Date: Tue, 13 May 2008 00:03:53 GMT From: Vincenzo Iozzo <snagg@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 141541 for review Message-ID: <200805130003.m4D03rvf081036@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=141541 Change 141541 by snagg@snagg_macosx on 2008/05/13 00:03:44 Sync missing. Affected files ... .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#7 edit .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#7 edit .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#4 edit Differences ... ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#7 (text) ==== @@ -38,11 +38,24 @@ * structures, add new revised ones to be used by new ioctls, and keep the * old structures and ioctls for backwards compatibility. */ +struct auditpipe_ioctl_preselect_event { + int app_event; + int app_flag; +}; + struct auditpipe_ioctl_preselect { au_id_t aip_auid; au_mask_t aip_mask; + pid_t app_pid; + struct auditpipe_ioctl_preselect_event *app_auevents; + int app_event_len; }; +struct auditpipe_ioctl_preselect_old { + au_id_t aip_auid; + au_mask_t aip_mask; +}; + /* * Possible modes of operation for audit pipe preselection. */ @@ -72,6 +85,12 @@ #define AUDITPIPE_SET_PRESELECT_MODE _IOW(AUDITPIPE_IOBASE, 15, int) #define AUDITPIPE_FLUSH _IO(AUDITPIPE_IOBASE, 16) #define AUDITPIPE_GET_MAXAUDITDATA _IOR(AUDITPIPE_IOBASE, 17, u_int) +#define AUDITPIPE_GET_PRESELECT_EVENT_LIST _IOR(AUDITPIPE_IOBASE, 18, \ + struct auditpipe_ioctl_preselect) +#define AUDITPIPE_SET_PRESELECT_EVENTS _IOW(AUDITPIPE_IOBASE, 19, \ + struct auditpipe_ioctl_preselect) +#define AUDITPIPE_DELETE_PRESELECT_PID _IOW(AUDITPIPE_IOBASE, 20, pid_t) +#define AUDITPIPE_FLUSH_PRESELECT_EVENTS _IO(AUDITPIPE_IOBASE, 21) /* * Ioctls to retrieve audit pipe statistics. ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#7 (text) ==== @@ -104,8 +104,7 @@ int app_flag; }; -struct audit_pipe_preselect -{ +struct audit_pipe_preselect { au_id_t app_auid; au_mask_t app_mask; pid_t app_pid; @@ -274,6 +273,27 @@ } /* + * Query the per-pipe events list for a specific pid. + */ +static int +audit_pipe_preselect_get_events_list(struct audit_pipe *ap, + pid_t app_pid, struct audit_pipe_preselect_event *app_events) +{ + struct audit_pipe_preselect *app; + int error; + + mtx_lock(&audit_pipe_mtx); + app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1); + if (app != NULL) { + app_events = app->app_auevents; + error = 0; + } else + error = ENOENT; + mtx_unlock(&audit_pipe_mtx); + return (error); +} + +/* * Query the per-pipe mask for a specific auid. */ static int @@ -373,8 +393,9 @@ } /* - * Delete a per-event entry on an audit pipe. + * Delete a per-event entry on an audit pipe. DON'T KNOW WHETHER IT IS USEFUL OR NOT */ +/* static int audit_pipe_preselect_delete_event(struct audit_pipe *ap, int app_event, pid_t pid, int app_flag) { @@ -398,6 +419,7 @@ return (ENOENT); } +*/ /* * Delete a per-pid entry on an audit pipe wiping the whole entry. @@ -871,7 +893,8 @@ au_mask_t *maskp; int error, mode; au_id_t auid; - + pid_t app_pid; + ap = dev->si_drv1; KASSERT(ap != NULL, ("audit_pipe_ioctl: ap == NULL")); @@ -988,7 +1011,19 @@ error = audit_pipe_preselect_get(ap, aip->aip_auid, &aip->aip_mask); break; + + case AUDITPIPE_GET_PRESELECT_EVENT_LIST: + aip = (struct auditpipe_ioctl_preselect *)data; + error = audit_pipe_preselect_get_events_list(ap, aip->app_pid, + (struct audit_pipe_preselect_event *)aip->app_auevents); + break; + case AUDITPIPE_SET_PRESELECT_EVENTS: + aip = (struct auditpipe_ioctl_preselect *)data; + audit_pipe_preselect_set_events(ap, aip->app_pid, (struct audit_pipe_preselect_event *)taip->app_auevents, aip->app_event_len); + error = 0; + break; + case AUDITPIPE_SET_PRESELECT_AUID: aip = (struct auditpipe_ioctl_preselect *)data; audit_pipe_preselect_set(ap, aip->aip_auid, aip->aip_mask); @@ -1000,11 +1035,21 @@ error = audit_pipe_preselect_delete(ap, auid); break; + case AUDITPIPE_DELETE_PRESELECT_PID: + app_pid = *(pid_t *)data; + error = audit_pipe_preselect_delete_pid(ap, app_pid); + break; + case AUDITPIPE_FLUSH_PRESELECT_AUID: audit_pipe_preselect_flush(ap); error = 0; break; + case AUDITPIPE_FLUSH_PRESELECT_EVENTS: + audit_pipe_preselect_events_flush(ap); + error = 0; + break; + case AUDITPIPE_GET_PRESELECT_MODE: mtx_lock(&audit_pipe_mtx); *(int *)data = ap->ap_preselect_mode; @@ -1017,6 +1062,7 @@ switch (mode) { case AUDITPIPE_PRESELECT_MODE_TRAIL: case AUDITPIPE_PRESELECT_MODE_LOCAL: + case AUDITPIPE_PRESELECT_MODE_SYSCALL: mtx_lock(&audit_pipe_mtx); ap->ap_preselect_mode = mode; mtx_unlock(&audit_pipe_mtx); ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_worker.c#4 (text) ==== @@ -365,7 +365,7 @@ if (ar->k_ar_commit & AR_PRESELECT_PIPE) audit_pipe_submit(auid, event, class, sorf, ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data, - bsm->len, ar->ar_subj_pid); + bsm->len, ar->k_ar.ar_subj_pid); kau_free(bsm); out:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805130003.m4D03rvf081036>