aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2009-06-27 13:58:44 +0000
committerRobert Watson <rwatson@FreeBSD.org>2009-06-27 13:58:44 +0000
commit14961ba789be428e9cedb60493ea26e0abcc3071 (patch)
tree18c823b27ab8bd9a1cd03dcca0ea5348975f3971
parentf291b9cd384488ded41f6dbff874e889e8e0c42c (diff)
downloadsrc-14961ba789be428e9cedb60493ea26e0abcc3071.tar.gz
src-14961ba789be428e9cedb60493ea26e0abcc3071.zip
Notes
-rw-r--r--sys/amd64/amd64/sys_machdep.c2
-rw-r--r--sys/compat/freebsd32/freebsd32_misc.c2
-rw-r--r--sys/compat/linux/linux_signal.c6
-rw-r--r--sys/i386/i386/sys_machdep.c2
-rw-r--r--sys/kern/kern_descrip.c6
-rw-r--r--sys/kern/kern_exec.c8
-rw-r--r--sys/kern/kern_exit.c4
-rw-r--r--sys/kern/kern_fork.c4
-rw-r--r--sys/kern/kern_prot.c30
-rw-r--r--sys/kern/kern_sig.c10
-rw-r--r--sys/kern/kern_thr.c4
-rw-r--r--sys/kern/sys_generic.c4
-rw-r--r--sys/kern/sys_process.c10
-rw-r--r--sys/kern/vfs_extattr.c56
-rw-r--r--sys/kern/vfs_lookup.c15
-rw-r--r--sys/kern/vfs_mount.c8
-rw-r--r--sys/kern/vfs_syscalls.c64
-rw-r--r--sys/nfs/nfs_nfssvc.c2
-rw-r--r--sys/security/audit/audit.h185
-rw-r--r--sys/security/audit/audit_syscalls.c4
20 files changed, 291 insertions, 135 deletions
diff --git a/sys/amd64/amd64/sys_machdep.c b/sys/amd64/amd64/sys_machdep.c
index 834dd2c87043..bfc7c915b3b8 100644
--- a/sys/amd64/amd64/sys_machdep.c
+++ b/sys/amd64/amd64/sys_machdep.c
@@ -87,7 +87,7 @@ sysarch_ldt(struct thread *td, struct sysarch_args *uap, int uap_space)
* XXXKIB check that the BSM generation code knows to encode
* the op argument.
*/
- AUDIT_ARG(cmd, uap->op);
+ AUDIT_ARG_CMD(uap->op);
if (uap_space == UIO_USERSPACE) {
error = copyin(uap->parms, &la, sizeof(struct i386_ldt_args));
if (error != 0)
diff --git a/sys/compat/freebsd32/freebsd32_misc.c b/sys/compat/freebsd32/freebsd32_misc.c
index 7509c45d8f17..d03411ab122a 100644
--- a/sys/compat/freebsd32/freebsd32_misc.c
+++ b/sys/compat/freebsd32/freebsd32_misc.c
@@ -2924,7 +2924,7 @@ freebsd32_nmount(struct thread *td,
struct uio *auio;
int error;
- AUDIT_ARG(fflags, uap->flags);
+ AUDIT_ARG_FFLAGS(uap->flags);
/*
* Filter out MNT_ROOTFS. We do not want clients of nmount() in
diff --git a/sys/compat/linux/linux_signal.c b/sys/compat/linux/linux_signal.c
index 9bbc268131ef..5910d627d8de 100644
--- a/sys/compat/linux/linux_signal.c
+++ b/sys/compat/linux/linux_signal.c
@@ -546,8 +546,8 @@ linux_do_tkill(struct thread *td, l_int tgid, l_int pid, l_int signum)
ksiginfo_t ksi;
int error;
- AUDIT_ARG(signum, signum);
- AUDIT_ARG(pid, pid);
+ AUDIT_ARG_SIGNUM(signum);
+ AUDIT_ARG_PID(pid);
/*
* Allow signal 0 as a means to check for privileges
@@ -563,7 +563,7 @@ linux_do_tkill(struct thread *td, l_int tgid, l_int pid, l_int signum)
return (ESRCH);
}
- AUDIT_ARG(process, p);
+ AUDIT_ARG_PROCESS(p);
error = p_cansignal(td, p, signum);
if (error)
goto out;
diff --git a/sys/i386/i386/sys_machdep.c b/sys/i386/i386/sys_machdep.c
index 87b563de94ca..2e7abdde25a8 100644
