From owner-p4-projects@FreeBSD.ORG Mon Jun 28 23:22:35 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 42F8916A4D0; Mon, 28 Jun 2004 23:22:35 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E53616A4CE for ; Mon, 28 Jun 2004 23:22:35 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id F10AD43D45 for ; Mon, 28 Jun 2004 23:22:34 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i5SNMYK5067958 for ; Mon, 28 Jun 2004 23:22:34 GMT (envelope-from wsalamon@computer.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i5SNMYsR067955 for perforce@freebsd.org; Mon, 28 Jun 2004 23:22:34 GMT (envelope-from wsalamon@computer.org) Date: Mon, 28 Jun 2004 23:22:34 GMT Message-Id: <200406282322.i5SNMYsR067955@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to wsalamon@computer.org using -f From: Wayne Salamon To: Perforce Change Reviews Subject: PERFORCE change 56034 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2004 23:22:36 -0000 http://perforce.freebsd.org/chv.cgi?CH=56034 Change 56034 by wsalamon@wsalamon_epi on 2004/06/28 23:21:44 Hook the audit files into the build system. Modify proc.h to add the audit record to the thread and proc struct. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/conf/NOTES#2 edit .. //depot/projects/trustedbsd/audit3/sys/conf/files#2 edit .. //depot/projects/trustedbsd/audit3/sys/conf/options#2 edit .. //depot/projects/trustedbsd/audit3/sys/i386/conf/AUDIT#1 add .. //depot/projects/trustedbsd/audit3/sys/sys/proc.h#2 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/conf/NOTES#2 (text+ko) ==== @@ -828,6 +828,9 @@ ##################################################################### # SECURITY POLICY PARAMETERS +# Support for BSM audit +options AUDIT + # Support for Mandatory Access Control (MAC): options MAC options MAC_BIBA ==== //depot/projects/trustedbsd/audit3/sys/conf/files#2 (text+ko) ==== @@ -1613,6 +1613,10 @@ posix4/p1003_1b.c standard posix4/posix4_mib.c standard kern/uipc_sem.c optional p1003_1b_semaphores +security/audit/kern_audit.c standard +security/audit/kern_bsm_audit.c optional audit +security/audit/kern_bsm_klib.c optional audit +security/audit/kern_bsm_token.c optional audit security/mac/mac_inet.c optional mac inet security/mac/mac_label.c optional mac security/mac/mac_net.c optional mac ==== //depot/projects/trustedbsd/audit3/sys/conf/options#2 (text+ko) ==== @@ -49,6 +49,7 @@ # Miscellaneous options. ADAPTIVE_MUTEXES ALQ +AUDIT opt_global.h CODA_COMPAT_5 opt_coda.h COMPAT_43 opt_compat.h COMPAT_FREEBSD4 opt_compat.h ==== //depot/projects/trustedbsd/audit3/sys/sys/proc.h#2 (text+ko) ==== @@ -148,8 +148,10 @@ * either lock is sufficient for read access, but both locks must be held * for write access. */ +struct auditinfo; struct ithd; struct ke_sched; +struct kaudit_record; struct kg_sched; struct nlminfo; struct p_sched; @@ -303,6 +305,7 @@ volatile u_int td_generation; /* (k) Enable detection of preemption */ stack_t td_sigstk; /* (k) Stack ptr and on-stack flag. */ int td_kflags; /* (c) Flags for KSE threading. */ + struct kaudit_record *td_ar; /* (k) Active audit record, if any. */ #define td_endzero td_base_pri @@ -613,6 +616,7 @@ void *p_emuldata; /* (c) Emulator state data. */ struct label *p_label; /* (*) Proc (not subject) MAC label. */ struct p_sched *p_sched; /* (*) Scheduler-specific data. */ + struct auditinfo *p_au; /* (c) Process audit properties. */ }; #define p_session p_pgrp->pg_session