1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * This file contains the audit event table used to control the production 31 * of audit records for each system call. 32 */ 33 34 #include <sys/policy.h> 35 #include <sys/cred.h> 36 #include <sys/types.h> 37 #include <sys/systm.h> 38 #include <sys/systeminfo.h> /* for sysinfo auditing */ 39 #include <sys/utsname.h> /* for sysinfo auditing */ 40 #include <sys/proc.h> 41 #include <sys/vnode.h> 42 #include <sys/mman.h> /* for mmap(2) auditing etc. */ 43 #include <sys/fcntl.h> 44 #include <sys/modctl.h> /* for modctl auditing */ 45 #include <sys/vnode.h> 46 #include <sys/user.h> 47 #include <sys/types.h> 48 #include <sys/processor.h> 49 #include <sys/procset.h> 50 #include <sys/acl.h> 51 #include <sys/ipc.h> 52 #include <sys/door.h> 53 #include <sys/sem.h> 54 #include <sys/msg.h> 55 #include <sys/shm.h> 56 #include <sys/kmem.h> 57 #include <sys/file.h> /* for accept */ 58 #include <sys/utssys.h> /* for fuser */ 59 #include <sys/tsol/label.h> 60 #include <sys/tsol/tndb.h> 61 #include <sys/tsol/tsyscall.h> 62 #include <c2/audit.h> 63 #include <c2/audit_kernel.h> 64 #include <c2/audit_kevents.h> 65 #include <c2/audit_record.h> 66 #include <sys/procset.h> 67 #include <nfs/mount.h> 68 #include <sys/param.h> 69 #include <sys/debug.h> 70 #include <sys/sysmacros.h> 71 #include <sys/stream.h> 72 #include <sys/strsubr.h> 73 #include <sys/stropts.h> 74 #include <sys/tihdr.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <netinet/in.h> 78 #include <sys/ddi.h> 79 #include <sys/port_impl.h> 80 81 82 int au_naevent; 83 char _depends_on[] = "fs/sockfs"; 84 85 static au_event_t aui_open(au_event_t); 86 static au_event_t aui_fsat(au_event_t); 87 static au_event_t aui_msgsys(au_event_t); 88 static au_event_t aui_shmsys(au_event_t); 89 static au_event_t aui_semsys(au_event_t); 90 static au_event_t aui_utssys(au_event_t); 91 static au_event_t aui_fcntl(au_event_t); 92 static au_event_t aui_execv(au_event_t); 93 static au_event_t aui_execve(au_event_t); 94 static au_event_t aui_memcntl(au_event_t); 95 static au_event_t aui_sysinfo(au_event_t); 96 static au_event_t aui_portfs(au_event_t); 97 static au_event_t aui_auditsys(au_event_t); 98 static au_event_t aui_modctl(au_event_t); 99 static au_event_t aui_acl(au_event_t); 100 static au_event_t aui_doorfs(au_event_t); 101 static au_event_t aui_privsys(au_event_t); 102 static au_event_t aui_forksys(au_event_t); 103 static au_event_t aui_labelsys(au_event_t); 104 105 static void aus_open(struct t_audit_data *); 106 static void aus_acl(struct t_audit_data *); 107 static void aus_acct(struct t_audit_data *); 108 static void aus_chown(struct t_audit_data *); 109 static void aus_fchown(struct t_audit_data *); 110 static void aus_lchown(struct t_audit_data *); 111 static void aus_chmod(struct t_audit_data *); 112 static void aus_facl(struct t_audit_data *); 113 static void aus_fchmod(struct t_audit_data *); 114 static void aus_fcntl(struct t_audit_data *); 115 static void aus_fsat(struct t_audit_data *); 116 static void aus_mkdir(struct t_audit_data *); 117 static void aus_mknod(struct t_audit_data *); 118 static void aus_mount(struct t_audit_data *); 119 static void aus_umount(struct t_audit_data *); 120 static void aus_umount2(struct t_audit_data *); 121 static void aus_msgsys(struct t_audit_data *); 122 static void aus_semsys(struct t_audit_data *); 123 static void aus_close(struct t_audit_data *); 124 static void aus_fstatfs(struct t_audit_data *); 125 static void aus_setgid(struct t_audit_data *); 126 static void aus_setuid(struct