Skip to content

Commit

Permalink
When handling msgsys(2), semsys(2), and shmsys(2) multiplex system ca…
Browse files Browse the repository at this point in the history
…lls,

map the 'which' argument into a suitable audit event identifier for the
specific operation requested.

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
Sponsored by:	DARPA, AFRL
  • Loading branch information
rwatson committed Mar 29, 2017
1 parent 255bba0 commit b783025
Show file tree
Hide file tree
Showing 8 changed files with 127 additions and 3 deletions.
3 changes: 3 additions & 0 deletions sys/kern/sysv_msg.c
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ __FBSDID("$FreeBSD$");
#include <sys/malloc.h>
#include <sys/jail.h>

#include <security/audit/audit.h>
#include <security/mac/mac_framework.h>

FEATURE(sysv_msg, "System V message queues support");
Expand Down Expand Up @@ -1639,6 +1640,7 @@ freebsd32_msgsys(struct thread *td, struct freebsd32_msgsys_args *uap)

#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
AUDIT_ARG_SVIPC_WHICH(uap->which);
switch (uap->which) {
case 0:
return (freebsd7_freebsd32_msgctl(td,
Expand Down Expand Up @@ -1810,6 +1812,7 @@ sys_msgsys(td, uap)
{
int error;

AUDIT_ARG_SVIPC_WHICH(uap->which);
if (uap->which < 0 || uap->which >= nitems(msgcalls))
return (EINVAL);
error = (*msgcalls[uap->which])(td, &uap->a2);
Expand Down
3 changes: 3 additions & 0 deletions sys/kern/sysv_sem.c
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ __FBSDID("$FreeBSD$");
#include <sys/malloc.h>
#include <sys/jail.h>

#include <security/audit/audit.h>
#include <security/mac/mac_framework.h>

FEATURE(sysv_sem, "System V semaphores support");
Expand Down Expand Up @@ -1692,6 +1693,7 @@ sys_semsys(td, uap)
{
int error;

AUDIT_ARG_SVIPC_WHICH(uap->which);
if (uap->which < 0 || uap->which >= nitems(semcalls))
return (EINVAL);
error = (*semcalls[uap->which])(td, &uap->a2);
Expand Down Expand Up @@ -1791,6 +1793,7 @@ freebsd32_semsys(struct thread *td, struct freebsd32_semsys_args *uap)

#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
AUDIT_ARG_SVIPC_WHICH(uap->which);
switch (uap->which) {
case 0:
return (freebsd7_freebsd32_semctl(td,
Expand Down
3 changes: 3 additions & 0 deletions sys/kern/sysv_shm.c
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ __FBSDID("$FreeBSD$");
#include <sys/sysproto.h>
#include <sys/jail.h>

#include <security/audit/audit.h>
#include <security/mac/mac_framework.h>

#include <vm/vm.h>
Expand Down Expand Up @@ -1300,6 +1301,7 @@ int
sys_shmsys(struct thread *td, struct shmsys_args *uap)
{

AUDIT_ARG_SVIPC_WHICH(uap->which);
if (uap->which < 0 || uap->which >= nitems(shmcalls))
return (EINVAL);
return ((*shmcalls[uap->which])(td, &uap->a2));
Expand All @@ -1315,6 +1317,7 @@ freebsd32_shmsys(struct thread *td, struct freebsd32_shmsys_args *uap)

