Page MenuHomeFreeBSD
Differential D10149 Diff 26790 head/sys/security/audit/audit_private.h

Changeset View

Standalone View

View Options

head/sys/security/audit/audit_private.h

Show First 20 LinesShow All 88 Lines▼ Show 20 Lines
#define AR_COMMIT_USER 0x00000010U #define AR_COMMIT_USER 0x00000010U
#define AR_PRESELECT_TRAIL 0x00001000U #define AR_PRESELECT_TRAIL 0x00001000U
#define AR_PRESELECT_PIPE 0x00002000U #define AR_PRESELECT_PIPE 0x00002000U
#define AR_PRESELECT_USER_TRAIL 0x00004000U #define AR_PRESELECT_USER_TRAIL 0x00004000U
#define AR_PRESELECT_USER_PIPE 0x00008000U #define AR_PRESELECT_USER_PIPE 0x00008000U
#define AR_PRESELECT_DTRACE 0x00010000U
/* /*
* Audit data is generated as a stream of struct audit_record structures, * Audit data is generated as a stream of struct audit_record structures,
* linked by struct kaudit_record, and contain storage for possible audit so * linked by struct kaudit_record, and contain storage for possible audit so
* that it will not need to be allocated during the processing of a system * that it will not need to be allocated during the processing of a system
* call, both improving efficiency and avoiding sleeping at untimely moments. * call, both improving efficiency and avoiding sleeping at untimely moments.
* This structure is converted to BSM format before being written to disk. * This structure is converted to BSM format before being written to disk.
*/ */
struct vnode_au_info { struct vnode_au_info {
▲ Show 20 LinesShow All 213 Lines▼ Show 20 Lines
* passed through to the audit writing mechanism. * passed through to the audit writing mechanism.
*/ */
struct kaudit_record { struct kaudit_record {
struct audit_record k_ar; struct audit_record k_ar;
u_int32_t k_ar_commit; u_int32_t k_ar_commit;
void *k_udata; /* User data. */ void *k_udata; /* User data. */
u_int k_ulen; /* User data length. */ u_int k_ulen; /* User data length. */
struct uthread *k_uthread; /* Audited thread. */ struct uthread *k_uthread; /* Audited thread. */
#ifdef KDTRACE_HOOKS
void *k_dtaudit_state;
#endif
TAILQ_ENTRY(kaudit_record) k_q; TAILQ_ENTRY(kaudit_record) k_q;
}; };
TAILQ_HEAD(kaudit_queue, kaudit_record); TAILQ_HEAD(kaudit_queue, kaudit_record);
/* /*
* Functions to manage the allocation, release, and commit of kernel audit * Functions to manage the allocation, release, and commit of kernel audit
* records. * records.
*/ */
Show All 40 Lines
*/ */
#define AUDIT_OPEN_FLAGS (FWRITE | O_APPEND) #define AUDIT_OPEN_FLAGS (FWRITE | O_APPEND)
#define AUDIT_CLOSE_FLAGS (FWRITE | O_APPEND) #define AUDIT_CLOSE_FLAGS (FWRITE | O_APPEND)
/* /*
* Audit event-to-name mapping structure, maintained in audit_bsm_klib.c. It * Audit event-to-name mapping structure, maintained in audit_bsm_klib.c. It
* appears in this header so that the DTrace audit provider can dereference * appears in this header so that the DTrace audit provider can dereference
* instances passed back in the au_evname_foreach() callbacks. Safe access to * instances passed back in the au_evname_foreach() callbacks. Safe access to
* its fields rquires holding ene_lock (after it is visible in the global * its fields requires holding ene_lock (after it is visible in the global
* table). * table).
* *
* Locking: * Locking:
* (c) - Constant after inserted in the global table * (c) - Constant after inserted in the global table
* (l) - Protected by ene_lock * (l) - Protected by ene_lock
* (m) - Protected by evnamemap_lock (audit_bsm_klib.c) * (m) - Protected by evnamemap_lock (audit_bsm_klib.c)
* (M) - Writes protected by evnamemap_lock; reads unprotected. * (M) - Writes protected by evnamemap_lock; reads unprotected.
*/ */
struct evname_elem { struct evname_elem {
au_event_t ene_event; /* (c) */ au_event_t ene_event; /* (c) */
char ene_name[EVNAMEMAP_NAME_SIZE]; /* (l) */ char ene_name[EVNAMEMAP_NAME_SIZE]; /* (l) */
