Author: rwatson
Date: Wed Mar 29 23:31:35 2017
New Revision: 316185
URL: https://svnweb.freebsd.org/changeset/base/316185
Log:
When handling msgsys(2), semsys(2), and shmsys(2) multiplex system calls,
map the 'which' argument into a suitable audit event identifier for the
specific operation requested.
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Sponsored by: DARPA, AFRL
Modified:
head/sys/kern/sysv_msg.c
head/sys/kern/sysv_sem.c
head/sys/kern/sysv_shm.c
head/sys/security/audit/audit.c
head/sys/security/audit/audit.h
head/sys/security/audit/audit_arg.c
head/sys/security/audit/audit_bsm_klib.c
head/sys/security/audit/audit_private.h
Modified: head/sys/kern/sysv_msg.c
==============================================================================
--- head/sys/kern/sysv_msg.c Wed Mar 29 23:13:04 2017 (r316184)
+++ head/sys/kern/sysv_msg.c Wed Mar 29 23:31:35 2017 (r316185)
@@ -73,6 +73,7 @@ __FBSDID("$FreeBSD$");
#include <sys/malloc.h>
#include <sys/jail.h>
+#include <security/audit/audit.h>
#include <security/mac/mac_framework.h>
FEATURE(sysv_msg, "System V message queues support");
@@ -1639,6 +1640,7 @@ freebsd32_msgsys(struct thread *td, stru
#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
+ AUDIT_ARG_SVIPC_WHICH(uap->which);
switch (uap->which) {
case 0:
return (freebsd7_freebsd32_msgctl(td,
@@ -1810,6 +1812,7 @@ sys_msgsys(td, uap)
{
int error;
+ AUDIT_ARG_SVIPC_WHICH(uap->which);
if (uap->which < 0 || uap->which >= nitems(msgcalls))
return (EINVAL);
error = (*msgcalls[uap->which])(td, &uap->a2);
Modified: head/sys/kern/sysv_sem.c
==============================================================================
--- head/sys/kern/sysv_sem.c Wed Mar 29 23:13:04 2017 (r316184)
+++ head/sys/kern/sysv_sem.c Wed Mar 29 23:31:35 2017 (r316185)
@@ -62,6 +62,7 @@ __FBSDID("$FreeBSD$");
#include <sys/malloc.h>
#include <sys/jail.h>
+#include <security/audit/audit.h>
#include <security/mac/mac_framework.h>
FEATURE(sysv_sem, "System V semaphores support");
@@ -1692,6 +1693,7 @@ sys_semsys(td, uap)
{
int error;
+ AUDIT_ARG_SVIPC_WHICH(uap->which);
if (uap->which < 0 || uap->which >= nitems(semcalls))
return (EINVAL);
error = (*semcalls[uap->which])(td, &uap->a2);
@@ -1791,6 +1793,7 @@ freebsd32_semsys(struct thread *td, stru
#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
+ AUDIT_ARG_SVIPC_WHICH(uap->which);
switch (uap->which) {
case 0:
return (freebsd7_freebsd32_semctl(td,
Modified: head/sys/kern/sysv_shm.c
==============================================================================
--- head/sys/kern/sysv_shm.c Wed Mar 29 23:13:04 2017 (r316184)
+++ head/sys/kern/sysv_shm.c Wed Mar 29 23:31:35 2017 (r316185)
@@ -87,6 +87,7 @@ __FBSDID("$FreeBSD$");
#include <sys/sysproto.h>
#include <sys/jail.h>
+#include <security/audit/audit.h>
#include <security/mac/mac_framework.h>
#include <vm/vm.h>
@@ -1300,6 +1301,7 @@ int
sys_shmsys(struct thread *td, struct shmsys_args *uap)
{
+ AUDIT_ARG_SVIPC_WHICH(uap->which);
if (uap->which < 0 || uap->which >= nitems(shmcalls))
return (EINVAL);
return ((*shmcalls[uap->which])(td, &uap->a2));
@@ -1315,6 +1317,7 @@ freebsd32_shmsys(struct thread *td, stru
#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
+ AUDIT_ARG_SVIPC_WHICH(uap->which);
switch (uap->which) {
case 0: { /* shmat */
struct shmat_args ap;
Modified: head/sys/security/audit/audit.c
==============================================================================
--- head/sys/security/audit/audit.c Wed Mar 29 23:13:04 2017
(r316184)
+++ head/sys/security/audit/audit.c Wed Mar 29 23:31:35 2017
(r316185)
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1999-2005 Apple Inc.
