diff options
author | rwatson <rwatson@FreeBSD.org> | 2009-06-27 13:58:44 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2009-06-27 13:58:44 +0000 |
commit | da78c9e4a2e1689a4d400553bb5f6aa0537c5f49 (patch) | |
tree | 18c823b27ab8bd9a1cd03dcca0ea5348975f3971 /sys/security | |
parent | 3b6551a921beb7f1408f05c3730aa5802bd6e79c (diff) | |
download | FreeBSD-src-da78c9e4a2e1689a4d400553bb5f6aa0537c5f49.zip FreeBSD-src-da78c9e4a2e1689a4d400553bb5f6aa0537c5f49.tar.gz |
Replace AUDIT_ARG() with variable argument macros with a set more more
specific macros for each audit argument type. This makes it easier to
follow call-graphs, especially for automated analysis tools (such as
fxr).
In MFC, we should leave the existing AUDIT_ARG() macros as they may be
used by third-party kernel modules.
Suggested by: brooks
Approved by: re (kib)
Obtained from: TrustedBSD Project
MFC after: 1 week
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/audit/audit.h | 185 | ||||
-rw-r--r-- | sys/security/audit/audit_syscalls.c | 4 |
2 files changed, 174 insertions, 15 deletions
diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h index 5ba2aee..e94121d 100644 --- a/sys/security/audit/audit.h +++ b/sys/security/audit/audit.h @@ -182,12 +182,149 @@ void audit_thread_alloc(struct thread *td); void audit_thread_free(struct thread *td); /* - * Define a macro to wrap the audit_arg_* calls by checking the global + * Define macros to wrap the audit_arg_* calls by checking the global * audit_enabled flag before performing the actual call. */ -#define AUDIT_ARG(op, args...) do { \ - if (td->td_pflags & TDP_AUDITREC) \ - audit_arg_ ## op (args); \ +#define AUDITING_TD(td) ((td)->td_pflags & TDP_AUDITREC) + +#define AUDIT_ARG_ADDR(addr) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_addr((addr)); \ +} while (0) + +#define AUDIT_ARG_ARGV(argv, argc, length) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_argv((argv), (argc), (length)); \ +} while (0) + +#define AUDIT_ARG_AUDITON(udata) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_auditon((udata)); \ +} while (0) + +#define AUDIT_ARG_CMD(cmd) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_cmd((cmd)); \ +} while (0) + +#define AUDIT_ARG_DEV(dev) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_dev((dev)); \ +} while (0) + +#define AUDIT_ARG_EGID(egid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_egid((egid)); \ +} while (0) + +#define AUDIT_ARG_ENVV(envv, envc, length) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_envv((envv), (envc), (length)); \ +} while (0) + +#define AUDIT_ARG_EXIT(status, retval) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_exit((status), (retval)); \ +} while (0) + +#define AUDIT_ARG_EUID(euid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_euid((euid)); \ +} while (0) + +#define AUDIT_ARG_FD(fd) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_fd((fd)); \ +} while (0) + +#define AUDIT_ARG_FILE(p, fp) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_file((p), (fp)); \ +} while (0) + +#define AUDIT_ARG_FFLAGS(fflags) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_fflags((fflags)); \ +} while (0) + +#define AUDIT_ARG_GID(gid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_gid((gid)); \ +} while (0) + +#define AUDIT_ARG_GROUPSET(gidset, gidset_size) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_groupset((gidset), (gidset_size)); \ +} while (0) + +#define AUDIT_ARG_MODE(mode) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_mode((mode)); \ +} while (0) + +#define AUDIT_ARG_OWNER(uid, gid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_owner((uid), (gid)); \ +} while (0) + +#define AUDIT_ARG_PID(pid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_pid((pid)); \ +} while (0) + +#define AUDIT_ARG_PROCESS(p) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_process((p)); \ +} while (0) + +#define AUDIT_ARG_RGID(rgid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_gid((rgid)); \ +} while (0) + +#define AUDIT_ARG_RUID(ruid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_ruid((ruid)); \ +} while (0) + +#define AUDIT_ARG_SIGNUM(signum) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_signum((signum)); \ +} while (0) + +#define AUDIT_ARG_SGID(sgid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_sgid((sgid)); \ +} while (0) + +#define AUDIT_ARG_SUID(suid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_suid((suid)); \ +} while (0) + +#define AUDIT_ARG_TEXT(text) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_text((text)); \ +} while (0) + +#define AUDIT_ARG_UID(uid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_uid((uid)); \ +} while (0) + +#define AUDIT_ARG_UPATH(td, upath, flags) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_upath((td), (upath), (flags)); \ +} while (0) + +#define AUDIT_ARG_VALUE(value) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_value((value)); \ +} while (0) + +#define AUDIT_ARG_VNODE(vp, flags) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_vnode((vp), (flags)); \ } while (0) #define AUDIT_SYSCALL_ENTER(code, td) do { \ @@ -216,17 +353,39 @@ void audit_thread_free(struct thread *td); #else /* !AUDIT */ -#define AUDIT_ARG(op, args...) do { \ -} while (0) +#define AUDIT_ARG_ADDR(addr) +#define AUDIT_ARG_ARGV(argv, argc, length) +#define AUDIT_ARG_AUDITON(udata) +#define AUDIT_ARG_CMD(cmd) +#define AUDIT_ARG_DEV(dev) +#define AUDIT_ARG_EGID(egid) +#define AUDIT_ARG_ENVV(envv, envc, length) +#define AUDIT_ARG_EXIT(status, retval) +#define AUDIT_ARG_EUID(euid) +#define AUDIT_ARG_FD(fd) +#define AUDIT_ARG_FILE(p, fp) +#define AUDIT_ARG_FFLAGS(fflags) +#define AUDIT_ARG_GID(gid) +#define AUDIT_ARG_GROUPSET(gidset, gidset_size) +#define AUDIT_ARG_MODE(mode) +#define AUDIT_ARG_OWNER(uid, gid) +#define AUDIT_ARG_PID(pid) +#define AUDIT_ARG_PROCESS(p) +#define AUDIT_ARG_RGID(rgid) +#define AUDIT_ARG_RUID(ruid) +#define AUDIT_ARG_SIGNUM(signum) +#define AUDIT_ARG_SGID(sgid) +#define AUDIT_ARG_SUID(suid) +#define AUDIT_ARG_TEXT(text) +#define AUDIT_ARG_UID(uid) +#define AUDIT_ARG_UPATH(td, upath, flags) +#define AUDIT_ARG_VALUE(value) +#define AUDIT_ARG_VNODE(vp, flags) -#define AUDIT_SYSCALL_ENTER(code, td) do { \ -} while (0) +#define AUDIT_SYSCALL_ENTER(code, td) +#define AUDIT_SYSCALL_EXIT(error, td) -#define AUDIT_SYSCALL_EXIT(error, td) do { \ -} while (0) - -#define AUDIT_SYSCLOSE(p, fd) do { \ -} while (0) +#define AUDIT_SYSCLOSE(p, fd) #endif /* AUDIT */ diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index 1811660..075aac5 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -163,7 +163,7 @@ auditon(struct thread *td, struct auditon_args *uap) if (jailed(td->td_ucred)) return (ENOSYS); - AUDIT_ARG(cmd, uap->cmd); + AUDIT_ARG_CMD(uap->cmd); #ifdef MAC error = mac_system_check_auditon(td->td_ucred, uap->cmd); @@ -205,7 +205,7 @@ auditon(struct thread *td, struct auditon_args *uap) error = copyin(uap->data, (void *)&udata, uap->length); if (error) return (error); - AUDIT_ARG(auditon, &udata); + AUDIT_ARG_AUDITON(&udata); break; } |