From 7e3aff1dc199846d15b3c479bff793353b8cfe8f Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Sun, 19 Apr 2009 14:53:17 +0000
Subject: Merge OpenBSM 1.1 changes to the FreeBSD 8.x kernel:

- Add and use mapping of fcntl(2) commands to new BSM constant space.
- Adopt (int) rather than (long) arguments to a number of auditon(2)
  commands, as has happened in Solaris, and add compatibility code to
  handle the old comments.

Note that BSM_PF_IEEE80211 is partially but not fully removed, as the
userspace OpenBSM 1.1alpha5 code still depends on it.  Once userspace
is updated, I'll GCC the kernel constant.

MFC after:		2 weeks
Sponsored by:		Apple, Inc.
Obtained from:		TrustedBSD Project
Portions submitted by:	sson
---
 sys/bsm/audit.h         | 64 +++++++++++++++++++++++++++++--------------------
 sys/bsm/audit_kevents.h | 14 +++++++----
 sys/bsm/audit_record.h  |  6 +++--
 3 files changed, 52 insertions(+), 32 deletions(-)

(limited to 'sys/bsm')

diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h
index 24cc583..dd7dffc 100644
--- a/sys/bsm/audit.h
+++ b/sys/bsm/audit.h
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005 Apple Inc.
+ * Copyright (c) 2005-2009 Apple Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,21 +26,15 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9
  * $FreeBSD$
  */
 
-#ifndef _BSM_AUDIT_H
+#ifndef	_BSM_AUDIT_H
 #define	_BSM_AUDIT_H
 
-#ifdef	__APPLE__
-/* Temporary until rdar://problem/6133383 is resolved. */
-#include <sys/types.h>
 #include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/cdefs.h>
-#include <sys/queue.h>
-#endif /* __APPLE__ */
+#include <sys/types.h>
 
 #define	AUDIT_RECORD_MAGIC	0x828a0f1b
 #define	MAX_AUDIT_RECORDS	20
@@ -101,20 +95,20 @@
 /*
  * auditon(2) commands.
  */
-#define	A_GETPOLICY	2
-#define	A_SETPOLICY	3
+#define	A_OLDGETPOLICY	2
+#define	A_OLDSETPOLICY	3
 #define	A_GETKMASK	4
 #define	A_SETKMASK	5
-#define	A_GETQCTRL	6
-#define	A_SETQCTRL	7
+#define	A_OLDGETQCTRL	6
+#define	A_OLDSETQCTRL	7
 #define	A_GETCWD	8
 #define	A_GETCAR	9
 #define	A_GETSTAT	12
 #define	A_SETSTAT	13
 #define	A_SETUMASK	14
 #define	A_SETSMASK	15
-#define	A_GETCOND	20
-#define	A_SETCOND	21
+#define	A_OLDGETCOND	20
+#define	A_OLDSETCOND	21
 #define	A_GETCLASS	22
 #define	A_SETCLASS	23
 #define	A_GETPINFO	24
@@ -126,6 +120,12 @@
 #define	A_SETKAUDIT	30
 #define	A_SENDTRIGGER	31
 #define	A_GETSINFO_ADDR	32
+#define	A_GETPOLICY	33
+#define	A_SETPOLICY	34
+#define	A_GETQCTRL	35
+#define	A_SETQCTRL	36
+#define	A_GETCOND	37
+#define	A_SETCOND	38
 
 /*
  * Audit policy controls.
@@ -216,7 +216,6 @@ struct auditpinfo {
 	au_mask_t	ap_mask;	/* Audit masks. */
 	au_tid_t	ap_termid;	/* Terminal ID. */
 	au_asid_t	ap_asid;	/* Audit session ID. */
-	u_int64_t	ap_flags;	/* Audit session flags. */
 };
 typedef	struct auditpinfo	auditpinfo_t;
 
@@ -226,15 +225,12 @@ struct auditpinfo_addr {
 	au_mask_t	ap_mask;	/* Audit masks. */
 	au_tid_addr_t	ap_termid;	/* Terminal ID. */
 	au_asid_t	ap_asid;	/* Audit session ID. */
+	u_int64_t	ap_flags;	/* Audit session flags. */
 };
 typedef	struct auditpinfo_addr	auditpinfo_addr_t;
 
 struct au_session {
 	auditinfo_addr_t	*as_aia_p;	/* Ptr to full audit info. */
-#define	as_asid			as_aia_p->ai_asid
-#define	as_auid			as_aia_p->ai_auid
-#define	as_termid		as_aia_p->ai_termid
-
 	au_mask_t		 as_mask;	/* Process Audit Masks. */
 };
 typedef struct au_session       au_session_t;
@@ -245,13 +241,22 @@ typedef struct au_session       au_session_t;
 typedef	struct au_token	token_t;
 
