diff options
author | rwatson <rwatson@FreeBSD.org> | 2009-04-19 14:53:17 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2009-04-19 14:53:17 +0000 |
commit | 7e3aff1dc199846d15b3c479bff793353b8cfe8f (patch) | |
tree | 34d6b55d9d4235f31e08a9864553465396f0a407 /sys/bsm | |
parent | ada9604fd24dc29bff6c92bc0943439bc14011f2 (diff) | |
download | FreeBSD-src-7e3aff1dc199846d15b3c479bff793353b8cfe8f.zip FreeBSD-src-7e3aff1dc199846d15b3c479bff793353b8cfe8f.tar.gz |
Merge OpenBSM 1.1 changes to the FreeBSD 8.x kernel:
- Add and use mapping of fcntl(2) commands to new BSM constant space.
- Adopt (int) rather than (long) arguments to a number of auditon(2)
commands, as has happened in Solaris, and add compatibility code to
handle the old comments.
Note that BSM_PF_IEEE80211 is partially but not fully removed, as the
userspace OpenBSM 1.1alpha5 code still depends on it. Once userspace
is updated, I'll GCC the kernel constant.
MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project
Portions submitted by: sson
Diffstat (limited to 'sys/bsm')
-rw-r--r-- | sys/bsm/audit.h | 64 | ||||
-rw-r--r-- | sys/bsm/audit_kevents.h | 14 | ||||
-rw-r--r-- | sys/bsm/audit_record.h | 6 |
3 files changed, 52 insertions, 32 deletions
diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h index 24cc583..dd7dffc 100644 --- a/sys/bsm/audit.h +++ b/sys/bsm/audit.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Apple Inc. + * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,21 +26,15 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#5 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 * $FreeBSD$ */ -#ifndef _BSM_AUDIT_H +#ifndef _BSM_AUDIT_H #define _BSM_AUDIT_H -#ifdef __APPLE__ -/* Temporary until rdar://problem/6133383 is resolved. */ -#include <sys/types.h> #include <sys/param.h> -#include <sys/socket.h> -#include <sys/cdefs.h> -#include <sys/queue.h> -#endif /* __APPLE__ */ +#include <sys/types.h> #define AUDIT_RECORD_MAGIC 0x828a0f1b #define MAX_AUDIT_RECORDS 20 @@ -101,20 +95,20 @@ /* * auditon(2) commands. */ -#define A_GETPOLICY 2 -#define A_SETPOLICY 3 +#define A_OLDGETPOLICY 2 +#define A_OLDSETPOLICY 3 #define A_GETKMASK 4 #define A_SETKMASK 5 -#define A_GETQCTRL 6 -#define A_SETQCTRL 7 +#define A_OLDGETQCTRL 6 +#define A_OLDSETQCTRL 7 #define A_GETCWD 8 #define A_GETCAR 9 #define A_GETSTAT 12 #define A_SETSTAT 13 #define A_SETUMASK 14 #define A_SETSMASK 15 -#define A_GETCOND 20 -#define A_SETCOND 21 +#define A_OLDGETCOND 20 +#define A_OLDSETCOND 21 #define A_GETCLASS 22 #define A_SETCLASS 23 #define A_GETPINFO 24 @@ -126,6 +120,12 @@ #define A_SETKAUDIT 30 #define A_SENDTRIGGER 31 #define A_GETSINFO_ADDR 32 +#define A_GETPOLICY 33 +#define A_SETPOLICY 34 +#define A_GETQCTRL 35 +#define A_SETQCTRL 36 +#define A_GETCOND 37 +#define A_SETCOND 38 /* * Audit policy controls. @@ -216,7 +216,6 @@ struct auditpinfo { au_mask_t ap_mask; /* Audit masks. */ au_tid_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ - u_int64_t ap_flags; /* Audit session flags. */ }; typedef struct auditpinfo auditpinfo_t; @@ -226,15 +225,12 @@ struct auditpinfo_addr { au_mask_t ap_mask; /* Audit masks. */ au_tid_addr_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ + u_int64_t ap_flags; /* Audit session flags. */ }; typedef struct auditpinfo_addr auditpinfo_addr_t; struct au_session { auditinfo_addr_t *as_aia_p; /* Ptr to full audit info. */ -#define as_asid as_aia_p->ai_asid -#define as_auid as_aia_p->ai_auid -#define as_termid as_aia_p->ai_termid - au_mask_t as_mask; /* Process Audit Masks. */ }; typedef struct au_session au_session_t; @@ -245,13 +241,22 @@ typedef struct au_session au_session_t; typedef struct au_token token_t; /* - * Kernel audit queue control parameters. + * Kernel audit queue control parameters: + * Default: Maximum: + * aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000) + * aq_lowater: AQ_LOWATER (10) <aq_hiwater + * aq_bufsz: AQ_BUFSZ (32767) AQ_MAXBUFSZ (1048576) + * aq_delay: 20 20000 (not used) */ struct au_qctrl { - size_t aq_hiwater; - size_t aq_lowater; - size_t aq_bufsz; - clock_t aq_delay; + int aq_hiwater; /* Max # of audit recs in queue when */ + /* threads with new ARs get blocked. */ + + int aq_lowater; /* # of audit recs in queue when */ + /* blocked threads get unblocked. */ + + int aq_bufsz; /* Max size of audit record for audit(2). */ + int aq_delay; /* Queue delay (not used). */ int aq_minfree; /* Minimum filesystem percent free space. */ }; typedef struct au_qctrl au_qctrl_t; @@ -308,6 +313,13 @@ int getaudit(struct auditinfo *); int setaudit(const struct auditinfo *); int getaudit_addr(struct auditinfo_addr *, int); int setaudit_addr(const struct auditinfo_addr *, int); + +#ifdef __APPLE_API_PRIVATE +#include <mach/port.h> +mach_port_name_t audit_session_self(void); +au_asid_t audit_session_join(mach_port_name_t port); +#endif /* __APPLE_API_PRIVATE */ + #endif /* defined(_KERNEL) || defined(KERNEL) */ __END_DECLS diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h index 40aec77..c583718 100644 --- a/sys/bsm/audit_kevents.h +++ b/sys/bsm/audit_kevents.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Apple Inc. + * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#5 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#6 * $FreeBSD$ */ @@ -34,6 +34,12 @@ #define _BSM_AUDIT_KEVENTS_H_ /* + * The reserved event numbers for kernel events are 1...2047 and 43001..44900. + */ +#define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \ + ((e) > 43000 && (e) < 45000)) + +/* * Values marked as AUE_NULL are not required to be audited as per CAPP. * * Some conflicts exist in the assignment of name to event number mappings @@ -589,6 +595,8 @@ #define AUE_FSGETPATH 43191 /* Darwin. */ #define AUE_PREAD 43192 /* Darwin/FreeBSD. */ #define AUE_PWRITE 43193 /* Darwin/FreeBSD. */ +#define AUE_FSCTL 43194 /* Darwin. */ +#define AUE_FFSCTL 43195 /* Darwin. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the @@ -674,12 +682,10 @@ #define AUE_CSOPS AUE_NULL #define AUE_DUP AUE_NULL #define AUE_FDATASYNC AUE_NULL -#define AUE_FFSCTL AUE_NULL #define AUE_FGETATTRLIST AUE_NULL #define AUE_FGETXATTR AUE_NULL #define AUE_FLISTXATTR AUE_NULL #define AUE_FREMOVEXATTR AUE_NULL -#define AUE_FSCTL AUE_NULL #define AUE_FSETATTRLIST AUE_NULL #define AUE_FSETXATTR AUE_NULL #define AUE_FSTATFS64 AUE_NULL diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h index 5d9306a..9d6be04 100644 --- a/sys/bsm/audit_record.h +++ b/sys/bsm/audit_record.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005-2008 Apple Inc. + * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#9 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#10 * $FreeBSD$ */ @@ -286,10 +286,12 @@ token_t *au_to_zonename(const char *zonename); */ int au_bsm_to_domain(u_short bsm_domain, int *local_domainp); int au_bsm_to_errno(u_char bsm_error, int *errorp); +int au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp); int au_bsm_to_socket_type(u_short bsm_socket_type, int *local_socket_typep); u_short au_domain_to_bsm(int local_domain); u_char au_errno_to_bsm(int local_errno); +u_short au_fcntl_cmd_to_bsm(int local_fcntl_command); u_short au_socket_type_to_bsm(int local_socket_type); __END_DECLS |