mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-02 12:20:51 +00:00
Code Issues Releases Activity

Replace AUDIT_ARG() with variable argument macros with a set more more

Browse Source 
specific macros for each audit argument type.  This makes it easier to
follow call-graphs, especially for automated analysis tools (such as
fxr).

In MFC, we should leave the existing AUDIT_ARG() macros as they may be
used by third-party kernel modules.

Suggested by:	brooks
Approved by:	re (kib)
Obtained from:	TrustedBSD Project
MFC after:	1 week
This commit is contained in:
Robert Watson 2009-06-27 13:58:44 +00:00
parent f291b9cd38
commit 14961ba789
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=195104
20 changed files with 291 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/amd64/amd64/sys_machdep.c
View File

@ -87,7 +87,7 @@ sysarch_ldt(struct thread *td, struct sysarch_args *uap, int uap_space)
* XXXKIB check that the BSM generation code knows to encode
* the op argument.
*/
AUDIT_ARG(cmd, uap->op);
AUDIT_ARG_CMD(uap->op);
if (uap_space == UIO_USERSPACE) {
error = copyin(uap->parms, &la, sizeof(struct i386_ldt_args));
if (error != 0)

2
sys/compat/freebsd32/freebsd32_misc.c
View File

@ -2924,7 +2924,7 @@ freebsd32_nmount(struct thread *td,
struct uio *auio;
int error;
AUDIT_ARG(fflags, uap->flags);
AUDIT_ARG_FFLAGS(uap->flags);
/*
* Filter out MNT_ROOTFS. We do not want clients of nmount() in

6
sys/compat/linux/linux_signal.c
View File

@ -546,8 +546,8 @@ linux_do_tkill(struct thread *td, l_int tgid, l_int pid, l_int signum)
ksiginfo_t ksi;
int error;
AUDIT_ARG(signum, signum);
AUDIT_ARG(pid, pid);
AUDIT_ARG_SIGNUM(signum);
AUDIT_ARG_PID(pid);
/*
* Allow signal 0 as a means to check for privileges
@ -563,7 +563,7 @@ linux_do_tkill(struct thread *td, l_int tgid, l_int pid, l_int signum)
return (ESRCH);
}
AUDIT_ARG(process, p);
AUDIT_ARG_PROCESS(p);
error = p_cansignal(td, p, signum);
if (error)
goto out;

2
sys/i386/i386/sys_machdep.c
View File

@ -107,7 +107,7 @@ sysarch(td, uap)
uint32_t base;
struct segment_descriptor sd, *sdp;
AUDIT_ARG(cmd, uap->op);
AUDIT_ARG_CMD(uap->op);
switch (uap->op) {
case I386_GET_IOPERM:
case I386_SET_IOPERM:

6
sys/kern/kern_descrip.c
View File

@ -1144,7 +1144,7 @@ closefrom(struct thread *td, struct closefrom_args *uap)
int fd;
fdp = td->td_proc->p_fd;
AUDIT_ARG(fd, uap->lowfd);
AUDIT_ARG_FD(uap->lowfd);
/*
* Treat negative starting file descriptor values identical to
@ -1219,12 +1219,12 @@ kern_fstat(struct thread *td, int fd, struct stat *sbp)
struct file *fp;
int error;
AUDIT_ARG(fd, fd);
AUDIT_ARG_FD(fd);
if ((error = fget(td, fd, &fp)) != 0)
return (error);
AUDIT_ARG(file, td->td_proc, fp);
AUDIT_ARG_FILE(td->td_proc, fp);
error = fo_stat(fp, sbp, td->td_ucred, td);
fdrop(fp, td);

8
sys/kern/kern_exec.c
View File

@ -274,9 +274,9 @@ kern_execve(td, args, mac_p)
struct proc *p = td->td_proc;
int error;
AUDIT_ARG(argv, args->begin_argv, args->argc,
AUDIT_ARG_ARGV(args->begin_argv, args->argc,
args->begin_envv - args->begin_argv);
AUDIT_ARG(envv, args->begin_envv, args->envc,
AUDIT_ARG_ENVV(args->begin_envv, args->envc,
args->endp - args->begin_envv);
if (p->p_flag & P_HADTHREADS) {
PROC_LOCK(p);
@ -413,13 +413,13 @@ do_execve(td, args, mac_p)
binvp = nd.ni_vp;
imgp->vp = binvp;
} else {
AUDIT_ARG(fd, args->fd);
AUDIT_ARG_FD(args->fd);
error = fgetvp(td, args->fd, &binvp);
if (error)
goto exec_fail;
vfslocked = VFS_LOCK_GIANT(binvp->v_mount);
vn_lock(binvp, LK_EXCLUSIVE | LK_RETRY);
AUDIT_ARG(vnode, binvp, ARG_VNODE1);
AUDIT_ARG_VNODE(binvp, ARG_VNODE1);
imgp->vp = binvp;
}

