audit_syscalls.c (225617) | audit_syscalls.c (241896) |
---|---|
1/*- 2 * Copyright (c) 1999-2009 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 14 unchanged lines hidden (view full) --- 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999-2009 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 14 unchanged lines hidden (view full) --- 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30#include <sys/cdefs.h> |
31__FBSDID("$FreeBSD: head/sys/security/audit/audit_syscalls.c 225617 2011-09-16 13:58:51Z kmacy $"); | 31__FBSDID("$FreeBSD: head/sys/security/audit/audit_syscalls.c 241896 2012-10-22 17:50:54Z kib $"); |
32 33#include <sys/param.h> 34#include <sys/mount.h> 35#include <sys/namei.h> 36#include <sys/priv.h> 37#include <sys/proc.h> 38#include <sys/sysproto.h> 39#include <sys/systm.h> --- 704 unchanged lines hidden (view full) --- 744/* ARGSUSED */ 745int 746sys_auditctl(struct thread *td, struct auditctl_args *uap) 747{ 748 struct nameidata nd; 749 struct ucred *cred; 750 struct vnode *vp; 751 int error = 0; | 32 33#include <sys/param.h> 34#include <sys/mount.h> 35#include <sys/namei.h> 36#include <sys/priv.h> 37#include <sys/proc.h> 38#include <sys/sysproto.h> 39#include <sys/systm.h> --- 704 unchanged lines hidden (view full) --- 744/* ARGSUSED */ 745int 746sys_auditctl(struct thread *td, struct auditctl_args *uap) 747{ 748 struct nameidata nd; 749 struct ucred *cred; 750 struct vnode *vp; 751 int error = 0; |
752 int flags, vfslocked; | 752 int flags; |
753 754 if (jailed(td->td_ucred)) 755 return (ENOSYS); 756 error = priv_check(td, PRIV_AUDIT_CONTROL); 757 if (error) 758 return (error); 759 760 vp = NULL; --- 4 unchanged lines hidden (view full) --- 765 * validity checks, and grab another reference to the current 766 * credential. 767 * 768 * On Darwin, a NULL path argument is also used to disable audit. 769 */ 770 if (uap->path == NULL) 771 return (EINVAL); 772 | 753 754 if (jailed(td->td_ucred)) 755 return (ENOSYS); 756 error = priv_check(td, PRIV_AUDIT_CONTROL); 757 if (error) 758 return (error); 759 760 vp = NULL; --- 4 unchanged lines hidden (view full) --- 765 * validity checks, and grab another reference to the current 766 * credential. 767 * 768 * On Darwin, a NULL path argument is also used to disable audit. 769 */ 770 if (uap->path == NULL) 771 return (EINVAL); 772 |
773 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, | 773 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, |
774 UIO_USERSPACE, uap->path, td); 775 flags = AUDIT_OPEN_FLAGS; 776 error = vn_open(&nd, &flags, 0, NULL); 777 if (error) 778 return (error); | 774 UIO_USERSPACE, uap->path, td); 775 flags = AUDIT_OPEN_FLAGS; 776 error = vn_open(&nd, &flags, 0, NULL); 777 if (error) 778 return (error); |
779 vfslocked = NDHASGIANT(&nd); | |
780 vp = nd.ni_vp; 781#ifdef MAC 782 error = mac_system_check_auditctl(td->td_ucred, vp); 783 VOP_UNLOCK(vp, 0); 784 if (error) { 785 vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td); | 779 vp = nd.ni_vp; 780#ifdef MAC 781 error = mac_system_check_auditctl(td->td_ucred, vp); 782 VOP_UNLOCK(vp, 0); 783 if (error) { 784 vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td); |
786 VFS_UNLOCK_GIANT(vfslocked); | |
787 return (error); 788 } 789#else 790 VOP_UNLOCK(vp, 0); 791#endif 792 NDFREE(&nd, NDF_ONLY_PNBUF); 793 if (vp->v_type != VREG) { 794 vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td); | 785 return (error); 786 } 787#else 788 VOP_UNLOCK(vp, 0); 789#endif 790 NDFREE(&nd, NDF_ONLY_PNBUF); 791 if (vp->v_type != VREG) { 792 vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td); |
795 VFS_UNLOCK_GIANT(vfslocked); | |
796 return (EINVAL); 797 } | 793 return (EINVAL); 794 } |
798 VFS_UNLOCK_GIANT(vfslocked); | |
799 cred = td->td_ucred; 800 crhold(cred); 801 802 /* 803 * XXXAUDIT: Should audit_suspended actually be cleared by 804 * audit_worker? 805 */ 806 audit_suspended = 0; --- 71 unchanged lines hidden --- | 795 cred = td->td_ucred; 796 crhold(cred); 797 798 /* 799 * XXXAUDIT: Should audit_suspended actually be cleared by 800 * audit_worker? 801 */ 802 audit_suspended = 0; --- 71 unchanged lines hidden --- |