1/*- 2 * Copyright (c) 1999-2009 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 14 unchanged lines hidden (view full) --- 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30#include <sys/cdefs.h> |
31__FBSDID("$FreeBSD: head/sys/security/audit/audit_syscalls.c 241896 2012-10-22 17:50:54Z kib $"); |
32 33#include <sys/param.h> 34#include <sys/mount.h> 35#include <sys/namei.h> 36#include <sys/priv.h> 37#include <sys/proc.h> 38#include <sys/sysproto.h> 39#include <sys/systm.h> --- 704 unchanged lines hidden (view full) --- 744/* ARGSUSED */ 745int 746sys_auditctl(struct thread *td, struct auditctl_args *uap) 747{ 748 struct nameidata nd; 749 struct ucred *cred; 750 struct vnode *vp; 751 int error = 0; |
752 int flags; |
753 754 if (jailed(td->td_ucred)) 755 return (ENOSYS); 756 error = priv_check(td, PRIV_AUDIT_CONTROL); 757 if (error) 758 return (error); 759 760 vp = NULL; --- 4 unchanged lines hidden (view full) --- 765 * validity checks, and grab another reference to the current 766 * credential. 767 * 768 * On Darwin, a NULL path argument is also used to disable audit. 769 */ 770 if (uap->path == NULL) 771 return (EINVAL); 772 |
773 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, |
774 UIO_USERSPACE, uap->path, td); 775 flags = AUDIT_OPEN_FLAGS; 776 error = vn_open(&nd, &flags, 0, NULL); 777 if (error) 778 return (error); |
779 vp = nd.ni_vp; 780#ifdef MAC 781 error = mac_system_check_auditctl(td->td_ucred, vp); 782 VOP_UNLOCK(vp, 0); 783 if (error) { 784 vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td); |
785 return (error); 786 } 787#else 788 VOP_UNLOCK(vp, 0); 789#endif 790 NDFREE(&nd, NDF_ONLY_PNBUF); 791 if (vp->v_type != VREG) { 792 vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td); |
793 return (EINVAL); 794 } |
795 cred = td->td_ucred; 796 crhold(cred); 797 798 /* 799 * XXXAUDIT: Should audit_suspended actually be cleared by 800 * audit_worker? 801 */ 802 audit_suspended = 0; --- 71 unchanged lines hidden --- |