4
sys/kern/kern_exit.c
View File

@ -211,7 +211,7 @@ exit1(struct thread *td, int rv)
* it was. The exit status is WEXITSTATUS(rv), but it's not clear
* what the return value is.
*/
AUDIT_ARG(exit, WEXITSTATUS(rv), 0);
AUDIT_ARG_EXIT(WEXITSTATUS(rv), 0);
AUDIT_SYSCALL_EXIT(0, td);
#endif
@ -803,7 +803,7 @@ kern_wait(struct thread *td, pid_t pid, int *status, int options,
struct proc *p, *q;
int error, nfound;
AUDIT_ARG(pid, pid);
AUDIT_ARG_PID(pid);
q = td->td_proc;
if (pid == 0) {

4
sys/kern/kern_fork.c
View File

@ -146,7 +146,7 @@ rfork(td, uap)
if ((uap->flags & RFKERNELONLY) != 0)
return (EINVAL);
AUDIT_ARG(fflags, uap->flags);
AUDIT_ARG_FFLAGS(uap->flags);
error = fork1(td, uap->flags, 0, &p2);
if (error == 0) {
td->td_retval[0] = p2 ? p2->p_pid : 0;
@ -452,7 +452,7 @@ fork1(td, flags, pages, procp)
thread_lock(td);
sched_fork(td, td2);
thread_unlock(td);
AUDIT_ARG(pid, p2->p_pid);
AUDIT_ARG_PID(p2->p_pid);
LIST_INSERT_HEAD(&allproc, p2, p_list);
LIST_INSERT_HEAD(PIDHASH(p2->p_pid), p2, p_hash);

30
sys/kern/kern_prot.c
View File

@ -489,7 +489,7 @@ setuid(struct thread *td, struct setuid_args *uap)
int error;
uid = uap->uid;
AUDIT_ARG(uid, uid);
AUDIT_ARG_UID(uid);
newcred = crget();
uip = uifind(uid);
PROC_LOCK(p);
@ -600,7 +600,7 @@ seteuid(struct thread *td, struct seteuid_args *uap)
int error;
euid = uap->euid;
AUDIT_ARG(euid, euid);
AUDIT_ARG_EUID(euid);
newcred = crget();
euip = uifind(euid);
PROC_LOCK(p);
@ -656,7 +656,7 @@ setgid(struct thread *td, struct setgid_args *uap)
int error;
gid = uap->gid;
AUDIT_ARG(gid, gid);
AUDIT_ARG_GID(gid);
newcred = crget();
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
@ -754,7 +754,7 @@ setegid(struct thread *td, struct setegid_args *uap)
int error;
egid = uap->egid;
AUDIT_ARG(egid, egid);
AUDIT_ARG_EGID(egid);
newcred = crget();
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
@ -819,7 +819,7 @@ kern_setgroups(struct thread *td, u_int ngrp, gid_t *groups)
if (ngrp > NGROUPS)
return (EINVAL);
AUDIT_ARG(groupset, groups, ngrp);
AUDIT_ARG_GROUPSET(groups, ngrp);
newcred = crget();
crextend(newcred, ngrp);
PROC_LOCK(p);
@ -876,8 +876,8 @@ setreuid(register struct thread *td, struct setreuid_args *uap)
euid = uap->euid;
ruid = uap->ruid;
AUDIT_ARG(euid, euid);
AUDIT_ARG(ruid, ruid);
AUDIT_ARG_EUID(euid);
AUDIT_ARG_RUID(ruid);
newcred = crget();
euip = uifind(euid);
ruip = uifind(ruid);
@ -942,8 +942,8 @@ setregid(register struct thread *td, struct setregid_args *uap)
egid = uap->egid;
rgid = uap->rgid;
AUDIT_ARG(egid, egid);
AUDIT_ARG(rgid, rgid);
AUDIT_ARG_EGID(egid);
AUDIT_ARG_RGID(rgid);
newcred = crget();
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
@ -1009,9 +1009,9 @@ setresuid(register struct thread *td, struct setresuid_args *uap)
euid = uap->euid;
ruid = uap->ruid;
suid = uap->suid;
AUDIT_ARG(euid, euid);
AUDIT_ARG(ruid, ruid);
AUDIT_ARG(suid, suid);
AUDIT_ARG_EUID(euid);
AUDIT_ARG_RUID(ruid);
AUDIT_ARG_SUID(suid);
newcred = crget();
euip = uifind(euid);
ruip = uifind(ruid);
@ -1087,9 +1087,9 @@ setresgid(register struct thread *td, struct setresgid_args *uap)
egid = uap->egid;
rgid = uap->rgid;
sgid = uap->sgid;
AUDIT_ARG(egid, egid);
AUDIT_ARG(rgid, rgid);
AUDIT_ARG(sgid, sgid);
AUDIT_ARG_EGID(egid);
AUDIT_ARG_RGID(rgid);
AUDIT_ARG_SGID(sgid);
newcred = crget();
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);

