Changeset View
Changeset View
Standalone View
Standalone View
head/sys/security/audit/audit_private.h
Show First 20 Lines • Show All 88 Lines • ▼ Show 20 Lines | |||||
#define AR_COMMIT_USER 0x00000010U | #define AR_COMMIT_USER 0x00000010U | ||||
#define AR_PRESELECT_TRAIL 0x00001000U | #define AR_PRESELECT_TRAIL 0x00001000U | ||||
#define AR_PRESELECT_PIPE 0x00002000U | #define AR_PRESELECT_PIPE 0x00002000U | ||||
#define AR_PRESELECT_USER_TRAIL 0x00004000U | #define AR_PRESELECT_USER_TRAIL 0x00004000U | ||||
#define AR_PRESELECT_USER_PIPE 0x00008000U | #define AR_PRESELECT_USER_PIPE 0x00008000U | ||||
#define AR_PRESELECT_DTRACE 0x00010000U | |||||
/* | /* | ||||
* Audit data is generated as a stream of struct audit_record structures, | * Audit data is generated as a stream of struct audit_record structures, | ||||
* linked by struct kaudit_record, and contain storage for possible audit so | * linked by struct kaudit_record, and contain storage for possible audit so | ||||
* that it will not need to be allocated during the processing of a system | * that it will not need to be allocated during the processing of a system | ||||
* call, both improving efficiency and avoiding sleeping at untimely moments. | * call, both improving efficiency and avoiding sleeping at untimely moments. | ||||
* This structure is converted to BSM format before being written to disk. | * This structure is converted to BSM format before being written to disk. | ||||
*/ | */ | ||||
struct vnode_au_info { | struct vnode_au_info { | ||||
▲ Show 20 Lines • Show All 213 Lines • ▼ Show 20 Lines | |||||
* passed through to the audit writing mechanism. | * passed through to the audit writing mechanism. | ||||
*/ | */ | ||||
struct kaudit_record { | struct kaudit_record { | ||||
struct audit_record k_ar; | struct audit_record k_ar; | ||||
u_int32_t k_ar_commit; | u_int32_t k_ar_commit; | ||||
void *k_udata; /* User data. */ | void *k_udata; /* User data. */ | ||||
u_int k_ulen; /* User data length. */ | u_int k_ulen; /* User data length. */ | ||||
struct uthread *k_uthread; /* Audited thread. */ | struct uthread *k_uthread; /* Audited thread. */ | ||||
#ifdef KDTRACE_HOOKS | |||||
void *k_dtaudit_state; | |||||
#endif | |||||
TAILQ_ENTRY(kaudit_record) k_q; | TAILQ_ENTRY(kaudit_record) k_q; | ||||
}; | }; | ||||
TAILQ_HEAD(kaudit_queue, kaudit_record); | TAILQ_HEAD(kaudit_queue, kaudit_record); | ||||
/* | /* | ||||
* Functions to manage the allocation, release, and commit of kernel audit | * Functions to manage the allocation, release, and commit of kernel audit | ||||
* records. | * records. | ||||
*/ | */ | ||||
Show All 40 Lines | |||||
*/ | */ | ||||
#define AUDIT_OPEN_FLAGS (FWRITE | O_APPEND) | #define AUDIT_OPEN_FLAGS (FWRITE | O_APPEND) | ||||
#define AUDIT_CLOSE_FLAGS (FWRITE | O_APPEND) | #define AUDIT_CLOSE_FLAGS (FWRITE | O_APPEND) | ||||
/* | /* | ||||
* Audit event-to-name mapping structure, maintained in audit_bsm_klib.c. It | * Audit event-to-name mapping structure, maintained in audit_bsm_klib.c. It | ||||
* appears in this header so that the DTrace audit provider can dereference | * appears in this header so that the DTrace audit provider can dereference | ||||
* instances passed back in the au_evname_foreach() callbacks. Safe access to | * instances passed back in the au_evname_foreach() callbacks. Safe access to | ||||
* its fields rquires holding ene_lock (after it is visible in the global | * its fields requires holding ene_lock (after it is visible in the global | ||||
* table). | * table). | ||||
* | * | ||||
* Locking: | * Locking: | ||||
* (c) - Constant after inserted in the global table | * (c) - Constant after inserted in the global table | ||||
* (l) - Protected by ene_lock | * (l) - Protected by ene_lock | ||||
* (m) - Protected by evnamemap_lock (audit_bsm_klib.c) | * (m) - Protected by evnamemap_lock (audit_bsm_klib.c) | ||||
* (M) - Writes protected by evnamemap_lock; reads unprotected. | * (M) - Writes protected by evnamemap_lock; reads unprotected. | ||||
*/ | */ | ||||
struct evname_elem { | struct evname_elem { | ||||
au_event_t ene_event; /* (c) */ | au_event_t ene_event; /* (c) */ | ||||
char ene_name[EVNAMEMAP_NAME_SIZE]; /* (l) */ | char ene_name[EVNAMEMAP_NAME_SIZE]; /* (l) */ | ||||
LIST_ENTRY(evname_elem) ene_entry; /* (m) */ | LIST_ENTRY(evname_elem) ene_entry; /* (m) */ | ||||
