diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-04-21 22:08:48 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-04-21 22:08:48 +0000 |
| commit | 9792022e80db34231627556d308375adcce097ac (patch) | |
| tree | 79040c30b241a706472da18aea9f2b933574e7c0 /sys/security/mac/mac_framework.h | |
| parent | 3df166efbcd71e69ee943f659199f3a930a39144 (diff) | |
| download | FreeBSD-src-9792022e80db34231627556d308375adcce097ac.zip FreeBSD-src-9792022e80db34231627556d308375adcce097ac.tar.gz | |
Allow MAC policy modules to control access to audit configuration system
calls. Add MAC Framework entry points and MAC policy entry points for
audit(), auditctl(), auditon(), setaudit(), aud setauid().
MAC Framework entry points are only added for audit system calls where
additional argument context may be useful for policy decision-making; other
audit system calls without arguments may be controlled via the priv(9)
entry points.
Update various policy modules to implement audit-related checks, and in
some cases, other missing system-related checks.
Obtained from: TrustedBSD Project
Sponsored by: SPARTA, Inc.
Diffstat (limited to 'sys/security/mac/mac_framework.h')
| -rw-r--r-- | sys/security/mac/mac_framework.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 4a95476..f127456 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -50,6 +50,7 @@ #error "no user-serviceable parts inside" #endif +struct auditinfo; struct bpf_d; struct cdev; struct componentname; @@ -297,6 +298,8 @@ int mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr); int mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr); int mac_check_proc_debug(struct ucred *cred, struct proc *proc); int mac_check_proc_sched(struct ucred *cred, struct proc *proc); +int mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai); +int mac_check_proc_setauid(struct ucred *cred, uid_t auid); int mac_check_proc_setuid(struct proc *proc, struct ucred *cred, uid_t uid); int mac_check_proc_seteuid(struct proc *proc, struct ucred *cred, @@ -334,6 +337,9 @@ int mac_check_socket_stat(struct ucred *cred, struct socket *so); int mac_check_socket_visible(struct ucred *cred, struct socket *so); int mac_check_sysarch_ioperm(struct ucred *cred); int mac_check_system_acct(struct ucred *cred, struct vnode *vp); +int mac_check_system_audit(struct ucred *cred, void *record, int length); +int mac_check_system_auditctl(struct ucred *cred, struct vnode *vp); +int mac_check_system_auditon(struct ucred *cred, int cmd); int mac_check_system_nfsd(struct ucred *cred); int mac_check_system_reboot(struct ucred *cred, int howto); int mac_check_system_settime(struct ucred *cred); |
