From owner-p4-projects@FreeBSD.ORG  Sat Apr 23 13:06:34 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 1DD9616A4D1; Sat, 23 Apr 2005 13:06:34 +0000 (GMT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AE1FF16A4CE
	for <perforce@freebsd.org>; Sat, 23 Apr 2005 13:06:33 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 82FB343D3F
	for <perforce@freebsd.org>; Sat, 23 Apr 2005 13:06:33 +0000 (GMT)
	(envelope-from wsalamon@computer.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3ND6XYO074124
	for <perforce@freebsd.org>; Sat, 23 Apr 2005 13:06:33 GMT
	(envelope-from wsalamon@computer.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3ND6XnP074112
	for perforce@freebsd.org; Sat, 23 Apr 2005 13:06:33 GMT
	(envelope-from wsalamon@computer.org)
Date: Sat, 23 Apr 2005 13:06:33 GMT
Message-Id: <200504231306.j3ND6XnP074112@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	wsalamon@computer.org using -f
From: Wayne Salamon <wsalamon@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 75803 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Apr 2005 13:06:35 -0000

http://perforce.freebsd.org/chv.cgi?CH=75803

Change 75803 by wsalamon@rickenbacker on 2005/04/23 13:06:32

	Audit the fork(), vfork(), and rfork() system calls. Change the 
	test program to match, but comment out some unused bits for now.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/kern/kern_fork.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#7 edit
.. //depot/projects/trustedbsd/audit3/tools/regression/audit/test/process/tfork.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/kern/kern_fork.c#4 (text+ko) ====

@@ -139,6 +139,7 @@
 	if ((uap->flags & RFKERNELONLY) != 0)
 		return (EINVAL);
 
+	AUDIT_ARG(fflags, uap->flags);
 	error = fork1(td, uap->flags, 0, &p2);
 	if (error == 0) {
 		td->td_retval[0] = p2 ? p2->p_pid : 0;
@@ -412,6 +413,7 @@
 	p2 = newproc;
 	p2->p_state = PRS_NEW;		/* protect against others */
 	p2->p_pid = trypid;
+	AUDIT_ARG(pid, p2->p_pid);
 	LIST_INSERT_HEAD(&allproc, p2, p_list);
 	LIST_INSERT_HEAD(PIDHASH(p2->p_pid), p2, p_hash);
 	sx_xunlock(&allproc_lock);

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#7 (text+ko) ====

@@ -672,6 +672,10 @@
 		FD_KPATH1_VNODE1_TOKENS;
 		break;
 	
+	case AUE_RFORK:
+		tok = au_to_arg32(1, "flags", ar->ar_arg_fflags);
+		kau_write(rec, tok);
+		/* fall through */
 	case AUE_FORK:
 	case AUE_VFORK:
 		tok = au_to_arg32(0, "child PID", ar->ar_arg_pid);

==== //depot/projects/trustedbsd/audit3/tools/regression/audit/test/process/tfork.c#3 (text+ko) ====

@@ -26,6 +26,7 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include <audittest.h>
+#include <unistd.h>
 #include <sys/fcntl.h>
 #include <sys/uio.h>
 #include <sys/ktrace.h>
@@ -45,12 +46,14 @@
 
 void sig_handler(int sig, siginfo_t *sip, struct sigcontext *scp) {
 
+#if 0
 	/* Generate an AUE_PTRACE record */
 	if (ptrace(PT_CONTINUE, child_pid, (caddr_t)1, SIGKILL) < 0) {
 		AUT_PERROR("ptrace(PT_CONTINUE)");
 		exit(1);
 	}
 	aut_assert(AUE_PTRACE);
+#endif
 	/* We don't want to see the child dies signal */
 	act.sa_handler = SIG_DFL;
 	sigaction(SIGCHLD, &act, NULL);
@@ -78,37 +81,60 @@
 	/* Generate an AUE_FORK record */
 	if ((child_pid = fork()) < 0)
 		AUT_PERROR("fork");
-	aut_assert(AUE_FORK);
 
 	/* Generate a success AUE_EXECVE record */
 	if (child_pid == 0) {
 		execv("child", argv);
 		AUT_PERROR("child one did not execute");
 	}
+	aut_assert(AUE_FORK);
 	aut_assert(AUE_EXECVE);
 
+#if 0
 	/* Generate an AUE_PTRACE record */
 	if (ptrace(PT_ATTACH, child_pid, NULL, 0) < 0)
 		AUT_PERROR("ptrace(PT_ATTACH)");
 	aut_assert(AUE_PTRACE);
+#endif
 
 	while (wait(&status) != child_pid)
 		;
 
+#if 0
 	/* Generate a failure AUE_PTRACE record */
 	ptrace(PT_ATTACH, 0, NULL, 16384);
-
+#endif
 	/* Generate an AUE_VFORK record */
 	if ((child_pid = vfork()) < 0)
 		AUT_PERROR("vfork");
+
+	/* Generate another success AUE_EXECVE record */
+	if (child_pid == 0) {
+		execv("child", argv);
+		AUT_PERROR("child two did not execute");
+	}
 	aut_assert(AUE_VFORK);
+	aut_assert(AUE_EXECVE);
+
+	while (wait(&status) != child_pid)
+		;
 
+	/* Generate an AUE_RFORK record */
+	if ((child_pid = rfork(RFPROC)) < 0)
+		AUT_PERROR("rfork");
+
 	/* Generate another success AUE_EXECVE record */
 	if (child_pid == 0) {
 		execv("child", argv);
 		AUT_PERROR("child two did not execute");
 	}
+	aut_assert(AUE_RFORK);
+	aut_assert(AUE_EXECVE);
+
+	while (wait(&status) != child_pid)
+		;
 
+#if 0
 	if (open(ktrace_file, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR) < 0) {
 		AUT_PERROR("open of ktrace file");
 		exit(1);
@@ -121,7 +147,7 @@
 
 	/* Generate an AUE_KTRACE record with a bad filename */
 	ktrace("ANonExistentKtraceFile", KTROP_SET, KTRFAC_SYSCALL, child_pid);
-
+#endif
 	/* Generate another AUE_VFORK record */
 	if ((child_pid = vfork()) < 0)
 		AUT_PERROR("vfork");
@@ -130,6 +156,10 @@
 	if (child_pid == 0)
 		execv("aChildThatDoesntExist", argv);
 
+	aut_assert(AUE_VFORK);
+	/* A failure AUE_EXECVE record */
+	aut_assert(AUE_EXECVE);
+
 	unlink(ktrace_file);
 
 	aut_shutdown();