From 21e3bcee4378f043e902dc1bab9ac2915235f40a Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Tue, 28 Jul 2009 21:39:58 +0000
Subject: Audit file descriptors passed to fooat(2) system calls, which are
 used instead of the root/current working directory as the starting point for
 lookups.  Up to two such descriptors can be audited.  Add audit record BSM
 encoding for fooat(2).

Note: due to an error in the OpenBSM 1.1p1 configuration file, a
further change is required to that file in order to fix openat(2)
auditing.

Approved by:	re (kib)
Reviewed by:	rdivacky (fooat(2) portions)
Obtained from:	TrustedBSD Project
MFC after:	1 month
---
 sys/security/audit/audit.h | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'sys/security/audit/audit.h')

diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h
index 582cc24..e8b3550 100644
--- a/sys/security/audit/audit.h
+++ b/sys/security/audit/audit.h
@@ -114,6 +114,8 @@ extern int	audit_suspended;
 #define	ARG_IOVECSTR		0x0000800000000000ULL
 #define	ARG_ARGV		0x0001000000000000ULL
 #define	ARG_ENVV		0x0002000000000000ULL
+#define	ARG_ATFD1		0x0004000000000000ULL
+#define	ARG_ATFD2		0x0008000000000000ULL
 #define	ARG_NONE		0x0000000000000000ULL
 #define	ARG_ALL			0xFFFFFFFFFFFFFFFFULL
 
@@ -132,6 +134,8 @@ union auditon_udata;
 void	 audit_arg_addr(void * addr);
 void	 audit_arg_exit(int status, int retval);
 void	 audit_arg_len(int len);
+void	 audit_arg_atfd1(int atfd);
+void	 audit_arg_atfd2(int atfd);
 void	 audit_arg_fd(int fd);
 void	 audit_arg_fflags(int fflags);
 void	 audit_arg_gid(gid_t gid);
@@ -197,6 +201,16 @@ void	 audit_thread_free(struct thread *td);
 		audit_arg_argv((argv), (argc), (length));		\
 } while (0)
 
+#define	AUDIT_ARG_ATFD1(atfd) do {					\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_atfd1((atfd));				\
+} while (0)
+
+#define	AUDIT_ARG_ATFD2(atfd) do {					\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_atfd2((atfd));				\
+} while (0)
+
 #define	AUDIT_ARG_AUDITON(udata) do {					\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_auditon((udata));				\
@@ -360,6 +374,8 @@ void	 audit_thread_free(struct thread *td);
 
 #define	AUDIT_ARG_ADDR(addr)
 #define	AUDIT_ARG_ARGV(argv, argc, length)
+#define	AUDIT_ARG_ATFD1(atfd)
+#define	AUDIT_ARG_ATFD2(atfd)
 #define	AUDIT_ARG_AUDITON(udata)
 #define	AUDIT_ARG_CMD(cmd)
 #define	AUDIT_ARG_DEV(dev)
-- 
cgit v1.1