diff --git a/sys/kern/sysv_msg.c b/sys/kern/sysv_msg.c index d7a50f856890..80102fa25742 100644 --- a/sys/kern/sysv_msg.c +++ b/sys/kern/sysv_msg.c @@ -18,6 +18,7 @@ */ /*- * Copyright (c) 2003-2005 McAfee, Inc. + * Copyright (c) 2016-2017 Robert N. M. Watson * All rights reserved. * * This software was developed for the FreeBSD Project in part by McAfee @@ -25,6 +26,11 @@ * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research * program. * + * Portions of this software were developed by BAE Systems, the University of + * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL + * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent + * Computing (TC) research program. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -508,6 +514,8 @@ kern_msgctl(td, msqid, cmd, msqbuf) if (rpr == NULL) return (ENOSYS); + AUDIT_ARG_SVIPC_CMD(cmd); + AUDIT_ARG_SVIPC_ID(msqid); msqix = IPCID_TO_IX(msqid); if (msqix < 0 || msqix >= msginfo.msgmni) { @@ -579,6 +587,7 @@ kern_msgctl(td, msqid, cmd, msqbuf) break; case IPC_SET: + AUDIT_ARG_SVIPC_PERM(&msqbuf->msg_perm); if ((error = ipcperm(td, &msqkptr->u.msg_perm, IPC_M))) goto done2; if (msqbuf->msg_qbytes > msqkptr->u.msg_qbytes) { @@ -667,6 +676,8 @@ sys_msgget(td, uap) error = EEXIST; goto done2; } + AUDIT_ARG_SVIPC_ID(IXSEQ_TO_IPCID(msqid, + msqkptr->u.msg_perm)); if ((error = ipcperm(td, &msqkptr->u.msg_perm, msgflg & 0700))) { DPRINTF(("requester doesn't have 0%o access\n", @@ -735,6 +746,7 @@ sys_msgget(td, uap) #ifdef MAC mac_sysvmsq_create(cred, msqkptr); #endif + AUDIT_ARG_SVIPC_PERM(&msqkptr->u.msg_perm); } else { DPRINTF(("didn't find it and wasn't asked to create it\n")); error = ENOENT; @@ -780,6 +792,7 @@ kern_msgsnd(td, msqid, msgp, msgsz, msgflg, mtype) return (ENOSYS); mtx_lock(&msq_mtx); + AUDIT_ARG_SVIPC_ID(msqid); msqix = IPCID_TO_IX(msqid); if (msqix < 0 || msqix >= msginfo.msgmni) { @@ -790,6 +803,7 @@ kern_msgsnd(td, msqid, msgp, msgsz, msgflg, mtype) } msqkptr = &msqids[msqix]; + AUDIT_ARG_SVIPC_PERM(&msqkptr->u.msg_perm); if (msqkptr->u.msg_qbytes == 0) { DPRINTF(("no such message queue id\n")); error = EINVAL; @@ -1152,6 +1166,7 @@ kern_msgrcv(td, msqid, msgp, msgsz, msgtyp, msgflg, mtype) if (rpr == NULL) return (ENOSYS); + AUDIT_ARG_SVIPC_ID(msqid); msqix = IPCID_TO_IX(msqid); if (msqix < 0 || msqix >= msginfo.msgmni) { @@ -1162,6 +1177,7 @@ kern_msgrcv(td, msqid, msgp, msgsz, msgtyp, msgflg, mtype) msqkptr = &msqids[msqix]; mtx_lock(&msq_mtx); + AUDIT_ARG_SVIPC_PERM(&msqkptr->u.msg_perm); if (msqkptr->u.msg_qbytes == 0) { DPRINTF(("no such message queue id\n")); error = EINVAL; diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c index 464a41c72ae0..60688960e24e 100644 --- a/sys/kern/sysv_sem.c +++ b/sys/kern/sysv_sem.c @@ -7,6 +7,7 @@ */ /*- * Copyright (c) 2003-2005 McAfee, Inc. + * Copyright (c) 2016-2017 Robert N. M. Watson * All rights reserved. * * This software was developed for the FreeBSD Project in part by McAfee @@ -14,6 +15,11 @@ * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research * program. * + * Portions of this software were developed by BAE Systems, the University of + * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL + * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent + * Computing (TC) research program. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -691,6 +697,9 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd, DPRINTF(("call to semctl(%d, %d, %d, 0x%p)\n", semid, semnum, cmd, arg)); + AUDIT_ARG_SVIPC_CMD(cmd); + AUDIT_ARG_SVIPC_ID(semid); + rpr = sem_find_prison(td->td_ucred); if (sem == NULL) return (ENOSYS); @@ -758,6 +767,7 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd, break; case IPC_SET: + AUDIT_ARG_SVIPC_PERM(&arg->buf->sem_perm); if ((error = semvalid(semid, rpr, semakptr)) != 0) goto done2; if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_M))) @@ -948,6 +958,8 @@ sys_semget(struct thread *td, struct semget_args *uap) DPRINTF(("semget(0x%x, %d, 0%o)\n", key, nsems, semflg)); + AUDIT_ARG_VALUE(semflg); + if (sem_find_prison(cred) == NULL) return (ENOSYS); @@ -961,6 +973,7 @@ sys_semget(struct thread *td, struct semget_args *uap) break; } if (semid < seminfo.semmni) { + AUDIT_ARG_SVIPC_ID(semid); DPRINTF(("found public key\n")); if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) { DPRINTF(("not exclusive\n")); @@ -1090,6 +1103,8 @@ sys_semop(struct thread *td, struct semop_args *uap) #endif DPRINTF(("call to semop(%d, %p, %u)\n", semid, sops, nsops)); + AUDIT_ARG_SVIPC_ID(semid); + rpr = sem_find_prison(td->td_ucred); if (sem == NULL) return (ENOSYS); diff --git a/sys/kern/sysv_shm.c b/sys/kern/sysv_shm.c index b7e566f72a6c..db7c4771c289 100644 --- a/sys/kern/sysv_shm.c +++ b/sys/kern/sysv_shm.c @@ -30,6 +30,7 @@ */ /*- * Copyright (c) 2003-2005 McAfee, Inc. + * Copyright (c) 2016-2017 Robert N. M. Watson * All rights reserved. * * This software was developed for the FreeBSD Project in part by McAfee @@ -37,6 +38,11 @@ * contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research * program. * + * Portions of this software were developed by BAE Systems, the University of + * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL + * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent + * Computing (TC) research program. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -324,8 +330,10 @@ kern_shmdt_locked(struct thread *td, const void *shmaddr) { struct proc *p = td->td_proc; struct shmmap_state *shmmap_s; -#ifdef MAC +#if defined(AUDIT) || defined(MAC) struct shmid_kernel *shmsegptr; +#endif +#ifdef MAC int error; #endif int i; @@ -336,6 +344,7 @@ kern_shmdt_locked(struct thread *td, const void *shmaddr) shmmap_s = p->p_vmspace->vm_shm; if (shmmap_s == NULL) return (EINVAL); + AUDIT_ARG_SVIPC_ID(shmmap_s->shmid); for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) { if (shmmap_s->shmid != -1 && shmmap_s->va == (vm_offset_t)shmaddr) { @@ -344,8 +353,10 @@ kern_shmdt_locked(struct thread *td, const void *shmaddr) } if (i == shminfo.shmseg) return (EINVAL); -#ifdef MAC +#if (defined(AUDIT) && defined(KDTRACE_HOOKS)) || defined(MAC) shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)]; +#endif +#ifdef MAC error = mac_sysvshm_check_shmdt(td->td_ucred, shmsegptr); if (error != 0) return (error); @@ -382,6 +393,9 @@ kern_shmat_locked(struct thread *td, int shmid, const void *shmaddr, vm_size_t size; int error, i, rv; + AUDIT_ARG_SVIPC_ID(shmid); + AUDIT_ARG_VALUE(shmflg); + SYSVSHM_ASSERT_LOCKED(); rpr = shm_find_prison(td->td_ucred); if (rpr == NULL) @@ -493,6 +507,9 @@ kern_shmctl_locked(struct thread *td, int shmid, int cmd, void *buf, if (rpr == NULL) return (ENOSYS); + AUDIT_ARG_SVIPC_ID(shmid); + AUDIT_ARG_SVIPC_CMD(cmd); + switch (cmd) { /* * It is possible that kern_shmctl is being called from the Linux ABI @@ -550,6 +567,7 @@ kern_shmctl_locked(struct thread *td, int shmid, int cmd, void *buf, break; case IPC_SET: shmidp = (struct shmid_ds *)buf; + AUDIT_ARG_SVIPC_PERM(&shmidp->shm_perm); error = ipcperm(td, &shmseg->u.shm_perm, IPC_M); if (error != 0) return (error); diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h index 13009f26767a..181fc725f76d 100644 --- a/sys/security/audit/audit.h +++ b/sys/security/audit/audit.h @@ -239,6 +239,11 @@ void audit_thread_free(struct thread *td); audit_arg_pid((pid)); \ } while (0) +#define AUDIT_ARG_POSIX_IPC_PERM(uid, gid, mode) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_posix_ipc_perm((uid), (gid), (mod)); \ +} while (0) + #define AUDIT_ARG_PROCESS(p) do { \ if (AUDITING_TD(curthread)) \ audit_arg_process((p)); \ @@ -289,6 +294,26 @@ void audit_thread_free(struct thread *td); audit_arg_suid((suid)); \ } while (0) +#define AUDIT_ARG_SVIPC_CMD(cmd) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_svipc_cmd((cmd)); \ +} while (0) + +#define AUDIT_ARG_SVIPC_PERM(perm) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_svipc_perm((perm)); \ +} while (0) + +#define AUDIT_ARG_SVIPC_ID(id) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_svipc_id((id)); \ +} while (0) + +#define AUDIT_ARG_SVIPC_ADDR(addr) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_svipc_addr((addr)); \ +} while (0) + #define AUDIT_ARG_SVIPC_WHICH(which) do { \ if (AUDITING_TD(curthread)) \ audit_arg_svipc_which((which)); \ @@ -375,6 +400,7 @@ void audit_thread_free(struct thread *td); #define AUDIT_ARG_MODE(mode) #define AUDIT_ARG_OWNER(uid, gid) #define AUDIT_ARG_PID(pid) +#define AUDIT_ARG_POSIX_IPC_PERM(uid, gid, mode) #define AUDIT_ARG_PROCESS(p) #define AUDIT_ARG_RGID(rgid) #define AUDIT_ARG_RIGHTS(rights) @@ -385,6 +411,10 @@ void audit_thread_free(struct thread *td); #define AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol) #define AUDIT_ARG_SOCKADDR(td, dirfd, sa) #define AUDIT_ARG_SUID(suid) +#define AUDIT_ARG_SVIPC_CMD(cmd) +#define AUDIT_ARG_SVIPC_PERM(perm) +#define AUDIT_ARG_SVIPC_ID(id) +#define AUDIT_ARG_SVIPC_ADDR(addr) #define AUDIT_ARG_SVIPC_WHICH(which) #define AUDIT_ARG_TEXT(text) #define AUDIT_ARG_UID(uid)