svn commit: r195252 - in head/sys: kern security/audit

Wed, 01 Jul 2009 11:55:14 -0700 

Author: rwatson
Date: Wed Jul  1 18:54:49 2009
New Revision: 195252
URL: http://svn.freebsd.org/changeset/base/195252

Log:
  Define missing audit argument macro AUDIT_ARG_SOCKET(), and
  capture the domain, type, and protocol arguments to socket(2)
  and socketpair(2).
  
  Approved by:  re (audit argument blanket)
  MFC after:    3 days

Modified:
  head/sys/kern/uipc_syscalls.c
  head/sys/security/audit/audit.h

Modified: head/sys/kern/uipc_syscalls.c
==============================================================================
--- head/sys/kern/uipc_syscalls.c       Wed Jul  1 18:12:50 2009        
(r195251)
+++ head/sys/kern/uipc_syscalls.c       Wed Jul  1 18:54:49 2009        
(r195252)
@@ -70,6 +70,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/ktrace.h>
 #endif
 
+#include <security/audit/audit.h>
 #include <security/mac/mac_framework.h>
 
 #include <vm/vm.h>
@@ -161,6 +162,7 @@ socket(td, uap)
        struct file *fp;
        int fd, error;
 
+       AUDIT_ARG_SOCKET(uap->domain, uap->type, uap->protocol);
 #ifdef MAC
        error = mac_socket_check_create(td->td_ucred, uap->domain, uap->type,
            uap->protocol);
@@ -586,6 +588,7 @@ kern_socketpair(struct thread *td, int d
        struct socket *so1, *so2;
        int fd, error;
 
+       AUDIT_ARG_SOCKET(domain, type, protocol);
 #ifdef MAC
        /* We might want to have a separate check for socket pairs. */
        error = mac_socket_check_create(td->td_ucred, domain, type,

Modified: head/sys/security/audit/audit.h
==============================================================================
--- head/sys/security/audit/audit.h     Wed Jul  1 18:12:50 2009        
(r195251)
+++ head/sys/security/audit/audit.h     Wed Jul  1 18:54:49 2009        
(r195252)
@@ -297,6 +297,11 @@ void        audit_thread_free(struct thread *t
                audit_arg_sgid((sgid));                                 \
 } while (0)
 
+#define        AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol) do {             
\
+       if (AUDITING_TD(curthread))                                     \
+               audit_arg_socket((sodomain), (sotype), (soprotocol));   \
+} while (0)
+
 #define        AUDIT_ARG_SUID(suid) do {                                       
\
        if (AUDITING_TD(curthread))                                     \
                audit_arg_suid((suid));                                 \
@@ -375,6 +380,7 @@ void         audit_thread_free(struct thread *t
 #define        AUDIT_ARG_RUID(ruid)
 #define        AUDIT_ARG_SIGNUM(signum)
 #define        AUDIT_ARG_SGID(sgid)
+#define        AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol)
 #define        AUDIT_ARG_SUID(suid)
 #define        AUDIT_ARG_TEXT(text)
 #define        AUDIT_ARG_UID(uid)
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"

Reply via email to