t_audit_data *); 127 static void aus_shmsys(struct t_audit_data *); 128 static void aus_doorfs(struct t_audit_data *); 129 static void aus_ioctl(struct t_audit_data *); 130 static void aus_memcntl(struct t_audit_data *); 131 static void aus_mmap(struct t_audit_data *); 132 static void aus_munmap(struct t_audit_data *); 133 static void aus_priocntlsys(struct t_audit_data *); 134 static void aus_setegid(struct t_audit_data *); 135 static void aus_setgroups(struct t_audit_data *); 136 static void aus_seteuid(struct t_audit_data *); 137 static void aus_putmsg(struct t_audit_data *); 138 static void aus_putpmsg(struct t_audit_data *); 139 static void aus_getmsg(struct t_audit_data *); 140 static void aus_getpmsg(struct t_audit_data *); 141 static void aus_auditsys(struct t_audit_data *); 142 static void aus_sysinfo(struct t_audit_data *); 143 static void aus_modctl(struct t_audit_data *); 144 static void aus_kill(struct t_audit_data *); 145 static void aus_xmknod(struct t_audit_data *); 146 static void aus_setregid(struct t_audit_data *); 147 static void aus_setreuid(struct t_audit_data *); 148 static void aus_labelsys(struct t_audit_data *); 149 150 static void auf_mknod(struct t_audit_data *, int, rval_t *); 151 static void auf_msgsys(struct t_audit_data *, int, rval_t *); 152 static void auf_semsys(struct t_audit_data *, int, rval_t *); 153 static void auf_shmsys(struct t_audit_data *, int, rval_t *); 154 static void auf_xmknod(struct t_audit_data *, int, rval_t *); 155 static void auf_read(struct t_audit_data *, int, rval_t *); 156 static void auf_write(struct t_audit_data *, int, rval_t *); 157 158 static void aus_sigqueue(struct t_audit_data *); 159 static void aus_p_online(struct t_audit_data *); 160 static void aus_processor_bind(struct t_audit_data *); 161 static void aus_inst_sync(struct t_audit_data *); 162 static void aus_brandsys(struct t_audit_data *); 163 164 static void auf_accept(struct t_audit_data *, int, rval_t *); 165 166 static void auf_bind(struct t_audit_data *, int, rval_t *); 167 static void auf_connect(struct t_audit_data *, int, rval_t *); 168 static void aus_shutdown(struct t_audit_data *); 169 static void auf_setsockopt(struct t_audit_data *, int, rval_t *); 170 static void aus_sockconfig(struct t_audit_data *); 171 static void auf_recv(struct t_audit_data *, int, rval_t *); 172 static void auf_recvmsg(struct t_audit_data *, int, rval_t *); 173 static void auf_send(struct t_audit_data *, int, rval_t *); 174 static void auf_sendmsg(struct t_audit_data *, int, rval_t *); 175 static void auf_recvfrom(struct t_audit_data *, int, rval_t *); 176 static void auf_sendto(struct t_audit_data *, int, rval_t *); 177 static void aus_socket(struct t_audit_data *); 178 /* 179 * This table contains mapping information for converting system call numbers 180 * to audit event IDs. In several cases it is necessary to map a single system 181 * call to several events. 182 */ 183 184 #define aui_null NULL /* NULL initialize function */ 185 #define aus_null NULL /* NULL start function */ 186 #define auf_null NULL /* NULL finish function */ 187 188 struct audit_s2e audit_s2e[] = 189 { 190 /* 191 * ---------- ---------- ---------- ---------- 192 * INITIAL AUDIT START SYSTEM 193 * PROCESSING EVENT PROCESSING CALL 194 * ---------- ---------- ---------- ----------- 195 * FINISH EVENT 196 * PROCESSING CONTROL 197 * ---------------------------------------------------------- 198 */ 199 aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */ 200 auf_null, 0, 201 aui_null, AUE_EXIT, aus_null, /* 1 exit */ 202 auf_null, S2E_NPT, 203 aui_null, AUE_FORKALL, aus_null, /* 2 forkall */ 204 auf_null, 0, 205 aui_null, AUE_READ, aus_null, /* 3 read */ 206 auf_read, S2E_PUB, 207 aui_null, AUE_WRITE, aus_null, /* 4 write */ 208 auf_write, 0, 209 aui_open, AUE_OPEN, aus_open, /* 5 open */ 210 auf_null, S2E_SP, 211 aui_null, AUE_CLOSE, aus_close, /* 6 close */ 212 auf_null, 0, 213 aui_null, AUE_NULL, aus_null, /* 7 wait */ 214 auf_null, 0, 215 aui_null, AUE_CREAT, aus_null, /* 8 create */ 216 auf_null, S2E_SP, 217 aui_null, AUE_LINK, aus_null, /* 9 link */ 218 auf_null, 0, 219 aui_null, AUE_UNLINK, aus_null, /* 10 unlink */ 220 auf_null, 0, 221 aui_execv, AUE_EXEC, aus_null, /* 11 exec */ 222 auf_null, S2E_MLD, 223 aui_null, AUE_CHDIR, aus_null, /* 12 chdir */ 224 auf_null, S2E_SP, 225 aui_null, AUE_NULL, aus_null, /* 13 time */ 226 auf_null, 0, 227 aui_null, AUE_MKNOD, aus_mknod, /* 14 mknod */ 228 auf_mknod, 0, 229 aui_null, AUE_CHMOD, aus_chmod, /* 15 chmod */ 230 auf_null, 0, 231 aui_null, AUE_CHOWN, aus_chown, /* 16 chown */ 232 auf_null, 0, 233 aui_null, AUE_NULL, aus_null, /* 17 brk */ 234 auf_null, 0, 235 aui_null, AUE_STAT, aus_null, /* 18 stat */ 236 auf_null, S2E_PUB, 237 aui_null, AUE_NULL, aus_null, /* 19 lseek */ 238 auf_null, 0, 239 aui_null, AUE_NULL, aus_null, /* 20 getpid */ 240 auf_null, 0, 241 aui_null, AUE_MOUNT, aus_mount, /* 21 mount */ 242 auf_null, S2E_MLD, 243 aui_null, AUE_UMOUNT, aus_umount, /* 22 umount */ 244 auf_null, 0, 245 aui_null, AUE_SETUID, aus_setuid, /* 23 setuid */ 246 auf_null, 0, 247 aui_null, AUE_NULL, aus_null, /* 24 getuid */ 248 auf_null, 0, 249 aui_null, AUE_STIME, aus_null, /* 25 stime */ 250 auf_null, 0, 251 aui_null, AUE_NULL, aus_null, /* 26 (loadable) was ptrace */ 252 auf_null, 0, 253 aui_null, AUE_NULL, aus_null, /* 27 alarm */ 254 auf_null, 0, 255 aui_null, AUE_NULL, aus_null, /* 28 fstat */ 256 auf_null, 0, 257 aui_null, AUE_NULL, aus_null, /* 29 pause */ 258 auf_null, 0, 259 aui_null, AUE_UTIME, aus_null, /* 30 utime */ 260 auf_null, 0, 261 aui_null, AUE_NULL, aus_null, /* 31 stty (TIOCSETP-audit?) */ 262 auf_null, 0, 263 aui_null, AUE_NULL, aus_null, /* 32 gtty */ 264 auf_null, 0, 265 aui_null, AUE_ACCESS, aus_null, /* 33 access */ 266 auf_null, S2E_PUB, 267 aui_null, AUE_NICE, aus_null, /* 34 nice */ 268 auf_null, 0, 269 aui_null, AUE_STATFS, aus_null, /* 35 statfs */ 270 auf_null, S2E_PUB, 271 aui_null, AUE_NULL, aus_null, /* 36 sync */ 272 auf_null, 0, 273 aui_null, AUE_KILL, aus_kill, /* 37 kill */ 274 auf_null, 0, 275 aui_null, AUE_FSTATFS, aus_fstatfs, /* 38 fstatfs */ 276 auf_null, S2E_PUB, 277 aui_null, AUE_SETPGRP, aus_null, /* 39 setpgrp */ 278 auf_null, 0, 279 aui_null, AUE_NULL, aus_null, /* 40 uucopystr */ 280 auf_null, 0, 281 aui_null, AUE_NULL, aus_null, /* 41 dup */ 282 auf_null, 0, 283 aui_null, AUE_PIPE, aus_null, /* 42 pipe */ 284 auf_null, 0, 285 aui_null, AUE_NULL, aus_null, /* 43 times */ 286 auf_null, 0, 287 aui_null, AUE_NULL, aus_null, /* 44 profil */ 288 auf_null, 0, 289 aui_null, AUE_NULL, aus_null, /* 45 (loadable) */ 290 /* was proc lock */ 291 auf_null, 0, 292 aui_null, AUE_SETGID, aus_setgid, /* 46 setgid */ 293 auf_null, 0, 294 aui_null, AUE_NULL, aus_null, /* 47 getgid */ 295 auf_null, 0, 296 aui_null, AUE_NULL, aus_null, /* 48 sig */ 297 auf_null, 0, 298 aui_msgsys, AUE_MSGSYS, aus_msgsys, /* 49 (loadable) was msgsys */ 299 auf_msgsys, 0, 300 #if defined(__x86) 301 aui_null, AUE_NULL, aus_null, /* 50 sysi86 */ 302 auf_null, 0, 303 #else 304 aui_null, AUE_NULL, aus_null, /* 50 (loadable) was sys3b */ 305 auf_null, 0, 306 #endif /* __x86 */ 307 