For access(2) and eaccess(2), audit the requested access mode.

Approved by: re (audit argument blanket) MFC after: 3 days
2009-07-01 22:47:45 +00:00 · 2009-07-01 22:47:45 +00:00 · 0dd7c48b8f
commit 0dd7c48b8f
parent dcdba7b2e3
2 changed files with 10 additions and 2 deletions
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -2133,6 +2133,7 @@ kern_accessat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
 		td->td_ucred = tmpcred;
 	} else
 		cred = tmpcred = td->td_ucred;
+	AUDIT_ARG_VALUE(mode);
 	NDINIT_AT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | MPSAFE |
 	    AUDITVNODE1, pathseg, path, fd, td);
 	if ((error = namei(&nd)) != 0)
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@ -706,10 +706,8 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		}
 		/* FALLTHROUGH */

-	case AUE_ACCESS:
 	case AUE_CHDIR:
 	case AUE_CHROOT:
-	case AUE_EACCESS:
 	case AUE_GETATTRLIST:
 	case AUE_JAIL:
 	case AUE_LUTIMES:
@ -732,6 +730,15 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		UPATH1_VNODE1_TOKENS;
 		break;

+	case AUE_ACCESS:
+	case AUE_EACCESS:
+		UPATH1_VNODE1_TOKENS;
+		if (ARG_IS_VALID(kar, ARG_VALUE)) {
+			tok = au_to_arg32(1, "mode", ar->ar_arg_value);
+			kau_write(rec, tok);
+		}
+		break;
+
 	case AUE_FHSTATFS:
 	case AUE_FHOPEN:
 	case AUE_FHSTAT: