g., the FreeBSD system call number for open() is not the same as the Linux one. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#12 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#12 (text+ko) ==== @@ -1361,7 +1361,17 @@ int audit_event; struct au_mask *aumask; - audit_event = sysent[code].sy_auevent; + /* + * In FreeBSD, each ABI has its own system call table, and hence + * mapping of system call codes to audit events. Convert the code to + * an audit event identifier using the process system call table + * reference. In Darwin, there's only one, so we use the global + * symbol for the system call table. + */ + if (code >= td->td_proc->p_sysent->sv_size) + return; + + audit_event = td->td_proc->p_sysent->sv_table[code].sy_auevent; if (audit_event == AUE_NULL) return;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410272125.i9RLPI6c023262>