--- a/sys/i386/i386/sys_machdep.c
+++ b/sys/i386/i386/sys_machdep.c
@@ -107,7 +107,7 @@ sysarch(td, uap)
uint32_t base;
struct segment_descriptor sd, *sdp;
- AUDIT_ARG(cmd, uap->op);
+ AUDIT_ARG_CMD(uap->op);
switch (uap->op) {
case I386_GET_IOPERM:
case I386_SET_IOPERM:
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 698d42e7fd6f..91733db35d74 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -1144,7 +1144,7 @@ closefrom(struct thread *td, struct closefrom_args *uap)
int fd;
fdp = td->td_proc->p_fd;
- AUDIT_ARG(fd, uap->lowfd);
+ AUDIT_ARG_FD(uap->lowfd);
/*
* Treat negative starting file descriptor values identical to
@@ -1219,12 +1219,12 @@ kern_fstat(struct thread *td, int fd, struct stat *sbp)
struct file *fp;
int error;
- AUDIT_ARG(fd, fd);
+ AUDIT_ARG_FD(fd);
if ((error = fget(td, fd, &fp)) != 0)
return (error);
- AUDIT_ARG(file, td->td_proc, fp);
+ AUDIT_ARG_FILE(td->td_proc, fp);
error = fo_stat(fp, sbp, td->td_ucred, td);
fdrop(fp, td);
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 8e37dbae0023..3f366582905c 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -274,9 +274,9 @@ kern_execve(td, args, mac_p)
struct proc *p = td->td_proc;
int error;
- AUDIT_ARG(argv, args->begin_argv, args->argc,
+ AUDIT_ARG_ARGV(args->begin_argv, args->argc,
args->begin_envv - args->begin_argv);
- AUDIT_ARG(envv, args->begin_envv, args->envc,
+ AUDIT_ARG_ENVV(args->begin_envv, args->envc,
args->endp - args->begin_envv);
if (p->p_flag & P_HADTHREADS) {
PROC_LOCK(p);
@@ -413,13 +413,13 @@ interpret:
binvp = nd.ni_vp;
imgp->vp = binvp;
} else {
- AUDIT_ARG(fd, args->fd);
+ AUDIT_ARG_FD(args->fd);
error = fgetvp(td, args->fd, &binvp);
if (error)
goto exec_fail;
vfslocked = VFS_LOCK_GIANT(binvp->v_mount);
vn_lock(binvp, LK_EXCLUSIVE | LK_RETRY);
- AUDIT_ARG(vnode, binvp, ARG_VNODE1);
+ AUDIT_ARG_VNODE(binvp, ARG_VNODE1);
imgp->vp = binvp;
}
diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
index bc2b8810c4a7..ae060da12f8a 100644
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -211,7 +211,7 @@ exit1(struct thread *td, int rv)
* it was. The exit status is WEXITSTATUS(rv), but it's not clear
* what the return value is.
*/
- AUDIT_ARG(exit, WEXITSTATUS(rv), 0);
+ AUDIT_ARG_EXIT(WEXITSTATUS(rv), 0);
AUDIT_SYSCALL_EXIT(0, td);
#endif
@@ -803,7 +803,7 @@ kern_wait(struct thread *td, pid_t pid, int *status, int options,
struct proc *p, *q;
int error, nfound;
- AUDIT_ARG(pid, pid);
+ AUDIT_ARG_PID(pid);
q = td->td_proc;
if (pid == 0) {
diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c
index bfa43a92d80a..65fd09dceaf5 100644
--- a/sys/kern/kern_fork.c
+++ b/sys/kern/kern_fork.c
@@ -146,7 +146,7 @@ rfork(td, uap)
if ((uap->flags & RFKERNELONLY) != 0)
return (EINVAL);
- AUDIT_ARG(fflags, uap->flags);
+ AUDIT_ARG_FFLAGS(uap->flags);
error = fork1(td, uap->flags, 0, &p2);
if (error == 0) {
td->td_retval[0] = p2 ? p2->p_pid : 0;
@@ -452,7 +452,7 @@ again:
thread_lock(td);
