PERFORCE change 45247 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=45247

Change 45247 by rwatson at rwatson_paprika on 2004/01/12 20:55:37

	Set up process audit state when creating the first process.  
	Destroy audit state when destroying a process.  When forking a
	process, initialize the new process and inherit state.

Affected files ...

.. //depot/projects/trustedbsd/audit2/sys/kern/init_main.c#2 edit
.. //depot/projects/trustedbsd/audit2/sys/kern/kern_exit.c#2 edit
.. //depot/projects/trustedbsd/audit2/sys/kern/kern_fork.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/audit2/sys/kern/init_main.c#2 (text+ko) ====

@@ -49,6 +49,7 @@
 
 #include <sys/param.h>
 #include <sys/kernel.h>
+#include <sys/audit.h>
 #include <sys/exec.h>
 #include <sys/file.h>
 #include <sys/filedesc.h>
@@ -76,6 +77,8 @@
 
 #include <machine/cpu.h>
 
+#include <security/audit/kern_audit.h>
+
 #include <vm/vm.h>
 #include <vm/vm_param.h>
 #include <vm/pmap.h>
@@ -394,6 +397,9 @@
 	p->p_ucred->cr_uidinfo = uifind(0);
 	p->p_ucred->cr_ruidinfo = uifind(0);
 	p->p_ucred->cr_prison = NULL;	/* Don't jail it. */
+#ifdef AUDIT
+	audit_proc_init(p);
+#endif
 #ifdef MAC
 	mac_create_proc0(p->p_ucred);
 #endif

==== //depot/projects/trustedbsd/audit2/sys/kern/kern_exit.c#2 (text+ko) ====

@@ -74,6 +74,8 @@
 #include <sys/ktrace.h>
 #endif
 
+#include <security/audit/kern_audit.h>
+
 #include <vm/vm.h>
 #include <vm/vm_extern.h>
 #include <vm/vm_param.h>
@@ -181,6 +183,10 @@
 	p->p_flag |= P_WEXIT;
 	PROC_UNLOCK(p);
 
+#ifdef AUDIT
+	audit_syscall_exit(0, p, td);
+#endif
+
 	/* Are we a task leader? */
 	if (p == p->p_leader) {
 		mtx_lock(&ppeers_lock);
@@ -682,6 +688,9 @@
 			 */
 			crfree(p->p_ucred);
 			p->p_ucred = NULL;
+#ifdef AUDIT
+			audit_proc_free(p);
+#endif
 			pargs_drop(p->p_args);
 			p->p_args = NULL;
 			sigacts_free(p->p_sigacts);

==== //depot/projects/trustedbsd/audit2/sys/kern/kern_fork.c#2 (text+ko) ====

@@ -70,6 +70,8 @@
 #include <sys/jail.h>
 #include <sys/sx.h>
 
+#include <security/audit/kern_audit.h>
+
 #include <vm/vm.h>
 #include <vm/pmap.h>
 #include <vm/vm_map.h>
@@ -507,6 +509,9 @@
 	mtx_unlock_spin(&sched_lock);
 	p2->p_ucred = crhold(td->td_ucred);
 	td2->td_ucred = crhold(p2->p_ucred);	/* XXXKSE */
+#ifdef AUDIT
+	audit_proc_fork(p1, p2);
+#endif
 
 	pargs_hold(p2->p_args);
 
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message