10
sys/kern/kern_sig.c
View File

@ -1674,8 +1674,8 @@ kill(td, uap)
register struct proc *p;
int error;
AUDIT_ARG(signum, uap->signum);
AUDIT_ARG(pid, uap->pid);
AUDIT_ARG_SIGNUM(uap->signum);
AUDIT_ARG_PID(uap->pid);
if ((u_int)uap->signum > _SIG_MAXSIG)
return (EINVAL);
@ -1685,7 +1685,7 @@ kill(td, uap)
if ((p = zpfind(uap->pid)) == NULL)
return (ESRCH);
}
AUDIT_ARG(process, p);
AUDIT_ARG_PROCESS(p);
error = p_cansignal(td, p, uap->signum);
if (error == 0 && uap->signum)
psignal(p, uap->signum);
@ -1717,8 +1717,8 @@ okillpg(td, uap)
register struct okillpg_args *uap;
{
AUDIT_ARG(signum, uap->signum);
AUDIT_ARG(pid, uap->pgid);
AUDIT_ARG_SIGNUM(uap->signum);
AUDIT_ARG_PID(uap->pgid);
if ((u_int)uap->signum > _SIG_MAXSIG)
return (EINVAL);

4
sys/kern/kern_thr.c
View File

@ -350,7 +350,7 @@ thr_kill2(struct thread *td, struct thr_kill2_args *uap)
struct proc *p;
int error;
AUDIT_ARG(signum, uap->sig);
AUDIT_ARG_SIGNUM(uap->sig);
if (uap->pid == td->td_proc->p_pid) {
p = td->td_proc;
@ -358,7 +358,7 @@ thr_kill2(struct thread *td, struct thr_kill2_args *uap)
} else if ((p = pfind(uap->pid)) == NULL) {
return (ESRCH);
}
AUDIT_ARG(process, p);
AUDIT_ARG_PROCESS(p);
error = p_cansignal(td, p, uap->sig);
if (error == 0) {

4
sys/kern/sys_generic.c
View File

@ -561,13 +561,13 @@ kern_ftruncate(td, fd, length)
struct file *fp;
int error;
AUDIT_ARG(fd, fd);
AUDIT_ARG_FD(fd);
if (length < 0)
return (EINVAL);
error = fget(td, fd, &fp);
if (error)
return (error);
AUDIT_ARG(file, td->td_proc, fp);
AUDIT_ARG_FILE(td->td_proc, fp);
if (!(fp->f_flag & FWRITE)) {
fdrop(fp, td);
return (EINVAL);

10
sys/kern/sys_process.c
View File

@ -400,10 +400,10 @@ ptrace(struct thread *td, struct ptrace_args *uap)
if (SV_CURPROC_FLAG(SV_ILP32))
wrap32 = 1;
#endif
AUDIT_ARG(pid, uap->pid);
AUDIT_ARG(cmd, uap->req);
AUDIT_ARG(addr, uap->addr);
AUDIT_ARG(value, uap->data);
AUDIT_ARG_PID(uap->pid);
AUDIT_ARG_CMD(uap->req);
AUDIT_ARG_ADDR(uap->addr);
AUDIT_ARG_VALUE(uap->data);
addr = &r;
switch (uap->req) {
case PT_GETREGS:
@ -549,7 +549,7 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
pid = p->p_pid;
}
}
AUDIT_ARG(process, p);
AUDIT_ARG_PROCESS(p);
if ((p->p_flag & P_WEXIT) != 0) {
error = ESRCH;

