1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * This file contains the audit event table used to control the production 29 * of audit records for each system call. 30 */ 31 32 #include <sys/policy.h> 33 #include <sys/cred.h> 34 #include <sys/types.h> 35 #include <sys/systm.h> 36 #include <sys/systeminfo.h> /* for sysinfo auditing */ 37 #include <sys/utsname.h> /* for sysinfo auditing */ 38 #include <sys/proc.h> 39 #include <sys/vnode.h> 40 #include <sys/mman.h> /* for mmap(2) auditing etc. */ 41 #include <sys/fcntl.h> 42 #include <sys/modctl.h> /* for modctl auditing */ 43 #include <sys/vnode.h> 44 #include <sys/user.h> 45 #include <sys/types.h> 46 #include <sys/processor.h> 47 #include <sys/procset.h> 48 #include <sys/acl.h> 49 #include <sys/ipc.h> 50 #include <sys/door.h> 51 #include <sys/sem.h> 52 #include <sys/msg.h> 53 #include <sys/shm.h> 54 #include <sys/kmem.h> 55 #include <sys/file.h> /* for accept */ 56 #include <sys/utssys.h> /* for fuser */ 57 #include <sys/tsol/label.h> 58 #include <sys/tsol/tndb.h> 59 #include <sys/tsol/tsyscall.h> 60 #include <c2/audit.h> 61 #include <c2/audit_kernel.h> 62 #include <c2/audit_kevents.h> 63 #include <c2/audit_record.h> 64 #include <sys/procset.h> 65 #include <nfs/mount.h> 66 #include <sys/param.h> 67 #include <sys/debug.h> 68 #include <sys/sysmacros.h> 69 #include <sys/stream.h> 70 #include <sys/strsubr.h> 71 #include <sys/stropts.h> 72 #include <sys/tihdr.h> 73 #include <sys/socket.h> 74 #include <sys/socketvar.h> 75 #include <netinet/in.h> 76 #include <sys/ddi.h> 77 #include <sys/port_impl.h> 78 79 80 char _depends_on[] = "fs/sockfs"; 81 82 static au_event_t aui_open(au_event_t); 83 static au_event_t aui_fsat(au_event_t); 84 static au_event_t aui_msgsys(au_event_t); 85 static au_event_t aui_shmsys(au_event_t); 86 static au_event_t aui_semsys(au_event_t); 87 static au_event_t aui_utssys(au_event_t); 88 static au_event_t aui_fcntl(au_event_t); 89 static au_event_t aui_execv(au_event_t); 90 static au_event_t aui_execve(au_event_t); 91 static au_event_t aui_memcntl(au_event_t); 92 static au_event_t aui_sysinfo(au_event_t); 93 static au_event_t aui_portfs(au_event_t); 94 static au_event_t aui_auditsys(au_event_t); 95 static au_event_t aui_modctl(au_event_t); 96 static au_event_t aui_acl(au_event_t); 97 static au_event_t aui_doorfs(au_event_t); 98 static au_event_t aui_privsys(au_event_t); 99 static au_event_t aui_forksys(au_event_t); 100 static au_event_t aui_labelsys(au_event_t); 101 102 static void aus_open(struct t_audit_data *); 103 static void aus_acl(struct t_audit_data *); 104 static void aus_acct(struct t_audit_data *); 105 static void aus_chown(struct t_audit_data *); 106 static void aus_fchown(struct t_audit_data *); 107 static void aus_lchown(struct t_audit_data *); 108 static void aus_chmod(struct t_audit_data *); 109 static void aus_facl(struct t_audit_data *); 110 static void aus_fchmod(struct t_audit_data *); 111 static void aus_fcntl(struct t_audit_data *); 112 static void aus_fsat(struct t_audit_data *); 113 static void aus_mkdir(struct t_audit_data *); 114 static void aus_mknod(struct t_audit_data *); 115 static void aus_mount(struct t_audit_data *); 116 static void aus_umount(struct t_audit_data *); 117 static void aus_umount2(struct t_audit_data *); 118 static void aus_msgsys(struct t_audit_data *); 119 static void aus_semsys(struct t_audit_data *); 120 static void aus_close(struct t_audit_data *); 121 static void aus_fstatfs(struct t_audit_data *); 122 static void aus_setgid(struct t_audit_data *); 123 static void aus_setuid(struct t_audit_data *); 