aui_null, AUE_ACCT, aus_acct, /* 51 acct */ 308 auf_null, 0, 309 aui_shmsys, AUE_SHMSYS, aus_shmsys, /* 52 shared memory */ 310 auf_shmsys, 0, 311 aui_semsys, AUE_SEMSYS, aus_semsys, /* 53 IPC semaphores */ 312 auf_semsys, 0, 313 aui_null, AUE_IOCTL, aus_ioctl, /* 54 ioctl */ 314 auf_null, 0, 315 aui_null, AUE_NULL, aus_null, /* 55 uadmin */ 316 auf_null, 0, 317 aui_null, AUE_NULL, aus_null, /* 56 (loadable) was uexch */ 318 auf_null, 0, 319 aui_utssys, AUE_FUSERS, aus_null, /* 57 utssys */ 320 auf_null, 0, 321 aui_null, AUE_NULL, aus_null, /* 58 fsync */ 322 auf_null, 0, 323 aui_execve, AUE_EXECVE, aus_null, /* 59 exece */ 324 auf_null, S2E_MLD, 325 aui_null, AUE_NULL, aus_null, /* 60 umask */ 326 auf_null, 0, 327 aui_null, AUE_CHROOT, aus_null, /* 61 chroot */ 328 auf_null, S2E_SP, 329 aui_fcntl, AUE_FCNTL, aus_fcntl, /* 62 fcntl */ 330 auf_null, 0, 331 aui_null, AUE_NULL, aus_null, /* 63 ulimit */ 332 auf_null, 0, 333 aui_null, AUE_NULL, aus_null, /* 64 (loadable) */ 334 auf_null, 0, 335 aui_null, AUE_NULL, aus_null, /* 65 (loadable) */ 336 auf_null, 0, 337 aui_null, AUE_NULL, aus_null, /* 66 (loadable) */ 338 auf_null, 0, 339 aui_null, AUE_NULL, aus_null, /* 67 (loadable) */ 340 /* file locking call */ 341 auf_null, 0, 342 aui_null, AUE_NULL, aus_null, /* 68 (loadable) */ 343 /* local system calls */ 344 auf_null, 0, 345 aui_null, AUE_NULL, aus_null, /* 69 (loadable) inode open */ 346 auf_null, 0, 347 aui_null, AUE_NULL, aus_null, /* 70 (loadable) was advfs */ 348 auf_null, 0, 349 aui_null, AUE_NULL, aus_null, /* 71 (loadable) was unadvfs */ 350 auf_null, 0, 351 aui_null, AUE_NULL, aus_null, /* 72 (loadable) was notused */ 352 auf_null, 0, 353 aui_null, AUE_NULL, aus_null, /* 73 (loadable) was notused */ 354 auf_null, 0, 355 aui_null, AUE_NULL, aus_null, /* 74 (loadable) was notused */ 356 auf_null, 0, 357 aui_null, AUE_NULL, aus_null, /* 75 sidsys */ 358 /* was sigret (SunOS) */ 359 auf_null, 0, 360 aui_fsat, AUE_FSAT, aus_fsat, /* 76 fsat */ 361 auf_null, 0, 362 aui_null, AUE_NULL, aus_null, /* 77 (loadable) was rfstop */ 363 auf_null, 0, 364 aui_null, AUE_NULL, aus_null, /* 78 (loadable) was rfssys */ 365 auf_null, 0, 366 aui_null, AUE_RMDIR, aus_null, /* 79 rmdir */ 367 auf_null, 0, 368 aui_null, AUE_MKDIR, aus_mkdir, /* 80 mkdir */ 369 auf_null, 0, 370 aui_null, AUE_NULL, aus_null, /* 81 getdents */ 371 auf_null, 0, 372 aui_privsys, AUE_NULL, aus_null, /* 82 privsys */ 373 /* was libattach */ 374 auf_null, 0, 375 aui_null, AUE_NULL, aus_null, /* 83 (loadable) */ 376 /* was libdetach */ 377 auf_null, 0, 378 aui_null, AUE_NULL, aus_null, /* 84 sysfs */ 379 auf_null, 0, 380 aui_null, AUE_GETMSG, aus_getmsg, /* 85 getmsg */ 381 auf_null, 0, 382 aui_null, AUE_PUTMSG, aus_putmsg, /* 86 putmsg */ 383 auf_null, 0, 384 aui_null, AUE_NULL, aus_null, /* 87 poll */ 385 auf_null, 0, 386 aui_null, AUE_LSTAT, aus_null, /* 88 lstat */ 387 auf_null, S2E_PUB, 388 aui_null, AUE_SYMLINK, aus_null, /* 89 symlink */ 389 auf_null, 0, 390 aui_null, AUE_READLINK, aus_null, /* 90 readlink */ 391 auf_null, S2E_PUB, 392 aui_null, AUE_SETGROUPS, aus_setgroups, /* 91 setgroups */ 393 auf_null, 0, 394 aui_null, AUE_NULL, aus_null, /* 92 getgroups */ 395 auf_null, 0, 396 aui_null, AUE_FCHMOD, aus_fchmod, /* 93 fchmod */ 397 auf_null, 0, 398 aui_null, AUE_FCHOWN, aus_fchown, /* 94 fchown */ 399 auf_null, 0, 400 aui_null, AUE_NULL, aus_null, /* 95 sigprocmask */ 401 auf_null, 0, 402 aui_null, AUE_NULL, aus_null, /* 96 sigsuspend */ 403 auf_null, 0, 404 aui_null, AUE_NULL, aus_null, /* 97 sigaltstack */ 405 auf_null, 0, 406 aui_null, AUE_NULL, aus_null, /* 