56
sys/kern/vfs_extattr.c
View File

@ -70,8 +70,8 @@ extattrctl(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, fnvfslocked, error;
AUDIT_ARG(cmd, uap->cmd);
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_CMD(uap->cmd);
AUDIT_ARG_VALUE(uap->attrnamespace);
/*
* uap->attrname is not always defined. We check again later when we
* invoke the VFS call so as to pass in NULL there if needed.
@ -82,7 +82,7 @@ extattrctl(td, uap)
if (error)
return (error);
}
AUDIT_ARG(text, attrname);
AUDIT_ARG_TEXT(attrname);
vfslocked = fnvfslocked = 0;
mp = NULL;
@ -223,12 +223,12 @@ extattr_set_fd(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
AUDIT_ARG(fd, uap->fd);
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_FD(uap->fd);
AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
AUDIT_ARG(text, attrname);
AUDIT_ARG_TEXT(attrname);
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
if (error)
@ -258,11 +258,11 @@ extattr_set_file(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
AUDIT_ARG(text, attrname);
AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@ -295,11 +295,11 @@ extattr_set_link(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
AUDIT_ARG(text, attrname);
AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@ -403,12 +403,12 @@ extattr_get_fd(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
AUDIT_ARG(fd, uap->fd);
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_FD(uap->fd);
AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
AUDIT_ARG(text, attrname);
AUDIT_ARG_TEXT(attrname);
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
if (error)
@ -438,11 +438,11 @@ extattr_get_file(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
AUDIT_ARG(text, attrname);
AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@ -475,11 +475,11 @@ extattr_get_link(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
AUDIT_ARG(text, attrname);
AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@ -553,12 +553,12 @@ extattr_delete_fd(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
AUDIT_ARG(fd, uap->fd);
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_FD(uap->fd);
AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
AUDIT_ARG(text, attrname);
AUDIT_ARG_TEXT(attrname);
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
if (error)
@ -585,11 +585,11 @@ extattr_delete_file(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return(error);
AUDIT_ARG(text, attrname);
AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@ -618,11 +618,11 @@ extattr_delete_link(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return(error);
AUDIT_ARG(text, attrname);
AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@ -717,8 +717,8 @@ extattr_list_fd(td, uap)
struct file *fp;
int vfslocked, error;
AUDIT_ARG(fd, uap->fd);
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_FD(uap->fd);
AUDIT_ARG_VALUE(uap->attrnamespace);
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
if (error)
return (error);
@ -745,7 +745,7 @@ extattr_list_file(td, uap)
struct nameidata nd;
int vfslocked, error;
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_VALUE(uap->attrnamespace);
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
error = namei(&nd);
@ -775,7 +775,7 @@ extattr_list_link(td, uap)
struct nameidata nd;
int vfslocked, error;
AUDIT_ARG(value, uap->attrnamespace);
AUDIT_ARG_VALUE(uap->attrnamespace);
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
error = namei(&nd);

15
sys/kern/vfs_lookup.c
View File

@ -164,9 +164,9 @@ namei(struct nameidata *ndp)
/* If we are auditing the kernel pathname, save the user pathname. */
if (cnp->cn_flags & AUDITVNODE1)
AUDIT_ARG(upath, td, cnp->cn_pnbuf, ARG_UPATH1);
AUDIT_ARG_UPATH(td, cnp->cn_pnbuf, ARG_UPATH1);
if (cnp->cn_flags & AUDITVNODE2)
AUDIT_ARG(upath, td, cnp->cn_pnbuf, ARG_UPATH2);
AUDIT_ARG_UPATH(td, cnp->cn_pnbuf, ARG_UPATH2);
/*
* Don't allow empty pathnames.
@ -460,9 +460,6 @@ lookup(struct nameidata *ndp)
int dvfslocked; /* VFS Giant state for parent */
int tvfslocked;
int lkflags_save;
#ifdef AUDIT
struct thread *td = curthread;
#endif
/*
* Setup: break out flag bits into variables.
@ -572,9 +569,9 @@ lookup(struct nameidata *ndp)
ndp->ni_vp = dp;
if (cnp->cn_flags & AUDITVNODE1)
AUDIT_ARG(vnode, dp, ARG_VNODE1);
AUDIT_ARG_VNODE(dp, ARG_VNODE1);
else if (cnp->cn_flags & AUDITVNODE2)
AUDIT_ARG(vnode, dp, ARG_VNODE2);
AUDIT_ARG_VNODE(dp, ARG_VNODE2);
if (!(cnp->cn_flags & (LOCKPARENT | LOCKLEAF)))
VOP_UNLOCK(dp, 0);
@ -857,9 +854,9 @@ lookup(struct nameidata *ndp)
VOP_UNLOCK(ndp->ni_dvp, 0);
if (cnp->cn_flags & AUDITVNODE1)
AUDIT_ARG(vnode, dp, ARG_VNODE1);
AUDIT_ARG_VNODE(dp, ARG_VNODE1);
else if (cnp->cn_flags & AUDITVNODE2)
AUDIT_ARG(vnode, dp, ARG_VNODE2);
AUDIT_ARG_VNODE(dp, ARG_VNODE2);
if ((cnp->cn_flags & LOCKLEAF) == 0)
VOP_UNLOCK(dp, 0);