sched_fork(td, td2);
thread_unlock(td);
- AUDIT_ARG(pid, p2->p_pid);
+ AUDIT_ARG_PID(p2->p_pid);
LIST_INSERT_HEAD(&allproc, p2, p_list);
LIST_INSERT_HEAD(PIDHASH(p2->p_pid), p2, p_hash);
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index d286738e2cdc..76254143e0fb 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -489,7 +489,7 @@ setuid(struct thread *td, struct setuid_args *uap)
int error;
uid = uap->uid;
- AUDIT_ARG(uid, uid);
+ AUDIT_ARG_UID(uid);
newcred = crget();
uip = uifind(uid);
PROC_LOCK(p);
@@ -600,7 +600,7 @@ seteuid(struct thread *td, struct seteuid_args *uap)
int error;
euid = uap->euid;
- AUDIT_ARG(euid, euid);
+ AUDIT_ARG_EUID(euid);
newcred = crget();
euip = uifind(euid);
PROC_LOCK(p);
@@ -656,7 +656,7 @@ setgid(struct thread *td, struct setgid_args *uap)
int error;
gid = uap->gid;
- AUDIT_ARG(gid, gid);
+ AUDIT_ARG_GID(gid);
newcred = crget();
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
@@ -754,7 +754,7 @@ setegid(struct thread *td, struct setegid_args *uap)
int error;
egid = uap->egid;
- AUDIT_ARG(egid, egid);
+ AUDIT_ARG_EGID(egid);
newcred = crget();
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
@@ -819,7 +819,7 @@ kern_setgroups(struct thread *td, u_int ngrp, gid_t *groups)
if (ngrp > NGROUPS)
return (EINVAL);
- AUDIT_ARG(groupset, groups, ngrp);
+ AUDIT_ARG_GROUPSET(groups, ngrp);
newcred = crget();
crextend(newcred, ngrp);
PROC_LOCK(p);
@@ -876,8 +876,8 @@ setreuid(register struct thread *td, struct setreuid_args *uap)
euid = uap->euid;
ruid = uap->ruid;
- AUDIT_ARG(euid, euid);
- AUDIT_ARG(ruid, ruid);
+ AUDIT_ARG_EUID(euid);
+ AUDIT_ARG_RUID(ruid);
newcred = crget();
euip = uifind(euid);
ruip = uifind(ruid);
@@ -942,8 +942,8 @@ setregid(register struct thread *td, struct setregid_args *uap)
egid = uap->egid;
rgid = uap->rgid;
- AUDIT_ARG(egid, egid);
- AUDIT_ARG(rgid, rgid);
+ AUDIT_ARG_EGID(egid);
+ AUDIT_ARG_RGID(rgid);
newcred = crget();
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
@@ -1009,9 +1009,9 @@ setresuid(register struct thread *td, struct setresuid_args *uap)
euid = uap->euid;
ruid = uap->ruid;
suid = uap->suid;
- AUDIT_ARG(euid, euid);
- AUDIT_ARG(ruid, ruid);
- AUDIT_ARG(suid, suid);
+ AUDIT_ARG_EUID(euid);
+ AUDIT_ARG_RUID(ruid);
+ AUDIT_ARG_SUID(suid);
newcred = crget();
euip = uifind(euid);
ruip = uifind(ruid);
@@ -1087,9 +1087,9 @@ setresgid(register struct thread *td, struct setresgid_args *uap)
egid = uap->egid;
rgid = uap->rgid;
sgid = uap->sgid;
- AUDIT_ARG(egid, egid);
- AUDIT_ARG(rgid, rgid);
- AUDIT_ARG(sgid, sgid);
+ AUDIT_ARG_EGID(egid);
+ AUDIT_ARG_RGID(rgid);
+ AUDIT_ARG_SGID(sgid);
newcred = crget();
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index f4a14c372bb9..3225754ddf4a 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1674,8 +1674,8 @@ kill(td, uap)
register struct proc *p;
int error;
- AUDIT_ARG(signum, uap->signum);
- AUDIT_ARG(pid, uap->pid);
+ AUDIT_ARG_SIGNUM(uap->signum);
