Date: Fri, 6 Mar 2009 19:13:20 GMT From: Stacey Son <sson@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 158797 for review Message-ID: <200903061913.n26JDK4I058177@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=158797 Change 158797 by sson@sson_amd64 on 2009/03/06 19:12:24 Add audit events for fsctl() and ffsctl() system calls. Add AUE_IS_A_KEVENT() macro to check if audit event is a kernel event. Affected files ... .. //depot/projects/trustedbsd/openbsm/etc/audit_event#38 edit .. //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#6 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/etc/audit_event#38 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#37 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#38 $ # # The mapping between event identifiers and values is also hard-coded in # audit_kevents.h and audit_uevents.h, so changes must occur in both places, @@ -553,6 +553,8 @@ 43191:AUE_FSGETPATH:fsgetpath(2):ot 43192:AUE_PREAD:pread(2):no 43193:AUE_PWRITE:pwrite(2):no +43194:AUE_FSCTL:fsctl():fm +43195:AUE_FFSCTL:ffsctl():fm # # Solaris userspace events. # ==== //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#6 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Apple Inc. + * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,13 +26,19 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#6 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ #define _BSM_AUDIT_KEVENTS_H_ /* + * The reserved event numbers for kernel events are 1...2047 and 43001..44900. + */ +#define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \ + ((e) > 43000 && (e) < 45000)) + +/* * Values marked as AUE_NULL are not required to be audited as per CAPP. * * Some conflicts exist in the assignment of name to event number mappings @@ -588,6 +594,8 @@ #define AUE_FSGETPATH 43191 /* Darwin. */ #define AUE_PREAD 43192 /* Darwin/FreeBSD. */ #define AUE_PWRITE 43193 /* Darwin/FreeBSD. */ +#define AUE_FSCTL 43194 /* Darwin. */ +#define AUE_FFSCTL 43195 /* Darwin. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the @@ -673,12 +681,10 @@ #define AUE_CSOPS AUE_NULL #define AUE_DUP AUE_NULL #define AUE_FDATASYNC AUE_NULL -#define AUE_FFSCTL AUE_NULL #define AUE_FGETATTRLIST AUE_NULL #define AUE_FGETXATTR AUE_NULL #define AUE_FLISTXATTR AUE_NULL #define AUE_FREMOVEXATTR AUE_NULL -#define AUE_FSCTL AUE_NULL #define AUE_FSETATTRLIST AUE_NULL #define AUE_FSETXATTR AUE_NULL #define AUE_FSTATFS64 AUE_NULL
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200903061913.n26JDK4I058177>