aboutsummaryrefslogtreecommitdiff
path: root/sys/bsm
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2017-03-26 21:14:49 +0000
committerRobert Watson <rwatson@FreeBSD.org>2017-03-26 21:14:49 +0000
commit5e386598a6d77973b93c073080f0cc574edda9e2 (patch)
tree9d79b1916285969c5438819eb911a5c74d8596a5 /sys/bsm
parentcb53322fdfcb4b234a664eb2f9ed8af8890495d2 (diff)
parent47192295e7ee42c5e669dfdb5cb146bc87a63fe5 (diff)
downloadsrc-5e386598a6d77973b93c073080f0cc574edda9e2.tar.gz
src-5e386598a6d77973b93c073080f0cc574edda9e2.zip
Merge OpenBSM 1.2-alpha5 from vendor branch to FreeBSD -CURRENT:
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to query it, allowing to set the kernel's maximum audit queue length. - Add support to push a mapping between audit event names and event numbers into the kernel (where supported) using new A_GETEVENT and A_SETEVENT auditon(2) operations. - Add audit event identifiers for a number of new (and not-so-new) FreeBSD system calls including those for asynchronous I/O, thread management, SCTP, jails, multi-FIB support, and misc. POSIX interfaces such as posix_fallocate(2) and posix_fadvise(2). - On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now run sandboxed. - Empty "flags" and "naflags" fields are now permitted in audit_control(5). Many thanks to Christian Brueffer for producing the OpenBSM release and importing/tagging it in the vendor branch. This release will allow improved auditing of a range of new FreeBSD functionality, as well as non-traditional events (e.g., fine-grained I/O auditing) not required by the Orange Book or Common Criteria. Obtained from: TrustedBSD Project Sponsored by: DARPA, AFRL MFC after: 3 weeks
Notes
Notes: svn path=/head/; revision=316006
Diffstat (limited to 'sys/bsm')
-rw-r--r--sys/bsm/audit.h18
-rw-r--r--sys/bsm/audit_kevents.h33
2 files changed, 49 insertions, 2 deletions
diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h
index 078b333a3268..af9622af314e 100644
--- a/sys/bsm/audit.h
+++ b/sys/bsm/audit.h
@@ -1,7 +1,13 @@
/*-
* Copyright (c) 2005-2009 Apple Inc.
+ * Copyright (c) 2016 Robert N. M. Watson
* All rights reserved.
*
+ * Portions of this software were developed by BAE Systems, the University of
+ * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
+ * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
+ * Computing (TC) research program.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -125,6 +131,8 @@
#define A_SETQCTRL 36
#define A_GETCOND 37
#define A_SETCOND 38
+#define A_GETEVENT 39 /* Get audit event-to-name mapping. */
+#define A_SETEVENT 40 /* Set audit event-to-name mapping. */
/*
* Audit policy controls.
@@ -301,6 +309,16 @@ struct au_evclass_map {
typedef struct au_evclass_map au_evclass_map_t;
/*
+ * Event-to-name mapping.
+ */
+#define EVNAMEMAP_NAME_SIZE 64
+struct au_evname_map {
+ au_event_t en_number;
+ char en_name[EVNAMEMAP_NAME_SIZE];
+};
+typedef struct au_evname_map au_evname_map_t;
+
+/*
* Audit system calls.
*/
#if !defined(_KERNEL) && !defined(KERNEL)
diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h
index 3c16c739a749..fb80c12458ed 100644
--- a/sys/bsm/audit_kevents.h
+++ b/sys/bsm/audit_kevents.h
@@ -611,6 +611,37 @@
#define AUE_BINDAT 43207 /* TrustedBSD. */
#define AUE_CONNECTAT 43208 /* TrustedBSD. */
#define AUE_CHFLAGSAT 43209 /* FreeBSD-specific. */
+#define AUE_PREADV 43210 /* FreeBSD-specific. */
+#define AUE_PWRITEV 43211 /* FreeBSD-specific. */
+#define AUE_POSIX_FALLOCATE 43212 /* FreeBSD-specific. */
+#define AUE_AIO_MLOCK 43213 /* FreeBSD-specific. */
+#define AUE_PROCCTL 43214 /* FreeBSD-specific. */
+#define AUE_AIO_READ 43215 /* FreeBSD-specific. */
+#define AUE_AIO_WRITE 43216 /* FreeBSD-specific. */
+#define AUE_AIO_RETURN 43217 /* FreeBSD-specific. */
+#define AUE_AIO_SUSPEND 43218 /* FreeBSD-specific. */
+#define AUE_AIO_CANCEL 43219 /* FreeBSD-specific. */
+#define AUE_AIO_ERROR 43220 /* FreeBSD-specific. */
+#define AUE_AIO_WAITCOMPLETE 43221 /* FreeBSD-specific. */
+#define AUE_AIO_FSYNC 43222 /* FreeBSD-specific. */
+#define AUE_THR_CREATE 43223 /* FreeBSD-specific. */
+#define AUE_THR_NEW 43224 /* FreeBSD-specific. */
+#define AUE_THR_EXIT 43225 /* FreeBSD-specific. */
+#define AUE_THR_KILL 43226 /* FreeBSD-specific. */
+#define AUE_THR_KILL2 43227 /* FreeBSD-specific. */
+#define AUE_SETFIB 43228 /* FreeBSD-specific. */
+#define AUE_LIO_LISTIO 43229 /* FreeBSD-specific. */
+#define AUE_SETUGID 43230 /* FreeBSD-specific. */
+#define AUE_SCTP_PEELOFF 43231 /* FreeBSD-specific. */
+#define AUE_SCTP_GENERIC_SENDMSG 43232 /* FreeBSD-specific. */
+#define AUE_SCTP_GENERIC_RECVMSG 43233 /* FreeBSD-specific. */
+#define AUE_JAIL_GET 43234 /* FreeBSD-specific. */
+#define AUE_JAIL_SET 43235 /* FreeBSD-specific. */
+#define AUE_JAIL_REMOVE 43236 /* FreeBSD-specific. */
+#define AUE_GETLOGINCLASS 43237 /* FreeBSD-specific. */
+#define AUE_SETLOGINCLASS 43238 /* FreeBSD-specific. */
+#define AUE_POSIX_FADVISE 43239 /* FreeBSD-specific. */
+#define AUE_SCTP_GENERIC_SENDMSG_IOV 43240 /* FreeBSD-specific. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -748,7 +779,6 @@
#define AUE_MODWATCH AUE_NULL
#define AUE_MSGCL AUE_NULL
#define AUE_MSYNC AUE_NULL
-#define AUE_PREADV AUE_NULL
#define AUE_PROCINFO AUE_NULL
#define AUE_PTHREADCANCELED AUE_NULL
#define AUE_PTHREADCHDIR AUE_NULL
@@ -763,7 +793,6 @@
#define AUE_PTHREADMUTEXINIT AUE_NULL
#define AUE_PTHREADMUTEXTRYLOCK AUE_NULL
#define AUE_PTHREADMUTEXUNLOCK AUE_NULL
-#define AUE_PWRITEV AUE_NULL
#define AUE_REMOVEXATTR AUE_NULL
#define AUE_SBRK AUE_NULL
#define AUE_SELECT AUE_NULL