Author: rwatson
Date: Sun Jul 10 13:42:33 2016
New Revision: 302525
URL: https://svnweb.freebsd.org/changeset/base/302525
Log:
Do allow auditing of read(2) and write(2) system calls, by assigning
those system calls audit event identifiers AUE_READ and AUE_WRITE.
While auditing file-descriptor I/O is not required by the Common
Criteria, in practice this proves useful for both live and forensic
analysis.
NB: freebsd32 already assigns AUE_READ and AUE_WRITE to read(2) and
write(2).
MFC after: 3 days
Sponsored by: DARPA, AFRL
Modified:
head/sys/kern/init_sysent.c
head/sys/kern/syscalls.master
head/sys/sys/sysproto.h
Modified: head/sys/kern/init_sysent.c
==============================================================================
--- head/sys/kern/init_sysent.c Sun Jul 10 11:49:10 2016 (r302524)
+++ head/sys/kern/init_sysent.c Sun Jul 10 13:42:33 2016 (r302525)
@@ -49,8 +49,8 @@ struct sysent sysent[] = {
{ 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },
/* 0 = syscall */
{ AS(sys_exit_args), (sy_call_t *)sys_sys_exit, AUE_EXIT, NULL, 0, 0,
SYF_CAPENABLED, SY_THR_STATIC }, /* 1 = exit */
{ 0, (sy_call_t *)sys_fork, AUE_FORK, NULL, 0, 0, SYF_CAPENABLED,
SY_THR_STATIC }, /* 2 = fork */
- { AS(read_args), (sy_call_t *)sys_read, AUE_NULL, NULL, 0, 0,
SYF_CAPENABLED, SY_THR_STATIC }, /* 3 = read */
- { AS(write_args), (sy_call_t *)sys_write, AUE_NULL, NULL, 0, 0,
SYF_CAPENABLED, SY_THR_STATIC }, /* 4 = write */
+ { AS(read_args), (sy_call_t *)sys_read, AUE_READ, NULL, 0, 0,
SYF_CAPENABLED, SY_THR_STATIC }, /* 3 = read */
+ { AS(write_args), (sy_call_t *)sys_write, AUE_WRITE, NULL, 0, 0,
SYF_CAPENABLED, SY_THR_STATIC }, /* 4 = write */
{ AS(open_args), (sy_call_t *)sys_open, AUE_OPEN_RWTC, NULL, 0, 0,
SYF_CAPENABLED, SY_THR_STATIC }, /* 5 = open */
{ AS(close_args), (sy_call_t *)sys_close, AUE_CLOSE, NULL, 0, 0,
SYF_CAPENABLED, SY_THR_STATIC }, /* 6 = close */
{ AS(wait4_args), (sy_call_t *)sys_wait4, AUE_WAIT4, NULL, 0, 0, 0,
SY_THR_STATIC }, /* 7 = wait4 */
Modified: head/sys/kern/syscalls.master
==============================================================================
--- head/sys/kern/syscalls.master Sun Jul 10 11:49:10 2016
(r302524)
+++ head/sys/kern/syscalls.master Sun Jul 10 13:42:33 2016
(r302525)
@@ -62,9 +62,9 @@
1 AUE_EXIT STD { void sys_exit(int rval); } exit \
sys_exit_args void
2 AUE_FORK STD { int fork(void); }
-3 AUE_NULL STD { ssize_t read(int fd, void *buf, \
+3 AUE_READ STD { ssize_t read(int fd, void *buf, \
size_t nbyte); }
-4 AUE_NULL STD { ssize_t write(int fd, const void *buf, \
+4 AUE_WRITE STD { ssize_t write(int fd, const void *buf, \
size_t nbyte); }
5 AUE_OPEN_RWTC STD { int open(char *path, int flags, int mode); }
; XXX should be { int open(const char *path, int flags, ...); }
Modified: head/sys/sys/sysproto.h
==============================================================================
--- head/sys/sys/sysproto.h Sun Jul 10 11:49:10 2016 (r302524)
+++ head/sys/sys/sysproto.h Sun Jul 10 13:42:33 2016 (r302525)
@@ -2508,8 +2508,8 @@ int freebsd10_pipe(struct thread *, stru
#define SYS_AUE_syscall AUE_NULL
#define SYS_AUE_exit AUE_EXIT
#define SYS_AUE_fork AUE_FORK
-#define SYS_AUE_read AUE_NULL
-#define SYS_AUE_write AUE_NULL
+#define SYS_AUE_read AUE_READ
+#define SYS_AUE_write AUE_WRITE
#define SYS_AUE_open AUE_OPEN_RWTC
#define SYS_AUE_close AUE_CLOSE
#define SYS_AUE_wait4 AUE_WAIT4
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
