1 0 stevel /* 2 0 stevel * CDDL HEADER START 3 0 stevel * 4 0 stevel * The contents of this file are subject to the terms of the 5 1676 jpk * Common Development and Distribution License (the "License"). 6 1676 jpk * You may not use this file except in compliance with the License. 7 0 stevel * 8 0 stevel * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 0 stevel * or http://www.opensolaris.org/os/licensing. 10 0 stevel * See the License for the specific language governing permissions 11 0 stevel * and limitations under the License. 12 0 stevel * 13 0 stevel * When distributing Covered Code, include this CDDL HEADER in each 14 0 stevel * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 0 stevel * If applicable, add the following below this CDDL HEADER, with the 16 0 stevel * fields enclosed by brackets "[]" replaced with your own identifying 17 0 stevel * information: Portions Copyright [yyyy] [name of copyright owner] 18 0 stevel * 19 0 stevel * CDDL HEADER END 20 0 stevel */ 21 0 stevel /* 22 11134 Casper * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 0 stevel * Use is subject to license terms. 24 0 stevel */ 25 0 stevel 26 0 stevel /* 27 0 stevel * This file contains the envelope code for system call auditing. 28 0 stevel */ 29 0 stevel 30 0 stevel #include <sys/param.h> 31 0 stevel #include <sys/types.h> 32 0 stevel #include <sys/time.h> 33 0 stevel #include <sys/kmem.h> 34 0 stevel #include <sys/proc.h> 35 0 stevel #include <sys/vnode.h> 36 0 stevel #include <sys/file.h> 37 0 stevel #include <sys/user.h> 38 0 stevel #include <sys/stropts.h> 39 0 stevel #include <sys/systm.h> 40 0 stevel #include <sys/pathname.h> 41 0 stevel #include <sys/debug.h> 42 11134 Casper #include <sys/cred.h> 43 0 stevel #include <sys/zone.h> 44 0 stevel #include <c2/audit.h> 45 0 stevel #include <c2/audit_kernel.h> 46 0 stevel #include <c2/audit_kevents.h> 47 0 stevel #include <c2/audit_record.h> 48 0 stevel #include "audit_door_infc.h" 49 0 stevel 50 0 stevel extern uint_t num_syscall; /* size of audit_s2e table */ 51 0 stevel extern kmutex_t pidlock; /* proc table lock */ 52 0 stevel 53 0 stevel int audit_load = 0; /* set from /etc/system */ 54 0 stevel 55 0 stevel struct p_audit_data *pad0; 56 0 stevel struct t_audit_data *tad0; 57 0 stevel 58 0 stevel /* 59 0 stevel * Das Boot. Initialize first process. Also generate an audit record indicating 60 0 stevel * that the system has been booted. 61 0 stevel */ 62 0 stevel void 63 0 stevel audit_init() 64 0 stevel { 65 0 stevel kthread_t *au_thread; 66 0 stevel token_t *rp = NULL; 67 0 stevel label_t jb; 68 0 stevel struct audit_path apempty; 69 0 stevel auditinfo_addr_t *ainfo; 70 0 stevel 71 0 stevel if (audit_load == 0) { 72 0 stevel audit_active = 0; 73 0 stevel au_auditstate = AUC_DISABLED; 74 0 stevel return; 75 0 stevel #ifdef DEBUG 76 0 stevel } else if (audit_load == 2) { 77 0 stevel debug_enter((char *)NULL); 78 0 stevel #endif 79 0 stevel } 80 0 stevel 81 0 stevel audit_active = 1; 82 0 stevel set_all_proc_sys(); /* set pre- and post-syscall flags */ 83 0 stevel 84 0 stevel /* initialize memory allocators */ 85 0 stevel au_mem_init(); 86 0 stevel 87 0 stevel au_zone_setup(); 88 0 stevel 89 0 stevel /* inital thread structure */ 90 0 stevel tad0 = kmem_zalloc(sizeof (struct t_audit_data), KM_SLEEP); 91 0 stevel 92 0 stevel /* initial process structure */ 93 0 stevel pad0 = kmem_cache_alloc(au_pad_cache, KM_SLEEP); 