summaryrefslogtreecommitdiffstats
path: root/sys/security/audit/audit_bsm.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/audit/audit_bsm.c')
-rw-r--r--sys/security/audit/audit_bsm.c75
1 files changed, 75 insertions, 0 deletions
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c
index e5c0d52..b1a9931 100644
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@@ -183,6 +183,20 @@ kau_free(struct au_record *rec)
* XXXAUDIT: These macros assume that 'kar', 'ar', 'rec', and 'tok' in the
* caller are OK with this.
*/
+#define ATFD1_TOKENS(argnum) do { \
+ if (ARG_IS_VALID(kar, ARG_ATFD1)) { \
+ tok = au_to_arg32(argnum, "at fd 1", ar->ar_arg_atfd1); \
+ kau_write(rec, tok); \
+ } \
+} while (0)
+
+#define ATFD2_TOKENS(argnum) do { \
+ if (ARG_IS_VALID(kar, ARG_ATFD2)) { \
+ tok = au_to_arg32(argnum, "at fd 2", ar->ar_arg_atfd2); \
+ kau_write(rec, tok); \
+ } \
+} while (0)
+
#define UPATH1_TOKENS do { \
if (ARG_IS_VALID(kar, ARG_UPATH1)) { \
tok = au_to_path(ar->ar_arg_upath1); \
@@ -198,6 +212,10 @@ kau_free(struct au_record *rec)
} while (0)
#define VNODE1_TOKENS do { \
+ if (ARG_IS_VALID(kar, ARG_ATFD)) { \
+ tok = au_to_arg32(1, "at fd", ar->ar_arg_atfd); \
+ kau_write(rec, tok); \
+ } \
if (ARG_IS_VALID(kar, ARG_VNODE1)) { \
tok = au_to_attr32(&ar->ar_arg_vnode1); \
kau_write(rec, tok); \
@@ -715,6 +733,8 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_CHDIR:
case AUE_CHROOT:
+ case AUE_FSTATAT:
+ case AUE_FUTIMESAT:
case AUE_GETATTRLIST:
case AUE_JAIL:
case AUE_LUTIMES:
@@ -733,7 +753,9 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_TRUNCATE:
case AUE_UNDELETE:
case AUE_UNLINK:
+ case AUE_UNLINKAT:
case AUE_UTIMES:
+ ATFD1_TOKENS(1);
UPATH1_VNODE1_TOKENS;
break;
@@ -771,6 +793,16 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
UPATH1_VNODE1_TOKENS;
break;
+ case AUE_FCHMODAT:
+ ATFD1_TOKENS(1);
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(3, "new file mode",
+ ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
+ UPATH1_VNODE1_TOKENS;
+ break;
+
case AUE_CHOWN:
case AUE_LCHOWN:
if (ARG_IS_VALID(kar, ARG_UID)) {
@@ -784,6 +816,19 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
UPATH1_VNODE1_TOKENS;
break;
+ case AUE_FCHOWNAT:
+ ATFD1_TOKENS(1);
+ if (ARG_IS_VALID(kar, ARG_UID)) {
+ tok = au_to_arg32(3, "new file uid", ar->ar_arg_uid);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_GID)) {
+ tok = au_to_arg32(4, "new file gid", ar->ar_arg_gid);
+ kau_write(rec, tok);
+ }
+ UPATH1_VNODE1_TOKENS;
+ break;
+
case AUE_EXCHANGEDATA:
UPATH1_VNODE1_TOKENS;
UPATH2_TOKENS;
@@ -991,8 +1036,12 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
break;
case AUE_LINK:
+ case AUE_LINKAT:
case AUE_RENAME:
+ case AUE_RENAMEAT:
+ ATFD1_TOKENS(1);
UPATH1_VNODE1_TOKENS;
+ ATFD2_TOKENS(3);
UPATH2_TOKENS;
break;
@@ -1136,6 +1185,32 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
UPATH1_VNODE1_TOKENS;
break;
+ case AUE_OPENAT_RC:
+ case AUE_OPENAT_RTC:
+ case AUE_OPENAT_RWC:
+ case AUE_OPENAT_RWTC:
+ case AUE_OPENAT_WC:
+ case AUE_OPENAT_WTC:
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
+ /* FALLTHROUGH */
+
+ case AUE_OPENAT_R:
+ case AUE_OPENAT_RT:
+ case AUE_OPENAT_RW:
+ case AUE_OPENAT_RWT:
+ case AUE_OPENAT_W:
+ case AUE_OPENAT_WT:
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
+ ATFD1_TOKENS(1);
+ UPATH1_VNODE1_TOKENS;
+ break;
+
case AUE_PTRACE:
if (ARG_IS_VALID(kar, ARG_CMD)) {
tok = au_to_arg32(1, "request", ar->ar_arg_cmd);
OpenPOWER on IntegriCloud