Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/bsd/kern/kern_bsm_klib.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. 7 * 8 * This file contains Original Code and/or Modifications of Original Code 9 * as defined in and that are subject to the Apple Public Source License 10 * Version 2.0 (the 'License'). You may not use this file except in 11 * compliance with the License. Please obtain a copy of the License at 12 * http://www.opensource.apple.com/apsl/ and read it before using this 13 * file. 14 * 15 * The Original Code and all software distributed under the License are 16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 20 * Please see the License for the specific language governing rights and 21 * limitations under the License. 22 * 23 * @APPLE_LICENSE_HEADER_END@ 24 */ 25 26 #include <sys/types.h> 27 #include <sys/vnode.h> 28 #include <sys/fcntl.h> 29 #include <sys/filedesc.h> 30 #include <sys/sem.h> 31 #include <sys/audit.h> 32 #include <sys/kern_audit.h> 33 #include <sys/bsm_kevents.h> 34 #include <sys/bsm_klib.h> 35 36 /* 37 * Initialize the system call to audit event mapping table. This table 38 * must be kept in sync with the system call table. This table is meant to 39 * be directly accessed. 40 * XXX This should be improved, though, to make it independent of the syscall 41 * table (but we don't want to traverse a large table for every system call 42 * to find a match). Ultimately, it would be best to place the audit event 43 * number in the system call table. 44 */ 45 au_event_t sys_au_event[] = { 46 AUE_NULL, /* 0 = indir */ 47 AUE_EXIT, /* 1 = exit */ 48 AUE_NULL, /* 2 = fork */ 49 AUE_NULL, /* 3 = read */ 50 AUE_NULL, /* 4 = write */ 51 AUE_OPEN_R, /* 5 = open */ 52 AUE_NULL, /* 6 = close */ 53 AUE_NULL, /* 7 = wait4 */ 54 AUE_NULL, /* 8 = old creat */ 55 AUE_LINK, /* 9 = link */ 56 AUE_UNLINK, /* 10 = unlink */ 57 AUE_NULL, /* 11 was obsolete execv */ 58 AUE_CHDIR, /* 12 = chdir */ 59 AUE_FCHDIR, /* 13 = fchdir */ 60 AUE_MKNOD, /* 14 = mknod */ 61 AUE_CHMOD, /* 15 = chmod */ 62 AUE_CHOWN, /* 16 = chown; now 3 args */ 63 AUE_NULL, /* 17 = old break */ 64 #if COMPAT_GETFSSTAT 65 AUE_NULL, /* 18 = ogetfsstat */ 66 #else 67 AUE_GETFSSTAT, /* 18 = getfsstat */ 68 #endif 69 AUE_NULL, /* 19 = old lseek */ 70 AUE_NULL, /* 20 = getpid */ 71 AUE_NULL, /* 21 was obsolete mount */ 72 AUE_NULL, /* 22 was obsolete umount */ 73 AUE_SETUID, /* 23 = setuid */ 74 AUE_NULL, /* 24 = getuid */ 75 AUE_NULL, /* 25 = geteuid */ 76 AUE_NULL, /* 26 = ptrace */ 77 AUE_RECVMSG, /* 27 = recvmsg */ 78 AUE_SENDMSG, /* 28 = sendmsg */ 79 AUE_RECVFROM, /* 29 = recvfrom */ 80 AUE_ACCEPT, /* 30 = accept */ 81 AUE_NULL, /* 31 = getpeername */ 82 AUE_NULL, /* 32 = getsockname */ 83 AUE_ACCESS, /* 33 = access */ 84 AUE_CHFLAGS, /* 34 = chflags */ 85 AUE_FCHFLAGS, /* 35 = fchflags */ 86 AUE_NULL, /* 36 = sync */ 87 AUE_NULL, /* 37 = kill */ 88 