From 03f7b00438a14be17cf6a7b44fc1d1076eb65c53 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Wed, 1 Jul 2009 22:47:45 +0000 Subject: [PATCH] For access(2) and eaccess(2), audit the requested access mode. Approved by: re (audit argument blanket) MFC after: 3 days --- sys/kern/vfs_syscalls.c | 1 + sys/security/audit/audit_bsm.c | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 2008efe8bf6..7252c4779b3 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -2133,6 +2133,7 @@ kern_accessat(struct thread *td, int fd, char *path, enum uio_seg pathseg, td->td_ucred = tmpcred; } else cred = tmpcred = td->td_ucred; + AUDIT_ARG_VALUE(mode); NDINIT_AT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | MPSAFE | AUDITVNODE1, pathseg, path, fd, td); if ((error = namei(&nd)) != 0) diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index 4b2b6f12104..dd23c992eb7 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -706,10 +706,8 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) } /* FALLTHROUGH */ - case AUE_ACCESS: case AUE_CHDIR: case AUE_CHROOT: - case AUE_EACCESS: case AUE_GETATTRLIST: case AUE_JAIL: case AUE_LUTIMES: @@ -732,6 +730,15 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) UPATH1_VNODE1_TOKENS; break; + case AUE_ACCESS: + case AUE_EACCESS: + UPATH1_VNODE1_TOKENS; + if (ARG_IS_VALID(kar, ARG_VALUE)) { + tok = au_to_arg32(1, "mode", ar->ar_arg_value); + kau_write(rec, tok); + } + break; + case AUE_FHSTATFS: case AUE_FHOPEN: case AUE_FHSTAT: