From 12395dc9f6bfd1e40ac41ef8fb6af966ad647a2e Mon Sep 17 00:00:00 2001 From: Alan Somers Date: Sun, 22 Jul 2018 14:11:52 +0000 Subject: [PATCH] Fix audit of chflagsat, lgetfh, and setfib These syscalls were always supposed to have been auditted, but due to oversights never were. PR: 228374 Reported by: aniketp Reviewed by: aniketp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D16388 --- sys/security/audit/audit_bsm.c | 3 +++ tests/sys/audit/file-attribute-access.c | 6 ------ tests/sys/audit/file-attribute-modify.c | 6 ------ tests/sys/audit/network.c | 6 ------ 4 files changed, 3 insertions(+), 18 deletions(-) diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index 8f3d4a96bcc5..fa5589bd2f56 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -770,6 +770,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) case AUE_PROFILE: case AUE_RTPRIO: case AUE_SEMSYS: + case AUE_SETFIB: case AUE_SHMSYS: case AUE_SETPGRP: case AUE_SETRLIMIT: @@ -810,6 +811,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) case AUE_JAIL: case AUE_LUTIMES: case AUE_NFS_GETFH: + case AUE_LGETFH: case AUE_LSTAT: case AUE_LPATHCONF: case AUE_PATHCONF: @@ -851,6 +853,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) case AUE_CHFLAGS: case AUE_LCHFLAGS: + case AUE_CHFLAGSAT: if (ARG_IS_VALID(kar, ARG_FFLAGS)) { tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); kau_write(rec, tok); diff --git a/tests/sys/audit/file-attribute-access.c b/tests/sys/audit/file-attribute-access.c index 2ddfd919d288..016d5772b933 100644 --- a/tests/sys/audit/file-attribute-access.c +++ b/tests/sys/audit/file-attribute-access.c @@ -383,9 +383,6 @@ ATF_TC_HEAD(lgetfh_success, tc) ATF_TC_BODY(lgetfh_success, tc) { - /* BSM conversion requested for unknown event 43061 */ - atf_tc_expect_fail("PR 228374: lgetfh(2) does not get audited in success mode"); - /* Symbolic link needs to exist to get a file-handle */ ATF_REQUIRE_EQ(0, symlink("symlink", path)); const char *regex = "lgetfh.*return,success"; @@ -409,9 +406,6 @@ ATF_TC_HEAD(lgetfh_failure, tc) ATF_TC_BODY(lgetfh_failure, tc) { - /* BSM conversion requested for unknown event 43061 */ - atf_tc_expect_fail("PR 228374: lgetfh(2) does not get audited in failure mode"); - const char *regex = "lgetfh.*return,failure"; FILE *pipefd = setup(fds, "fa"); /* Failure reason: symbolic link does not exist */ diff --git a/tests/sys/audit/file-attribute-modify.c b/tests/sys/audit/file-attribute-modify.c index 786788e0d92d..1701b6add7eb 100644 --- a/tests/sys/audit/file-attribute-modify.c +++ b/tests/sys/audit/file-attribute-modify.c @@ -701,9 +701,6 @@ ATF_TC_HEAD(chflagsat_success, tc) ATF_TC_BODY(chflagsat_success, tc) { - /* BSM conversion requested for unknown event 43209 */ - atf_tc_expect_fail("PR 228374: chflagsat(2) does not get audited in success mode"); - /* File needs to exist to call chflagsat(2) */ ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1); FILE *pipefd = setup(fds, auclass); @@ -727,9 +724,6 @@ ATF_TC_HEAD(chflagsat_failure, tc) ATF_TC_BODY(chflagsat_failure, tc) { - /* BSM conversion requested for unknown event 43209 */ - atf_tc_expect_fail("PR 228374: chflagsat(2) does not get audited in failure mode"); - FILE *pipefd = setup(fds, auclass); /* Failure reason: file does not exist */ ATF_REQUIRE_EQ(-1, chflagsat(AT_FDCWD, errpath, SF_IMMUTABLE, 0)); diff --git a/tests/sys/audit/network.c b/tests/sys/audit/network.c index 784e7d67f1f5..2958869cd30c 100644 --- a/tests/sys/audit/network.c +++ b/tests/sys/audit/network.c @@ -1097,9 +1097,6 @@ ATF_TC_HEAD(setfib_success, tc) ATF_TC_BODY(setfib_success, tc) { - /* BSM conversion requested for unknown event 43228 */ - atf_tc_expect_fail("PR 228374: setfib(2) does not get audited in success mode"); - pid = getpid(); snprintf(extregex, sizeof(extregex), "setfib.*%d.*return,success", pid); @@ -1123,9 +1120,6 @@ ATF_TC_HEAD(setfib_failure, tc) ATF_TC_BODY(setfib_failure, tc) { - /* BSM conversion requested for unknown event 43228 */ - atf_tc_expect_fail("PR 228374: setfib(2) does not get audited in failure mode"); - pid = getpid(); snprintf(extregex, sizeof(extregex), "setfib.*%d.*return,failure", pid);