- * Copyright (c) 2006-2007, 2016 Robert N. M. Watson
+ * Copyright (c) 2006-2007, 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* Portions of this software were developed by BAE Systems, the University of
@@ -472,6 +472,24 @@ audit_commit(struct kaudit_record *ar, i
/* Convert the auditon() command to an event. */
ar->k_ar.ar_event = auditon_command_event(ar->k_ar.ar_arg_cmd);
break;
+
+ case AUE_MSGSYS:
+ if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH))
+ ar->k_ar.ar_event =
+ audit_msgsys_to_event(ar->k_ar.ar_arg_svipc_which);
+ break;
+
+ case AUE_SEMSYS:
+ if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH))
+ ar->k_ar.ar_event =
+ audit_semsys_to_event(ar->k_ar.ar_arg_svipc_which);
+ break;
+
+ case AUE_SHMSYS:
+ if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH))
+ ar->k_ar.ar_event =
+ audit_shmsys_to_event(ar->k_ar.ar_arg_svipc_which);
+ break;
}
auid = ar->k_ar.ar_subj_auid;
Modified: head/sys/security/audit/audit.h
==============================================================================
--- head/sys/security/audit/audit.h Wed Mar 29 23:13:04 2017
(r316184)
+++ head/sys/security/audit/audit.h Wed Mar 29 23:31:35 2017
(r316185)
@@ -1,7 +1,13 @@
/*-
* Copyright (c) 1999-2005 Apple Inc.
+ * Copyright (c) 2016-2017 Robert N. M. Watson
* All rights reserved.
*
+ * This software was developed by BAE Systems, the University of Cambridge
+ * Computer Laboratory, and Memorial University under DARPA/AFRL contract
+ * FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent Computing
+ * (TC) research program.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -109,6 +115,7 @@ void audit_arg_svipc_cmd(int cmd);
void audit_arg_svipc_perm(struct ipc_perm *perm);
void audit_arg_svipc_id(int id);
void audit_arg_svipc_addr(void *addr);
+void audit_arg_svipc_which(int which);
void audit_arg_posix_ipc_perm(uid_t uid, gid_t gid, mode_t mode);
void audit_arg_auditon(union auditon_udata *udata);
void audit_arg_file(struct proc *p, struct file *fp);
@@ -282,6 +289,11 @@ void audit_thread_free(struct thread *t
audit_arg_suid((suid)); \
} while (0)
+#define AUDIT_ARG_SVIPC_WHICH(which) do {
\
+ if (AUDITING_TD(curthread)) \
+ audit_arg_svipc_which((which)); \
+} while (0)
+
#define AUDIT_ARG_TEXT(text) do {
\
if (AUDITING_TD(curthread)) \
audit_arg_text((text)); \
@@ -373,6 +385,7 @@ void audit_thread_free(struct thread *t
#define AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol)
#define AUDIT_ARG_SOCKADDR(td, dirfd, sa)
#define AUDIT_ARG_SUID(suid)
+#define AUDIT_ARG_SVIPC_WHICH(which)
#define AUDIT_ARG_TEXT(text)
#define AUDIT_ARG_UID(uid)
#define AUDIT_ARG_UPATH1(td, dirfd, upath)
Modified: head/sys/security/audit/audit_arg.c
==============================================================================
--- head/sys/security/audit/audit_arg.c Wed Mar 29 23:13:04 2017
(r316184)
+++ head/sys/security/audit/audit_arg.c Wed Mar 29 23:31:35 2017
(r316185)
@@ -1,7 +1,13 @@
/*-
* Copyright (c) 1999-2005 Apple Inc.
+ * Copyright (c) 2016-2017 Robert N. M. Watson
* All rights reserved.
*
+ * Portions of this software were developed by BAE Systems, the University of
+ * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
+ * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
+ * Computing (TC) research program.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -616,6 +622,19 @@ audit_arg_svipc_addr(void * addr)
}
void
+audit_arg_svipc_which(int which)
+{
+ struct kaudit_record *ar;
+
+ ar = currecord();
+ if (ar == NULL)
+ return;
+
+ ar->k_ar.ar_arg_svipc_which = which;
+ ARG_SET_VALID(ar, ARG_SVIPC_WHICH);
+}
+
+void
audit_arg_posix_ipc_perm(uid_t uid, gid_t gid, mode_t mode)
{
struct kaudit_record *ar;
Modified: head/sys/security/audit/audit_bsm_klib.c
==============================================================================
--- head/sys/security/audit/audit_bsm_klib.c Wed Mar 29 23:13:04 2017
(r316184)
+++ head/sys/security/audit/audit_bsm_klib.c Wed Mar 29 23:31:35 2017
(r316185)
@@ -1,6 +1,6 @@
/*
* Copyright (c) 1999-2009 Apple Inc.
