mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-13 10:02:38 +00:00
Code Issues Releases Activity

Various BSM generation improvements when auditing AUE_ACCEPT,

Browse Source 
AUE_PROCCTL, AUE_SENDFILE, AUE_ACL_*, and AUE_POSIX_FALLOCATE.
Audit AUE_SHMUNLINK path in the path token rather than as a
text string, and AUE_SHMOPEN flags as an integer token rather
than a System V IPC address token.

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
Sponsored by:	DARPA, AFRL
This commit is contained in:
Robert Watson 2017-03-30 21:39:03 +00:00
parent a4ba650262
commit b65ec5e523
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=316305
1 changed files with 68 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
sys/security/audit/audit_bsm.c
View File

@ -530,6 +530,23 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
*/
switch(ar->ar_event) {
case AUE_ACCEPT:
if (ARG_IS_VALID(kar, ARG_FD)) {
tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
kau_write(rec, tok);
}
if (ARG_IS_VALID(kar, ARG_SADDRINET)) {
tok = au_to_sock_inet((struct sockaddr_in *)
&ar->ar_arg_sockaddr);
kau_write(rec, tok);
}
if (ARG_IS_VALID(kar, ARG_SADDRUNIX)) {
tok = au_to_sock_unix((struct sockaddr_un *)
&ar->ar_arg_sockaddr);
kau_write(rec, tok);
UPATH1_TOKENS;
}
break;
case AUE_BIND:
case AUE_LISTEN:
case AUE_CONNECT:
@ -537,7 +554,6 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_RECVFROM:
case AUE_RECVMSG:
case AUE_SEND:
case AUE_SENDFILE:
case AUE_SENDMSG:
case AUE_SENDTO:
/*
@ -576,6 +592,22 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
break;
case AUE_SENDFILE:
FD_VNODE1_TOKENS;
if (ARG_IS_VALID(kar, ARG_SADDRINET)) {
tok = au_to_sock_inet((struct sockaddr_in *)
&ar->ar_arg_sockaddr);
kau_write(rec, tok);
}
if (ARG_IS_VALID(kar, ARG_SADDRUNIX)) {
tok = au_to_sock_unix((struct sockaddr_un *)
&ar->ar_arg_sockaddr);
kau_write(rec, tok);
UPATH1_TOKENS;
}
/* XXX Need to handle ARG_SADDRINET6 */
break;
case AUE_SOCKET:
case AUE_SOCKETPAIR:
if (ARG_IS_VALID(kar, ARG_SOCKINFO)) {
@ -749,6 +781,26 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
*/
break;
case AUE_ACL_DELETE_FD:
case AUE_ACL_DELETE_FILE:
case AUE_ACL_CHECK_FD:
case AUE_ACL_CHECK_FILE:
case AUE_ACL_CHECK_LINK:
case AUE_ACL_DELETE_LINK:
case AUE_ACL_GET_FD:
case AUE_ACL_GET_FILE:
case AUE_ACL_GET_LINK:
case AUE_ACL_SET_FD:
case AUE_ACL_SET_FILE:
case AUE_ACL_SET_LINK:
if (ARG_IS_VALID(kar, ARG_VALUE)) {
tok = au_to_arg32(1, "type", ar->ar_arg_value);
kau_write(rec, tok);
}
ATFD1_TOKENS(1);
UPATH1_VNODE1_TOKENS;
break;
case AUE_CHDIR:
case AUE_CHROOT:
case AUE_FSTATAT:
@ -959,6 +1011,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_GETDIRENTRIESATTR:
case AUE_LSEEK:
case AUE_POLL:
case AUE_POSIX_FALLOCATE:
case AUE_PREAD:
case AUE_PWRITE:
case AUE_READ:
@ -1245,6 +1298,18 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
UPATH1_VNODE1_TOKENS;
break;
case AUE_PROCCTL:
if (ARG_IS_VALID(kar, ARG_VALUE)) {
tok = au_to_arg32(1, "idtype", ar->ar_arg_value);
kau_write(rec, tok);
}
if (ARG_IS_VALID(kar, ARG_CMD)) {
tok = au_to_arg32(2, "com", ar->ar_arg_cmd);
kau_write(rec, tok);
}
PROCESS_PID_TOKENS(3);
break;
case AUE_PTRACE:
if (ARG_IS_VALID(kar, ARG_CMD)) {
tok = au_to_arg32(1, "request", ar->ar_arg_cmd);
@ -1499,7 +1564,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
/* AUE_SHMOPEN, AUE_SHMUNLINK, AUE_SEMOPEN, AUE_SEMCLOSE
* and AUE_SEMUNLINK are Posix IPC */
case AUE_SHMOPEN:
if (ARG_IS_VALID(kar, ARG_SVIPC_ADDR)) {
if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
kau_write(rec, tok);
}
@ -1510,10 +1575,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
/* FALLTHROUGH */
case AUE_SHMUNLINK:
if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
}
UPATH1_TOKENS;
if (ARG_IS_VALID(kar, ARG_POSIX_IPC_PERM)) {
struct ipc_perm perm;