124 static void aus_shmsys(struct t_audit_data *); 125 static void aus_doorfs(struct t_audit_data *); 126 static void aus_ioctl(struct t_audit_data *); 127 static void aus_memcntl(struct t_audit_data *); 128 static void aus_mmap(struct t_audit_data *); 129 static void aus_munmap(struct t_audit_data *); 130 static void aus_priocntlsys(struct t_audit_data *); 131 static void aus_setegid(struct t_audit_data *); 132 static void aus_setgroups(struct t_audit_data *); 133 static void aus_seteuid(struct t_audit_data *); 134 static void aus_putmsg(struct t_audit_data *); 135 static void aus_putpmsg(struct t_audit_data *); 136 static void aus_getmsg(struct t_audit_data *); 137 static void aus_getpmsg(struct t_audit_data *); 138 static void aus_auditsys(struct t_audit_data *); 139 static void aus_sysinfo(struct t_audit_data *); 140 static void aus_modctl(struct t_audit_data *); 141 static void aus_kill(struct t_audit_data *); 142 static void aus_xmknod(struct t_audit_data *); 143 static void aus_setregid(struct t_audit_data *); 144 static void aus_setreuid(struct t_audit_data *); 145 static void aus_labelsys(struct t_audit_data *); 146 147 static void auf_mknod(struct t_audit_data *, int, rval_t *); 148 static void auf_msgsys(struct t_audit_data *, int, rval_t *); 149 static void auf_semsys(struct t_audit_data *, int, rval_t *); 150 static void auf_shmsys(struct t_audit_data *, int, rval_t *); 151 static void auf_xmknod(struct t_audit_data *, int, rval_t *); 152 static void auf_read(struct t_audit_data *, int, rval_t *); 153 static void auf_write(struct t_audit_data *, int, rval_t *); 154 155 static void aus_sigqueue(struct t_audit_data *); 156 static void aus_p_online(struct t_audit_data *); 157 static void aus_processor_bind(struct t_audit_data *); 158 static void aus_inst_sync(struct t_audit_data *); 159 static void aus_brandsys(struct t_audit_data *); 160 161 static void auf_accept(struct t_audit_data *, int, rval_t *); 162 163 static void auf_bind(struct t_audit_data *, int, rval_t *); 164 static void auf_connect(struct t_audit_data *, int, rval_t *); 165 static void aus_shutdown(struct t_audit_data *); 166 static void auf_setsockopt(struct t_audit_data *, int, rval_t *); 167 static void aus_sockconfig(struct t_audit_data *); 168 static void auf_recv(struct t_audit_data *, int, rval_t *); 169 static void auf_recvmsg(struct t_audit_data *, int, rval_t *); 170 static void auf_send(struct t_audit_data *, int, rval_t *); 171 static void auf_sendmsg(struct t_audit_data *, int, rval_t *); 172 static void auf_recvfrom(struct t_audit_data *, int, rval_t *); 173 static void auf_sendto(struct t_audit_data *, int, rval_t *); 174 static void aus_socket(struct t_audit_data *); 175 /* 176 * This table contains mapping information for converting system call numbers 177 * to audit event IDs. In several cases it is necessary to map a single system 178 * call to several events. 179 */ 180 181 #define aui_null NULL /* NULL initialize function */ 182 #define aus_null NULL /* NULL start function */ 183 #define auf_null NULL /* NULL finish function */ 184 185 struct audit_s2e audit_s2e[] = 186 { 187 /* 188 * ---------- ---------- ---------- ---------- 189 * INITIAL AUDIT START SYSTEM 190 * PROCESSING EVENT PROCESSING CALL 191 * ---------- ---------- ---------- ----------- 192 * FINISH EVENT 193 * PROCESSING CONTROL 194 * ---------------------------------------------------------- 195 */ 196 aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */ 197 auf_null, 0, 198 aui_null, AUE_EXIT, aus_null, /* 1 exit */ 199 auf_null, S2E_NPT, 200 