- * Copyright (c) 2005, 2016 Robert N. M. Watson
+ * Copyright (c) 2005, 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* Portions of this software were developed by BAE Systems, the University of
@@ -141,6 +141,29 @@ static const struct aue_open_event aue_o
{ (O_WRONLY | O_TRUNC), AUE_OPENAT_WT },
};
+static const int aue_msgsys[] = {
+ /* 0 */ AUE_MSGCTL,
+ /* 1 */ AUE_MSGGET,
+ /* 2 */ AUE_MSGSND,
+ /* 3 */ AUE_MSGRCV,
+};
+static const int aue_msgsys_count = sizeof(aue_msgsys) / sizeof(int);
+
+static const int aue_semsys[] = {
+ /* 0 */ AUE_SEMCTL,
+ /* 1 */ AUE_SEMGET,
+ /* 2 */ AUE_SEMOP,
+};
+static const int aue_semsys_count = sizeof(aue_semsys) / sizeof(int);
+
+static const int aue_shmsys[] = {
+ /* 0 */ AUE_SHMAT,
+ /* 1 */ AUE_SHMDT,
+ /* 2 */ AUE_SHMGET,
+ /* 3 */ AUE_SHMCTL,
+};
+static const int aue_shmsys_count = sizeof(aue_shmsys) / sizeof(int);
+
/*
* Look up the class for an audit event in the class mapping table.
*/
@@ -555,6 +578,43 @@ audit_semctl_to_event(int cmd)
}
/*
+ * Convert msgsys(2), semsys(2), and shmsys(2) system-call variations into
+ * audit events, if possible.
+ */
+au_event_t
+audit_msgsys_to_event(int which)
+{
+
+ if ((which >= 0) && (which < aue_msgsys_count))
+ return (aue_msgsys[which]);
+
+ /* Audit a bad command. */
+ return (AUE_MSGSYS);
+}
+
+au_event_t
+audit_semsys_to_event(int which)
+{
+
+ if ((which >= 0) && (which < aue_semsys_count))
+ return (aue_semsys[which]);
+
+ /* Audit a bad command. */
+ return (AUE_SEMSYS);
+}
+
+au_event_t
+audit_shmsys_to_event(int which)
+{
+
+ if ((which >= 0) && (which < aue_shmsys_count))
+ return (aue_shmsys[which]);
+
+ /* Audit a bad command. */
+ return (AUE_SHMSYS);
+}
+
+/*
* Convert a command for the auditon() system call to a audit event.
*/
au_event_t
Modified: head/sys/security/audit/audit_private.h
==============================================================================
--- head/sys/security/audit/audit_private.h Wed Mar 29 23:13:04 2017
(r316184)
+++ head/sys/security/audit/audit_private.h Wed Mar 29 23:31:35 2017
(r316185)
@@ -226,6 +226,7 @@ struct audit_record {
struct vnode_au_info ar_arg_vnode1;
struct vnode_au_info ar_arg_vnode2;
int ar_arg_cmd;
+ int ar_arg_svipc_which;
int ar_arg_svipc_cmd;
struct ipc_perm ar_arg_svipc_perm;
int ar_arg_svipc_id;
@@ -303,6 +304,7 @@ struct audit_record {
#define ARG_ATFD2 0x0008000000000000ULL
#define ARG_RIGHTS 0x0010000000000000ULL
#define ARG_FCNTL_RIGHTS 0x0020000000000000ULL
+#define ARG_SVIPC_WHICH 0x0200000000000000ULL
#define ARG_NONE 0x0000000000000000ULL
#define ARG_ALL 0xFFFFFFFFFFFFFFFFULL
@@ -463,7 +465,10 @@ au_event_t audit_ctlname_to_sysctlevent
au_event_t audit_flags_and_error_to_openevent(int oflags, int error);
au_event_t audit_flags_and_error_to_openatevent(int oflags, int error);
au_event_t audit_msgctl_to_event(int cmd);
-au_event_t audit_semctl_to_event(int cmr);
+au_event_t audit_msgsys_to_event(int which);
+au_event_t audit_semctl_to_event(int cmd);
+au_event_t audit_semsys_to_event(int which);
+au_event_t audit_shmsys_to_event(int which);
void audit_canon_path(struct thread *td, int dirfd, char *path,
char *cpath);
au_event_t auditon_command_event(int cmd);
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