94 0 stevel bzero(&pad0->pad_data, sizeof (pad0->pad_data)); 95 0 stevel 96 0 stevel T2A(curthread) = tad0; 97 0 stevel P2A(curproc) = pad0; 98 0 stevel 99 0 stevel /* 100 0 stevel * The kernel allocates a bunch of threads make sure they have 101 0 stevel * a valid tad 102 0 stevel */ 103 0 stevel 104 0 stevel mutex_enter(&pidlock); 105 0 stevel 106 0 stevel au_thread = curthread; 107 0 stevel do { 108 0 stevel if (T2A(au_thread) == NULL) { 109 0 stevel T2A(au_thread) = tad0; 110 0 stevel } 111 0 stevel au_thread = au_thread->t_next; 112 0 stevel } while (au_thread != curthread); 113 0 stevel 114 0 stevel tad0->tad_ad = NULL; 115 0 stevel mutex_exit(&pidlock); 116 0 stevel 117 0 stevel /* 118 0 stevel * Initialize audit context in our cred (kcred). 119 0 stevel * No copy-on-write needed here because it's so early in init. 120 0 stevel */ 121 0 stevel ainfo = crgetauinfo_modifiable(kcred); 122 0 stevel ASSERT(ainfo != NULL); 123 0 stevel bzero(ainfo, sizeof (auditinfo_addr_t)); 124 0 stevel ainfo->ai_auid = AU_NOAUDITID; 125 0 stevel 126 0 stevel /* fabricate an empty audit_path to extend */ 127 0 stevel apempty.audp_cnt = 0; 128 0 stevel apempty.audp_sect[0] = (char *)(&apempty.audp_sect[1]); 129 0 stevel pad0->pad_root = au_pathdup(&apempty, 1, 2); 130 0 stevel bcopy("/", pad0->pad_root->audp_sect[0], 2); 131 0 stevel au_pathhold(pad0->pad_root); 132 0 stevel pad0->pad_cwd = pad0->pad_root; 133 0 stevel 134 0 stevel /* 135 0 stevel * setup environment for asynchronous auditing. We can't use 136 0 stevel * audit_async_start() here since it assumes the audit system 137 0 stevel * has been started via auditd(1m). auditd sets the variable, 138 0 stevel * auk_auditstate, to indicate audit record generation should 139 0 stevel * commence. Here we want to always generate an audit record. 140 0 stevel */ 141 0 stevel if (setjmp(&jb)) { 142 0 stevel /* process audit policy (AUDIT_AHLT) for asynchronous events */ 143 0 stevel audit_async_drop((caddr_t *)(&rp), 0); 144 0 stevel return; 145 0 stevel } 146 0 stevel 147 0 stevel ASSERT(tad0->tad_errjmp == NULL); 148 0 stevel tad0->tad_errjmp = (void *)&jb; 149 0 stevel tad0->tad_ctrl |= PAD_ERRJMP; 150 0 stevel 151 0 stevel /* generate a system-booted audit record */ 152 0 stevel au_write((caddr_t *)&rp, au_to_text("booting kernel")); 153 0 stevel 154 0 stevel audit_async_finish((caddr_t *)&rp, AUE_SYSTEMBOOT, NULL); 155 0 stevel } 156 0 stevel 157 0 stevel void 158 0 stevel audit_free() 159 0 stevel { 160 0 stevel } 161 0 stevel 162 0 stevel /* 163 0 stevel * Check for any pending changes to the audit context for the given proc. 164 0 stevel * p_crlock and pad_lock for the process are acquired here. Caller is 165 0 stevel * responsible for assuring the process doesn't go away. If context is 166 0 stevel * updated, the specified cralloc'ed cred will be used, otherwise it's freed. 167 0 stevel * If no cred is given, it will be cralloc'ed here and caller assures that 168 0 stevel * it is safe to allocate memory. 169 0 stevel */ 170 0 stevel void 171 0 stevel audit_update_context(proc_t *p, cred_t *ncr) 172 0 stevel { 173 0 stevel struct p_audit_data *pad; 174 0 stevel cred_t *newcred = ncr; 175 0 stevel 176 0 stevel pad = P2A(p); 177 0 stevel if (pad == NULL) { 178 0 stevel if (newcred != NULL) 179 0 stevel crfree(newcred); 180 0 stevel return; 181 0 stevel } 182 0 stevel 183 0 stevel /* If a mask update is pending, take care of it. */ 184 0 stevel if (pad->pad_flags & PAD_SETMASK) { 185 0 stevel auditinfo_addr_t *ainfo; 186 0 stevel 187 0 stevel if (newcred == NULL) 188 0 stevel newcred = cralloc(); 189 0 stevel 190 0 stevel mutex_enter(&pad->pad_lock); 191 0 stevel /* the condition may have been handled by the time we lock */ 192 0 stevel if (pad->pad_flags & PAD_SETMASK) { 193 0 stevel ainfo = crgetauinfo_modifiable(newcred); 194 0 stevel if (ainfo == NULL) { 195 0 stevel mutex_enter(&pad->pad_lock); 196 0 stevel crfree(newcred); 197 0 stevel return; 198 0 stevel } 199 0 stevel 200 0 stevel mutex_enter(&p->p_crlock); 201 0 stevel crcopy_to(p->p_cred, newcred); 202 0 stevel p->p_cred = newcred; 203 0 stevel 204 0 stevel ainfo->ai_mask = pad->pad_newmask; 205 0 stevel 206 0 stevel /* Unlock and cleanup. */ 207 0 stevel mutex_exit(&p->p_crlock); 208 0 stevel pad->pad_flags &= ~PAD_SETMASK; 209 0 stevel 210 0 stevel /* 211 0 stevel * For curproc, assure that our thread points to right 212 0 stevel * cred, so CRED() will be correct. Otherwise, no need 213 0 stevel * to broadcast changes (via set_proc_pre_sys), since 214 0 stevel * t_pre_sys is ALWAYS on when audit is enabled... due 215 0 stevel * to syscall auditing. 216 0 stevel */ 217 0 stevel if (p == curproc) 218 0 stevel crset(p, newcred); 219 0 stevel else 220 0 stevel crfree(newcred); 221 0 stevel } else { 222 0 stevel crfree(newcred); 223 0 stevel } 224 0 stevel mutex_exit(&pad->pad_lock); 225 0 stevel } else { 226 0 stevel if (newcred != NULL) 227 0 stevel crfree(newcred); 228 0 stevel } 229 0 stevel } 230 0 stevel 231 0 stevel 232 0 stevel /* 233 0 stevel * Enter system call. Do any necessary setup here. allocate resouces, etc. 234 0 stevel */ 235 0 stevel 236 0 stevel #include <sys/syscall.h> 237 0 stevel 238 0 stevel 239 0 stevel /*ARGSUSED*/ 240 0 stevel int 241 0 stevel audit_start( 242 0 stevel unsigned type, 243 0 stevel unsigned scid, 244 0 stevel int error, 245 0 stevel klwp_t *lwp) 246 0 stevel { 247 0 stevel struct t_audit_data *tad; 248 0 stevel au_kcontext_t *kctx; 249 0 stevel 250 0 stevel tad = U2A(u); 251 0 stevel ASSERT(tad != NULL); 252 0 stevel 253 0 stevel if (error) { 254 0 stevel tad->tad_ctrl = 0; 255 0 stevel tad->tad_flag = 0; 256 0 stevel return (0); 257 0 stevel } 258 0 stevel 259 0 stevel audit_update_context(curproc, NULL); 260 0 stevel 261 0 stevel /* 262 0 stevel * if this is an indirect system call then don't do anything. 263 0 stevel * audit_start will be called again from indir() in trap.c 264 0 stevel */ 265 0 stevel if (scid == 0) { 266 0 stevel tad->tad_ctrl = 0; 267 0 stevel tad->tad_flag = 0; 268 0 stevel return (0); 269 0 stevel } 270 0 stevel if (scid >= num_syscall) 271 0 stevel scid = 0; 272 0 stevel 273 6207 gww /* 274 6207 gww * we can no longer depend on a valid lwp_ap, so we need to 275 6207 gww * copy the syscall args as future audit stuff may need them. 276 6207 gww */ 277 0 stevel (void) save_syscall_args(); 278 0 stevel 279 0 stevel /* 280 0 stevel * We need to gather paths for certain system calls even if they are 281 0 stevel * not audited so that we can audit the various f* calls and be 282 0 stevel * sure to have a CWD and CAR. Thus we thus set tad_ctrl over the 283 0 stevel * system call regardless if the call is audited or not. 284 6207 gww * We allow the event specific initial processing routines (au_init) 285 6207 gww * to adjust the tad_ctrl as necessary. 