diff --git a/sys/kern/kern_thread.c b/sys/kern/kern_thread.c index 61d4e11b455d..2777ca72469d 100644 --- a/sys/kern/kern_thread.c +++ b/sys/kern/kern_thread.c @@ -43,6 +43,8 @@ __FBSDID("$FreeBSD$"); #include #include +#include + #include #include #include @@ -133,6 +135,10 @@ thread_ctor(void *mem, int size, void *arg, int flags) * next thread. */ td->td_critnest = 1; + +#ifdef AUDIT + audit_thread_alloc(td); +#endif return (0); } diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c index b2f11435b0a6..1d3c3e61abc9 100644 --- a/sys/security/audit/audit.c +++ b/sys/security/audit/audit.c @@ -1015,6 +1015,16 @@ audit_proc_alloc(struct proc *p) //printf("audit_proc_alloc: pid %d p_au %p\n", p->p_pid, p->p_au); } +/* + * Allocate storage for a new thread. + */ +void +audit_thread_alloc(struct thread *td) +{ + + td->td_ar = NULL; +} + /* * Initialize the audit information for the a process, presumably the first * process in the system. diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h index 3dbabcd3610a..f889f3bd95fd 100644 --- a/sys/security/audit/audit.h +++ b/sys/security/audit/audit.h @@ -180,6 +180,7 @@ void audit_proc_init(struct proc *p); void audit_proc_fork(struct proc *parent, struct proc *child); void audit_proc_free(struct proc *p); +void audit_thread_alloc(struct thread *td); /* * Define a macro to wrap the audit_arg_* calls by checking the global diff --git a/sys/sys/proc.h b/sys/sys/proc.h index 654d574b2484..101c3953b651 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -150,6 +150,8 @@ struct pargs { * either lock is sufficient for read access, but both locks must be held * for write access. */ +struct auditinfo; +struct kaudit_record; struct kg_sched; struct nlminfo; struct kaioinfo; @@ -325,6 +327,7 @@ struct thread { volatile u_int td_critnest; /* (k*) Critical section nest level. */ struct mdthread td_md; /* (k) Any machine-dependent fields. */ struct td_sched *td_sched; /* (*) Scheduler-specific data. */ + struct kaudit_record *td_ar; /* (k) Active audit record, if any. */ }; /* @@ -613,6 +616,7 @@ struct proc { struct p_sched *p_sched; /* (*) Scheduler-specific data. */ STAILQ_HEAD(, ktr_request) p_ktr; /* (o) KTR event queue. */ LIST_HEAD(, mqueue_notifier) p_mqnotifier; /* (c) mqueue notifiers.*/ + struct auditinfo *p_au; /* (c) Process audit properties. */ }; #define p_session p_pgrp->pg_session