AUE_NULL, /* 38 = old stat */ 89 AUE_NULL, /* 39 = getppid */ 90 AUE_NULL, /* 40 = old lstat */ 91 AUE_NULL, /* 41 = dup */ 92 AUE_PIPE, /* 42 = pipe */ 93 AUE_NULL, /* 43 = getegid */ 94 AUE_NULL, /* 44 = profil */ 95 AUE_NULL, /* 45 = ktrace */ 96 AUE_NULL, /* 46 = sigaction */ 97 AUE_NULL, /* 47 = getgid */ 98 AUE_NULL, /* 48 = sigprocmask */ 99 AUE_NULL, /* 49 = getlogin */ 100 AUE_NULL, /* 50 = setlogin */ 101 AUE_NULL, /* 51 = turn acct off/on */ 102 AUE_NULL, /* 52 = sigpending */ 103 AUE_NULL, /* 53 = sigaltstack */ 104 AUE_NULL, /* 54 = ioctl */ 105 AUE_NULL, /* 55 = reboot */ 106 AUE_REVOKE, /* 56 = revoke */ 107 AUE_SYMLINK, /* 57 = symlink */ 108 AUE_READLINK, /* 58 = readlink */ 109 AUE_EXECVE, /* 59 = execve */ 110 AUE_UMASK, /* 60 = umask */ 111 AUE_CHROOT, /* 61 = chroot */ 112 AUE_NULL, /* 62 = old fstat */ 113 AUE_NULL, /* 63 = used internally, reserved */ 114 AUE_NULL, /* 64 = old getpagesize */ 115 AUE_NULL, /* 65 = msync */ 116 AUE_NULL, /* 66 = vfork */ 117 AUE_NULL, /* 67 was obsolete vread */ 118 AUE_NULL, /* 68 was obsolete vwrite */ 119 AUE_NULL, /* 69 = sbrk */ 120 AUE_NULL, /* 70 = sstk */ 121 AUE_NULL, /* 71 = old mmap */ 122 AUE_NULL, /* 72 = old vadvise */ 123 AUE_NULL, /* 73 = munmap */ 124 AUE_NULL, /* 74 = mprotect */ 125 AUE_NULL, /* 75 = madvise */ 126 AUE_NULL, /* 76 was obsolete vhangup */ 127 AUE_NULL, /* 77 was obsolete vlimit */ 128 AUE_NULL, /* 78 = mincore */ 129 AUE_NULL, /* 79 = getgroups */ 130 AUE_SETGROUPS, /* 80 = setgroups */ 131 AUE_NULL, /* 81 = getpgrp */ 132 AUE_SETPGRP, /* 82 = setpgid */ 133 AUE_NULL, /* 83 = setitimer */ 134 AUE_NULL, /* 84 = old wait */ 135 AUE_NULL, /* 85 = swapon */ 136 AUE_NULL, /* 86 = getitimer */ 137 AUE_NULL, /* 87 = old gethostname */ 138 AUE_NULL, /* 88 = old sethostname */ 139 AUE_NULL, /* 89 getdtablesize */ 140 AUE_NULL, /* 90 = dup2 */ 141 AUE_NULL, /* 91 was obsolete getdopt */ 142 AUE_FCNTL, /* 92 = fcntl */ 143 AUE_NULL, /* 93 = select */ 144 AUE_NULL, /* 94 was obsolete setdopt */ 145 AUE_NULL, /* 95 = fsync */ 146 AUE_NULL, /* 96 = setpriority */ 147 AUE_SOCKET, /* 97 = socket */ 148 AUE_CONNECT, /* 98 = connect */ 149 AUE_NULL, /* 99 = accept */ 150 AUE_NULL, /* 100 = getpriority */ 151 AUE_NULL, /* 101 = old send */ 152 AUE_NULL, /* 102 = old recv */ 153 AUE_NULL, /* 103 = sigreturn */ 154 AUE_BIND, /* 104 = bind */ 155 AUE_SETSOCKOPT, /* 105 = setsockopt */ 156 AUE_NULL, /* 106 = listen */ 157 AUE_NULL, /* 107 was vtimes */ 158 AUE_NULL, /* 108 = sigvec */ 159 AUE_NULL, /* 109 = sigblock */ 160 AUE_NULL, /* 110 = sigsetmask */ 161 AUE_NULL, /* 111 = sigpause */ 162 AUE_NULL, /* 112 = sigstack */ 163 AUE_NULL, /* 113 = recvmsg */ 164 AUE_NULL, /* 114 = sendmsg */ 165 AUE_NULL, /* 115 = old vtrace */ 166 AUE_NULL, /* 116 = gettimeofday */ 167 AUE_NULL, /* 117 = getrusage */ 168 AUE_NULL, /* 118 = getsockopt */ 169 AUE_NULL, /* 119 = old resuba */ 170 AUE_NULL, /* 120 = readv */ 171 AUE_NULL, /* 121 = writev */ 172 AUE_NULL, /* 122 = settimeofday */ 173 AUE_FCHOWN, /* 123 = fchown */ 174 AUE_FCHMOD, /* 124 = fchmod */ 175 AUE_NULL, /* 125 = recvfrom */ 176 AUE_NULL, /* 126 = setreuid */ 177 AUE_NULL, /* 127 = setregid */ 178 AUE_RENAME, /* 128 = rename */ 179 AUE_NULL, /* 129 = old truncate */ 180 AUE_NULL, /* 130 = old ftruncate */ 181 AUE_FLOCK, /* 131 = flock */ 182 AUE_MKFIFO, /* 132 = mkfifo */ 183 AUE_SENDTO, /* 133 = sendto */ 184 AUE_SHUTDOWN, /* 134 = shutdown */ 185 AUE_SOCKETPAIR, /* 135 = socketpair */ 186 AUE_MKDIR, /* 136 = mkdir */ 187 AUE_RMDIR, /* 137 = rmdir */ 188 AUE_UTIMES, /* 138 = utimes */ 189 AUE_FUTIMES, /* 139 = futimes */ 190 AUE_ADJTIME, /* 140 = adjtime */ 191 AUE_NULL, /* 141 = getpeername */ 192 AUE_NULL, /* 142 = old gethostid */ 193 AUE_NULL, /* 143 = old sethostid */ 194 AUE_NULL, /* 144 = old getrlimit */ 195 AUE_NULL, /* 145 = old setrlimit */ 196 AUE_NULL, /* 146 = old killpg */ 197 AUE_NULL, /* 147 = setsid */ 198 AUE_NULL, /* 148 was setquota */ 199 AUE_NULL, /* 149 was qquota */ 200 AUE_NULL, /* 150 = getsockname */ 201 AUE_NULL, /* 151 = getpgid */ 202 AUE_NULL, /* 152 = setprivexec */ 203 AUE_NULL, /* 153 = pread */ 204 AUE_NULL, /* 154 = pwrite */ 205 AUE_NULL, /* 155 = nfs_svc */ 206 AUE_NULL, /* 156 = old getdirentries */ 207 AUE_STATFS, /* 157 = statfs */ 208 AUE_FSTATFS, /* 158 = fstatfs */ 209 AUE_UMOUNT, /* 159 = unmount */ 210 AUE_NULL, /* 160 was async_daemon */ 211 AUE_GETFH, /* 161 = get file handle */ 212 AUE_NULL, /* 162 = getdomainname */ 213 AUE_NULL, /* 163 = setdomainname */ 214 AUE_NULL, /* 164 */ 215 #if QUOTA 216 AUE_QUOTACTL, /* 165 = quotactl */ 217 #else /* QUOTA */ 218 AUE_NULL, /* 165 = not configured */ 219 #endif /* QUOTA */ 220 AUE_NULL, /* 166 was exportfs */ 221 AUE_MOUNT, /* 167 = mount */ 222 AUE_NULL, /* 168 was ustat */ 223 AUE_NULL, /* 169 = nosys */ 224 AUE_NULL, /* 170 was table */ 225 AUE_NULL, /* 171 = old wait3 */ 226 AUE_NULL, /* 172 was rpause */ 227 AUE_NULL, /* 173 = nosys */ 228 AUE_NULL, /* 174 was getdents */ 229 AUE_NULL, /* 175 was gc_control */ 230 AUE_NULL, /* 176 = add_profil */ 231 AUE_NULL, /* 177 */ 232 AUE_NULL, /* 178 */ 233 AUE_NULL, /* 179 */ 234 AUE_NULL, /* 180 */ 235 AUE_SETGID, /* 181 */ 236 AUE_SETEGID, /* 182 */ 237 AUE_SETEUID, /* 183 */ 238 AUE_NULL, /* 184 = nosys */ 239 AUE_NULL, /* 185 = nosys */ 240 AUE_NULL, /* 186 = nosys */ 241 AUE_NULL, /* 187 = nosys */ 242 AUE_STAT, /* 188 = stat */ 243 AUE_FSTAT, /* 189 = fstat */ 244 AUE_LSTAT, /* 190 = lstat */ 245 AUE_PATHCONF, /* 191 = pathconf */ 246 AUE_FPATHCONF, /* 192 = fpathconf */ 247 248 #if COMPAT_GETFSSTAT 249 AUE_GETFSSTAT, /* 193 = getfsstat */ 250 #else 251 AUE_NULL, /* 193 is unused */ 252 #endif 253 AUE_NULL, /* 194 = getrlimit */ 254 AUE_SETRLIMIT, /* 195 = setrlimit */ 255 AUE_GETDIRENTRIES, /* 196 = getdirentries */ 256 AUE_NULL, /* 197 = mmap */ 257 AUE_NULL, /* 198 = __syscall */ 258 AUE_NULL, /* 199 = lseek */ 259 AUE_TRUNCATE, /* 200 = truncate */ 260 AUE_FTRUNCATE, /* 201 = ftruncate */ 261 AUE_NULL, /* 202 = __sysctl */ 262 AUE_NULL, /* 203 = mlock */ 263 AUE_NULL, /* 204 = munlock */ 264 AUE_UNDELETE, /* 205 = undelete */ 265 AUE_NULL, /* 206 = ATsocket */ 266 AUE_NULL, /* 207 = ATgetmsg*/ 267 AUE_NULL, /* 208 = ATputmsg*/ 268 AUE_NULL, /* 209 = ATPsndreq*/ 269 AUE_NULL, /* 210 = ATPsndrsp*/ 270 AUE_NULL, /* 211 = ATPgetreq*/ 271 AUE_NULL, /* 212 = ATPgetrsp*/ 272 AUE_NULL, /* 213 = Reserved for AppleTalk */ 273 AUE_NULL, /* 214 = Reserved for AppleTalk */ 274 AUE_NULL, /* 215 = Reserved for AppleTalk */ 275 276 AUE_NULL, /* 216 = HFS make complex file call (multipel forks */ 277 AUE_NULL, /* 217 = HFS statv extended stat call for HFS */ 278 AUE_NULL, /* 218 = HFS lstatv extended lstat call for HFS */ 279 AUE_NULL, /* 219 = HFS fstatv extended fstat call for HFS */ 280 AUE_GETATTRLIST,/* 220 = HFS getarrtlist get attribute list cal */ 281 AUE_SETATTRLIST,/* 221 = HFS setattrlist set attribute list */ 282 AUE_GETDIRENTRIESATTR,/* 222 = HFS getdirentriesattr get directory attributes */ 283 AUE_EXCHANGEDATA,/* 223 = HFS exchangedata exchange file contents */ 284 AUE_NULL,/* 224 = HFS checkuseraccess check access to a file */ 285 AUE_SEARCHFS, /* 225 = HFS searchfs to implement catalog searching */ 286 AUE_NULL, /* 226 = private delete (Carbon semantics) */ 287 AUE_NULL, /* 227 = copyfile - orignally for AFP */ 288 AUE_NULL, /* 228 */ 289 AUE_NULL, /* 229 */ 290 AUE_NULL, /* 230 */ 291 AUE_NULL, /* 231 */ 292 AUE_NULL, /* 232 */ 293 AUE_NULL, /* 233 */ 294 AUE_NULL, /* 234 */ 295 AUE_NULL, /* 235 */ 296 AUE_NULL, /* 236 */ 297 AUE_NULL, /* 237 */ 298 AUE_NULL, /* 238 */ 299 AUE_NULL, /* 239 */ 300 AUE_NULL, /* 240 */ 301 AUE_NULL, /* 241 */ 302 AUE_NULL, /* 242 = fsctl */ 303 AUE_NULL, /* 243 */ 304 AUE_NULL, /* 244 */ 305 AUE_NULL, /* 245 */ 306 AUE_NULL, /* 246 */ 307 AUE_NULL, /* 247 = nfsclnt*/ 308 AUE_NULL, /* 248 = fhopen */ 309 AUE_NULL, /* 249 */ 310 AUE_NULL, /* 250 = minherit */ 311 AUE_NULL, /* 251 = semsys */ 312 AUE_NULL, /* 252 = msgsys */ 313 AUE_NULL, /* 253 = shmsys */ 314 AUE_SEMCTL, /* 254 = semctl */ 315 AUE_SEMGET, /* 255 = semget */ 316 AUE_SEMOP, /* 256 = semop */ 317 AUE_NULL, /* 257 = semconfig */ 318 AUE_MSGCTL, /* 258 = msgctl */ 319 AUE_MSGGET, /* 259 = msgget */ 320 AUE_MSGSND, /* 260 = msgsnd */ 321 AUE_MSGRCV, /* 261 = msgrcv */ 322 AUE_SHMAT, /* 262 = shmat */ 323 AUE_SHMCTL, /* 263 = shmctl */ 324 AUE_SHMDT, /* 264 = shmdt */ 325 AUE_SHMGET, /* 265 = shmget */ 326 AUE_NULL, /* 266 = shm_open */ 327 AUE_NULL, /* 267 = shm_unlink */ 328 AUE_NULL, /* 268 = sem_open */ 329 AUE_NULL, /* 269 = sem_close */ 330 AUE_NULL, /* 270 = sem_unlink */ 331 AUE_NULL, /* 271 = sem_wait */ 332 AUE_NULL, /* 272 = sem_trywait */ 333 AUE_NULL, /* 273 = sem_post */ 334 AUE_NULL, /* 274 = sem_getvalue */ 335 AUE_NULL, /* 275 = sem_init */ 336 AUE_NULL, /* 276 = sem_destroy */ 337 AUE_NULL, /* 277 */ 338 AUE_NULL, /* 278 */ 339 AUE_NULL, /* 279 */ 340 AUE_NULL, /* 280 */ 341 AUE_NULL, /* 281 */ 342 AUE_NULL, /* 282 */ 343 AUE_NULL, /* 283 */ 344 AUE_NULL, /* 284 */ 345 AUE_NULL, /* 285 */ 346 AUE_NULL, /* 286 */ 347 AUE_NULL, /* 287 */ 348 AUE_NULL, /* 288 */ 349 AUE_NULL, /* 289 */ 350 AUE_NULL, /* 290 */ 351 AUE_NULL, /* 291 */ 352 AUE_NULL, /* 292 */ 353 AUE_NULL, /* 293 */ 354 AUE_NULL, /* 294 */ 355 AUE_NULL, /* 295 */ 356 AUE_NULL, /* 296 = load_shared_file */ 357 AUE_NULL, /* 297 = reset_shared_file */ 358 AUE_NULL, /* 298 = new_system_shared_regions */ 359 AUE_NULL, /* 299 */ 360 AUE_NULL, /* 300 */ 361 AUE_NULL, /* 301 */ 362 AUE_NULL, /* 302 */ 363 AUE_NULL, /* 303 */ 364 AUE_NULL, /* 304 */ 365 AUE_NULL, /* 305 */ 366 AUE_NULL, /* 306 */ 367 AUE_NULL, /* 307 */ 368 AUE_NULL, /* 308 */ 369 AUE_NULL, /* 309 */ 370 AUE_NULL, /* 310 = getsid */ 371 AUE_NULL, /* 311 */ 372 AUE_NULL, /* 312 */ 373 AUE_NULL, /* 313 */ 374 AUE_NULL, /* 314 */ 375 AUE_NULL, /* 315 */ 376 AUE_NULL, /* 316 */ 377 AUE_NULL, /* 317 */ 378 AUE_NULL, /* 318 */ 379 AUE_NULL, /* 319 */ 380 AUE_NULL, /* 320 */ 381 AUE_NULL, /* 321 */ 382 AUE_NULL, /* 322 */ 383 AUE_NULL, /* 323 */ 384 AUE_NULL, /* 324 = mlockall*/ 385 AUE_NULL, /* 325 = munlockall*/ 386 AUE_NULL, /* 326 */ 387 AUE_NULL, /* 327 = issetugid */ 388 AUE_NULL, /* 328 */ 389 AUE_NULL, /* 329 */ 390 AUE_NULL, /* 330 */ 391 AUE_NULL, /* 331 */ 392 AUE_NULL, /* 332 */ 393 AUE_NULL, /* 333 */ 394 AUE_NULL, /* 334 */ 395 AUE_NULL, /* 335 = utrace */ 396 AUE_NULL, /* 336 */ 397 AUE_NULL, /* 337 */ 398 AUE_NULL, /* 338 */ 399 AUE_NULL, /* 339 */ 400 AUE_NULL, /* 340 */ 401 AUE_NULL, /* 341 */ 402 AUE_NULL, /* 342 */ 403 AUE_NULL, /* 343 */ 404 AUE_NULL, /* 344 */ 405 AUE_NULL, /* 345 */ 406 AUE_NULL, /* 346 */ 407 AUE_NULL, /* 347 */ 408 AUE_NULL, /* 348 */ 409 AUE_NULL, /* 349 */ 410 AUE_AUDIT, /* 350 */ 411 AUE_NULL, /* 351 */ 412 AUE_NULL, /* 352 */ 413 AUE_GETAUID, /* 353 */ 414 AUE_SETAUID, /* 354 */ 415 AUE_NULL, /* 355 */ 416 AUE_NULL, /* 356 */ 417 AUE_NULL, /* 357 */ 418 AUE_NULL, /* 358 */ 419 AUE_NULL, /* 359 */ 420 AUE_NULL, /* 360 */ 421 AUE_NULL, /* 361 */ 422 AUE_NULL, /* 362 = kqueue */ 423 AUE_NULL, /* 363 = kevent */ 424 AUE_NULL, /* 364 */ 425 AUE_NULL, /* 365 */ 426 AUE_NULL, /* 366 */ 427 AUE_NULL, /* 367 */ 428 AUE_NULL, /* 368 */ 429 AUE_NULL /* 369 */ 430 }; 431 int nsys_au_event = sizeof(sys_au_event) / sizeof(sys_au_event[0]); 432 433 /* 434 * Check whether an event is aditable by comparing the mask of classes this 435 * event is part of against the kernel's preselection mask the given mask 436 * which will be the process event mask. 437 * 438 * XXX This needs to eventually implement the selection