286 0 stevel */ 287 6207 gww tad->tad_ctrl = audit_s2e[scid].au_ctrl; 288 0 stevel tad->tad_scid = scid; 289 0 stevel 290 0 stevel /* get basic event for system call */ 291 6207 gww tad->tad_event = audit_s2e[scid].au_event; 292 7379 Ric if (audit_s2e[scid].au_init != (au_event_t)AUE_NULL) { 293 6207 gww /* get specific event */ 294 6207 gww tad->tad_event = (*audit_s2e[scid].au_init)(tad->tad_event); 295 6207 gww } 296 0 stevel 297 4197 paulson kctx = GET_KCTX_PZ; 298 0 stevel 299 0 stevel /* now do preselection. Audit or not to Audit, that is the question */ 300 6207 gww if ((tad->tad_flag = auditme(kctx, tad, 301 6207 gww kctx->auk_ets[tad->tad_event])) == 0) { 302 0 stevel /* 303 0 stevel * we assume that audit_finish will always be called. 304 0 stevel */ 305 0 stevel return (0); 306 0 stevel } 307 0 stevel 308 0 stevel /* 309 0 stevel * if auditing not enabled, then don't generate an audit record 310 0 stevel * and don't count it. 311 0 stevel */ 312 0 stevel if ((kctx->auk_auditstate != AUC_AUDITING && 313 0 stevel kctx->auk_auditstate != AUC_INIT_AUDIT)) { 314 0 stevel /* 315 0 stevel * we assume that audit_finish will always be called. 316 0 stevel */ 317 0 stevel tad->tad_flag = 0; 318 0 stevel return (0); 319 0 stevel } 320 0 stevel 321 0 stevel /* 322 0 stevel * audit daemon has informed us that there is no longer any 323 0 stevel * space left to hold audit records. We decide here if records 324 0 stevel * should be dropped (but counted). 325 0 stevel */ 326 0 stevel if (kctx->auk_auditstate == AUC_NOSPACE) { 327 0 stevel if ((kctx->auk_policy & AUDIT_CNT) || 328 0 stevel (kctx->auk_policy & AUDIT_SCNT)) { 329 0 stevel /* assume that audit_finish will always be called. */ 330 0 stevel tad->tad_flag = 0; 331 0 stevel 332 0 stevel /* just count # of dropped audit records */ 333 0 stevel AS_INC(as_dropped, 1, kctx); 334 0 stevel 335 0 stevel return (0); 336 0 stevel } 337 0 stevel } 338 0 stevel 339 0 stevel tad->tad_evmod = 0; 340 0 stevel 341 6207 gww if (audit_s2e[scid].au_start != NULL) { 342 6207 gww /* do start of system call processing */ 343 6207 gww (*audit_s2e[scid].au_start)(tad); 344 6207 gww } 345 0 stevel 346 0 stevel return (0); 347 0 stevel } 348 0 stevel 349 0 stevel /* 350 0 stevel * system call has completed. Now determine if we genearate an audit record 351 0 stevel * or not. 352 0 stevel */ 353 0 stevel /*ARGSUSED*/ 354 0 stevel void 355 0 stevel audit_finish( 356 0 stevel unsigned type, 357 0 stevel unsigned scid, 358 0 stevel int error, 359 0 stevel rval_t *rval) 360 0 stevel { 361 0 stevel struct t_audit_data *tad; 362 0 stevel int flag; 363 0 stevel au_defer_info_t *attr; 364 4197 paulson au_kcontext_t *kctx = GET_KCTX_PZ; 365 0 stevel 366 0 stevel tad = U2A(u); 367 0 stevel 368 0 stevel /* 369 0 stevel * Process all deferred events first. 370 0 stevel */ 371 0 stevel attr = tad->tad_defer_head; 372 0 stevel while (attr != NULL) { 373 0 stevel au_defer_info_t *tmp_attr = attr; 374 0 stevel 375 0 stevel au_close_time(kctx, (token_t *)attr->audi_ad, attr->audi_flag, 376 0 stevel attr->audi_e_type, attr->audi_e_mod, &(attr->audi_atime)); 377 0 stevel 378 0 stevel attr = attr->audi_next; 379 0 stevel kmem_free(tmp_attr, sizeof (au_defer_info_t)); 380 0 stevel } 381 0 stevel tad->tad_defer_head = tad->tad_defer_tail = NULL; 382 0 stevel 383 0 stevel if (tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) { 384 0 stevel /* 385 0 stevel * clear the ctrl flag so that we don't have spurious 386 0 stevel * collection of audit information. 