+ AUDIT_ARG_PID(uap->pid);
if ((u_int)uap->signum > _SIG_MAXSIG)
return (EINVAL);
@@ -1685,7 +1685,7 @@ kill(td, uap)
if ((p = zpfind(uap->pid)) == NULL)
return (ESRCH);
}
- AUDIT_ARG(process, p);
+ AUDIT_ARG_PROCESS(p);
error = p_cansignal(td, p, uap->signum);
if (error == 0 && uap->signum)
psignal(p, uap->signum);
@@ -1717,8 +1717,8 @@ okillpg(td, uap)
register struct okillpg_args *uap;
{
- AUDIT_ARG(signum, uap->signum);
- AUDIT_ARG(pid, uap->pgid);
+ AUDIT_ARG_SIGNUM(uap->signum);
+ AUDIT_ARG_PID(uap->pgid);
if ((u_int)uap->signum > _SIG_MAXSIG)
return (EINVAL);
diff --git a/sys/kern/kern_thr.c b/sys/kern/kern_thr.c
index 4059443194be..c478c63bd9bc 100644
--- a/sys/kern/kern_thr.c
+++ b/sys/kern/kern_thr.c
@@ -350,7 +350,7 @@ thr_kill2(struct thread *td, struct thr_kill2_args *uap)
struct proc *p;
int error;
- AUDIT_ARG(signum, uap->sig);
+ AUDIT_ARG_SIGNUM(uap->sig);
if (uap->pid == td->td_proc->p_pid) {
p = td->td_proc;
@@ -358,7 +358,7 @@ thr_kill2(struct thread *td, struct thr_kill2_args *uap)
} else if ((p = pfind(uap->pid)) == NULL) {
return (ESRCH);
}
- AUDIT_ARG(process, p);
+ AUDIT_ARG_PROCESS(p);
error = p_cansignal(td, p, uap->sig);
if (error == 0) {
diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c
index 616c5b79e11f..b9fd77034d60 100644
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@@ -561,13 +561,13 @@ kern_ftruncate(td, fd, length)
struct file *fp;
int error;
- AUDIT_ARG(fd, fd);
+ AUDIT_ARG_FD(fd);
if (length < 0)
return (EINVAL);
error = fget(td, fd, &fp);
if (error)
return (error);
- AUDIT_ARG(file, td->td_proc, fp);
+ AUDIT_ARG_FILE(td->td_proc, fp);
if (!(fp->f_flag & FWRITE)) {
fdrop(fp, td);
return (EINVAL);
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index 0cce9056ad52..3c7b52c1e32c 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -400,10 +400,10 @@ ptrace(struct thread *td, struct ptrace_args *uap)
if (SV_CURPROC_FLAG(SV_ILP32))
wrap32 = 1;
#endif
- AUDIT_ARG(pid, uap->pid);
- AUDIT_ARG(cmd, uap->req);
- AUDIT_ARG(addr, uap->addr);
- AUDIT_ARG(value, uap->data);
+ AUDIT_ARG_PID(uap->pid);
+ AUDIT_ARG_CMD(uap->req);
+ AUDIT_ARG_ADDR(uap->addr);
+ AUDIT_ARG_VALUE(uap->data);
addr = &r;
switch (uap->req) {
case PT_GETREGS:
@@ -549,7 +549,7 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
pid = p->p_pid;
}
}
- AUDIT_ARG(process, p);
+ AUDIT_ARG_PROCESS(p);
if ((p->p_flag & P_WEXIT) != 0) {
error = ESRCH;
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index 5f024a83706e..e7bf2d19d7d3 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -70,8 +70,8 @@ extattrctl(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, fnvfslocked, error;
- AUDIT_ARG(cmd, uap->cmd);
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_CMD(uap->cmd);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
/*
* uap->attrname is not always defined. We check again later when we
* invoke the VFS call so as to pass in NULL there if needed.