8
sys/kern/vfs_mount.c
View File

@ -388,7 +388,7 @@ nmount(td, uap)
int error;
u_int iovcnt;
AUDIT_ARG(fflags, uap->flags);
AUDIT_ARG_FFLAGS(uap->flags);
CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__,
uap->iovp, uap->iovcnt, uap->flags);
@ -750,7 +750,7 @@ mount(td, uap)
struct mntarg *ma = NULL;
int error;
AUDIT_ARG(fflags, uap->flags);
AUDIT_ARG_FFLAGS(uap->flags);
/*
* Filter out MNT_ROOTFS. We do not want clients of mount() in
@ -767,7 +767,7 @@ mount(td, uap)
return (error);
}
AUDIT_ARG(text, fstype);
AUDIT_ARG_TEXT(fstype);
mtx_lock(&Giant);
vfsp = vfs_byname_kld(fstype, td, &error);
free(fstype, M_TEMP);
@ -1125,7 +1125,7 @@ unmount(td, uap)
free(pathbuf, M_TEMP);
return (error);
}
AUDIT_ARG(upath, td, pathbuf, ARG_UPATH1);
AUDIT_ARG_UPATH(td, pathbuf, ARG_UPATH1);
mtx_lock(&Giant);
if (uap->flags & MNT_BYFSID) {
/* Decode the filesystem ID. */