387 0 stevel */ 388 0 stevel tad->tad_scid = 0; 389 0 stevel tad->tad_event = 0; 390 0 stevel tad->tad_evmod = 0; 391 0 stevel tad->tad_ctrl = 0; 392 0 stevel ASSERT(tad->tad_aupath == NULL); 393 0 stevel return; 394 0 stevel } 395 0 stevel 396 0 stevel scid = tad->tad_scid; 397 0 stevel 398 0 stevel /* 399 0 stevel * Perform any extra processing and determine if we are 400 0 stevel * really going to generate any audit record. 401 0 stevel */ 402 6207 gww if (audit_s2e[scid].au_finish != NULL) { 403 6207 gww /* do any post system call processing */ 404 6207 gww (*audit_s2e[scid].au_finish)(tad, error, rval); 405 6207 gww } 406 0 stevel if (tad->tad_flag) { 407 0 stevel tad->tad_flag = 0; 408 0 stevel 409 4307 pwernau if (flag = audit_success(kctx, tad, error, NULL)) { 410 0 stevel unsigned int sy_flags; 411 0 stevel cred_t *cr = CRED(); 412 0 stevel const auditinfo_addr_t *ainfo = crgetauinfo(cr); 413 0 stevel 414 0 stevel ASSERT(ainfo != NULL); 415 0 stevel 416 2425 gww /* Add subject information */ 417 2425 gww AUDIT_SETSUBJ(&(u_ad), cr, ainfo, kctx); 418 1676 jpk 419 6207 gww if (tad->tad_evmod & PAD_SPRIVUSE) { 420 0 stevel au_write(&(u_ad), 421 6207 gww au_to_privset("", &tad->tad_sprivs, 422 6207 gww AUT_UPRIV, 1)); 423 6207 gww } 424 0 stevel 425 6207 gww if (tad->tad_evmod & PAD_FPRIVUSE) { 426 0 stevel au_write(&(u_ad), 427 6207 gww au_to_privset("", &tad->tad_fprivs, 428 6207 gww AUT_UPRIV, 0)); 429 6207 gww } 430 0 stevel 431 0 stevel /* Add a return token */ 432 6207 gww #ifdef _SYSCALL32_IMPL 433 6207 gww if (lwp_getdatamodel(ttolwp(curthread)) == 434 6207 gww DATAMODEL_NATIVE) { 435 6207 gww sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK; 436 6207 gww } else { 437 6207 gww sy_flags = 438 6207 gww sysent32[scid].sy_flags & SE_RVAL_MASK; 439 6207 gww } 440 6207 gww #else /* _SYSCALL64_IMPL */ 441 0 stevel sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK; 442 6207 gww #endif /* _SYSCALL32_IMPL */ 443 0 stevel 444 0 stevel if (sy_flags == SE_32RVAL1) { 445 6207 gww if (type == 0) { 446 6207 gww au_write(&(u_ad), 447 6207 gww au_to_return32(error, 0)); 448 6207 gww } else { 449 6207 gww au_write(&(u_ad), au_to_return32(error, 450 6207 gww rval->r_val1)); 451 6207 gww } 452 0 stevel } 453 0 stevel if (sy_flags == (SE_32RVAL2|SE_32RVAL1)) { 454 6207 gww if (type == 0) { 455 6207 gww au_write(&(u_ad), 456 6207 gww au_to_return32(error, 0)); 457 6207 gww } else { 458 6207 gww au_write(&(u_ad), 459 6207 gww au_to_return32(error, 460 6207 gww rval->r_val1)); 461 0 stevel #ifdef NOTYET /* for possible future support */ 462 6207 gww au_write(&(u_ad), au_to_return32(error, 463 6207 gww rval->r_val2)); 464 0 stevel #endif 465 6207 gww } 466 0 stevel } 467 0 stevel if (sy_flags == SE_64RVAL) { 468 6207 gww if (type == 0) { 469 6207 gww au_write(&(u_ad), 470 6207 gww au_to_return64(error, 0)); 471 6207 gww } else { 472 6207 gww au_write(&(u_ad), au_to_return64(error, 473 6207 gww rval->r_vals)); 474 6207 gww } 475 0 stevel } 476 0 stevel 477 0 stevel AS_INC(as_generated, 1, kctx); 478 0 stevel AS_INC(as_kernel, 1, kctx); 479 0 stevel } 480 0 stevel 481 0 stevel /* Close up everything */ 482 0 stevel au_close(kctx, &(u_ad), flag, tad->tad_event, tad->tad_evmod); 483 0 stevel } 484 0 stevel 485 0 stevel