aui_null, AUE_FORKALL, aus_null, /* 2 forkall */ 201 auf_null, 0, 202 aui_null, AUE_READ, aus_null, /* 3 read */ 203 auf_read, S2E_PUB, 204 aui_null, AUE_WRITE, aus_null, /* 4 write */ 205 auf_write, 0, 206 aui_open, AUE_OPEN, aus_open, /* 5 open */ 207 auf_null, S2E_SP, 208 aui_null, AUE_CLOSE, aus_close, /* 6 close */ 209 auf_null, 0, 210 aui_null, AUE_NULL, aus_null, /* 7 wait */ 211 auf_null, 0, 212 aui_null, AUE_CREAT, aus_null, /* 8 create */ 213 auf_null, S2E_SP, 214 aui_null, AUE_LINK, aus_null, /* 9 link */ 215 auf_null, 0, 216 aui_null, AUE_UNLINK, aus_null, /* 10 unlink */ 217 auf_null, 0, 218 aui_execv, AUE_EXEC, aus_null, /* 11 exec */ 219 auf_null, S2E_MLD, 220 aui_null, AUE_CHDIR, aus_null, /* 12 chdir */ 221 auf_null, S2E_SP, 222 aui_null, AUE_NULL, aus_null, /* 13 time */ 223 auf_null, 0, 224 aui_null, AUE_MKNOD, aus_mknod, /* 14 mknod */ 225 auf_mknod, 0, 226 aui_null, AUE_CHMOD, aus_chmod, /* 15 chmod */ 227 auf_null, 0, 228 aui_null, AUE_CHOWN, aus_chown, /* 16 chown */ 229 auf_null, 0, 230 aui_null, AUE_NULL, aus_null, /* 17 brk */ 231 auf_null, 0, 232 aui_null, AUE_STAT, aus_null, /* 18 stat */ 233 auf_null, S2E_PUB, 234 aui_null, AUE_NULL, aus_null, /* 19 lseek */ 235 auf_null, 0, 236 aui_null, AUE_NULL, aus_null, /* 20 getpid */ 237 auf_null, 0, 238 aui_null, AUE_MOUNT, aus_mount, /* 21 mount */ 239 auf_null, S2E_MLD, 240 aui_null, AUE_UMOUNT, aus_umount, /* 22 umount */ 241 auf_null, 0, 242 aui_null, AUE_SETUID, aus_setuid, /* 23 setuid */ 243 auf_null, 0, 244 aui_null, AUE_NULL, aus_null, /* 24 getuid */ 245 auf_null, 0, 246 aui_null, AUE_STIME, aus_null, /* 25 stime */ 247 auf_null, 0, 248 aui_null, AUE_NULL, aus_null, /* 26 (loadable) was ptrace */ 249 auf_null, 0, 250 aui_null, AUE_NULL, aus_null, /* 27 alarm */ 251 auf_null, 0, 252 aui_null, AUE_NULL, aus_null, /* 28 fstat */ 253 auf_null, 0, 254 aui_null, AUE_NULL, aus_null, /* 29 pause */ 255 auf_null, 0, 256 aui_null, AUE_UTIME, aus_null, /* 30 utime */ 257 auf_null, 0, 258 aui_null, AUE_NULL, aus_null, /* 31 stty (TIOCSETP-audit?) */ 259 auf_null, 0, 260 aui_null, AUE_NULL, aus_null, /* 32 gtty */ 261 auf_null, 0, 262 aui_null, AUE_ACCESS, aus_null, /* 33 access */ 263 auf_null, S2E_PUB, 264 aui_null, AUE_NICE, aus_null, /* 34 nice */ 265 auf_null, 0, 266 aui_null, AUE_STATFS, aus_null, /* 35 statfs */ 267 auf_null, S2E_PUB, 268 aui_null, AUE_NULL, aus_null, /* 36 sync */ 269 auf_null, 0, 270 aui_null, AUE_KILL, aus_kill, /* 37 kill */ 271 auf_null, 0, 272 aui_null, AUE_FSTATFS, aus_fstatfs, /* 38 fstatfs */ 273 auf_null, S2E_PUB, 274 aui_null, AUE_SETPGRP, aus_null, /* 39 setpgrp */ 275 auf_null, 0, 276 aui_null, AUE_NULL, aus_null, /* 40 uucopystr */ 277 auf_null, 0, 278 aui_null, AUE_NULL, aus_null, /* 41 dup */ 279 auf_null, 0, 280 aui_null, AUE_PIPE, aus_null, /* 42 pipe */ 281 auf_null, 0, 282 aui_null, AUE_NULL, aus_null, /* 43 times */ 283 auf_null, 0, 284 aui_null, AUE_NULL, aus_null, /* 44 profil */ 285 auf_null, 0, 286 aui_null, AUE_NULL, aus_null, /* 45 (loadable) */ 287 /* was proc lock */ 288 auf_null, 0, 289 aui_null, AUE_SETGID, aus_setgid, /* 46 setgid */ 290 auf_null, 0, 291 aui_null, AUE_NULL, aus_null, /* 47 getgid */ 292 auf_null, 0, 293 aui_null, AUE_NULL, aus_null, /* 48 sig */ 294 auf_null, 0, 295 aui_msgsys, AUE_MSGSYS, aus_msgsys, /* 49 (loadable) was msgsys */ 296 auf_msgsys, 0, 297 #if defined(__x86) 298 aui_null, AUE_NULL, aus_null, /* 50 sysi86 */ 299 auf_null, 0, 300 #else 301 aui_null, AUE_NULL, aus_null, /* 50 (loadable) was sys3b */ 302 auf_null, 0, 303 #endif /* __x86 */ 304 aui_null, AUE_ACCT, aus_acct, /* 51 