struct mtx ene_lock; | struct mtx ene_lock; | ||||
#ifdef KDTRACE_HOOKS | |||||
/* DTrace probe IDs; 0 if not yet registered. */ | |||||
uint32_t ene_commit_probe_id; /* (M) */ | |||||
uint32_t ene_bsm_probe_id; /* (M) */ | |||||
/* Flags indicating if the probes enabled or not. */ | |||||
int ene_commit_probe_enabled; /* (M) */ | |||||
int ene_bsm_probe_enabled; /* (M) */ | |||||
#endif | |||||
}; | }; | ||||
#define EVNAME_LOCK(ene) mtx_lock(&(ene)->ene_lock) | #define EVNAME_LOCK(ene) mtx_lock(&(ene)->ene_lock) | ||||
#define EVNAME_UNLOCK(ene) mtx_unlock(&(ene)->ene_lock) | #define EVNAME_UNLOCK(ene) mtx_unlock(&(ene)->ene_lock) | ||||
/* | /* | ||||
* Callback function typedef for the same. | * Callback function typedef for the same. | ||||
*/ | */ | ||||
typedef void (*au_evnamemap_callback_t)(struct evname_elem *ene); | typedef void (*au_evnamemap_callback_t)(struct evname_elem *ene); | ||||
/* | |||||
* DTrace audit provider (dtaudit) hooks -- to be set non-NULL when the audit | |||||
* provider is loaded and ready to be called into. | |||||
*/ | |||||
#ifdef KDTRACE_HOOKS | |||||
extern void *(*dtaudit_hook_preselect)(au_id_t auid, au_event_t event, | |||||
au_class_t class); | |||||
extern int (*dtaudit_hook_commit)(struct kaudit_record *kar, | |||||
au_id_t auid, au_event_t event, au_class_t class, | |||||
int sorf); | |||||
extern void (*dtaudit_hook_bsm)(struct kaudit_record *kar, au_id_t auid, | |||||
au_event_t event, au_class_t class, int sorf, | |||||
void *bsm_data, size_t bsm_len); | |||||
#endif /* !KDTRACE_HOOKS */ | |||||
#include <sys/fcntl.h> | #include <sys/fcntl.h> | ||||
#include <sys/kernel.h> | #include <sys/kernel.h> | ||||
#include <sys/malloc.h> | #include <sys/malloc.h> | ||||
/* | /* | ||||
* Some of the BSM tokenizer functions take different parameters in the | * Some of the BSM tokenizer functions take different parameters in the | ||||
* kernel implementations in order to save the copying of large kernel data | * kernel implementations in order to save the copying of large kernel data | ||||
* structures. The prototypes of these functions are declared here. | * structures. The prototypes of these functions are declared here. | ||||
*/ | */ | ||||
token_t *kau_to_socket(struct socket_au_info *soi); | token_t *kau_to_socket(struct socket_au_info *soi); | ||||
/* | /* | ||||
* audit_klib prototypes | * audit_klib prototypes | ||||
*/ | */ | ||||
int au_preselect(au_event_t event, au_class_t class, | int au_preselect(au_event_t event, au_class_t class, | ||||
au_mask_t *mask_p, int sorf); | au_mask_t *mask_p, int sorf); | ||||
void au_evclassmap_init(void); | void au_evclassmap_init(void); | ||||
void au_evclassmap_insert(au_event_t event, au_class_t class); | void au_evclassmap_insert(au_event_t event, au_class_t class); | ||||
au_class_t au_event_class(au_event_t event); | au_class_t au_event_class(au_event_t event); | ||||
void au_evnamemap_init(void); | void au_evnamemap_init(void); | ||||
void au_evnamemap_insert(au_event_t event, const char *name); | void au_evnamemap_insert(au_event_t event, const char *name); | ||||
void au_evnamemap_foreach(au_evnamemap_callback_t callback); | void au_evnamemap_foreach(au_evnamemap_callback_t callback); | ||||
#ifdef KDTRACE_HOOKS | |||||
struct evname_elem *au_evnamemap_lookup(au_event_t event); | |||||
#endif | |||||
int au_event_name(au_event_t event, char *name); | int au_event_name(au_event_t event, char *name); | ||||
au_event_t audit_ctlname_to_sysctlevent(int name[], uint64_t valid_arg); | au_event_t audit_ctlname_to_sysctlevent(int name[], uint64_t valid_arg); | ||||
au_event_t audit_flags_and_error_to_openevent(int oflags, int error); | au_event_t audit_flags_and_error_to_openevent(int oflags, int error); | ||||
au_event_t audit_flags_and_error_to_openatevent(int oflags, int error); | au_event_t audit_flags_and_error_to_openatevent(int oflags, int error); | ||||
au_event_t audit_msgctl_to_event(int cmd); | au_event_t audit_msgctl_to_event(int cmd); | ||||
au_event_t audit_semctl_to_event(int cmr); | au_event_t audit_semctl_to_event(int cmr); | ||||
void audit_canon_path(struct thread *td, int dirfd, char *path, | void audit_canon_path(struct thread *td, int dirfd, char *path, | ||||
char *cpath); | char *cpath); | ||||
Show All 35 Lines |