diff options
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/audit/audit.c | 13 | ||||
-rw-r--r-- | sys/security/audit/audit.h | 6 | ||||
-rw-r--r-- | sys/security/audit/audit_syscalls.c | 1 |
3 files changed, 15 insertions, 5 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c index 4ea76c6..b46c02c 100644 --- a/sys/security/audit/audit.c +++ b/sys/security/audit/audit.c @@ -492,6 +492,8 @@ audit_syscall_enter(unsigned short code, struct thread *td) au_id_t auid; KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL")); + KASSERT((td->td_pflags & TDP_AUDITREC) == 0, + ("audit_syscall_enter: TDP_AUDITREC set")); /* * In FreeBSD, each ABI has its own system call table, and hence @@ -542,9 +544,13 @@ audit_syscall_enter(unsigned short code, struct thread *td) panic("audit_failing_stop: thread continued"); } td->td_ar = audit_new(event, td); - } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) + if (td->td_ar != NULL) + td->td_pflags |= TDP_AUDITREC; + } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) { td->td_ar = audit_new(event, td); - else + if (td->td_ar != NULL) + td->td_pflags |= TDP_AUDITREC; + } else td->td_ar = NULL; } @@ -572,6 +578,7 @@ audit_syscall_exit(int error, struct thread *td) audit_commit(td->td_ar, error, retval); td->td_ar = NULL; + td->td_pflags &= ~TDP_AUDITREC; } void @@ -626,6 +633,8 @@ audit_thread_free(struct thread *td) { KASSERT(td->td_ar == NULL, ("audit_thread_free: td_ar != NULL")); + KASSERT((td->td_pflags & TDP_AUDITREC) == 0, + ("audit_thread_free: TDP_AUDITREC set")); } void diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h index 227d2dc..5ba2aee 100644 --- a/sys/security/audit/audit.h +++ b/sys/security/audit/audit.h @@ -186,7 +186,7 @@ void audit_thread_free(struct thread *td); * audit_enabled flag before performing the actual call. */ #define AUDIT_ARG(op, args...) do { \ - if (td->td_ar != NULL) \ + if (td->td_pflags & TDP_AUDITREC) \ audit_arg_ ## op (args); \ } while (0) @@ -202,7 +202,7 @@ void audit_thread_free(struct thread *td); * auditing is disabled, so we don't just check audit_enabled here. */ #define AUDIT_SYSCALL_EXIT(error, td) do { \ - if (td->td_ar != NULL) \ + if (td->td_pflags & TDP_AUDITREC) \ audit_syscall_exit(error, td); \ } while (0) @@ -210,7 +210,7 @@ void audit_thread_free(struct thread *td); * A Macro to wrap the audit_sysclose() function. */ #define AUDIT_SYSCLOSE(td, fd) do { \ - if (audit_enabled) \ + if (td->td_pflags & TDP_AUDITREC) \ audit_sysclose(td, fd); \ } while (0) diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index b70b10d..7ca797d 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -96,6 +96,7 @@ audit(struct thread *td, struct audit_args *uap) td->td_ar = audit_new(AUE_NULL, td); if (td->td_ar == NULL) return (ENOTSUP); + td->td_pflags |= TDP_AUDITREC; ar = td->td_ar; } |