acct */ 305 auf_null, 0, 306 aui_shmsys, AUE_SHMSYS, aus_shmsys, /* 52 shared memory */ 307 auf_shmsys, 0, 308 aui_semsys, AUE_SEMSYS, aus_semsys, /* 53 IPC semaphores */ 309 auf_semsys, 0, 310 aui_null, AUE_IOCTL, aus_ioctl, /* 54 ioctl */ 311 auf_null, 0, 312 aui_null, AUE_NULL, aus_null, /* 55 uadmin */ 313 auf_null, 0, 314 aui_null, AUE_NULL, aus_null, /* 56 (loadable) was uexch */ 315 auf_null, 0, 316 aui_utssys, AUE_FUSERS, aus_null, /* 57 utssys */ 317 auf_null, 0, 318 aui_null, AUE_NULL, aus_null, /* 58 fsync */ 319 auf_null, 0, 320 aui_execve, AUE_EXECVE, aus_null, /* 59 exece */ 321 auf_null, S2E_MLD, 322 aui_null, AUE_NULL, aus_null, /* 60 umask */ 323 auf_null, 0, 324 aui_null, AUE_CHROOT, aus_null, /* 61 chroot */ 325 auf_null, S2E_SP, 326 aui_fcntl, AUE_FCNTL, aus_fcntl, /* 62 fcntl */ 327 auf_null, 0, 328 aui_null, AUE_NULL, aus_null, /* 63 ulimit */ 329 auf_null, 0, 330 aui_null, AUE_NULL, aus_null, /* 64 (loadable) */ 331 auf_null, 0, 332 aui_null, AUE_NULL, aus_null, /* 65 (loadable) */ 333 auf_null, 0, 334 aui_null, AUE_NULL, aus_null, /* 66 (loadable) */ 335 auf_null, 0, 336 aui_null, AUE_NULL, aus_null, /* 67 (loadable) */ 337 /* file locking call */ 338 auf_null, 0, 339 aui_null, AUE_NULL, aus_null, /* 68 (loadable) */ 340 /* local system calls */ 341 auf_null, 0, 342 aui_null, AUE_NULL, aus_null, /* 69 (loadable) inode open */ 343 auf_null, 0, 344 aui_null, AUE_NULL, aus_null, /* 70 (loadable) was advfs */ 345 auf_null, 0, 346 aui_null, AUE_NULL, aus_null, /* 71 (loadable) was unadvfs */ 347 auf_null, 0, 348 aui_null, AUE_NULL, aus_null, /* 72 (loadable) was notused */ 349 auf_null, 0, 350 aui_null, AUE_NULL, aus_null, /* 73 (loadable) was notused */ 351 auf_null, 0, 352 aui_null, AUE_NULL, aus_null, /* 74 (loadable) was notused */ 353 auf_null, 0, 354 aui_null, AUE_NULL, aus_null, /* 75 sidsys */ 355 /* was sigret (SunOS) */ 356 auf_null, 0, 357 aui_fsat, AUE_FSAT, aus_fsat, /* 76 fsat */ 358 auf_null, 0, 359 aui_null, AUE_NULL, aus_null, /* 77 (loadable) was rfstop */ 360 auf_null, 0, 361 aui_null, AUE_NULL, aus_null, /* 78 (loadable) was rfssys */ 362 auf_null, 0, 363 aui_null, AUE_RMDIR, aus_null, /* 79 rmdir */ 364 auf_null, 0, 365 aui_null, AUE_MKDIR, aus_mkdir, /* 80 mkdir */ 366 auf_null, 0, 367 aui_null, AUE_NULL, aus_null, /* 81 getdents */ 368 auf_null, 0, 369 aui_privsys, AUE_NULL, aus_null, /* 82 privsys */ 370 /* was libattach */ 371 auf_null, 0, 372 aui_null, AUE_NULL, aus_null, /* 83 (loadable) */ 373 /* was libdetach */ 374 auf_null, 0, 375 aui_null, AUE_NULL, aus_null, /* 84 sysfs */ 376 auf_null, 0, 377 aui_null, AUE_GETMSG, aus_getmsg, /* 85 getmsg */ 378 auf_null, 0, 379 aui_null, AUE_PUTMSG, aus_putmsg, /* 86 putmsg */ 380 auf_null, 0, 381 aui_null, AUE_NULL, aus_null, /* 87 poll */ 382 auf_null, 0, 383 aui_null, AUE_LSTAT, aus_null, /* 88 lstat */ 384 auf_null, S2E_PUB, 385 aui_null, AUE_SYMLINK, aus_null, /* 89 symlink */ 386 auf_null, 0, 387 aui_null, AUE_READLINK, aus_null, /* 90 readlink */ 388 auf_null, S2E_PUB, 389 aui_null, AUE_SETGROUPS, aus_setgroups, /* 91 setgroups */ 390 auf_null, 0, 391 aui_null, AUE_NULL, aus_null, /* 92 getgroups */ 392 auf_null, 0, 393 aui_null, AUE_FCHMOD, aus_fchmod, /* 93 fchmod */ 394 auf_null, 0, 395 aui_null, AUE_FCHOWN, aus_fchown, /* 94 fchown */ 396 auf_null, 0, 397 aui_null, AUE_NULL, aus_null, /* 95 sigprocmask */ 398 auf_null, 0, 399 aui_null, AUE_NULL, aus_null, /* 96 sigsuspend */ 400 auf_null, 0, 401 aui_null, AUE_NULL, aus_null, /* 97 sigaltstack */ 402 auf_null, 0, 403 aui_null, AUE_NULL, aus_null, /* 98 sigaction */ 404 auf_null, 