@@ -82,7 +82,7 @@ extattrctl(td, uap)
if (error)
return (error);
}
- AUDIT_ARG(text, attrname);
+ AUDIT_ARG_TEXT(attrname);
vfslocked = fnvfslocked = 0;
mp = NULL;
@@ -223,12 +223,12 @@ extattr_set_fd(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
- AUDIT_ARG(fd, uap->fd);
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_FD(uap->fd);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
- AUDIT_ARG(text, attrname);
+ AUDIT_ARG_TEXT(attrname);
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
if (error)
@@ -258,11 +258,11 @@ extattr_set_file(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
- AUDIT_ARG(text, attrname);
+ AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@@ -295,11 +295,11 @@ extattr_set_link(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
- AUDIT_ARG(text, attrname);
+ AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@@ -403,12 +403,12 @@ extattr_get_fd(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
- AUDIT_ARG(fd, uap->fd);
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_FD(uap->fd);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
- AUDIT_ARG(text, attrname);
+ AUDIT_ARG_TEXT(attrname);
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
if (error)
@@ -438,11 +438,11 @@ extattr_get_file(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
- AUDIT_ARG(text, attrname);
+ AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@@ -475,11 +475,11 @@ extattr_get_link(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
- AUDIT_ARG(text, attrname);
+ AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@@ -553,12 +553,12 @@ extattr_delete_fd(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
- AUDIT_ARG(fd, uap->fd);
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_FD(uap->fd);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
- AUDIT_ARG(text, attrname);
+ AUDIT_ARG_TEXT(attrname);
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
if (error)
@@ -585,11 +585,11 @@ extattr_delete_file(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return(error);
- AUDIT_ARG(text, attrname);
+ AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@@ -618,11 +618,11 @@ extattr_delete_link(td, uap)
char attrname[EXTATTR_MAXNAMELEN];
int vfslocked, error;
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
if (error)
return(error);
- AUDIT_ARG(text, attrname);
+ AUDIT_ARG_TEXT(attrname);
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
@@ -717,8 +717,8 @@ extattr_list_fd(td, uap)
struct file *fp;
int vfslocked, error;
- AUDIT_ARG(fd, uap->fd);
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_FD(uap->fd);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
if (error)
return (error);
@@ -745,7 +745,7 @@ extattr_list_file(td, uap)
struct nameidata nd;
int vfslocked, error;
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
error = namei(&nd);
@@ -775,7 +775,7 @@ extattr_list_link(td, uap)
struct nameidata nd;
int vfslocked, error;
- AUDIT_ARG(value, uap->attrnamespace);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
error = namei(&nd);
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c
index 85173edab043..e154c5662c63 100644
--- a/sys/kern/vfs_lookup.c
+++ b/sys/kern/vfs_lookup.c
@@ -164,9 +164,9 @@ namei(struct nameidata *ndp)
/* If we are auditing the kernel pathname, save the user pathname. */
if (cnp->cn_flags & AUDITVNODE1)
- AUDIT_ARG(upath, td, cnp->cn_pnbuf, ARG_UPATH1);
+ AUDIT_ARG_UPATH(td, cnp->cn_pnbuf, ARG_UPATH1);
if (cnp->cn_flags & AUDITVNODE2)
- AUDIT_ARG(upath, td, cnp->cn_pnbuf, ARG_UPATH2);
+ AUDIT_ARG_UPATH(td, cnp->cn_pnbuf, ARG_UPATH2);
/*
* Don't allow empty pathnames.
@@ -460,9 +460,6 @@ lookup(struct nameidata *ndp)
int dvfslocked; /* VFS Giant state for parent */
int tvfslocked;
int lkflags_save;
-#ifdef AUDIT
- struct thread *td = curthread;
-#endif
/*
* Setup: break out flag bits into variables.
@@ -572,9 +569,9 @@ dirloop:
ndp->ni_vp = dp;
if (cnp->cn_flags & AUDITVNODE1)
