summaryrefslogtreecommitdiffstats
path: root/sys/security/audit/audit_syscalls.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/audit/audit_syscalls.c')
-rw-r--r--sys/security/audit/audit_syscalls.c44
1 files changed, 44 insertions, 0 deletions
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c
index d227334..96dedba 100644
--- a/sys/security/audit/audit_syscalls.c
+++ b/sys/security/audit/audit_syscalls.c
@@ -29,6 +29,8 @@
* $FreeBSD$
*/
+#include "opt_mac.h"
+
#include <sys/param.h>
#include <sys/mount.h>
#include <sys/namei.h>
@@ -41,8 +43,10 @@
#include <bsm/audit.h>
#include <bsm/audit_kevents.h>
+
#include <security/audit/audit.h>
#include <security/audit/audit_private.h>
+#include <security/mac/mac_framework.h>
#ifdef AUDIT
@@ -109,6 +113,12 @@ audit(struct thread *td, struct audit_args *uap)
goto free_out;
}
+#ifdef MAC
+ error = mac_check_system_audit(td->td_ucred, rec, uap->length);
+ if (error)
+ goto free_out;
+#endif
+
/*
* Attach the user audit record to the kernel audit record. Because
* this system call is an auditable event, we will write the user
@@ -153,6 +163,13 @@ auditon(struct thread *td, struct auditon_args *uap)
if (jailed(td->td_ucred))
return (ENOSYS);
AUDIT_ARG(cmd, uap->cmd);
+
+#ifdef MAC
+ error = mac_check_system_auditon(td->td_ucred, uap->cmd);
+ if (error)
+ return (error);
+#endif
+
error = priv_check(td, PRIV_AUDIT_CONTROL);
if (error)
return (error);
@@ -451,6 +468,12 @@ setauid(struct thread *td, struct setauid_args *uap)
audit_arg_auid(id);
+#ifdef MAC
+ error = mac_check_proc_setauid(td->td_ucred, id);
+ if (error)
+ return (error);
+#endif
+
/*
* XXX: Integer write on static pointer dereference: doesn't need
* locking?
@@ -519,6 +542,12 @@ setaudit(struct thread *td, struct setaudit_args *uap)
audit_arg_auditinfo(&ai);
+#ifdef MAC
+ error = mac_check_proc_setaudit(td->td_ucred, &ai);
+ if (error)
+ return (error);
+#endif
+
/*
* XXXRW: Test privilege while holding the proc lock?
*/
@@ -568,6 +597,11 @@ setaudit_addr(struct thread *td, struct setaudit_addr_args *uap)
if (error)
return (error);
+#ifdef MAC
+ error = mac_check_proc_setaudit(td->td_ucred, NULL);
+ if (error)
+ return (error);
+#endif
error = copyin(uap->auditinfo_addr, &aia, sizeof(aia));
if (error)
return (error);
@@ -617,7 +651,17 @@ auditctl(struct thread *td, struct auditctl_args *uap)
return (error);
vfslocked = NDHASGIANT(&nd);
vp = nd.ni_vp;
+#ifdef MAC
+ error = mac_check_system_auditctl(td->td_ucred, vp);
+ VOP_UNLOCK(vp, 0, td);
+ if (error) {
+ vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td);
+ VFS_UNLOCK_GIANT(vfslocked);
+ return (error);
+ }
+#else
VOP_UNLOCK(vp, 0, td);
+#endif
NDFREE(&nd, NDF_ONLY_PNBUF);
if (vp->v_type != VREG) {
vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td);
OpenPOWER on IntegriCloud