0, 405 aui_null, AUE_NULL, aus_null, /* 99 sigpending */ 406 auf_null, 0, 407 aui_null, AUE_NULL, aus_null, /* 100 setcontext */ 408 auf_null, 0, 409 aui_null, AUE_NULL, aus_null, /* 101 (loadable) was evsys */ 410 auf_null, 0, 411 aui_null, AUE_NULL, aus_null, /* 102 (loadable) */ 412 /* was evtrapret */ 413 auf_null, 0, 414 aui_null, AUE_STATVFS, aus_null, /* 103 statvfs */ 415 auf_null, S2E_PUB, 416 aui_null, AUE_NULL, aus_null, /* 104 fstatvfs */ 417 auf_null, 0, 418 aui_null, AUE_NULL, aus_null, /* 105 (loadable) */ 419 auf_null, 0, 420 aui_null, AUE_NULL, aus_null, /* 106 nfssys */ 421 auf_null, 0, 422 aui_null, AUE_NULL, aus_null, /* 107 waitset */ 423 auf_null, 0, 424 aui_null, AUE_NULL, aus_null, /* 108 sigsendset */ 425 auf_null, 0, 426 #if defined(__x86) 427 aui_null, AUE_NULL, aus_null, /* 109 hrtsys */ 428 auf_null, 0, 429 #else 430 aui_null, AUE_NULL, aus_null, /* 109 (loadable) */ 431 auf_null, 0, 432 #endif /* __x86 */ 433 aui_null, AUE_NULL, aus_null, /* 110 (loadable) was acancel */ 434 auf_null, 0, 435 aui_null, AUE_NULL, aus_null, /* 111 (loadable) was async */ 436 auf_null, 0, 437 aui_null, AUE_PRIOCNTLSYS, aus_priocntlsys, 438 auf_null, 0, /* 112 priocntlsys */ 439 aui_null, AUE_PATHCONF, aus_null, /* 113 pathconf */ 440 auf_null, S2E_PUB, 441 aui_null, AUE_NULL, aus_null, /* 114 mincore */ 442 auf_null, 0, 443 aui_null, AUE_MMAP, aus_mmap, /* 115 mmap */ 444 auf_null, 0, 445 aui_null, AUE_NULL, aus_null, /* 116 mprotect */ 446 auf_null, 0, 447 aui_null, AUE_MUNMAP, aus_munmap, /* 117 munmap */ 448 auf_null, 0, 449 aui_null, AUE_NULL, aus_null, /* 118 fpathconf */ 450 auf_null, 0, 451 aui_null, AUE_VFORK, aus_null, /* 119 vfork */ 452 auf_null, 0, 453 aui_null, AUE_FCHDIR, aus_null, /* 120 fchdir */ 454 auf_null, 0, 455 aui_null, AUE_READ, aus_null, /* 121 readv */ 456 auf_read, S2E_PUB, 457 aui_null, AUE_WRITE, aus_null, /* 122 writev */ 458 auf_write, 0, 459 aui_null, AUE_STAT, aus_null, /* 123 xstat (x86) */ 460 auf_null, S2E_PUB, 461 aui_null, AUE_LSTAT, aus_null, /* 124 lxstat (x86) */ 462 auf_null, S2E_PUB, 463 aui_null, AUE_NULL, aus_null, /* 125 fxstat (x86) */ 464 auf_null, 0, 465 aui_null, AUE_MKNOD, aus_xmknod, /* 126 xmknod (x86) */ 466 auf_xmknod, 0, 467 aui_null, AUE_NULL, aus_null, /* 127 (loadable) was clocal */ 468 auf_null, 0, 469 aui_null, AUE_SETRLIMIT, aus_null, /* 128 setrlimit */ 470 auf_null, 0, 471 aui_null, AUE_NULL, aus_null, /* 129 getrlimit */ 472 auf_null, 0, 473 aui_null, AUE_LCHOWN, aus_lchown, /* 130 lchown */ 474 auf_null, 0, 475 aui_memcntl, AUE_MEMCNTL, aus_memcntl, /* 131 memcntl */ 476 auf_null, 0, 477 aui_null, AUE_GETPMSG, aus_getpmsg, /* 132 getpmsg */ 478 auf_null, 0, 479 aui_null, AUE_PUTPMSG, aus_putpmsg, /* 133 putpmsg */ 480 auf_null, 0, 481 aui_null, AUE_RENAME, aus_null, /* 134 rename */ 482 auf_null, 0, 483 aui_null, AUE_NULL, aus_null, /* 135 uname */ 484 auf_null, 0, 485 aui_null, AUE_SETEGID, aus_setegid, /* 136 setegid */ 486 auf_null, 0, 487 aui_null, AUE_NULL, aus_null, /* 137 sysconfig */ 488 auf_null, 0, 489 aui_null, AUE_ADJTIME, aus_null, /* 138 adjtime */ 490 auf_null, 0, 491 aui_sysinfo, AUE_SYSINFO, aus_sysinfo, /* 139 systeminfo */ 492 auf_null, 0, 493 aui_null, AUE_NULL, aus_null, /* 140 reserved */ 494 auf_null, 0, 495 aui_null, AUE_SETEUID, aus_seteuid, /* 141 seteuid */ 496 auf_null, 0, 497 aui_forksys, AUE_NULL, aus_null, /* 142 forksys */ 498 auf_null, 0, 499 aui_null, AUE_FORK1, aus_null, /* 143 fork1 */ 500 auf_null, 0, 501 aui_null, AUE_NULL, aus_null, /* 144 sigwait */ 502 auf_null, 0, 503 aui_null, AUE_NULL, aus_null, /* 