 /*
- * Kernel audit queue control parameters.
+ * Kernel audit queue control parameters:
+ * 			Default:		Maximum:
+ * 	aq_hiwater:	AQ_HIWATER (100)	AQ_MAXHIGH (10000) 
+ * 	aq_lowater:	AQ_LOWATER (10)		<aq_hiwater
+ * 	aq_bufsz:	AQ_BUFSZ (32767)	AQ_MAXBUFSZ (1048576)
+ * 	aq_delay:	20			20000 (not used) 
  */
 struct au_qctrl {
-	size_t	aq_hiwater;
-	size_t	aq_lowater;
-	size_t	aq_bufsz;
-	clock_t	aq_delay;
+	int	aq_hiwater;	/* Max # of audit recs in queue when */
+				/* threads with new ARs get blocked. */ 
+
+	int	aq_lowater;	/* # of audit recs in queue when */
+				/* blocked threads get unblocked. */
+
+	int	aq_bufsz;	/* Max size of audit record for audit(2). */
+	int	aq_delay;	/* Queue delay (not used). */
 	int	aq_minfree;	/* Minimum filesystem percent free space. */
 };
 typedef	struct au_qctrl	au_qctrl_t;
@@ -308,6 +313,13 @@ int	getaudit(struct auditinfo *);
 int	setaudit(const struct auditinfo *);
 int	getaudit_addr(struct auditinfo_addr *, int);
 int	setaudit_addr(const struct auditinfo_addr *, int);
+
+#ifdef __APPLE_API_PRIVATE
+#include <mach/port.h>
+mach_port_name_t audit_session_self(void);
+au_asid_t	 audit_session_join(mach_port_name_t port);
+#endif /* __APPLE_API_PRIVATE */
+
 #endif /* defined(_KERNEL) || defined(KERNEL) */
 
 __END_DECLS
diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h
index 40aec77..c583718 100644
--- a/sys/bsm/audit_kevents.h
+++ b/sys/bsm/audit_kevents.h
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005 Apple Inc.
+ * Copyright (c) 2005-2009 Apple Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#6
  * $FreeBSD$
  */
 
@@ -34,6 +34,12 @@
 #define	_BSM_AUDIT_KEVENTS_H_
 
 /*
+ * The reserved event numbers for kernel events are 1...2047 and 43001..44900.
+ */
+#define	AUE_IS_A_KEVENT(e)	(((e) > 0 && (e) < 2048) || 	\
+    				 ((e) > 43000 && (e) < 45000))
+
+/*
  * Values marked as AUE_NULL are not required to be audited as per CAPP.
  *
  * Some conflicts exist in the assignment of name to event number mappings
@@ -589,6 +595,8 @@
 #define	AUE_FSGETPATH		43191	/* Darwin. */
 #define	AUE_PREAD		43192	/* Darwin/FreeBSD. */
 #define	AUE_PWRITE		43193	/* Darwin/FreeBSD. */
+#define	AUE_FSCTL		43194	/* Darwin. */
+#define	AUE_FFSCTL		43195	/* Darwin. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -674,12 +682,10 @@
 #define	AUE_CSOPS		AUE_NULL
 #define	AUE_DUP			AUE_NULL
 #define	AUE_FDATASYNC		AUE_NULL
-#define	AUE_FFSCTL		AUE_NULL
 #define	AUE_FGETATTRLIST	AUE_NULL
 #define	AUE_FGETXATTR		AUE_NULL
 #define	AUE_FLISTXATTR		AUE_NULL
 #define	AUE_FREMOVEXATTR	AUE_NULL
-#define	AUE_FSCTL		AUE_NULL
 #define	AUE_FSETATTRLIST	AUE_NULL
 #define	AUE_FSETXATTR		AUE_NULL
 #define	AUE_FSTATFS64		AUE_NULL
diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h
index 5d9306a..9d6be04 100644
--- a/sys/bsm/audit_record.h
+++ b/sys/bsm/audit_record.h
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005-2008 Apple Inc.
+ * Copyright (c) 2005-2009 Apple Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#9
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#10
  * $FreeBSD$
  */
 
@@ -286,10 +286,12 @@ token_t	*au_to_zonename(const char *zonename);
  */
 int	 au_bsm_to_domain(u_short bsm_domain, int *local_domainp);
 int	 au_bsm_to_errno(u_char bsm_error, int *errorp);
+int	 au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp);
 int	 au_bsm_to_socket_type(u_short bsm_socket_type,
 	    int *local_socket_typep);
 u_short	 au_domain_to_bsm(int local_domain);
 u_char	 au_errno_to_bsm(int local_errno);
+u_short	 au_fcntl_cmd_to_bsm(int local_fcntl_command);
 u_short	 au_socket_type_to_bsm(int local_socket_type);
 
 __END_DECLS
-- 
cgit v1.1