98 sigaction */ 407 auf_null, 0, 408 aui_null, AUE_NULL, aus_null, /* 99 sigpending */ 409 auf_null, 0, 410 aui_null, AUE_NULL, aus_null, /* 100 setcontext */ 411 auf_null, 0, 412 aui_null, AUE_NULL, aus_null, /* 101 (loadable) was evsys */ 413 auf_null, 0, 414 aui_null, AUE_NULL, aus_null, /* 102 (loadable) */ 415 /* was evtrapret */ 416 auf_null, 0, 417 aui_null, AUE_STATVFS, aus_null, /* 103 statvfs */ 418 auf_null, S2E_PUB, 419 aui_null, AUE_NULL, aus_null, /* 104 fstatvfs */ 420 auf_null, 0, 421 aui_null, AUE_NULL, aus_null, /* 105 (loadable) */ 422 auf_null, 0, 423 aui_null, AUE_NULL, aus_null, /* 106 nfssys */ 424 auf_null, 0, 425 aui_null, AUE_NULL, aus_null, /* 107 waitset */ 426 auf_null, 0, 427 aui_null, AUE_NULL, aus_null, /* 108 sigsendset */ 428 auf_null, 0, 429 #if defined(__x86) 430 aui_null, AUE_NULL, aus_null, /* 109 hrtsys */ 431 auf_null, 0, 432 #else 433 aui_null, AUE_NULL, aus_null, /* 109 (loadable) */ 434 auf_null, 0, 435 #endif /* __x86 */ 436 aui_null, AUE_NULL, aus_null, /* 110 (loadable) was acancel */ 437 auf_null, 0, 438 aui_null, AUE_NULL, aus_null, /* 111 (loadable) was async */ 439 auf_null, 0, 440 aui_null, AUE_PRIOCNTLSYS, aus_priocntlsys, 441 auf_null, 0, /* 112 priocntlsys */ 442 aui_null, AUE_PATHCONF, aus_null, /* 113 pathconf */ 443 auf_null, S2E_PUB, 444 aui_null, AUE_NULL, aus_null, /* 114 mincore */ 445 auf_null, 0, 446 aui_null, AUE_MMAP, aus_mmap, /* 115 mmap */ 447 auf_null, 0, 448 aui_null, AUE_NULL, aus_null, /* 116 mprotect */ 449 auf_null, 0, 450 aui_null, AUE_MUNMAP, aus_munmap, /* 117 munmap */ 451 auf_null, 0, 452 aui_null, AUE_NULL, aus_null, /* 118 fpathconf */ 453 auf_null, 0, 454 aui_null, AUE_VFORK, aus_null, /* 119 vfork */ 455 auf_null, 0, 456 aui_null, AUE_FCHDIR, aus_null, /* 120 fchdir */ 457 auf_null, 0, 458 aui_null, AUE_READ, aus_null, /* 121 readv */ 459 auf_read, S2E_PUB, 460 aui_null, AUE_WRITE, aus_null, /* 122 writev */ 461 auf_write, 0, 462 aui_null, AUE_STAT, aus_null, /* 123 xstat (x86) */ 463 auf_null, S2E_PUB, 464 aui_null, AUE_LSTAT, aus_null, /* 124 lxstat (x86) */ 465 auf_null, S2E_PUB, 466 aui_null, AUE_NULL, aus_null, /* 125 fxstat (x86) */ 467 auf_null, 0, 468 aui_null, AUE_MKNOD, aus_xmknod, /* 126 xmknod (x86) */ 469 auf_xmknod, 0, 470 aui_null, AUE_NULL, aus_null, /* 127 (loadable) was clocal */ 471 auf_null, 0, 472 aui_null, AUE_SETRLIMIT, aus_null, /* 128 setrlimit */ 473 auf_null, 0, 474 aui_null, AUE_NULL, aus_null, /* 129 getrlimit */ 475 auf_null, 0, 476 aui_null, AUE_LCHOWN, aus_lchown, /* 130 lchown */ 477 auf_null, 0, 478 aui_memcntl, AUE_MEMCNTL, aus_memcntl, /* 131 memcntl */ 479 auf_null, 0, 480 aui_null, AUE_GETPMSG, aus_getpmsg, /* 132 getpmsg */ 481 auf_null, 0, 482 aui_null, AUE_PUTPMSG, aus_putpmsg, /* 133 putpmsg */ 483 auf_null, 0, 484 aui_null, AUE_RENAME, aus_null, /* 134 rename */ 485 auf_null, 0, 486 aui_null, AUE_NULL, aus_null, /* 135 uname */ 487 auf_null, 0, 488 aui_null, AUE_SETEGID, aus_setegid, /* 136 setegid */ 489 auf_null, 0, 490 aui_null, AUE_NULL, aus_null, /* 137 sysconfig */ 491 auf_null, 0, 492 aui_null, AUE_ADJTIME, aus_null, /* 138 adjtime */ 493 auf_null, 0, 494 aui_sysinfo, AUE_SYSINFO, aus_sysinfo, /* 139 systeminfo */ 495 auf_null, 0, 496 aui_null, AUE_NULL, aus_null, /* 140 reserved */ 497 auf_null, 0, 498 aui_null, AUE_SETEUID, aus_seteuid, /* 141 seteuid */ 499 auf_null, 0, 500 aui_forksys, AUE_NULL, aus_null, /* 142 forksys */ 501 auf_null, 0, 502 aui_null, AUE_FORK1, aus_null, /* 143 fork1 */ 503 auf_null, 0, 504 aui_null, AUE_NULL, aus_null, /* 144 sigwait */ 505 auf_null, 