ASSERT(u_ad == NULL); 486 0 stevel 487 0 stevel /* free up any space remaining with the path's */ 488 0 stevel if (tad->tad_aupath != NULL) { 489 0 stevel au_pathrele(tad->tad_aupath); 490 0 stevel tad->tad_aupath = NULL; 491 0 stevel tad->tad_vn = NULL; 492 0 stevel } 493 0 stevel 494 0 stevel /* free up any space remaining with openat path's */ 495 0 stevel if (tad->tad_atpath) { 496 0 stevel au_pathrele(tad->tad_atpath); 497 0 stevel tad->tad_atpath = NULL; 498 0 stevel } 499 0 stevel 500 0 stevel /* 501 0 stevel * clear the ctrl flag so that we don't have spurious collection of 502 0 stevel * audit information. 503 0 stevel */ 504 0 stevel tad->tad_scid = 0; 505 0 stevel tad->tad_event = 0; 506 0 stevel tad->tad_evmod = 0; 507 0 stevel tad->tad_ctrl = 0; 508 0 stevel } 509 0 stevel 510 0 stevel int 511 4307 pwernau audit_success(au_kcontext_t *kctx, struct t_audit_data *tad, int error, 512 4307 pwernau cred_t *cr) 513 0 stevel { 514 0 stevel au_state_t ess; 515 0 stevel au_state_t esf; 516 0 stevel au_mask_t amask; 517 0 stevel const auditinfo_addr_t *ainfo; 518 0 stevel 519 0 stevel ess = esf = kctx->auk_ets[tad->tad_event]; 520 0 stevel 521 0 stevel if (error) 522 0 stevel tad->tad_evmod |= PAD_FAILURE; 523 0 stevel 524 0 stevel /* see if we really want to generate an audit record */ 525 0 stevel if (tad->tad_ctrl & PAD_NOAUDIT) 526 0 stevel return (0); 527 0 stevel 528 0 stevel /* 529 0 stevel * nfs operation and we're auditing privilege or MAC. This 530 0 stevel * is so we have a client audit record to match a nfs server 531 0 stevel * audit record. 532 0 stevel */ 533 0 stevel if (tad->tad_ctrl & PAD_AUDITME) 534 0 stevel return (AU_OK); 535 0 stevel 536 4307 pwernau /* 537 4307 pwernau * Used passed cred if available, otherwise use cred from kernel thread 538 4307 pwernau */ 539 4307 pwernau if (cr == NULL) 540 4307 pwernau cr = CRED(); 541 4307 pwernau ainfo = crgetauinfo(cr); 542 0 stevel if (ainfo == NULL) 543 0 stevel return (0); 544 0 stevel amask = ainfo->ai_mask; 545 0 stevel 546 0 stevel if (error == 0) 547 0 stevel return ((ess & amask.as_success) ? AU_OK : 0); 548 0 stevel else 549 0 stevel return ((esf & amask.as_failure) ? AU_OK : 0); 550 0 stevel } 551 0 stevel 552 0 stevel /* 553 0 stevel * determine if we've preselected this event (system call). 554 0 stevel */ 555 0 stevel int 556 0 stevel auditme(au_kcontext_t *kctx, struct t_audit_data *tad, au_state_t estate) 557 0 stevel { 558 0 stevel int flag = 0; 559 0 stevel au_mask_t amask; 560 0 stevel const auditinfo_addr_t *ainfo; 561 0 stevel 562 0 stevel ainfo = crgetauinfo(CRED()); 563 0 stevel if (ainfo == NULL) 564 0 stevel return (0); 565 0 stevel amask = ainfo->ai_mask; 566 0 stevel 567 0 stevel /* preselected system call */ 568 0 stevel 569 0 stevel if (amask.as_success & estate || amask.as_failure & estate) { 570 0 stevel flag = 1; 571 0 stevel } else if ((tad->tad_scid == SYS_putmsg) || 572 6207 gww (tad->tad_scid == SYS_getmsg)) { 573 0 stevel estate = kctx->auk_ets[AUE_SOCKCONNECT] | 574 6207 gww kctx->auk_ets[AUE_SOCKACCEPT] | 575 6207 gww kctx->auk_ets[AUE_SOCKSEND] | 576 6207 gww kctx->auk_ets[AUE_SOCKRECEIVE]; 577 0 stevel if (amask.as_success & estate || amask.as_failure & estate) 578 0 stevel flag = 1; 579 0 stevel } 580 0 stevel 581 0 stevel return (flag); 582 0 stevel } 583
Indexes created Mon Nov 23 23:09:39 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.