summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/security/audit/audit.c4
-rw-r--r--sys/security/audit/audit_private.h3
-rw-r--r--sys/security/audit/audit_syscalls.c8
-rw-r--r--sys/security/audit/audit_worker.c10
4 files changed, 20 insertions, 5 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index 813d0fa..31b6178 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -396,8 +396,8 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
if (audit_pipe_preselect(auid, event, class, sorf,
ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0)
ar->k_ar_commit |= AR_PRESELECT_PIPE;
- if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE)) ==
- 0) {
+ if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE |
+ AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE)) == 0) {
mtx_lock(&audit_mtx);
audit_pre_q_len--;
mtx_unlock(&audit_mtx);
diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h
index f6cd17a..e232bcd 100644
--- a/sys/security/audit/audit_private.h
+++ b/sys/security/audit/audit_private.h
@@ -96,6 +96,9 @@ extern int audit_arge;
#define AR_PRESELECT_TRAIL 0x00001000U
#define AR_PRESELECT_PIPE 0x00002000U
+#define AR_PRESELECT_USER_TRAIL 0x00004000U
+#define AR_PRESELECT_USER_PIPE 0x00008000U
+
/*
* Audit data is generated as a stream of struct audit_record structures,
* linked by struct kaudit_record, and contain storage for possible audit so
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c
index eb18c76..03884b2 100644
--- a/sys/security/audit/audit_syscalls.c
+++ b/sys/security/audit/audit_syscalls.c
@@ -118,6 +118,14 @@ audit(struct thread *td, struct audit_args *uap)
ar->k_udata = rec;
ar->k_ulen = uap->length;
ar->k_ar_commit |= AR_COMMIT_USER;
+
+ /*
+ * Currently we assume that all preselection has been performed in
+ * userspace. We unconditionally set these masks so that the records
+ * get committed both to the trail and pipe. In the future we will
+ * want to setup kernel based preselection.
+ */
+ ar->k_ar_commit |= (AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE);
return (0);
free_out:
diff --git a/sys/security/audit/audit_worker.c b/sys/security/audit/audit_worker.c
index d4cef64..cfe46fa 100644
--- a/sys/security/audit/audit_worker.c
+++ b/sys/security/audit/audit_worker.c
@@ -323,7 +323,7 @@ audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred,
int sorf;
if ((ar->k_ar_commit & AR_COMMIT_USER) &&
- (ar->k_ar_commit & AR_PRESELECT_TRAIL)) {
+ (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) {
error = audit_record_write(audit_vp, audit_cred, audit_td,
ar->k_udata, ar->k_ulen);
if (error && audit_panic_on_write_fail)
@@ -331,11 +331,14 @@ audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred,
else if (error)
printf("audit_worker: write error %d\n", error);
}
+
if ((ar->k_ar_commit & AR_COMMIT_USER) &&
- (ar->k_ar_commit & AR_PRESELECT_PIPE))
+ (ar->k_ar_commit & AR_PRESELECT_USER_PIPE))
audit_pipe_submit_user(ar->k_udata, ar->k_ulen);
- if (!(ar->k_ar_commit & AR_COMMIT_KERNEL))
+ if (!(ar->k_ar_commit & AR_COMMIT_KERNEL) ||
+ ((ar->k_ar_commit & AR_PRESELECT_PIPE) == 0 &&
+ (ar->k_ar_commit & AR_PRESELECT_TRAIL) == 0))
return;
auid = ar->k_ar.ar_subj_auid;
@@ -372,6 +375,7 @@ audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred,
printf("audit_worker: write error %d\n",
error);
}
+
if (ar->k_ar_commit & AR_PRESELECT_PIPE)
audit_pipe_submit(auid, event, class, sorf,
ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data,
OpenPOWER on IntegriCloud