Changeset View
Changeset View
Standalone View
Standalone View
head/sys/security/audit/audit_worker.c
/*- | /*- | ||||
* Copyright (c) 1999-2008 Apple Inc. | * Copyright (c) 1999-2008 Apple Inc. | ||||
* Copyright (c) 2006-2008 Robert N. M. Watson | * Copyright (c) 2006-2008, 2016 Robert N. M. Watson | ||||
* All rights reserved. | * All rights reserved. | ||||
* | * | ||||
* Portions of this software were developed by BAE Systems, the University of | |||||
* Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL | |||||
* contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent | |||||
* Computing (TC) research program. | |||||
* | |||||
* Redistribution and use in source and binary forms, with or without | * Redistribution and use in source and binary forms, with or without | ||||
* modification, are permitted provided that the following conditions | * modification, are permitted provided that the following conditions | ||||
* are met: | * are met: | ||||
* 1. Redistributions of source code must retain the above copyright | * 1. Redistributions of source code must retain the above copyright | ||||
* notice, this list of conditions and the following disclaimer. | * notice, this list of conditions and the following disclaimer. | ||||
* 2. Redistributions in binary form must reproduce the above copyright | * 2. Redistributions in binary form must reproduce the above copyright | ||||
* notice, this list of conditions and the following disclaimer in the | * notice, this list of conditions and the following disclaimer in the | ||||
* documentation and/or other materials provided with the distribution. | * documentation and/or other materials provided with the distribution. | ||||
▲ Show 20 Lines • Show All 343 Lines • ▼ Show 20 Lines | audit_worker_process_record(struct kaudit_record *ar) | ||||
} | } | ||||
if ((ar->k_ar_commit & AR_COMMIT_USER) && | if ((ar->k_ar_commit & AR_COMMIT_USER) && | ||||
(ar->k_ar_commit & AR_PRESELECT_USER_PIPE)) | (ar->k_ar_commit & AR_PRESELECT_USER_PIPE)) | ||||
audit_pipe_submit_user(ar->k_udata, ar->k_ulen); | audit_pipe_submit_user(ar->k_udata, ar->k_ulen); | ||||
if (!(ar->k_ar_commit & AR_COMMIT_KERNEL) || | if (!(ar->k_ar_commit & AR_COMMIT_KERNEL) || | ||||
((ar->k_ar_commit & AR_PRESELECT_PIPE) == 0 && | ((ar->k_ar_commit & AR_PRESELECT_PIPE) == 0 && | ||||
(ar->k_ar_commit & AR_PRESELECT_TRAIL) == 0)) | (ar->k_ar_commit & AR_PRESELECT_TRAIL) == 0 && | ||||
(ar->k_ar_commit & AR_PRESELECT_DTRACE) == 0)) | |||||
goto out; | goto out; | ||||
auid = ar->k_ar.ar_subj_auid; | auid = ar->k_ar.ar_subj_auid; | ||||
event = ar->k_ar.ar_event; | event = ar->k_ar.ar_event; | ||||
class = au_event_class(event); | class = au_event_class(event); | ||||
if (ar->k_ar.ar_errno == 0) | if (ar->k_ar.ar_errno == 0) | ||||
sorf = AU_PRS_SUCCESS; | sorf = AU_PRS_SUCCESS; | ||||
else | else | ||||
Show All 19 Lines | if (ar->k_ar_commit & AR_PRESELECT_TRAIL) { | ||||
AUDIT_WORKER_LOCK_ASSERT(); | AUDIT_WORKER_LOCK_ASSERT(); | ||||
audit_record_write(audit_vp, audit_cred, bsm->data, bsm->len); | audit_record_write(audit_vp, audit_cred, bsm->data, bsm->len); | ||||
} | } | ||||
if (ar->k_ar_commit & AR_PRESELECT_PIPE) | if (ar->k_ar_commit & AR_PRESELECT_PIPE) | ||||
audit_pipe_submit(auid, event, class, sorf, | audit_pipe_submit(auid, event, class, sorf, | ||||
ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data, | ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data, | ||||
bsm->len); | bsm->len); | ||||
#ifdef KDTRACE_HOOKS | |||||
/* | |||||
* Version of the dtaudit commit hook that accepts BSM. | |||||
*/ | |||||
if (ar->k_ar_commit & AR_PRESELECT_DTRACE) { | |||||
if (dtaudit_hook_bsm != NULL) | |||||
dtaudit_hook_bsm(ar, auid, event, class, sorf, | |||||
bsm->data, bsm->len); | |||||
} | |||||
#endif | |||||
kau_free(bsm); | kau_free(bsm); | ||||
out: | out: | ||||
if (locked) | if (locked) | ||||
AUDIT_WORKER_UNLOCK(); | AUDIT_WORKER_UNLOCK(); | ||||
} | } | ||||
/* | /* | ||||
▲ Show 20 Lines • Show All 117 Lines • Show Last 20 Lines |