0, 506 aui_null, AUE_NULL, aus_null, /* 145 lwp_info */ 507 auf_null, 0, 508 aui_null, AUE_NULL, aus_null, /* 146 yield */ 509 auf_null, 0, 510 aui_null, AUE_NULL, aus_null, /* 147 lwp_sema_wait */ 511 auf_null, 0, 512 aui_null, AUE_NULL, aus_null, /* 148 lwp_sema_post */ 513 auf_null, 0, 514 aui_null, AUE_NULL, aus_null, /* 149 lwp_sema_trywait */ 515 auf_null, 0, 516 aui_null, AUE_NULL, aus_null, /* 150 (loadable reserved) */ 517 auf_null, 0, 518 aui_null, AUE_NULL, aus_null, /* 151 (loadable reserved) */ 519 auf_null, 0, 520 aui_modctl, AUE_MODCTL, aus_modctl, /* 152 modctl */ 521 auf_null, 0, 522 aui_null, AUE_FCHROOT, aus_null, /* 153 fchroot */ 523 auf_null, 0, 524 aui_null, AUE_UTIMES, aus_null, /* 154 utimes */ 525 auf_null, 0, 526 aui_null, AUE_NULL, aus_null, /* 155 vhangup */ 527 auf_null, 0, 528 aui_null, AUE_NULL, aus_null, /* 156 gettimeofday */ 529 auf_null, 0, 530 aui_null, AUE_NULL, aus_null, /* 157 getitimer */ 531 auf_null, 0, 532 aui_null, AUE_NULL, aus_null, /* 158 setitimer */ 533 auf_null, 0, 534 aui_null, AUE_NULL, aus_null, /* 159 lwp_create */ 535 auf_null, 0, 536 aui_null, AUE_NULL, aus_null, /* 160 lwp_exit */ 537 auf_null, 0, 538 aui_null, AUE_NULL, aus_null, /* 161 lwp_suspend */ 539 auf_null, 0, 540 aui_null, AUE_NULL, aus_null, /* 162 lwp_continue */ 541 auf_null, 0, 542 aui_null, AUE_NULL, aus_null, /* 163 lwp_kill */ 543 auf_null, 0, 544 aui_null, AUE_NULL, aus_null, /* 164 lwp_self */ 545 auf_null, 0, 546 aui_null, AUE_NULL, aus_null, /* 165 (loadable) */ 547 /* was lwp_setprivate */ 548 auf_null, 0, 549 aui_null, AUE_NULL, aus_null, /* 166 (loadable) */ 550 /* was lwp_getprivate */ 551 auf_null, 0, 552 aui_null, AUE_NULL, aus_null, /* 167 lwp_wait */ 553 auf_null, 0, 554 aui_null, AUE_NULL, aus_null, /* 168 lwp_mutex_wakeup */ 555 auf_null, 0, 556 aui_null, AUE_NULL, aus_null, /* 169 lwp_mutex_lock */ 557 auf_null, 0, 558 aui_null, AUE_NULL, aus_null, /* 170 lwp_cond_wait */ 559 auf_null, 0, 560 aui_null, AUE_NULL, aus_null, /* 171 lwp_cond_signal */ 561 auf_null, 0, 562 aui_null, AUE_NULL, aus_null, /* 172 lwp_cond_broadcast */ 563 auf_null, 0, 564 aui_null, AUE_READ, aus_null, /* 173 pread */ 565 auf_read, S2E_PUB, 566 aui_null, AUE_WRITE, aus_null, /* 174 pwrite */ 567 auf_write, 0, 568 aui_null, AUE_NULL, aus_null, /* 175 llseek */ 569 auf_null, 0, 570 aui_null, AUE_INST_SYNC, aus_inst_sync, /* 176 (loadable) */ 571 /* aus_inst_sync */ 572 auf_null, 0, 573 aui_null, AUE_BRANDSYS, aus_brandsys, /* 177 brandsys */ 574 auf_null, 0, 575 aui_null, AUE_NULL, aus_null, /* 178 (loadable) */ 576 auf_null, 0, 577 aui_null, AUE_NULL, aus_null, /* 179 (loadable) */ 578 auf_null, 0, 579 aui_null, AUE_NULL, aus_null, /* 180 (loadable) kaio */ 580 auf_null, 0, 581 aui_null, AUE_NULL, aus_null, /* 181 (loadable) */ 582 auf_null, 0, 583 aui_portfs, AUE_PORTFS, aus_null, /* 182 (loadable) portfs */ 584 auf_null, 0, 585 aui_null, AUE_NULL, aus_null, /* 183 (loadable) */ 586 auf_null, 0, 587 aui_labelsys, AUE_NULL, aus_labelsys, /* 184 labelsys */ 588 auf_null, 0, 589 aui_acl, AUE_ACLSET, aus_acl, /* 185 acl */ 590 auf_null, 0, 591 aui_auditsys, AUE_AUDITSYS, aus_auditsys, /* 186 auditsys */ 592 auf_null, 0, 593 aui_null, AUE_PROCESSOR_BIND, aus_processor_bind, 594 auf_null, 0, /* 187 processor_bind */ 595 aui_null, AUE_NULL, aus_null, /* 188 processor_info */ 596 auf_null, 0, 597 aui_null, AUE_P_ONLINE, aus_p_online, /* 189 p_online */ 598 auf_null, 0, 599 aui_null, AUE_NULL, aus_sigqueue, /* 190 sigqueue */ 600 auf_null, 0, 601 aui_null, AUE_NULL, aus_null, /* 191 clock_gettime */ 602 auf_null, 