#if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
AUDIT_ARG_SVIPC_WHICH(uap->which);
switch (uap->which) {
case 0: { /* shmat */
struct shmat_args ap;
Expand Down
20 changes: 19 additions & 1 deletion sys/security/audit/audit.c
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1999-2005 Apple Inc.
* Copyright (c) 2006-2007, 2016 Robert N. M. Watson
* Copyright (c) 2006-2007, 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* Portions of this software were developed by BAE Systems, the University of
Expand Down Expand Up @@ -472,6 +472,24 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
/* Convert the auditon() command to an event. */
ar->k_ar.ar_event = auditon_command_event(ar->k_ar.ar_arg_cmd);
break;

case AUE_MSGSYS:
if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH))
ar->k_ar.ar_event =
audit_msgsys_to_event(ar->k_ar.ar_arg_svipc_which);
break;

case AUE_SEMSYS:
if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH))
ar->k_ar.ar_event =
audit_semsys_to_event(ar->k_ar.ar_arg_svipc_which);
break;

case AUE_SHMSYS:
if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH))
ar->k_ar.ar_event =
audit_shmsys_to_event(ar->k_ar.ar_arg_svipc_which);
break;
}

auid = ar->k_ar.ar_subj_auid;
Expand Down
13 changes: 13 additions & 0 deletions sys/security/audit/audit.h
Original file line number Diff line number Diff line change
@@ -1,7 +1,13 @@
/*-
* Copyright (c) 1999-2005 Apple Inc.
* Copyright (c) 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* This software was developed by BAE Systems, the University of Cambridge
* Computer Laboratory, and Memorial University under DARPA/AFRL contract
* FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent Computing
* (TC) research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
Expand Down Expand Up @@ -109,6 +115,7 @@ void audit_arg_svipc_cmd(int cmd);
void audit_arg_svipc_perm(struct ipc_perm *perm);
void audit_arg_svipc_id(int id);
void audit_arg_svipc_addr(void *addr);
void audit_arg_svipc_which(int which);
void audit_arg_posix_ipc_perm(uid_t uid, gid_t gid, mode_t mode);
void audit_arg_auditon(union auditon_udata *udata);
void audit_arg_file(struct proc *p, struct file *fp);
Expand Down Expand Up @@ -282,6 +289,11 @@ void audit_thread_free(struct thread *td);
audit_arg_suid((suid)); \
} while (0)

#define AUDIT_ARG_SVIPC_WHICH(which) do { \
if (AUDITING_TD(curthread)) \
audit_arg_svipc_which((which)); \
} while (0)

#define AUDIT_ARG_TEXT(text) do { \
if (AUDITING_TD(curthread)) \
audit_arg_text((text)); \
Expand Down Expand Up @@ -373,6 +385,7 @@ void audit_thread_free(struct thread *td);
#define AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol)
#define AUDIT_ARG_SOCKADDR(td, dirfd, sa)
#define AUDIT_ARG_SUID(suid)
#define AUDIT_ARG_SVIPC_WHICH(which)
#define AUDIT_ARG_TEXT(text)
#define AUDIT_ARG_UID(uid)
#define AUDIT_ARG_UPATH1(td, dirfd, upath)
Expand Down
19 changes: 19 additions & 0 deletions sys/security/audit/audit_arg.c
Original file line number Diff line number Diff line change
@@ -1,7 +1,13 @@
/*-
* Copyright (c) 1999-2005 Apple Inc.
* Copyright (c) 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* Portions of this software were developed by BAE Systems, the University of
* Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
* contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
* Computing (TC) research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
Expand Down Expand Up @@ -615,6 +621,19 @@ audit_arg_svipc_addr(void * addr)
ARG_SET_VALID(ar, ARG_SVIPC_ADDR);
}

void
audit_arg_svipc_which(int which)
{
struct kaudit_record *ar;

ar = currecord();
if (ar == NULL)
return;

ar->k_ar.ar_arg_svipc_which = which;
ARG_SET_VALID(ar, ARG_SVIPC_WHICH);
}

void
audit_arg_posix_ipc_perm(uid_t uid, gid_t gid, mode_t mode)
{
Expand Down
62 changes: 61 additions & 1 deletion sys/security/audit/audit_bsm_klib.c
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* Copyright (c) 1999-2009 Apple Inc.
* Copyright (c) 2005, 2016 Robert N. M. Watson
* Copyright (c) 2005, 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* Portions of this software were developed by BAE Systems, the University of
Expand Down Expand Up @@ -141,6 +141,29 @@ static const struct aue_open_event aue_openat[] = {
{ (O_WRONLY | O_TRUNC), AUE_OPENAT_WT },
};

