Define missing audit argument macro AUDIT_ARG_SOCKET(), and
capture the domain, type, and protocol arguments to socket(2) and socketpair(2). Approved by: re (audit argument blanket) MFC after: 3 days
This commit is contained in:
parent
81611ea7c6
commit
9e4c1521d5
@ -70,6 +70,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/ktrace.h>
|
||||
#endif
|
||||
|
||||
#include <security/audit/audit.h>
|
||||
#include <security/mac/mac_framework.h>
|
||||
|
||||
#include <vm/vm.h>
|
||||
@ -161,6 +162,7 @@ socket(td, uap)
|
||||
struct file *fp;
|
||||
int fd, error;
|
||||
|
||||
AUDIT_ARG_SOCKET(uap->domain, uap->type, uap->protocol);
|
||||
#ifdef MAC
|
||||
error = mac_socket_check_create(td->td_ucred, uap->domain, uap->type,
|
||||
uap->protocol);
|
||||
@ -586,6 +588,7 @@ kern_socketpair(struct thread *td, int domain, int type, int protocol,
|
||||
struct socket *so1, *so2;
|
||||
int fd, error;
|
||||
|
||||
AUDIT_ARG_SOCKET(domain, type, protocol);
|
||||
#ifdef MAC
|
||||
/* We might want to have a separate check for socket pairs. */
|
||||
error = mac_socket_check_create(td->td_ucred, domain, type,
|
||||
|
@ -297,6 +297,11 @@ void audit_thread_free(struct thread *td);
|
||||
audit_arg_sgid((sgid)); \
|
||||
} while (0)
|
||||
|
||||
#define AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol) do { \
|
||||
if (AUDITING_TD(curthread)) \
|
||||
audit_arg_socket((sodomain), (sotype), (soprotocol)); \
|
||||
} while (0)
|
||||
|
||||
#define AUDIT_ARG_SUID(suid) do { \
|
||||
if (AUDITING_TD(curthread)) \
|
||||
audit_arg_suid((suid)); \
|
||||
@ -375,6 +380,7 @@ void audit_thread_free(struct thread *td);
|
||||
#define AUDIT_ARG_RUID(ruid)
|
||||
#define AUDIT_ARG_SIGNUM(signum)
|
||||
#define AUDIT_ARG_SGID(sgid)
|
||||
#define AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol)
|
||||
#define AUDIT_ARG_SUID(suid)
|
||||
#define AUDIT_ARG_TEXT(text)
|
||||
#define AUDIT_ARG_UID(uid)
|
||||
|
Loading…
Reference in New Issue
Block a user