From 4aa265458629d6dd79ed4523932cf2a575a7cad0 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Wed, 1 Jul 2009 18:54:49 +0000
Subject: [PATCH] Define missing audit argument macro AUDIT_ARG_SOCKET(), and
 capture the domain, type, and protocol arguments to socket(2) and
 socketpair(2).

Approved by:	re (audit argument blanket)
MFC after:	3 days
---
 sys/kern/uipc_syscalls.c   | 3 +++
 sys/security/audit/audit.h | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index f40f48b8b392..80613f0f7950 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -70,6 +70,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/ktrace.h>
 #endif
 
+#include <security/audit/audit.h>
 #include <security/mac/mac_framework.h>
 
 #include <vm/vm.h>
@@ -161,6 +162,7 @@ socket(td, uap)
 	struct file *fp;
 	int fd, error;
 
+	AUDIT_ARG_SOCKET(uap->domain, uap->type, uap->protocol);
 #ifdef MAC
 	error = mac_socket_check_create(td->td_ucred, uap->domain, uap->type,
 	    uap->protocol);
@@ -586,6 +588,7 @@ kern_socketpair(struct thread *td, int domain, int type, int protocol,
 	struct socket *so1, *so2;
 	int fd, error;
 
+	AUDIT_ARG_SOCKET(domain, type, protocol);
 #ifdef MAC
 	/* We might want to have a separate check for socket pairs. */
 	error = mac_socket_check_create(td->td_ucred, domain, type,
diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h
index e94121dac161..582cc242cfb6 100644
--- a/sys/security/audit/audit.h
+++ b/sys/security/audit/audit.h
@@ -297,6 +297,11 @@ void	 audit_thread_free(struct thread *td);
 		audit_arg_sgid((sgid));					\
 } while (0)
 
+#define	AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol) do {		\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_socket((sodomain), (sotype), (soprotocol));	\
+} while (0)
+
 #define	AUDIT_ARG_SUID(suid) do {					\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_suid((suid));					\
@@ -375,6 +380,7 @@ void	 audit_thread_free(struct thread *td);
 #define	AUDIT_ARG_RUID(ruid)
 #define	AUDIT_ARG_SIGNUM(signum)
 #define	AUDIT_ARG_SGID(sgid)
+#define	AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol)
 #define	AUDIT_ARG_SUID(suid)
 #define	AUDIT_ARG_TEXT(text)
 #define	AUDIT_ARG_UID(uid)