145 lwp_info */ 504 auf_null, 0, 505 aui_null, AUE_NULL, aus_null, /* 146 yield */ 506 auf_null, 0, 507 aui_null, AUE_NULL, aus_null, /* 147 lwp_sema_wait */ 508 auf_null, 0, 509 aui_null, AUE_NULL, aus_null, /* 148 lwp_sema_post */ 510 auf_null, 0, 511 aui_null, AUE_NULL, aus_null, /* 149 lwp_sema_trywait */ 512 auf_null, 0, 513 aui_null, AUE_NULL, aus_null, /* 150 (loadable reserved) */ 514 auf_null, 0, 515 aui_null, AUE_NULL, aus_null, /* 151 (loadable reserved) */ 516 auf_null, 0, 517 aui_modctl, AUE_MODCTL, aus_modctl, /* 152 modctl */ 518 auf_null, 0, 519 aui_null, AUE_FCHROOT, aus_null, /* 153 fchroot */ 520 auf_null, 0, 521 aui_null, AUE_UTIMES, aus_null, /* 154 utimes */ 522 auf_null, 0, 523 aui_null, AUE_NULL, aus_null, /* 155 vhangup */ 524 auf_null, 0, 525 aui_null, AUE_NULL, aus_null, /* 156 gettimeofday */ 526 auf_null, 0, 527 aui_null, AUE_NULL, aus_null, /* 157 getitimer */ 528 auf_null, 0, 529 aui_null, AUE_NULL, aus_null, /* 158 setitimer */ 530 auf_null, 0, 531 aui_null, AUE_NULL, aus_null, /* 159 lwp_create */ 532 auf_null, 0, 533 aui_null, AUE_NULL, aus_null, /* 160 lwp_exit */ 534 auf_null, 0, 535 aui_null, AUE_NULL, aus_null, /* 161 lwp_suspend */ 536 auf_null, 0, 537 aui_null, AUE_NULL, aus_null, /* 162 lwp_continue */ 538 auf_null, 0, 539 aui_null, AUE_NULL, aus_null, /* 163 lwp_kill */ 540 auf_null, 0, 541 aui_null, AUE_NULL, aus_null, /* 164 lwp_self */ 542 auf_null, 0, 543 aui_null, AUE_NULL, aus_null, /* 165 (loadable) */ 544 /* was lwp_setprivate */ 545 auf_null, 0, 546 aui_null, AUE_NULL, aus_null, /* 166 (loadable) */ 547 /* was lwp_getprivate */ 548 auf_null, 0, 549 aui_null, AUE_NULL, aus_null, /* 167 lwp_wait */ 550 auf_null, 0, 551 aui_null, AUE_NULL, aus_null, /* 168 lwp_mutex_wakeup */ 552 auf_null, 0, 553 aui_null, AUE_NULL, aus_null, /* 169 lwp_mutex_lock */ 554 auf_null, 0, 555 aui_null, AUE_NULL, aus_null, /* 170 lwp_cond_wait */ 556 auf_null, 0, 557 aui_null, AUE_NULL, aus_null, /* 171 lwp_cond_signal */ 558 auf_null, 0, 559 aui_null, AUE_NULL, aus_null, /* 172 lwp_cond_broadcast */ 560 auf_null, 0, 561 aui_null, AUE_READ, aus_null, /* 173 pread */ 562 auf_read, S2E_PUB, 563 aui_null, AUE_WRITE, aus_null, /* 174 pwrite */ 564 auf_write, 0, 565 aui_null, AUE_NULL, aus_null, /* 175 llseek */ 566 auf_null, 0, 567 aui_null, AUE_INST_SYNC, aus_inst_sync, /* 176 (loadable) */ 568 /* aus_inst_sync */ 569 auf_null, 0, 570 aui_null, AUE_BRANDSYS, aus_brandsys, /* 177 brandsys */ 571 auf_null, 0, 572 aui_null, AUE_NULL, aus_null, /* 178 (loadable) */ 573 auf_null, 0, 574 aui_null, AUE_NULL, aus_null, /* 179 (loadable) */ 575 auf_null, 0, 576 aui_null, AUE_NULL, aus_null, /* 180 (loadable) kaio */ 577 auf_null, 0, 578 aui_null, AUE_NULL, aus_null, /* 181 (loadable) */ 579 auf_null, 0, 580 aui_portfs, AUE_PORTFS, aus_null, /* 182 (loadable) portfs */ 581 auf_null, 0, 582 aui_null, AUE_NULL, aus_null, /* 183 (loadable) */ 583 auf_null, 0, 584 aui_labelsys, AUE_NULL, aus_labelsys, /* 184 labelsys */ 585 auf_null, 0, 586 aui_acl, AUE_ACLSET, aus_acl, /* 185 acl */ 587 auf_null, 0, 588 aui_auditsys, AUE_AUDITSYS, aus_auditsys, /* 186 auditsys */ 589 auf_null, 0, 590 aui_null, AUE_PROCESSOR_BIND, aus_processor_bind, 591 auf_null, 0, /* 187 processor_bind */ 592 aui_null, AUE_NULL, aus_null, /* 188 processor_info */ 593 auf_null, 0, 594 aui_null, AUE_P_ONLINE, aus_p_online, /* 189 p_online */ 595 auf_null, 0, 596 aui_null, AUE_NULL, aus_sigqueue, /* 190 sigqueue */ 597 auf_null, 0, 598 aui_null, AUE_NULL, aus_null, /* 191 clock_gettime */ 599 auf_null, 0, 600 aui_null, AUE_CLOCK_SETTIME, aus_null, /* 