- AUDIT_ARG(vnode, dp, ARG_VNODE1);
+ AUDIT_ARG_VNODE(dp, ARG_VNODE1);
else if (cnp->cn_flags & AUDITVNODE2)
- AUDIT_ARG(vnode, dp, ARG_VNODE2);
+ AUDIT_ARG_VNODE(dp, ARG_VNODE2);
if (!(cnp->cn_flags & (LOCKPARENT | LOCKLEAF)))
VOP_UNLOCK(dp, 0);
@@ -857,9 +854,9 @@ nextname:
VOP_UNLOCK(ndp->ni_dvp, 0);
if (cnp->cn_flags & AUDITVNODE1)
- AUDIT_ARG(vnode, dp, ARG_VNODE1);
+ AUDIT_ARG_VNODE(dp, ARG_VNODE1);
else if (cnp->cn_flags & AUDITVNODE2)
- AUDIT_ARG(vnode, dp, ARG_VNODE2);
+ AUDIT_ARG_VNODE(dp, ARG_VNODE2);
if ((cnp->cn_flags & LOCKLEAF) == 0)
VOP_UNLOCK(dp, 0);
diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c
index 19a602607710..10691a4e3dc0 100644
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@ -388,7 +388,7 @@ nmount(td, uap)
int error;
u_int iovcnt;
- AUDIT_ARG(fflags, uap->flags);
+ AUDIT_ARG_FFLAGS(uap->flags);
CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__,
uap->iovp, uap->iovcnt, uap->flags);
@@ -750,7 +750,7 @@ mount(td, uap)
struct mntarg *ma = NULL;
int error;
- AUDIT_ARG(fflags, uap->flags);
+ AUDIT_ARG_FFLAGS(uap->flags);
/*
* Filter out MNT_ROOTFS. We do not want clients of mount() in
@@ -767,7 +767,7 @@ mount(td, uap)
return (error);
}
- AUDIT_ARG(text, fstype);
+ AUDIT_ARG_TEXT(fstype);
mtx_lock(&Giant);
vfsp = vfs_byname_kld(fstype, td, &error);
free(fstype, M_TEMP);
@@ -1125,7 +1125,7 @@ unmount(td, uap)
free(pathbuf, M_TEMP);
return (error);
}
- AUDIT_ARG(upath, td, pathbuf, ARG_UPATH1);
+ AUDIT_ARG_UPATH(td, pathbuf, ARG_UPATH1);
mtx_lock(&Giant);
if (uap->flags & MNT_BYFSID) {
/* Decode the filesystem ID. */
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 9fa2a4c9dee8..496cecf6027c 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -189,8 +189,8 @@ quotactl(td, uap)
int error;
struct nameidata nd;
- AUDIT_ARG(cmd, uap->cmd);
- AUDIT_ARG(uid, uap->uid);
+ AUDIT_ARG_CMD(uap->cmd);
+ AUDIT_ARG_UID(uap->uid);
if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS))
return (EPERM);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
@@ -371,7 +371,7 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
struct vnode *vp;
int error;
- AUDIT_ARG(fd, fd);
+ AUDIT_ARG_FD(fd);
error = getvnode(td->td_proc->p_fd, fd, &fp);
if (error)
return (error);
@@ -379,7 +379,7 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
vn_lock(vp, LK_SHARED | LK_RETRY);
#ifdef AUDIT
- AUDIT_ARG(vnode, vp, ARG_VNODE1);
+ AUDIT_ARG_VNODE(vp, ARG_VNODE1);
#endif
mp = vp->v_mount;
if (mp)
@@ -744,7 +744,7 @@ fchdir(td, uap)
int vfslocked;
int error;
- AUDIT_ARG(fd, uap->fd);
+ AUDIT_ARG_FD(uap->fd);
if ((error = getvnode(fdp, uap->fd, &fp)) != 0)
return (error);
vp = fp->f_vnode;
@@ -752,7 +752,7 @@ fchdir(td, uap)
fdrop(fp, td);
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
vn_lock(vp, LK_SHARED | LK_RETRY);
- AUDIT_ARG(vnode, vp, ARG_VNODE1);
+ AUDIT_ARG_VNODE(vp, ARG_VNODE1);
error = change_dir(vp, td);
while (!error && (mp = vp->v_mountedhere) != NULL) {
int tvfslocked;
@@ -1055,8 +1055,8 @@ kern_openat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
struct nameidata nd;
int vfslocked;
- AUDIT_ARG(fflags, flags);
- AUDIT_ARG(mode, mode);
+ AUDIT_ARG_FFLAGS(flags);
+ AUDIT_ARG_MODE(mode);
/* XXX: audit dirfd */
/*
* Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR may
@@ -1265,8 +1265,8 @@ kern_mknodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
struct nameidata nd;
int vfslocked;
- AUDIT_ARG(mode, mode);
- AUDIT_ARG(dev, dev);
+ AUDIT_ARG_MODE(mode);
+ AUDIT_ARG_DEV(dev);
switch (mode & S_IFMT) {
case S_IFCHR:
case S_IFBLK:
@@ -1414,7 +1414,7 @@ kern_mkfifoat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
struct nameidata nd;
int vfslocked;
- AUDIT_ARG(mode, mode);
+ AUDIT_ARG_MODE(mode);
restart:
bwillwrite();
NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
@@ -1677,7 +1677,7 @@ kern_symlinkat(struct thread *td, char *path1, int fd, char *path2,
if ((error = copyinstr(path1, syspath, MAXPATHLEN, NULL)) != 0)