64
sys/kern/vfs_syscalls.c
View File

@ -189,8 +189,8 @@ quotactl(td, uap)
int error;
struct nameidata nd;
AUDIT_ARG(cmd, uap->cmd);
AUDIT_ARG(uid, uap->uid);
AUDIT_ARG_CMD(uap->cmd);
AUDIT_ARG_UID(uap->uid);
if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS))
return (EPERM);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
@ -371,7 +371,7 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
struct vnode *vp;
int error;
AUDIT_ARG(fd, fd);
AUDIT_ARG_FD(fd);
error = getvnode(td->td_proc->p_fd, fd, &fp);
if (error)
return (error);
@ -379,7 +379,7 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
vn_lock(vp, LK_SHARED | LK_RETRY);
#ifdef AUDIT
AUDIT_ARG(vnode, vp, ARG_VNODE1);
AUDIT_ARG_VNODE(vp, ARG_VNODE1);
#endif
mp = vp->v_mount;
if (mp)
@ -744,7 +744,7 @@ fchdir(td, uap)
int vfslocked;
int error;
AUDIT_ARG(fd, uap->fd);
AUDIT_ARG_FD(uap->fd);
if ((error = getvnode(fdp, uap->fd, &fp)) != 0)
return (error);
vp = fp->f_vnode;
@ -752,7 +752,7 @@ fchdir(td, uap)
fdrop(fp, td);
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
vn_lock(vp, LK_SHARED | LK_RETRY);
AUDIT_ARG(vnode, vp, ARG_VNODE1);
AUDIT_ARG_VNODE(vp, ARG_VNODE1);
error = change_dir(vp, td);
while (!error && (mp = vp->v_mountedhere) != NULL) {
int tvfslocked;
@ -1055,8 +1055,8 @@ kern_openat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
struct nameidata nd;
int vfslocked;
AUDIT_ARG(fflags, flags);
AUDIT_ARG(mode, mode);
AUDIT_ARG_FFLAGS(flags);
AUDIT_ARG_MODE(mode);
/* XXX: audit dirfd */
/*
* Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR may
@ -1265,8 +1265,8 @@ kern_mknodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
struct nameidata nd;
int vfslocked;
AUDIT_ARG(mode, mode);
AUDIT_ARG(dev, dev);
AUDIT_ARG_MODE(mode);
AUDIT_ARG_DEV(dev);
switch (mode & S_IFMT) {
case S_IFCHR:
case S_IFBLK:
@ -1414,7 +1414,7 @@ kern_mkfifoat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
struct nameidata nd;
int vfslocked;
AUDIT_ARG(mode, mode);
AUDIT_ARG_MODE(mode);
restart:
bwillwrite();
NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
@ -1677,7 +1677,7 @@ kern_symlinkat(struct thread *td, char *path1, int fd, char *path2,
if ((error = copyinstr(path1, syspath, MAXPATHLEN, NULL)) != 0)
goto out;
}
AUDIT_ARG(text, syspath);
AUDIT_ARG_TEXT(syspath);
restart:
bwillwrite();
NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
@ -2689,7 +2689,7 @@ chflags(td, uap)
struct nameidata nd;
int vfslocked;
AUDIT_ARG(fflags, uap->flags);
AUDIT_ARG_FFLAGS(uap->flags);
NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
if ((error = namei(&nd)) != 0)
@ -2717,7 +2717,7 @@ lchflags(td, uap)
struct nameidata nd;
int vfslocked;
AUDIT_ARG(fflags, uap->flags);
AUDIT_ARG_FFLAGS(uap->flags);
NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
if ((error = namei(&nd)) != 0)
@ -2751,14 +2751,14 @@ fchflags(td, uap)
int vfslocked;
int error;
AUDIT_ARG(fd, uap->fd);
AUDIT_ARG(fflags, uap->flags);
AUDIT_ARG_FD(uap->fd);
AUDIT_ARG_FFLAGS(uap->flags);
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
#ifdef AUDIT
vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
AUDIT_ARG_VNODE(fp->f_vnode, ARG_VNODE1);
VOP_UNLOCK(fp->f_vnode, 0);
#endif
error = setfflags(td, fp->f_vnode, uap->flags);
@ -2877,7 +2877,7 @@ kern_fchmodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