based on the 439 * event->class mapping that is controlled by a configuration file. 440 */ 441 int au_preselect(au_event_t event, au_mask_t *mask_p, int sorf) 442 { 443 au_class_t ae_class; 444 au_class_t effmask = 0; 445 446 if(mask_p == NULL) 447 return (-1); 448 449 /* 450 * XXX Set the event class using a big ugly switch statement. This 451 * will change to use the mapping defined by a configuration file. 452 */ 453 switch (event) { 454 case AUE_MMAP: 455 case AUE_PIPE: 456 /* mmap() and pipe() are AU_NULL in some systems; we'll 457 * place them in AU_IPC for now. 458 */ 459 ae_class = AU_IPC; break; 460 case AUE_READLINK: 461 case AUE_GETDIRENTRIES: 462 ae_class = AU_FREAD; break; 463 case AUE_ACCESS: 464 case AUE_FSTAT: 465 case AUE_FSTATFS: 466 case AUE_GETFH: 467 case AUE_LSTAT: 468 case AUE_FPATHCONF: 469 case AUE_PATHCONF: 470 case AUE_STAT: 471 case AUE_STATFS: 472 case AUE_GETATTRLIST: 473 case AUE_GETFSSTAT: 474 case AUE_GETDIRENTRIESATTR: 475 case AUE_SEARCHFS: 476 ae_class = AU_FACCESS; break; 477 case AUE_CHMOD: 478 case AUE_CHOWN: 479 case AUE_FCHMOD: 480 case AUE_FCHOWN: 481 case AUE_FCNTL: 482 case AUE_FLOCK: 483 case AUE_UTIMES: 484 case AUE_CHFLAGS: 485 case AUE_FCHFLAGS: 486 case AUE_FUTIMES: 487 case AUE_SETATTRLIST: 488 case AUE_TRUNCATE: 489 case AUE_FTRUNCATE: 490 case AUE_UNDELETE: 491 case AUE_EXCHANGEDATA: 492 ae_class = AU_FMODIFY; break; 493 case AUE_LINK: 494 case AUE_MKDIR: 495 case AUE_MKNOD: 496 case AUE_SYMLINK: 497 case AUE_MKFIFO: 498 ae_class = AU_FCREATE; break; 499 case AUE_RMDIR: 500 case AUE_UNLINK: 501 ae_class = AU_FDELETE; break; 502 case AUE_CLOSE: 503 case AUE_MUNMAP: 504 case AUE_REVOKE: 505 ae_class = AU_CLOSE; break; 506 case AUE_CHDIR: 507 case AUE_CHROOT: 508 case AUE_EXIT: 509 case AUE_FCHDIR: 510 case AUE_FORK: 511 case AUE_KILL: 512 case AUE_SETEGID: 513 case AUE_SETEUID: 514 case AUE_SETGID: 515 case AUE_SETGROUPS: 516 case AUE_SETPGRP: 517 case AUE_SETUID: 518 case AUE_VFORK: 519 case AUE_UMASK: 520 ae_class = AU_PROCESS; break; 521 case AUE_ACCEPT: 522 case AUE_BIND: 523 case AUE_CONNECT: 524 case AUE_RECVFROM: 525 case AUE_RECVMSG: 526 case AUE_SENDMSG: 527 case AUE_SENDTO: 528 case AUE_SETSOCKOPT: 529 case AUE_SHUTDOWN: 530 case AUE_SOCKET: 531 case AUE_SOCKETPAIR: 532 ae_class = AU_NET; break; 533 case AUE_MSGCTL: 534 case AUE_MSGGET: 535 case AUE_MSGRCV: 536 case AUE_MSGSND: 537 case AUE_SEMCTL: 538 case AUE_SEMGET: 539 case AUE_SEMOP: 540 case AUE_SHMAT: 541 case AUE_SHMCTL: 542 case AUE_SHMDT: 543 case AUE_SHMGET: 544 ae_class = AU_IPC; break; 545 case AUE_ACCT: 546 case AUE_ADJTIME: 547 case AUE_GETAUID: 548 case AUE_MOUNT: 549 case AUE_SETAUID: 550 case AUE_SETRLIMIT: 551 case AUE_UMOUNT: 552 ae_class = AU_ADMIN; break; 553 case AUE_IOCTL: 554 ae_class = AU_IOCTL; break; 555 case AUE_EXECVE: 556 ae_class = AU_PROCESS|AU_EXEC; break; 557 case AUE_OPEN_R: 558 ae_class = AU_FREAD; break; 559 case AUE_OPEN_RC: 560 ae_class = AU_FREAD|AU_FCREATE; break; 561 case AUE_OPEN_RTC: 562 ae_class = AU_FREAD|AU_FCREATE|AU_FDELETE; break; 563 case AUE_OPEN_RT: 564 ae_class = AU_FREAD|AU_FDELETE; break; 565 case AUE_OPEN_RW: 566 ae_class = AU_FREAD|AU_FWRITE; break; 567 case AUE_OPEN_RWC: 568 ae_class = AU_FREAD|AU_FWRITE|AU_FCREATE; break; 569 case AUE_OPEN_RWTC: 570 ae_class = AU_FREAD|AU_FWRITE|AU_FCREATE|AU_FDELETE; break; 571 case AUE_OPEN_RWT: 572 ae_class = AU_FREAD|AU_FWRITE|AU_FDELETE; break; 573 case AUE_OPEN_W: 574 ae_class = AU_FWRITE; break; 575 case AUE_OPEN_WC: 576 ae_class = AU_FWRITE|AU_FCREATE; break; 577 case AUE_OPEN_WTC: 578 ae_class = AU_FWRITE|AU_FCREATE|AU_FDELETE; break; 579 case AUE_OPEN_WT: 580 ae_class = AU_FWRITE|AU_FDELETE; break; 581 case AUE_RENAME: 582 ae_class = AU_FCREATE|AU_FDELETE; break; 583 default: /* Assign the event to all classes */ 584 ae_class = AU_ALL; break; 585 } 586 587 /* 588 * Perform the actual check of the masks against the event. 589 */ 590 /* 591 * XXX Need to compare against the kernel mask??? Or do we not do 592 * that by default and let the client code just call this function 593 * with the kernel preselection mask as the mask parameter? 594 */ 595 if(sorf & AU_PRS_SUCCESS) { 596 effmask |= (mask_p->am_success & ae_class); 597 } 598 599 if(sorf & AU_PRS_FAILURE) { 600 effmask |= (mask_p->am_failure & ae_class); 601 } 602 603 if(effmask) 604 return (1); 605 else 606 return (0); 607 } 608 609 /* 610 * Convert an open flags specifier into a specific type of open event for 611 * auditing purposes. 612 */ 613 au_event_t flags_to_openevent(int oflags) { 614 615 /* Need to check only those flags we care about. */ 616 oflags = oflags & (O_RDONLY | O_CREAT | O_TRUNC | O_RDWR | O_WRONLY); 617 618 /* These checks determine what flags are on with the condition 619 * that ONLY that combination is on, and no other flags are on. 620 */ 621 if (!(oflags ^ O_RDONLY)) 622 return AUE_OPEN_R; 623 if (!(oflags ^ (O_RDONLY | O_CREAT))) 624 return AUE_OPEN_RC; 625 if (!(oflags ^ (O_RDONLY | O_CREAT | O_TRUNC))) 626 return AUE_OPEN_RTC; 627 if (!(oflags ^ (O_RDONLY | O_TRUNC))) 628 return AUE_OPEN_RT; 629 if (!(oflags ^ O_RDWR)) 630 return AUE_OPEN_RW; 631 if (!(oflags ^ (O_RDWR | O_CREAT))) 632 return AUE_OPEN_RWC; 633 if (!(oflags ^ (O_RDWR | O_CREAT | O_TRUNC))) 634 return AUE_OPEN_RWTC; 635 if (!(oflags ^ (O_RDWR | O_TRUNC))) 636 return AUE_OPEN_RWT; 637 if (!(oflags ^ O_WRONLY)) 638 return AUE_OPEN_W; 639 if (!(oflags ^ (O_WRONLY | O_CREAT))) 640 return AUE_OPEN_WC; 641 if (!(oflags ^ (O_WRONLY | O_CREAT | O_TRUNC))) 642 return AUE_OPEN_WTC; 643 if (!(oflags ^ (O_WRONLY | O_TRUNC))) 644 return AUE_OPEN_WT; 645 646 return AUE_OPEN_R; 647 } 648 649 /* 650 * Fill in a vattr struct from kernel audit record fields. This function 651 * would be unecessary if we store a vattr in the kernel audit record 652 * directly. 