PERFORCE change 63849 for review
Robert Watson
rwatson at FreeBSD.org
Wed Oct 27 21:25:18 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=63849
Change 63849 by rwatson at rwatson_tislabs on 2004/10/27 21:25:02
Use the per-process system call vector rather than the global
vector, in order to permit auditing based on per-vector audit
event types, which may not match the global ones. E.g., the
FreeBSD system call number for open() is not the same as the
Linux one.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#12 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#12 (text+ko) ====
@@ -1361,7 +1361,17 @@
int audit_event;
struct au_mask *aumask;
- audit_event = sysent[code].sy_auevent;
+ /*
+ * In FreeBSD, each ABI has its own system call table, and hence
+ * mapping of system call codes to audit events. Convert the code to
+ * an audit event identifier using the process system call table
+ * reference. In Darwin, there's only one, so we use the global
+ * symbol for the system call table.
+ */
+ if (code >= td->td_proc->p_sysent->sv_size)
+ return;
+
+ audit_event = td->td_proc->p_sysent->sv_table[code].sy_auevent;
if (audit_event == AUE_NULL)
return;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list