int vfslocked;
int follow;
AUDIT_ARG(mode, mode);
AUDIT_ARG_MODE(mode);
follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
NDINIT_AT(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path,
fd, td);
@ -2912,14 +2912,14 @@ fchmod(td, uap)
int vfslocked;
int error;
AUDIT_ARG(fd, uap->fd);
AUDIT_ARG(mode, uap->mode);
AUDIT_ARG_FD(uap->fd);
AUDIT_ARG_MODE(uap->mode);
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
#ifdef AUDIT
vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
AUDIT_ARG_VNODE(fp->f_vnode, ARG_VNODE1);
VOP_UNLOCK(fp->f_vnode, 0);
#endif
error = setfmode(td, fp->f_vnode, uap->mode);
@ -3019,7 +3019,7 @@ kern_fchownat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
struct nameidata nd;
int error, vfslocked, follow;
AUDIT_ARG(owner, uid, gid);
AUDIT_ARG_OWNER(uid, gid);
follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
NDINIT_AT(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path,
fd, td);
@ -3089,14 +3089,14 @@ fchown(td, uap)
int vfslocked;
int error;
AUDIT_ARG(fd, uap->fd);
AUDIT_ARG(owner, uap->uid, uap->gid);
AUDIT_ARG_FD(uap->fd);
AUDIT_ARG_OWNER(uap->uid, uap->gid);
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
#ifdef AUDIT
vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
AUDIT_ARG_VNODE(fp->f_vnode, ARG_VNODE1);
VOP_UNLOCK(fp->f_vnode, 0);
#endif
error = setfown(td, fp->f_vnode, uap->uid, uap->gid);
@ -3324,7 +3324,7 @@ kern_futimes(struct thread *td, int fd, struct timeval *tptr,
int vfslocked;
int error;
AUDIT_ARG(fd, fd);
AUDIT_ARG_FD(fd);
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
return (error);
if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0)
@ -3332,7 +3332,7 @@ kern_futimes(struct thread *td, int fd, struct timeval *tptr,
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
#ifdef AUDIT
vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
AUDIT_ARG_VNODE(fp->f_vnode, ARG_VNODE1);
VOP_UNLOCK(fp->f_vnode, 0);
#endif
error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
@ -3478,7 +3478,7 @@ fsync(td, uap)
int vfslocked;
int error, lock_flags;
AUDIT_ARG(fd, uap->fd);
AUDIT_ARG_FD(uap->fd);
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vp = fp->f_vnode;
@ -3492,7 +3492,7 @@ fsync(td, uap)
lock_flags = LK_EXCLUSIVE;
}
vn_lock(vp, lock_flags | LK_RETRY);
AUDIT_ARG(vnode, vp, ARG_VNODE1);
AUDIT_ARG_VNODE(vp, ARG_VNODE1);
if (vp->v_object != NULL) {
VM_OBJECT_LOCK(vp->v_object);
vm_object_page_clean(vp->v_object, 0, 0, 0);
@ -3717,7 +3717,7 @@ kern_mkdirat(struct thread *td, int fd, char *path, enum uio_seg segflg,
struct nameidata nd;
int vfslocked;
AUDIT_ARG(mode, mode);
AUDIT_ARG_MODE(mode);
restart:
bwillwrite();
NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
@ -4056,7 +4056,7 @@ kern_getdirentries(struct thread *td, int fd, char *buf, u_int count,
long loff;
int error, eofflag;
AUDIT_ARG(fd, fd);
AUDIT_ARG_FD(fd);
if (count > INT_MAX)
return (EINVAL);
if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0)
@ -4082,7 +4082,7 @@ kern_getdirentries(struct thread *td, int fd, char *buf, u_int count,
auio.uio_td = td;
auio.uio_resid = count;
vn_lock(vp, LK_SHARED | LK_RETRY);
AUDIT_ARG(vnode, vp, ARG_VNODE1);
AUDIT_ARG_VNODE(vp, ARG_VNODE1);
loff = auio.uio_offset = fp->f_offset;
#ifdef MAC
error = mac_vnode_check_readdir(td->td_ucred, vp);