static const int aue_msgsys[] = {
/* 0 */ AUE_MSGCTL,
/* 1 */ AUE_MSGGET,
/* 2 */ AUE_MSGSND,
/* 3 */ AUE_MSGRCV,
};
static const int aue_msgsys_count = sizeof(aue_msgsys) / sizeof(int);

static const int aue_semsys[] = {
/* 0 */ AUE_SEMCTL,
/* 1 */ AUE_SEMGET,
/* 2 */ AUE_SEMOP,
};
static const int aue_semsys_count = sizeof(aue_semsys) / sizeof(int);

static const int aue_shmsys[] = {
/* 0 */ AUE_SHMAT,
/* 1 */ AUE_SHMDT,
/* 2 */ AUE_SHMGET,
/* 3 */ AUE_SHMCTL,
};
static const int aue_shmsys_count = sizeof(aue_shmsys) / sizeof(int);

/*
* Look up the class for an audit event in the class mapping table.
*/
Expand Down Expand Up @@ -554,6 +577,43 @@ audit_semctl_to_event(int cmd)
}
}

/*
* Convert msgsys(2), semsys(2), and shmsys(2) system-call variations into
* audit events, if possible.
*/
au_event_t
audit_msgsys_to_event(int which)
{

if ((which >= 0) && (which < aue_msgsys_count))
return (aue_msgsys[which]);

/* Audit a bad command. */
return (AUE_MSGSYS);
}

au_event_t
audit_semsys_to_event(int which)
{

if ((which >= 0) && (which < aue_semsys_count))
return (aue_semsys[which]);

/* Audit a bad command. */
return (AUE_SEMSYS);
}

au_event_t
audit_shmsys_to_event(int which)
{

if ((which >= 0) && (which < aue_shmsys_count))
return (aue_shmsys[which]);

/* Audit a bad command. */
return (AUE_SHMSYS);
}

/*
* Convert a command for the auditon() system call to a audit event.
*/
Expand Down
7 changes: 6 additions & 1 deletion sys/security/audit/audit_private.h
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,7 @@ struct audit_record {
struct vnode_au_info ar_arg_vnode1;
struct vnode_au_info ar_arg_vnode2;
int ar_arg_cmd;
int ar_arg_svipc_which;
int ar_arg_svipc_cmd;
struct ipc_perm ar_arg_svipc_perm;
int ar_arg_svipc_id;
Expand Down Expand Up @@ -303,6 +304,7 @@ struct audit_record {
#define ARG_ATFD2 0x0008000000000000ULL
#define ARG_RIGHTS 0x0010000000000000ULL
#define ARG_FCNTL_RIGHTS 0x0020000000000000ULL
#define ARG_SVIPC_WHICH 0x0200000000000000ULL
#define ARG_NONE 0x0000000000000000ULL
#define ARG_ALL 0xFFFFFFFFFFFFFFFFULL

Expand Down Expand Up @@ -463,7 +465,10 @@ au_event_t audit_ctlname_to_sysctlevent(int name[], uint64_t valid_arg);
au_event_t audit_flags_and_error_to_openevent(int oflags, int error);
au_event_t audit_flags_and_error_to_openatevent(int oflags, int error);
au_event_t audit_msgctl_to_event(int cmd);
au_event_t audit_semctl_to_event(int cmr);
au_event_t audit_msgsys_to_event(int which);
au_event_t audit_semctl_to_event(int cmd);
au_event_t audit_semsys_to_event(int which);
au_event_t audit_shmsys_to_event(int which);
void audit_canon_path(struct thread *td, int dirfd, char *path,
char *cpath);
au_event_t auditon_command_event(int cmd);
Expand Down

0 comments on commit b783025

Please sign in to comment.