PERFORCE change 103317 for review

Sun Aug 6 10:18:37 UTC 2006

http://perforce.freebsd.org/chv.cgi?CH=103317

Change 103317 by rwatson at rwatson_zoo on 2006/08/06 10:17:32

	Initial placement of MAC checks in audit system calls.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#19 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#19 (text+ko) ====

@@ -29,7 +29,17 @@
  * $FreeBSD: src/sys/security/audit/audit_syscalls.c,v 1.4 2006/06/05 22:36:12 rwatson Exp $
  */
 
+/*
+ * XXXRW: The MAC checks here vary in location based on when the arguments
+ * they need have been copied in.  Probably, we should universally adopt the
+ * order: (1) copy in arguments (2) audit arguments (3) MAC check
+ * (4) suser() check.
+ */
+
+#include "opt_mac.h"
+
 #include <sys/param.h>
+#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/namei.h>
 #include <sys/proc.h>
@@ -112,6 +122,12 @@
 		goto free_out;
 	}
 
+#ifdef MAC
+	error = mac_check_system_audit(td->td_ucred, rec, uap->length);
+	if (error)
+		goto free_out;
+#endif
+
 	/*
 	 * Attach the user audit record to the kernel audit record. Because
 	 * this system call is an auditable event, we will write the user
@@ -148,6 +164,13 @@
 	struct proc *tp;
 
 	AUDIT_ARG(cmd, uap->cmd);
+
+#ifdef MAC
+	error = mac_check_system_auditon(td->td_ucred, uap->cmd);
+	if (error)
+		return (error);
+#endif
+
 	error = suser(td);
 	if (error)
 		return (error);
@@ -394,6 +417,12 @@
 	int error;
 	au_id_t id;
 
+#ifdef MAC
+	error = mac_check_proc_getauid(td->td_ucred);
+	if (error)
+		return (error);
+#endif
+
 	error = suser(td);
 	if (error)
 		return (error);
@@ -426,6 +455,12 @@
 
 	audit_arg_auid(id);
 
+#ifdef MAC
+	error = mac_check_proc_setauid(td->td_ucred, id);
+	if (error)
+		return (error);
+#endif
+
 	/*
 	 * XXX: Integer write on static pointer dereference: doesn't need
 	 * locking?
@@ -454,6 +489,12 @@
 	struct auditinfo ai;
 	int error;
 
+#ifdef MAC
+	error = mac_check_proc_getaudit(td->td_ucred);
+	if (error)
+		return (error);
+#endif
+
 	error = suser(td);
 	if (error)
 		return (error);
@@ -483,6 +524,12 @@
 
 	audit_arg_auditinfo(&ai);
 
+#ifdef MAC
+	error = mac_check_proc_setaudit(td->td_ucred, &ai);
+	if (error)
+		return (error);
+#endif
+
 	/*
 	 * XXXRW: Test privilege while holding the proc lock?
 	*/
@@ -500,6 +547,12 @@
 {
 	int error;
 
+#ifdef MAC
+	error = mac_check_proc_getaudit(td->td_ucred);
+	if (error)
+		return (error);
+#endif
+
 	error = suser(td);
 	if (error)
 		return (error);
@@ -516,6 +569,13 @@
 	error = suser(td);
 	if (error)
 		return (error);
+
+#ifdef MAC
+	error = mac_check_proc_setaudit(td->td_ucred, NULL);
+	if (error)
+		return (error);
+#endif
+
 	return (ENOSYS);
 }
 