0, 603 aui_null, AUE_CLOCK_SETTIME, aus_null, /* 192 clock_settime */ 604 auf_null, 0, 605 aui_null, AUE_NULL, aus_null, /* 193 clock_getres */ 606 auf_null, 0, 607 aui_null, AUE_NULL, aus_null, /* 194 timer_create */ 608 auf_null, 0, 609 aui_null, AUE_NULL, aus_null, /* 195 timer_delete */ 610 auf_null, 0, 611 aui_null, AUE_NULL, aus_null, /* 196 timer_settime */ 612 auf_null, 0, 613 aui_null, AUE_NULL, aus_null, /* 197 timer_gettime */ 614 auf_null, 0, 615 aui_null, AUE_NULL, aus_null, /* 198 timer_getoverrun */ 616 auf_null, 0, 617 aui_null, AUE_NULL, aus_null, /* 199 nanosleep */ 618 auf_null, 0, 619 aui_acl, AUE_FACLSET, aus_facl, /* 200 facl */ 620 auf_null, 0, 621 aui_doorfs, AUE_DOORFS, aus_doorfs, /* 201 (loadable) doorfs */ 622 auf_null, 0, 623 aui_null, AUE_SETREUID, aus_setreuid, /* 202 setreuid */ 624 auf_null, 0, 625 aui_null, AUE_SETREGID, aus_setregid, /* 203 setregid */ 626 auf_null, 0, 627 aui_null, AUE_NULL, aus_null, /* 204 install_utrap */ 628 auf_null, 0, 629 aui_null, AUE_NULL, aus_null, /* 205 signotify */ 630 auf_null, 0, 631 aui_null, AUE_NULL, aus_null, /* 206 schedctl */ 632 auf_null, 0, 633 aui_null, AUE_NULL, aus_null, /* 207 (loadable) pset */ 634 auf_null, 0, 635 aui_null, AUE_NULL, aus_null, /* 208 (loadable) */ 636 auf_null, 0, 637 aui_null, AUE_NULL, aus_null, /* 209 resolvepath */ 638 auf_null, 0, 639 aui_null, AUE_NULL, aus_null, /* 210 lwp_mutex_timedlock */ 640 auf_null, 0, 641 aui_null, AUE_NULL, aus_null, /* 211 lwp_sema_timedwait */ 642 auf_null, 0, 643 aui_null, AUE_NULL, aus_null, /* 212 lwp_rwlock_sys */ 644 auf_null, 0, 645 aui_null, AUE_NULL, aus_null, /* 213 getdents64 (__ppc) */ 646 auf_null, 0, 647 aui_null, AUE_MMAP, aus_mmap, /* 214 mmap64 */ 648 auf_null, 0, 649 aui_null, AUE_STAT, aus_null, /* 215 stat64 */ 650 auf_null, S2E_PUB, 651 aui_null, AUE_LSTAT, aus_null, /* 216 lstat64 */ 652 auf_null, S2E_PUB, 653 aui_null, AUE_NULL, aus_null, /* 217 fstat64 */ 654 auf_null, 0, 655 aui_null, AUE_STATVFS, aus_null, /* 218 statvfs64 */ 656 auf_null, S2E_PUB, 657 aui_null, AUE_NULL, aus_null, /* 219 fstatvfs64 */ 658 auf_null, 0, 659 aui_null, AUE_SETRLIMIT, aus_null, /* 220 setrlimit64 */ 660 auf_null, 0, 661 aui_null, AUE_NULL, aus_null, /* 221 getrlimit64 */ 662 auf_null, 0, 663 aui_null, AUE_READ, aus_null, /* 222 pread64 */ 664 auf_read, S2E_PUB, 665 aui_null, AUE_WRITE, aus_null, /* 223 pwrite64 */ 666 auf_write, 0, 667 aui_null, AUE_CREAT, aus_null, /* 224 creat64 */ 668 auf_null, S2E_SP, 669 aui_open, AUE_OPEN, aus_open, /* 225 open64 */ 670 auf_null, S2E_SP, 671 aui_null, AUE_NULL, aus_null, /* 226 (loadable) rpcsys */ 672 auf_null, 0, 673 aui_null, AUE_NULL, aus_null, /* 227 (loadable) */ 674 auf_null, 0, 675 aui_null, AUE_NULL, aus_null, /* 228 (loadable) */ 676 auf_null, 0, 677 aui_null, AUE_NULL, aus_null, /* 229 (loadable) */ 678 auf_null, 0, 679 aui_null, AUE_SOCKET, aus_socket, /* 230 so_socket */ 680 auf_null, 0, 681 aui_null, AUE_NULL, aus_null, /* 231 so_socketpair */ 682 auf_null, 0, 683 aui_null, AUE_BIND, aus_null, /* 232 bind */ 684 auf_bind, 0, 685 aui_null, AUE_NULL, aus_null, /* 233 listen */ 686 auf_null, 0, 687 aui_null, AUE_ACCEPT, aus_null, /* 234 accept */ 688 auf_accept, 0, 689 aui_null, AUE_CONNECT, aus_null, /* 235 connect */ 690 auf_connect, 0, 691 aui_null, AUE_SHUTDOWN, aus_shutdown, /* 236 shutdown */ 692 auf_null, 0, 693 aui_null, AUE_READ, aus_null, /* 237 recv */ 694 auf_recv, 0, 695 aui_null, AUE_RECVFROM, aus_null, /* 238 recvfrom */ 696 auf_recvfrom, 0, 697 aui_null, AUE_RECVMSG, aus_null, /* 239 recvmsg */ 698 auf_recvmsg, 