goto out;
}
- AUDIT_ARG(text, syspath);
+ AUDIT_ARG_TEXT(syspath);
restart:
bwillwrite();
NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
@@ -2689,7 +2689,7 @@ chflags(td, uap)
struct nameidata nd;
int vfslocked;
- AUDIT_ARG(fflags, uap->flags);
+ AUDIT_ARG_FFLAGS(uap->flags);
NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
if ((error = namei(&nd)) != 0)
@@ -2717,7 +2717,7 @@ lchflags(td, uap)
struct nameidata nd;
int vfslocked;
- AUDIT_ARG(fflags, uap->flags);
+ AUDIT_ARG_FFLAGS(uap->flags);
NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE,
uap->path, td);
if ((error = namei(&nd)) != 0)
@@ -2751,14 +2751,14 @@ fchflags(td, uap)
int vfslocked;
int error;
- AUDIT_ARG(fd, uap->fd);
- AUDIT_ARG(fflags, uap->flags);
+ AUDIT_ARG_FD(uap->fd);
+ AUDIT_ARG_FFLAGS(uap->flags);
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
#ifdef AUDIT
vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
- AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
+ AUDIT_ARG_VNODE(fp->f_vnode, ARG_VNODE1);
VOP_UNLOCK(fp->f_vnode, 0);
#endif
error = setfflags(td, fp->f_vnode, uap->flags);
@@ -2877,7 +2877,7 @@ kern_fchmodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
int vfslocked;
int follow;
- AUDIT_ARG(mode, mode);
+ AUDIT_ARG_MODE(mode);
follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
NDINIT_AT(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path,
fd, td);
@@ -2912,14 +2912,14 @@ fchmod(td, uap)
int vfslocked;
int error;
- AUDIT_ARG(fd, uap->fd);
- AUDIT_ARG(mode, uap->mode);
+ AUDIT_ARG_FD(uap->fd);
+ AUDIT_ARG_MODE(uap->mode);
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
#ifdef AUDIT
vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
- AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
+ AUDIT_ARG_VNODE(fp->f_vnode, ARG_VNODE1);
VOP_UNLOCK(fp->f_vnode, 0);
#endif
error = setfmode(td, fp->f_vnode, uap->mode);
@@ -3019,7 +3019,7 @@ kern_fchownat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
struct nameidata nd;
int error, vfslocked, follow;
- AUDIT_ARG(owner, uid, gid);
+ AUDIT_ARG_OWNER(uid, gid);
follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
NDINIT_AT(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path,
fd, td);
@@ -3089,14 +3089,14 @@ fchown(td, uap)
int vfslocked;
int error;
- AUDIT_ARG(fd, uap->fd);
- AUDIT_ARG(owner, uap->uid, uap->gid);
+ AUDIT_ARG_FD(uap->fd);
+ AUDIT_ARG_OWNER(uap->uid, uap->gid);
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
#ifdef AUDIT
vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
- AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
+ AUDIT_ARG_VNODE(fp->f_vnode, ARG_VNODE1);
VOP_UNLOCK(fp->f_vnode, 0);
#endif
error = setfown(td, fp->f_vnode, uap->uid, uap->gid);
@@ -3324,7 +3324,7 @@ kern_futimes(struct thread *td, int fd, struct timeval *tptr,
int vfslocked;
int error;
- AUDIT_ARG(fd, fd);
+ AUDIT_ARG_FD(fd);
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
return (error);
if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0)
@@ -3332,7 +3332,7 @@ kern_futimes(struct thread *td, int fd, struct timeval *tptr,
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
#ifdef AUDIT
vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
- AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
+ AUDIT_ARG_VNODE(fp->f_vnode, ARG_VNODE1);
VOP_UNLOCK(fp->f_vnode, 0);
#endif
error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
@@ -3478,7 +3478,7 @@ fsync(td, uap)
int vfslocked;
int error, lock_flags;
- AUDIT_ARG(fd, uap->fd);
+ AUDIT_ARG_FD(uap->fd);
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vp = fp->f_vnode;
@@ -3492,7 +3492,7 @@ fsync(td, uap)
lock_flags = LK_EXCLUSIVE;
}
vn_lock(vp, lock_flags | LK_RETRY);
- AUDIT_ARG(vnode, vp, ARG_VNODE1);
+ AUDIT_ARG_VNODE(vp, ARG_VNODE1);
if (vp->v_object != NULL) {
VM_OBJECT_LOCK(vp->v_object);
vm_object_page_clean(vp->v_object, 0, 0, 0);
@@ -3717,7 +3717,7 @@ kern_mkdirat(struct thread *td, int fd, char *path, enum uio_seg segflg,