653 */ 654 void fill_vattr(struct vattr *v, struct vnode_au_info *vn_info) 655 { 656 v->va_mode = vn_info->vn_mode; 657 v->va_uid = vn_info->vn_uid; 658 v->va_gid = vn_info->vn_gid; 659 v->va_fsid = vn_info->vn_fsid; 660 v->va_fileid = vn_info->vn_fileid; 661 v->va_rdev = vn_info->vn_dev; 662 } 663 664 /* Convert a MSGCTL command to a specific event. */ 665 int msgctl_to_event(int cmd) 666 { 667 switch (cmd) { 668 case IPC_RMID: 669 return AUE_MSGCTL_RMID; 670 case IPC_SET: 671 return AUE_MSGCTL_SET; 672 case IPC_STAT: 673 return AUE_MSGCTL_STAT; 674 default: 675 return AUE_MSGCTL; 676 /* We will audit a bad command */ 677 } 678 } 679 680 /* Convert a SEMCTL command to a specific event. */ 681 int semctl_to_event(int cmd) 682 { 683 switch (cmd) { 684 case GETALL: 685 return AUE_SEMCTL_GETALL; 686 case GETNCNT: 687 return AUE_SEMCTL_GETNCNT; 688 case GETPID: 689 return AUE_SEMCTL_GETPID; 690 case GETVAL: 691 return AUE_SEMCTL_GETVAL; 692 case GETZCNT: 693 return AUE_SEMCTL_GETZCNT; 694 case IPC_RMID: 695 return AUE_SEMCTL_RMID; 696 case IPC_SET: 697 return AUE_SEMCTL_SET; 698 case SETALL: 699 return AUE_SEMCTL_SETALL; 700 case SETVAL: 701 return AUE_SEMCTL_SETVAL; 702 case IPC_STAT: 703 return AUE_SEMCTL_STAT; 704 default: 705 return AUE_SEMCTL; 706 /* We will audit a bad command */ 707 } 708 } 709 710 /* 711 * Create a canonical path from given path by prefixing either the 712 * root directory, or the current working directory. 713 * If the process working directory is NULL, we could use 'rootvnode' 714 * to obtain the root directoty, but this results in a volfs name 715 * written to the audit log. So we will leave the filename starting 716 * with '/' in the audit log in this case. 717 */ 718 void canon_path(struct proc *p, char *path, char *cpath) 719 { 720 char *bufp; 721 int len; 722 struct vnode *vnp; 723 struct filedesc *fdp; 724 725 fdp = p->p_fd; 726 bufp = path; 727 if (*(path) == '/') { 728 while (*(bufp) == '/') 729 bufp++; /* skip leading '/'s */ 730 /* If no process root, or it is the same as the system root, 731 * audit the path as passed in with a single '/'. 732 */ 733 if ((fdp->fd_rdir == NULL) || 734 (fdp->fd_rdir == rootvnode)) { 735 vnp = NULL; 736 bufp--; /* restore one '/' */ 737 } else { 738 vnp = fdp->fd_rdir; /* use process root */ 739 } 740 } else { 741 vnp = fdp->fd_cdir; /* prepend the current dir */ 742 bufp = path; 743 } 744 if (vnp != NULL) { 745 len = MAXPATHLEN; 746 vn_getpath(vnp, cpath, &len); 747 /* The length returned by vn_getpath() is two greater than the 748 * number of characters in the string. 749 */ 750 if (len < MAXPATHLEN) 751 cpath[len-2] = '/'; 752 strncpy(cpath + len-1, bufp, MAXPATHLEN - len); 753 } else { 754 strncpy(cpath, bufp, MAXPATHLEN); 755 } 756 }
Cache object: 6098af195e26a00cc95ef72d25238835
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]