diff options
| author | rwatson <rwatson@FreeBSD.org> | 2009-07-28 21:39:58 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2009-07-28 21:39:58 +0000 |
| commit | 21e3bcee4378f043e902dc1bab9ac2915235f40a (patch) | |
| tree | 441a5395402f45cf8439af427c181e056625d4f4 /sys/security/audit/audit.h | |
| parent | fa74d2c7e54f546f30ebc8df6467929fa74d72f6 (diff) | |
| download | FreeBSD-src-21e3bcee4378f043e902dc1bab9ac2915235f40a.zip FreeBSD-src-21e3bcee4378f043e902dc1bab9ac2915235f40a.tar.gz | |
Audit file descriptors passed to fooat(2) system calls, which are used
instead of the root/current working directory as the starting point for
lookups. Up to two such descriptors can be audited. Add audit record
BSM encoding for fooat(2).
Note: due to an error in the OpenBSM 1.1p1 configuration file, a
further change is required to that file in order to fix openat(2)
auditing.
Approved by: re (kib)
Reviewed by: rdivacky (fooat(2) portions)
Obtained from: TrustedBSD Project
MFC after: 1 month
Diffstat (limited to 'sys/security/audit/audit.h')
| -rw-r--r-- | sys/security/audit/audit.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h index 582cc24..e8b3550 100644 --- a/sys/security/audit/audit.h +++ b/sys/security/audit/audit.h @@ -114,6 +114,8 @@ extern int audit_suspended; #define ARG_IOVECSTR 0x0000800000000000ULL #define ARG_ARGV 0x0001000000000000ULL #define ARG_ENVV 0x0002000000000000ULL +#define ARG_ATFD1 0x0004000000000000ULL +#define ARG_ATFD2 0x0008000000000000ULL #define ARG_NONE 0x0000000000000000ULL #define ARG_ALL 0xFFFFFFFFFFFFFFFFULL @@ -132,6 +134,8 @@ union auditon_udata; void audit_arg_addr(void * addr); void audit_arg_exit(int status, int retval); void audit_arg_len(int len); +void audit_arg_atfd1(int atfd); +void audit_arg_atfd2(int atfd); void audit_arg_fd(int fd); void audit_arg_fflags(int fflags); void audit_arg_gid(gid_t gid); @@ -197,6 +201,16 @@ void audit_thread_free(struct thread *td); audit_arg_argv((argv), (argc), (length)); \ } while (0) +#define AUDIT_ARG_ATFD1(atfd) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_atfd1((atfd)); \ +} while (0) + +#define AUDIT_ARG_ATFD2(atfd) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_atfd2((atfd)); \ +} while (0) + #define AUDIT_ARG_AUDITON(udata) do { \ if (AUDITING_TD(curthread)) \ audit_arg_auditon((udata)); \ @@ -360,6 +374,8 @@ void audit_thread_free(struct thread *td); #define AUDIT_ARG_ADDR(addr) #define AUDIT_ARG_ARGV(argv, argc, length) +#define AUDIT_ARG_ATFD1(atfd) +#define AUDIT_ARG_ATFD2(atfd) #define AUDIT_ARG_AUDITON(udata) #define AUDIT_ARG_CMD(cmd) #define AUDIT_ARG_DEV(dev) |