LIST_ENTRY(evname_elem) ene_entry; /* (m) */ LIST_ENTRY(evname_elem) ene_entry; /* (m) */
struct mtx ene_lock; struct mtx ene_lock;
#ifdef KDTRACE_HOOKS
/* DTrace probe IDs; 0 if not yet registered. */
uint32_t ene_commit_probe_id; /* (M) */
uint32_t ene_bsm_probe_id; /* (M) */
/* Flags indicating if the probes enabled or not. */
int ene_commit_probe_enabled; /* (M) */
int ene_bsm_probe_enabled; /* (M) */
#endif
}; };
#define EVNAME_LOCK(ene) mtx_lock(&(ene)->ene_lock) #define EVNAME_LOCK(ene) mtx_lock(&(ene)->ene_lock)
#define EVNAME_UNLOCK(ene) mtx_unlock(&(ene)->ene_lock) #define EVNAME_UNLOCK(ene) mtx_unlock(&(ene)->ene_lock)
/* /*
* Callback function typedef for the same. * Callback function typedef for the same.
*/ */
typedef void (*au_evnamemap_callback_t)(struct evname_elem *ene); typedef void (*au_evnamemap_callback_t)(struct evname_elem *ene);
/*
* DTrace audit provider (dtaudit) hooks -- to be set non-NULL when the audit
* provider is loaded and ready to be called into.
*/
#ifdef KDTRACE_HOOKS
extern void *(*dtaudit_hook_preselect)(au_id_t auid, au_event_t event,
au_class_t class);
extern int (*dtaudit_hook_commit)(struct kaudit_record *kar,
au_id_t auid, au_event_t event, au_class_t class,
int sorf);
extern void (*dtaudit_hook_bsm)(struct kaudit_record *kar, au_id_t auid,
au_event_t event, au_class_t class, int sorf,
void *bsm_data, size_t bsm_len);
#endif /* !KDTRACE_HOOKS */
#include <sys/fcntl.h> #include <sys/fcntl.h>
#include <sys/kernel.h> #include <sys/kernel.h>
#include <sys/malloc.h> #include <sys/malloc.h>
/* /*
* Some of the BSM tokenizer functions take different parameters in the * Some of the BSM tokenizer functions take different parameters in the
* kernel implementations in order to save the copying of large kernel data * kernel implementations in order to save the copying of large kernel data
* structures. The prototypes of these functions are declared here. * structures. The prototypes of these functions are declared here.
*/ */
token_t *kau_to_socket(struct socket_au_info *soi); token_t *kau_to_socket(struct socket_au_info *soi);
/* /*
* audit_klib prototypes * audit_klib prototypes
*/ */
int au_preselect(au_event_t event, au_class_t class, int au_preselect(au_event_t event, au_class_t class,
au_mask_t *mask_p, int sorf); au_mask_t *mask_p, int sorf);
void au_evclassmap_init(void); void au_evclassmap_init(void);
void au_evclassmap_insert(au_event_t event, au_class_t class); void au_evclassmap_insert(au_event_t event, au_class_t class);
au_class_t au_event_class(au_event_t event); au_class_t au_event_class(au_event_t event);
void au_evnamemap_init(void); void au_evnamemap_init(void);
void au_evnamemap_insert(au_event_t event, const char *name); void au_evnamemap_insert(au_event_t event, const char *name);
void au_evnamemap_foreach(au_evnamemap_callback_t callback); void au_evnamemap_foreach(au_evnamemap_callback_t callback);
#ifdef KDTRACE_HOOKS
struct evname_elem *au_evnamemap_lookup(au_event_t event);
#endif
int au_event_name(au_event_t event, char *name); int au_event_name(au_event_t event, char *name);
au_event_t audit_ctlname_to_sysctlevent(int name[], uint64_t valid_arg); au_event_t audit_ctlname_to_sysctlevent(int name[], uint64_t valid_arg);
au_event_t audit_flags_and_error_to_openevent(int oflags, int error); au_event_t audit_flags_and_error_to_openevent(int oflags, int error);
au_event_t audit_flags_and_error_to_openatevent(int oflags, int error); au_event_t audit_flags_and_error_to_openatevent(int oflags, int error);
au_event_t audit_msgctl_to_event(int cmd); au_event_t audit_msgctl_to_event(int cmd);
au_event_t audit_semctl_to_event(int cmr); au_event_t audit_semctl_to_event(int cmr);
void audit_canon_path(struct thread *td, int dirfd, char *path, void audit_canon_path(struct thread *td, int dirfd, char *path,
char *cpath); char *cpath);
Show All 35 Lines