Add system-call argument auditing for ACL-related system calls.
Obtained from: TrustedBSD Project MFC after: 3 weeks Sponsored by: DARPA, AFRL
This commit is contained in:
Robert Watson
parent
dda1957040
commit
f907080983
@ -1,9 +1,14 @@
|
||||
/*-
|
||||
* Copyright (c) 1999-2006 Robert N. M. Watson
|
||||
* Copyright (c) 1999-2006, 2016-2017 Robert N. M. Watson
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed by Robert Watson for the TrustedBSD Project.
|
||||
*
|
||||
* Portions of this software were developed by BAE Systems, the University of
|
||||
* Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
|
||||
* contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
|
||||
* Computing (TC) research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -53,6 +58,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sysent.h>
|
||||
#include <sys/acl.h>
|
||||
|
||||
#include <security/audit/audit.h>
|
||||
#include <security/mac/mac_framework.h>
|
||||
|
||||
CTASSERT(ACL_MAX_ENTRIES >= OLDACL_MAX_ENTRIES);
|
||||
@ -216,6 +222,7 @@ vacl_set_acl(struct thread *td, struct vnode *vp, acl_type_t type,
|
||||
struct mount *mp;
|
||||
int error;
|
||||
|
||||
AUDIT_ARG_VALUE(type);
|
||||
inkernelacl = acl_alloc(M_WAITOK);
|
||||
error = acl_copyin(aclp, inkernelacl, type);
|
||||
if (error != 0)
|
||||
@ -224,6 +231,7 @@ vacl_set_acl(struct thread *td, struct vnode *vp, acl_type_t type,
|
||||
if (error != 0)
|
||||
goto out;
|
||||
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
||||
AUDIT_ARG_VNODE1(vp);
|
||||
#ifdef MAC
|
||||
error = mac_vnode_check_setacl(td->td_ucred, vp, type, inkernelacl);
|
||||
if (error != 0)
|
||||
@ -251,8 +259,10 @@ vacl_get_acl(struct thread *td, struct vnode *vp, acl_type_t type,
|
||||
struct acl *inkernelacl;
|
||||
int error;
|
||||
|
||||
AUDIT_ARG_VALUE(type);
|
||||
inkernelacl = acl_alloc(M_WAITOK | M_ZERO);
|
||||
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
||||
AUDIT_ARG_VNODE1(vp);
|
||||
#ifdef MAC
|
||||
error = mac_vnode_check_getacl(td->td_ucred, vp, type);
|
||||
if (error != 0)
|
||||
@ -280,10 +290,12 @@ vacl_delete(struct thread *td, struct vnode *vp, acl_type_t type)
|
||||
struct mount *mp;
|
||||
int error;
|
||||
|
||||
AUDIT_ARG_VALUE(type);
|
||||
error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
||||
AUDIT_ARG_VNODE1(vp);
|
||||
#ifdef MAC
|
||||
error = mac_vnode_check_deleteacl(td->td_ucred, vp, type);
|
||||
if (error != 0)
|
||||
@ -300,6 +312,8 @@ vacl_delete(struct thread *td, struct vnode *vp, acl_type_t type)
|
||||
|
||||
/*
|
||||
* Given a vnode, check whether an ACL is appropriate for it
|
||||
*
|
||||
* XXXRW: No vnode lock held so can't audit vnode state...?
|
||||
*/
|
||||
static int
|
||||
vacl_aclcheck(struct thread *td, struct vnode *vp, acl_type_t type,
|
||||
@ -333,7 +347,8 @@ sys___acl_get_file(struct thread *td, struct __acl_get_file_args *uap)
|
||||
struct nameidata nd;
|
||||
int error;
|
||||
|
||||
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
|
||||
NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path,
|
||||
td);
|
||||
error = namei(&nd);
|
||||
if (error == 0) {
|
||||
error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
|
||||
@ -351,7 +366,8 @@ sys___acl_get_link(struct thread *td, struct __acl_get_link_args *uap)
|
||||
struct nameidata nd;
|
||||
int error;
|
||||
|
||||
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
|
||||
NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path,
|
||||
td);
|
||||
error = namei(&nd);
|
||||
if (error == 0) {
|
||||
error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
|
||||
@ -369,7 +385,8 @@ sys___acl_set_file(struct thread *td, struct __acl_set_file_args *uap)
|
||||
struct nameidata nd;
|
||||
int error;
|
||||
|
||||
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
|
||||
NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path,
|
||||
td);
|
||||
error = namei(&nd);
|
||||
if (error == 0) {
|
||||
error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
|
||||
@ -387,7 +404,8 @@ sys___acl_set_link(struct thread *td, struct __acl_set_link_args *uap)
|
||||
struct nameidata nd;
|
||||
int error;
|
||||
|
||||
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
|
||||
NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path,
|
||||
td);
|
||||
error = namei(&nd);
|
||||
if (error == 0) {
|
||||
error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
|
||||
@ -406,6 +424,7 @@ sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap)
|
||||
cap_rights_t rights;
|
||||
int error;
|
||||
|
||||
AUDIT_ARG_FD(uap->filedes);
|
||||
error = getvnode(td, uap->filedes,
|
||||
cap_rights_init(&rights, CAP_ACL_GET), &fp);
|
||||
if (error == 0) {
|
||||
@ -425,6 +444,7 @@ sys___acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap)
|
||||
cap_rights_t rights;
|
||||
int error;
|
||||
|
||||
AUDIT_ARG_FD(uap->filedes);
|
||||
error = getvnode(td, uap->filedes,
|
||||
cap_rights_init(&rights, CAP_ACL_SET), &fp);
|
||||
if (error == 0) {
|
||||
@ -480,6 +500,7 @@ sys___acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap)
|
||||
cap_rights_t rights;
|
||||
int error;
|
||||
|
||||
AUDIT_ARG_FD(uap->filedes);
|
||||
error = getvnode(td, uap->filedes,
|
||||
cap_rights_init(&rights, CAP_ACL_DELETE), &fp);
|
||||
if (error == 0) {
|
||||
@ -535,6 +556,7 @@ sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap)
|
||||
cap_rights_t rights;
|
||||
int error;
|
||||
|
||||
AUDIT_ARG_FD(uap->filedes);
|
||||
error = getvnode(td, uap->filedes,
|
||||
cap_rights_init(&rights, CAP_ACL_CHECK), &fp);
|
||||
if (error == 0) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user