192 clock_settime */ 601 auf_null, 0, 602 aui_null, AUE_NULL, aus_null, /* 193 clock_getres */ 603 auf_null, 0, 604 aui_null, AUE_NULL, aus_null, /* 194 timer_create */ 605 auf_null, 0, 606 aui_null, AUE_NULL, aus_null, /* 195 timer_delete */ 607 auf_null, 0, 608 aui_null, AUE_NULL, aus_null, /* 196 timer_settime */ 609 auf_null, 0, 610 aui_null, AUE_NULL, aus_null, /* 197 timer_gettime */ 611 auf_null, 0, 612 aui_null, AUE_NULL, aus_null, /* 198 timer_getoverrun */ 613 auf_null, 0, 614 aui_null, AUE_NULL, aus_null, /* 199 nanosleep */ 615 auf_null, 0, 616 aui_acl, AUE_FACLSET, aus_facl, /* 200 facl */ 617 auf_null, 0, 618 aui_doorfs, AUE_DOORFS, aus_doorfs, /* 201 (loadable) doorfs */ 619 auf_null, 0, 620 aui_null, AUE_SETREUID, aus_setreuid, /* 202 setreuid */ 621 auf_null, 0, 622 aui_null, AUE_SETREGID, aus_setregid, /* 203 setregid */ 623 auf_null, 0, 624 aui_null, AUE_NULL, aus_null, /* 204 install_utrap */ 625 auf_null, 0, 626 aui_null, AUE_NULL, aus_null, /* 205 signotify */ 627 auf_null, 0, 628 aui_null, AUE_NULL, aus_null, /* 206 schedctl */ 629 auf_null, 0, 630 aui_null, AUE_NULL, aus_null, /* 207 (loadable) pset */ 631 auf_null, 0, 632 aui_null, AUE_NULL, aus_null, /* 208 (loadable) */ 633 auf_null, 0, 634 aui_null, AUE_NULL, aus_null, /* 209 resolvepath */ 635 auf_null, 0, 636 aui_null, AUE_NULL, aus_null, /* 210 lwp_mutex_timedlock */ 637 auf_null, 0, 638 aui_null, AUE_NULL, aus_null, /* 211 lwp_sema_timedwait */ 639 auf_null, 0, 640 aui_null, AUE_NULL, aus_null, /* 212 lwp_rwlock_sys */ 641 auf_null, 0, 642 aui_null, AUE_NULL, aus_null, /* 213 getdents64 (__ppc) */ 643 auf_null, 0, 644 aui_null, AUE_MMAP, aus_mmap, /* 214 mmap64 */ 645 auf_null, 0, 646 aui_null, AUE_STAT, aus_null, /* 215 stat64 */ 647 auf_null, S2E_PUB, 648 aui_null, AUE_LSTAT, aus_null, /* 216 lstat64 */ 649 auf_null, S2E_PUB, 650 aui_null, AUE_NULL, aus_null, /* 217 fstat64 */ 651 auf_null, 0, 652 aui_null, AUE_STATVFS, aus_null, /* 218 statvfs64 */ 653 auf_null, S2E_PUB, 654 aui_null, AUE_NULL, aus_null, /* 219 fstatvfs64 */ 655 auf_null, 0, 656 aui_null, AUE_SETRLIMIT, aus_null, /* 220 setrlimit64 */ 657 auf_null, 0, 658 aui_null, AUE_NULL, aus_null, /* 221 getrlimit64 */ 659 auf_null, 0, 660 aui_null, AUE_READ, aus_null, /* 222 pread64 */ 661 auf_read, S2E_PUB, 662 aui_null, AUE_WRITE, aus_null, /* 223 pwrite64 */ 663 auf_write, 0, 664 aui_null, AUE_CREAT, aus_null, /* 224 creat64 */ 665 auf_null, S2E_SP, 666 aui_open, AUE_OPEN, aus_open, /* 225 open64 */ 667 auf_null, S2E_SP, 668 aui_null, AUE_NULL, aus_null, /* 226 (loadable) rpcsys */ 669 auf_null, 0, 670 aui_null, AUE_NULL, aus_null, /* 227 (loadable) */ 671 auf_null, 0, 672 aui_null, AUE_NULL, aus_null, /* 228 (loadable) */ 673 auf_null, 0, 674 aui_null, AUE_NULL, aus_null, /* 229 (loadable) */ 675 auf_null, 0, 676 aui_null, AUE_SOCKET, aus_socket, /* 230 so_socket */ 677 auf_null, 0, 678 aui_null, AUE_NULL, aus_null, /* 231 so_socketpair */ 679 auf_null, 0, 680 aui_null, AUE_BIND, aus_null, /* 232 bind */ 681 auf_bind, 0, 682 aui_null, AUE_NULL, aus_null, /* 233 listen */ 683 auf_null, 0, 684 aui_null, AUE_ACCEPT, aus_null, /* 234 accept */ 685 auf_accept, 0, 686 aui_null, AUE_CONNECT, aus_null, /* 235 connect */ 687 auf_connect, 0, 688 aui_null, AUE_SHUTDOWN, aus_shutdown, /* 236 shutdown */ 689 auf_null, 0, 690 aui_null, AUE_READ, aus_null, /* 237 recv */ 691 auf_recv, 0, 692 aui_null, AUE_RECVFROM, aus_null, /* 238 recvfrom */ 693 auf_recvfrom, 0, 694 aui_null, AUE_RECVMSG, aus_null, /* 239 recvmsg */ 695 auf_recvmsg, 0, 696 aui_null, AUE_WRITE, aus_null, /* 240 send */ 697 auf_send, 0, 698 aui_null, AUE_SENDMSG, aus_null, /* 241 sendmsg */ 699 auf_sendmsg, 0, 700 aui_null, AUE_SENDTO, aus_null, /* 242 sendto */ 701 auf_sendto, 0, 702 aui_null, AUE_NULL, aus_null, /* 243 getpeername */ 703 auf_null, 0, 704 aui_null, AUE_NULL, aus_null, /* 244 getsockname */ 705 auf_null, 0, 706 aui_null, AUE_NULL, aus_null, /* 245 getsockopt */ 707 auf_null, 0, 708 aui_null, AUE_SETSOCKOPT, aus_null, /* 246 setsockopt */ 709 auf_setsockopt, 0, 710 aui_null, AUE_SOCKCONFIG, aus_sockconfig, /* 247 sockconfig */ 711 auf_null, 0, 712 aui_null, AUE_NULL, aus_null, /* 248 ntp_gettime */ 713 auf_null, 0, 714 aui_null, AUE_NTP_ADJTIME, aus_null, /* 249 ntp_adjtime */ 715 auf_null, 0, 716 aui_null, AUE_NULL, aus_null, /* 250 lwp_mutex_unlock */ 717 auf_null, 0, 718 aui_null, AUE_NULL, aus_null, /* 251 lwp_mutex_trylock */ 719 auf_null, 0, 720 aui_null, AUE_NULL, aus_null, /* 252 lwp_mutex_register */ 721 auf_null, 0, 722 aui_null, AUE_NULL, aus_null, /* 253 cladm */ 723 auf_null, 0, 724 aui_null, AUE_NULL, aus_null, /* 254 uucopy */ 725 auf_null, 0, 726 aui_null, AUE_UMOUNT2, aus_umount2, /* 255 umount2 */ 727 auf_null, 0 728 }; 729 730 uint_t num_syscall = sizeof (audit_s2e) / sizeof (struct audit_s2e); 731 732 733 /* acct start function */ 734 /*ARGSUSED*/ 735 static void 736 aus_acct(struct t_audit_data *tad) 737 { 738 klwp_t *clwp = ttolwp(curthread); 739 uintptr_t fname; 740 741 struct a { 742 long fname; /* char * */ 743 } *uap = (struct a *)clwp->lwp_ap; 744 745 fname = (uintptr_t)uap->fname; 746 747 if (fname == 0) 748 au_uwrite(au_to_arg32(1, "accounting off", (uint32_t)0)); 749 } 750 751 /* chown start function */ 752 /*ARGSUSED*/ 753 static void 754 aus_chown(struct t_audit_data *tad) 755 { 756 klwp_t *clwp = ttolwp(curthread); 757 uint32_t uid, gid; 758 759 struct a { 760 long fname; /* char * */ 761 long uid; 762 long gid; 763 } *uap = (struct a *)clwp->lwp_ap; 764 765 uid = (uint32_t)uap->uid; 766 gid = (uint32_t)uap->gid; 767 768 au_uwrite(au_to_arg32(2, "new file uid", uid)); 769 au_uwrite(au_to_arg32(3, "new file gid", gid)); 770 } 771 772 /* fchown start function */ 773 /*ARGSUSED*/ 774 static void 775 aus_fchown(struct t_audit_data *tad) 776 { 777 klwp_t *clwp = ttolwp(curthread); 778 uint32_t uid, gid, fd; 779 struct file *fp; 780 struct vnode *vp; 781 struct f_audit_data *fad; 782 783 struct a { 784 long fd; 785 long uid; 786 long gid; 787 } *uap = (struct a *)clwp->lwp_ap; 788 789 fd = (uint32_t)uap->fd; 790 uid = (uint32_t)uap->uid; 791 gid = (uint32_t)uap->gid; 792 793 au_uwrite(au_to_arg32(2, "new file uid", uid)); 794 au_uwrite(au_to_arg32(3, "new file gid", gid)); 795 796 /* 797 * convert file pointer to file descriptor 798 * Note: fd ref count incremented here. 799 */ 800 if ((fp = getf(fd)) == NULL) 801 return; 802 803 /* get path from file struct here */ 804 fad = F2A(fp); 805 if (fad->fad_aupath != NULL) { 806 au_uwrite(au_to_path(fad->fad_aupath)); 807 } else { 808 au_uwrite(au_to_arg32(1, "no path: fd", fd)); 809 } 810 811 vp = fp->f_vnode; 812 audit_attributes(vp); 813 814 /* decrement file descriptor reference count */ 815 releasef(fd); 816 } 817 818 /*ARGSUSED*/ 819 static void 820 aus_lchown(struct t_audit_data *tad) 821 { 822 klwp_t *clwp = ttolwp(curthread); 823 uint32_t uid, gid; 824 825 826 struct a { 827 long fname; /* char * */ 828 long uid; 829 long gid; 830 } *uap = (struct a *)clwp->lwp_ap; 831 832 uid = (uint32_t)uap->uid; 833 gid = (uint32_t)uap->gid; 834 835 au_uwrite(au_to_arg32(2, "new file uid", uid)); 836 au_uwrite(au_to_arg32(3, "new file gid", gid)); 837