PERFORCE change 103301 for review

Robert Watson rwatson at FreeBSD.org
Sat Aug 5 23:59:40 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=103301

Change 103301 by rwatson at rwatson_zoo on 2006/08/05 23:58:51

	Audit entry point prototypes and mpo field.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/sys/mac.h#7 edit
.. //depot/projects/trustedbsd/audit3/sys/sys/mac_policy.h#7 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/sys/mac.h#7 (text+ko) ====

@@ -110,6 +110,7 @@
 /*
  * Kernel functions to manage and evaluate labels.
  */
+struct auditinfo;
 struct bpf_d;
 struct cdev;
 struct componentname;
@@ -466,6 +467,18 @@
 void	mac_associate_nfsd_label(struct ucred *cred);
 
 /*
+ * XXXRW: Audit checks should be above, but list them here to make a more
+ * sensible diff for now.
+ */
+int	mac_check_system_audit(struct ucred *cred, void *record, int length);
+int	mac_check_system_auditon(struct ucred *cred, int cmd);
+int	mac_check_system_auditctl(struct ucred *cred, struct vnode *vp);
+int	mac_check_proc_getauid(struct ucred *cred);
+int	mac_check_proc_setauid(struct ucred *cred, uid_t auid);
+int	mac_check_proc_getaudit(struct ucred *cred);
+int	mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai);
+
+/*
  * Calls to help various file systems implement labeling functionality
  * using their existing EA implementation.
  */

==== //depot/projects/trustedbsd/audit3/sys/sys/mac_policy.h#7 (text+ko) ====

@@ -591,6 +591,21 @@
 		    struct label *label);
 typedef int	(*mpo_associate_nfsd_label_t)(struct ucred *cred);
 
+/*
+ * XXXRW: Audit checks should be above, but list them here to make a more
+ * sensible diff for now.
+ */
+typedef int	(*mpo_check_system_audit_t)(struct ucred *cred, void *record,
+		    int length);
+typedef int	(*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
+typedef int	(*mpo_check_system_auditctl_t)(struct ucred *cred,
+		    struct vnode *vp, struct label *vplabel);
+typedef int	(*mpo_check_proc_getauid_t)(struct ucred *cred);
+typedef int	(*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
+typedef int	(*mpo_check_proc_getaudit_t)(struct ucred *cred);
+typedef int	(*mpo_check_proc_setaudit_t)(struct ucred *cred,
+		    struct auditinfo *ai);
+
 struct mac_policy_ops {
 	/*
 	 * Policy module operations.
@@ -879,6 +894,18 @@
 	mpo_check_vnode_stat_t			mpo_check_vnode_stat;
 	mpo_check_vnode_write_t			mpo_check_vnode_write;
 	mpo_associate_nfsd_label_t		mpo_associate_nfsd_label;
+
+	/*
+	 * XXXRW: Audit checks should be above, but list them here to make a
+	 * more sensible diff for now.
+	 */
+	mpo_check_system_audit_t		mpo_check_system_audit;
+	mpo_check_system_auditon_t		mpo_check_system_auditon;
+	mpo_check_system_auditctl_t		mpo_check_system_auditctl;
+	mpo_check_proc_getauid_t		mpo_check_proc_getauid;
+	mpo_check_proc_setauid_t		mpo_check_proc_setauid;
+	mpo_check_proc_getaudit_t		mpo_check_proc_getaudit;
+	mpo_check_proc_setaudit_t		mpo_check_proc_setaudit;
 };
 
 /*

More information about the trustedbsd-cvs mailing list