Add new fields to process-related data structures:

- td_ar to struct thread, which holds the in-progress audit record during a system call. - p_au to struct proc, which holds per-process audit state, such as the audit identifier, audit terminal, and process audit masks. In the earlier implementation, td_ar was added to the zero'd section of struct thread. In order to facilitate merging to RELENG_6, it has been moved to the end of the data structure, requiring explicit initalization in the thread constructor. Much help from: wsalamon Obtained from: TrustedBSD Project
svn path=/head/; revision=155195
2024-10-18 06:14:27 +00:00 · 2006-02-02 00:37:05 +00:00 · 2006-02-02 00:37:05 +00:00 · 911b84b08d · 2020-12-20 02:59:44 +00:00
parent 07881ef960
commit 911b84b08d
4 changed files with 21 additions and 0 deletions
--- a/sys/kern/kern_thread.c
+++ b/sys/kern/kern_thread.c
@ -43,6 +43,8 @@ __FBSDID("$FreeBSD$");
 #include <sys/ktr.h>
 #include <sys/umtx.h>

+#include <security/audit/audit.h>
+
 #include <vm/vm.h>
 #include <vm/vm_extern.h>
 #include <vm/uma.h>
@ -133,6 +135,10 @@ thread_ctor(void *mem, int size, void *arg, int flags)
 	 * next thread.
 	 */
 	td->td_critnest = 1;
+
+#ifdef AUDIT
+	audit_thread_alloc(td);
+#endif
 	return (0);
 }

--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@ -1015,6 +1015,16 @@ audit_proc_alloc(struct proc *p)
 	//printf("audit_proc_alloc: pid %d p_au %p\n", p->p_pid, p->p_au);
 }

+/*
+ * Allocate storage for a new thread.
+ */
+void
+audit_thread_alloc(struct thread *td)
+{
+
+	td->td_ar = NULL;
+}
+
 /* 
 * Initialize the audit information for the a process, presumably the first 
 * process in the system.
--- a/sys/security/audit/audit.h
+++ b/sys/security/audit/audit.h
@ -180,6 +180,7 @@ void			 audit_proc_init(struct proc *p);
 void			 audit_proc_fork(struct proc *parent, 
 					 struct proc *child);
 void			 audit_proc_free(struct proc *p);
+void			 audit_thread_alloc(struct thread *td);

 /*
 * Define a macro to wrap the audit_arg_* calls by checking the global
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@ -150,6 +150,8 @@ struct pargs {
 * either lock is sufficient for read access, but both locks must be held
 * for write access.
 */
+struct auditinfo;
+struct kaudit_record;
 struct kg_sched;
 struct nlminfo;
 struct kaioinfo;
@ -325,6 +327,7 @@ struct thread {
 	volatile u_int	td_critnest;	/* (k*) Critical section nest level. */
 	struct mdthread td_md;		/* (k) Any machine-dependent fields. */
 	struct td_sched	*td_sched;	/* (*) Scheduler-specific data. */
+	struct kaudit_record	*td_ar;	/* (k) Active audit record, if any. */
 };

 /*
@ -613,6 +616,7 @@ struct proc {
 	struct p_sched	*p_sched;	/* (*) Scheduler-specific data. */
 	STAILQ_HEAD(, ktr_request)	p_ktr;	/* (o) KTR event queue. */
 	LIST_HEAD(, mqueue_notifier)	p_mqnotifier; /* (c) mqueue notifiers.*/
+	struct auditinfo	*p_au;	/* (c) Process audit properties. */
 };

 #define	p_session	p_pgrp->pg_session