close_range: add audit support
This fixes the closefrom test in sys/audit. Includes cherry-picks of the following commits from openbsm: https://github.com/openbsm/openbsm/commit/4dfc628aafe589d68848f7033f3d3488c4d979e0 https://github.com/openbsm/openbsm/commit/99ff6fe32aebc5a4b8d40d60062b8574697df557 https://github.com/openbsm/openbsm/commit/da48a0399e95448693d3fa2be48454ca564c1be8 Reviewed By: kevans Differential Revision: https://reviews.freebsd.org/D28388
This commit is contained in:
@@ -614,6 +614,8 @@
|
||||
43261:AUE_LGETUUID:lgetuuid(2):ip
|
||||
43262:AUE_EXECVEAT:execveat(2):pc,ex
|
||||
43263:AUE_SHMRENAME:shm_rename(2):ip
|
||||
43264:AUE_REALPATHAT:realpathat(2):fa
|
||||
43265:AUE_CLOSERANGE:close_range(2):cl
|
||||
#
|
||||
# Solaris userspace events.
|
||||
#
|
||||
|
||||
@@ -653,6 +653,8 @@
|
||||
#define AUE_LGETUUID 43261 /* CADETS. */
|
||||
#define AUE_EXECVEAT 43262 /* FreeBSD/Linux. */
|
||||
#define AUE_SHMRENAME 43263 /* FreeBSD-specific. */
|
||||
#define AUE_REALPATHAT 43264 /* FreeBSD-specific. */
|
||||
#define AUE_CLOSERANGE 43265 /* FreeBSD-specific. */
|
||||
|
||||
/*
|
||||
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
|
||||
|
||||
@@ -1422,6 +1422,10 @@ int
|
||||
sys_close_range(struct thread *td, struct close_range_args *uap)
|
||||
{
|
||||
|
||||
AUDIT_ARG_FD(uap->lowfd);
|
||||
AUDIT_ARG_CMD(uap->highfd);
|
||||
AUDIT_ARG_FFLAGS(uap->flags);
|
||||
|
||||
/* No flags currently defined */
|
||||
if (uap->flags != 0)
|
||||
return (EINVAL);
|
||||
|
||||
@@ -941,6 +941,21 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
|
||||
}
|
||||
break;
|
||||
|
||||
case AUE_CLOSERANGE:
|
||||
if (ARG_IS_VALID(kar, ARG_FD)) {
|
||||
tok = au_to_arg32(1, "lowfd", ar->ar_arg_fd);
|
||||
kau_write(rec, tok);
|
||||
}
|
||||
if (ARG_IS_VALID(kar, ARG_CMD)) {
|
||||
tok = au_to_arg32(2, "highfd", ar->ar_arg_cmd);
|
||||
kau_write(rec, tok);
|
||||
}
|
||||
if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
|
||||
tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
|
||||
kau_write(rec, tok);
|
||||
}
|
||||
break;
|
||||
|
||||
case AUE_CORE:
|
||||
if (ARG_IS_VALID(kar, ARG_SIGNUM)) {
|
||||
tok = au_to_arg32(1, "signal", ar->ar_arg_signum);
|
||||
|
||||
@@ -154,10 +154,10 @@ ATF_TC_HEAD(closefrom_success, tc)
|
||||
|
||||
ATF_TC_BODY(closefrom_success, tc)
|
||||
{
|
||||
const char *regex = "closefrom.*return,success";
|
||||
const char *regex = "close_range\\(2\\),.*,0x7fffffff,lowfd,.*"
|
||||
"0xffffffff,highfd,.*return,success";
|
||||
FILE *pipefd = setup(fds, auclass);
|
||||
|
||||
atf_tc_expect_fail("closefrom was converted to close_range");
|
||||
/* closefrom(2) returns 'void' */
|
||||
closefrom(INT_MAX);
|
||||
check_audit(fds, regex, pipefd);
|
||||
|
||||
Reference in New Issue
Block a user