0, 699 aui_null, AUE_WRITE, aus_null, /* 240 send */ 700 auf_send, 0, 701 aui_null, AUE_SENDMSG, aus_null, /* 241 sendmsg */ 702 auf_sendmsg, 0, 703 aui_null, AUE_SENDTO, aus_null, /* 242 sendto */ 704 auf_sendto, 0, 705 aui_null, AUE_NULL, aus_null, /* 243 getpeername */ 706 auf_null, 0, 707 aui_null, AUE_NULL, aus_null, /* 244 getsockname */ 708 auf_null, 0, 709 aui_null, AUE_NULL, aus_null, /* 245 getsockopt */ 710 auf_null, 0, 711 aui_null, AUE_SETSOCKOPT, aus_null, /* 246 setsockopt */ 712 auf_setsockopt, 0, 713 aui_null, AUE_SOCKCONFIG, aus_sockconfig, /* 247 sockconfig */ 714 auf_null, 0, 715 aui_null, AUE_NULL, aus_null, /* 248 ntp_gettime */ 716 auf_null, 0, 717 aui_null, AUE_NTP_ADJTIME, aus_null, /* 249 ntp_adjtime */ 718 auf_null, 0, 719 aui_null, AUE_NULL, aus_null, /* 250 lwp_mutex_unlock */ 720 auf_null, 0, 721 aui_null, AUE_NULL, aus_null, /* 251 lwp_mutex_trylock */ 722 auf_null, 0, 723 aui_null, AUE_NULL, aus_null, /* 252 lwp_mutex_register */ 724 auf_null, 0, 725 aui_null, AUE_NULL, aus_null, /* 253 cladm */ 726 auf_null, 0, 727 aui_null, AUE_NULL, aus_null, /* 254 uucopy */ 728 auf_null, 0, 729 aui_null, AUE_UMOUNT2, aus_umount2, /* 255 umount2 */ 730 auf_null, 0 731 }; 732 733 uint_t num_syscall = sizeof (audit_s2e) / sizeof (struct audit_s2e); 734 735 736 /* acct start function */ 737 /*ARGSUSED*/ 738 static void 739 aus_acct(struct t_audit_data *tad) 740 { 741 klwp_t *clwp = ttolwp(curthread); 742 uintptr_t fname; 743 744 struct a { 745 long fname; /* char * */ 746 } *uap = (struct a *)clwp->lwp_ap; 747 748 fname = (uintptr_t)uap->fname; 749 750 if (fname == 0) 751 au_uwrite(au_to_arg32(1, "accounting off", (uint32_t)0)); 752 } 753 754 /* chown start function */ 755 /*ARGSUSED*/ 756 static void 757 aus_chown(struct t_audit_data *tad) 758 { 759 klwp_t *clwp = ttolwp(curthread); 760 uint32_t uid, gid; 761 762 struct a { 763 long fname; /* char * */ 764 long uid; 765 long gid; 766 } *uap = (struct a *)clwp->lwp_ap; 767 768 uid = (uint32_t)uap->uid; 769 gid = (uint32_t)uap->gid; 770 771 au_uwrite(au_to_arg32(2, "new file uid", uid)); 772 au_uwrite(au_to_arg32(3, "new file gid", gid)); 773 } 774 775 /* fchown start function */ 776 /*ARGSUSED*/ 777 static void 778 aus_fchown(struct t_audit_data *tad) 779 { 780 klwp_t *clwp = ttolwp(curthread); 781 uint32_t uid, gid, fd; 782 struct file *fp; 783 struct vnode *vp; 784 struct f_audit_data *fad; 785 786 struct a { 787 long fd; 788 long uid; 789 long gid; 790 } *uap = (struct a *)clwp->lwp_ap; 791 792 fd = (uint32_t)uap->fd; 793 uid = (uint32_t)uap->uid; 794 gid = (uint32_t)uap->gid; 795 796 au_uwrite(au_to_arg32(2, "new file uid", uid)); 797 au_uwrite(au_to_arg32(3, "new file gid", gid)); 798 799 /* 800 * convert file pointer to file descriptor 801 * Note: fd ref count incremented here. 802 */ 803 if ((fp = getf(fd)) == NULL) 804 return; 805 806 /* get path from file struct here */ 807 fad = F2A(fp); 808 if (fad->fad_aupath != NULL) { 809 au_uwrite(au_to_path(fad->fad_aupath)); 810 } else { 811 au_uwrite(au_to_arg32(1, "no path: fd", fd)); 812 } 813 814 vp = fp->f_vnode; 815 audit_attributes(vp); 816 817 /* decrement file descriptor reference count */ 818 releasef(fd); 819 } 820 821 /*ARGSUSED*/ 822 static void 823 aus_lchown(struct t_audit_data *tad) 824 { 825 klwp_t *clwp = ttolwp(curthread); 826 uint32_t uid, gid; 827 828 829 struct a { 830 long fname; /* char * */ 831 long uid; 832 long gid; 833 } *uap = (struct a *)clwp->lwp_ap; 834 835 uid = (uint32_t)uap->uid; 836 gid = (uint32_t)uap->gid; 837 838 au_uwrite(au_to_arg32(2, "new file uid", uid