2
sys/nfs/nfs_nfssvc.c
View File

@ -79,7 +79,7 @@ nfssvc(struct thread *td, struct nfssvc_args *uap)
KASSERT(!mtx_owned(&Giant), ("nfssvc(): called with Giant"));
AUDIT_ARG(cmd, uap->flag);
AUDIT_ARG_CMD(uap->flag);
error = priv_check(td, PRIV_NFS_DAEMON);
if (error)

185
sys/security/audit/audit.h
View File

@ -182,12 +182,149 @@ void audit_thread_alloc(struct thread *td);
void audit_thread_free(struct thread *td);
/*
* Define a macro to wrap the audit_arg_* calls by checking the global
* Define macros to wrap the audit_arg_* calls by checking the global
* audit_enabled flag before performing the actual call.
*/
#define AUDIT_ARG(op, args...) do { \
if (td->td_pflags & TDP_AUDITREC) \
audit_arg_ ## op (args); \
#define AUDITING_TD(td) ((td)->td_pflags & TDP_AUDITREC)
#define AUDIT_ARG_ADDR(addr) do { \
if (AUDITING_TD(curthread)) \
audit_arg_addr((addr)); \
} while (0)
#define AUDIT_ARG_ARGV(argv, argc, length) do { \
if (AUDITING_TD(curthread)) \
audit_arg_argv((argv), (argc), (length)); \
} while (0)
#define AUDIT_ARG_AUDITON(udata) do { \
if (AUDITING_TD(curthread)) \
audit_arg_auditon((udata)); \
} while (0)
#define AUDIT_ARG_CMD(cmd) do { \
if (AUDITING_TD(curthread)) \
audit_arg_cmd((cmd)); \
} while (0)
#define AUDIT_ARG_DEV(dev) do { \
if (AUDITING_TD(curthread)) \
audit_arg_dev((dev)); \
} while (0)
#define AUDIT_ARG_EGID(egid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_egid((egid)); \
} while (0)
#define AUDIT_ARG_ENVV(envv, envc, length) do { \
if (AUDITING_TD(curthread)) \
audit_arg_envv((envv), (envc), (length)); \
} while (0)
#define AUDIT_ARG_EXIT(status, retval) do { \
if (AUDITING_TD(curthread)) \
audit_arg_exit((status), (retval)); \
} while (0)
#define AUDIT_ARG_EUID(euid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_euid((euid)); \
} while (0)
#define AUDIT_ARG_FD(fd) do { \
if (AUDITING_TD(curthread)) \
audit_arg_fd((fd)); \
} while (0)
#define AUDIT_ARG_FILE(p, fp) do { \
if (AUDITING_TD(curthread)) \
audit_arg_file((p), (fp)); \
} while (0)
#define AUDIT_ARG_FFLAGS(fflags) do { \
if (AUDITING_TD(curthread)) \
audit_arg_fflags((fflags)); \
} while (0)
#define AUDIT_ARG_GID(gid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_gid((gid)); \
} while (0)
#define AUDIT_ARG_GROUPSET(gidset, gidset_size) do { \
if (AUDITING_TD(curthread)) \
audit_arg_groupset((gidset), (gidset_size)); \
} while (0)
#define AUDIT_ARG_MODE(mode) do { \
if (AUDITING_TD(curthread)) \
audit_arg_mode((mode)); \
} while (0)
#define AUDIT_ARG_OWNER(uid, gid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_owner((uid), (gid)); \
} while (0)
#define AUDIT_ARG_PID(pid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_pid((pid)); \
} while (0)
#define AUDIT_ARG_PROCESS(p) do { \
if (AUDITING_TD(curthread)) \
audit_arg_process((p)); \
} while (0)
#define AUDIT_ARG_RGID(rgid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_gid((rgid)); \
} while (0)
#define AUDIT_ARG_RUID(ruid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_ruid((ruid)); \
} while (0)
#define AUDIT_ARG_SIGNUM(signum) do { \
if (AUDITING_TD(curthread)) \
audit_arg_signum((signum)); \
} while (0)
#define AUDIT_ARG_SGID(sgid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_sgid((sgid)); \
} while (0)
#define AUDIT_ARG_SUID(suid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_suid((suid)); \
} while (0)
#define AUDIT_ARG_TEXT(text) do { \
if (AUDITING_TD(curthread)) \
audit_arg_text((text)); \
} while (0)
#define AUDIT_ARG_UID(uid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_uid((uid)); \
} while (0)
#define AUDIT_ARG_UPATH(td, upath, flags) do { \
if (AUDITING_TD(curthread)) \
audit_arg_upath((td), (upath), (flags)); \
} while (0)
#define AUDIT_ARG_VALUE(value) do { \
if (AUDITING_TD(curthread)) \
audit_arg_value((value)); \
} while (0)
#define AUDIT_ARG_VNODE(vp, flags) do { \
if (AUDITING_TD(curthread)) \
audit_arg_vnode((vp), (flags)); \
} while (0)
#define AUDIT_SYSCALL_ENTER(code, td) do { \
@ -216,17 +353,39 @@ void audit_thread_free(struct thread *td);
#else /* !AUDIT */
#define AUDIT_ARG(op, args...) do { \
} while (0)
#define AUDIT_ARG_ADDR(addr)
#define AUDIT_ARG_ARGV(argv, argc, length)
#define AUDIT_ARG_AUDITON(udata)
#define AUDIT_ARG_CMD(cmd)
#define AUDIT_ARG_DEV(dev)
#define AUDIT_ARG_EGID(egid)
#define AUDIT_ARG_ENVV(envv, envc, length)
#define AUDIT_ARG_EXIT(status, retval)
#define AUDIT_ARG_EUID(euid)
#define AUDIT_ARG_FD(fd)
#define AUDIT_ARG_FILE(p, fp)
#define AUDIT_ARG_FFLAGS(fflags)
#define AUDIT_ARG_GID(gid)
#define AUDIT_ARG_GROUPSET(gidset, gidset_size)
#define AUDIT_ARG_MODE(mode)
#define AUDIT_ARG_OWNER(uid, gid)
#define AUDIT_ARG_PID(pid)
#define AUDIT_ARG_PROCESS(p)
#define AUDIT_ARG_RGID(rgid)
#define AUDIT_ARG_RUID(ruid)
#define AUDIT_ARG_SIGNUM(signum)
#define AUDIT_ARG_SGID(sgid)
#define AUDIT_ARG_SUID(suid)
#define AUDIT_ARG_TEXT(text)
#define AUDIT_ARG_UID(uid)
#define AUDIT_ARG_UPATH(td, upath, flags)
#define AUDIT_ARG_VALUE(value)
#define AUDIT_ARG_VNODE(vp, flags)
#define AUDIT_SYSCALL_ENTER(code, td) do { \
} while (0)
#define AUDIT_SYSCALL_ENTER(code, td)
#define AUDIT_SYSCALL_EXIT(error, td)
#define AUDIT_SYSCALL_EXIT(error, td) do { \
} while (0)
#define AUDIT_SYSCLOSE(p, fd) do { \
} while (0)
#define AUDIT_SYSCLOSE(p, fd)
#endif /* AUDIT */

4
sys/security/audit/audit_syscalls.c
View File

@ -163,7 +163,7 @@ auditon(struct thread *td, struct auditon_args *uap)
if (jailed(td->td_ucred))
return (ENOSYS);
AUDIT_ARG(cmd, uap->cmd);
AUDIT_ARG_CMD(uap->cmd);
#ifdef MAC
error = mac_system_check_auditon(td->td_ucred, uap->cmd);
@ -205,7 +205,7 @@ auditon(struct thread *td, struct auditon_args *uap)
error = copyin(uap->data, (void *)&udata, uap->length);
if (error)
return (error);
AUDIT_ARG(auditon, &udata);
AUDIT_ARG_AUDITON(&udata);
break;
}