struct nameidata nd;
int vfslocked;
- AUDIT_ARG(mode, mode);
+ AUDIT_ARG_MODE(mode);
restart:
bwillwrite();
NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
@@ -4056,7 +4056,7 @@ kern_getdirentries(struct thread *td, int fd, char *buf, u_int count,
long loff;
int error, eofflag;
- AUDIT_ARG(fd, fd);
+ AUDIT_ARG_FD(fd);
if (count > INT_MAX)
return (EINVAL);
if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0)
@@ -4082,7 +4082,7 @@ unionread:
auio.uio_td = td;
auio.uio_resid = count;
vn_lock(vp, LK_SHARED | LK_RETRY);
- AUDIT_ARG(vnode, vp, ARG_VNODE1);
+ AUDIT_ARG_VNODE(vp, ARG_VNODE1);
loff = auio.uio_offset = fp->f_offset;
#ifdef MAC
error = mac_vnode_check_readdir(td->td_ucred, vp);
diff --git a/sys/nfs/nfs_nfssvc.c b/sys/nfs/nfs_nfssvc.c
index 9379fbe77463..b9186be7eee3 100644
--- a/sys/nfs/nfs_nfssvc.c
+++ b/sys/nfs/nfs_nfssvc.c
@@ -79,7 +79,7 @@ nfssvc(struct thread *td, struct nfssvc_args *uap)
KASSERT(!mtx_owned(&Giant), ("nfssvc(): called with Giant"));
- AUDIT_ARG(cmd, uap->flag);
+ AUDIT_ARG_CMD(uap->flag);
error = priv_check(td, PRIV_NFS_DAEMON);
if (error)
diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h
index 5ba2aee5dc42..e94121dac161 100644
--- a/sys/security/audit/audit.h
+++ b/sys/security/audit/audit.h
@@ -182,12 +182,149 @@ void audit_thread_alloc(struct thread *td);
void audit_thread_free(struct thread *td);
/*
- * Define a macro to wrap the audit_arg_* calls by checking the global
+ * Define macros to wrap the audit_arg_* calls by checking the global
* audit_enabled flag before performing the actual call.
*/
-#define AUDIT_ARG(op, args...) do { \
- if (td->td_pflags & TDP_AUDITREC) \
- audit_arg_ ## op (args); \
+#define AUDITING_TD(td) ((td)->td_pflags & TDP_AUDITREC)
+
+#define AUDIT_ARG_ADDR(addr) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_addr((addr)); \
+} while (0)
+
+#define AUDIT_ARG_ARGV(argv, argc, length) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_argv((argv), (argc), (length)); \
+} while (0)
+
+#define AUDIT_ARG_AUDITON(udata) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_auditon((udata)); \
+} while (0)
+
+#define AUDIT_ARG_CMD(cmd) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_cmd((cmd)); \
+} while (0)
+
+#define AUDIT_ARG_DEV(dev) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_dev((dev)); \
+} while (0)
+
+#define AUDIT_ARG_EGID(egid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_egid((egid)); \
+} while (0)
+
+#define AUDIT_ARG_ENVV(envv, envc, length) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_envv((envv), (envc), (length)); \
+} while (0)
+
+#define AUDIT_ARG_EXIT(status, retval) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_exit((status), (retval)); \
+} while (0)
+
+#define AUDIT_ARG_EUID(euid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_euid((euid)); \
+} while (0)
+
+#define AUDIT_ARG_FD(fd) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_fd((fd)); \
+} while (0)
+
+#define AUDIT_ARG_FILE(p, fp) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_file((p), (fp)); \
+} while (0)
+
+#define AUDIT_ARG_FFLAGS(fflags) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_fflags((fflags)); \
+} while (0)
+
+#define AUDIT_ARG_GID(gid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_gid((gid)); \
+} while (0)
+
+#define AUDIT_ARG_GROUPSET(gidset, gidset_size) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_groupset((gidset), (gidset_size)); \
+} while (0)
+
+#define AUDIT_ARG_MODE(mode) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_mode((mode)); \
+} while (0)
+
+#define AUDIT_ARG_OWNER(uid, gid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_owner((uid), (gid)); \
+} while (0)
+
+#define AUDIT_ARG_PID(pid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_pid((pid)); \
+} while (0)
+
+#define AUDIT_ARG_PROCESS(p) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_process((p)); \
+} while (0)
+
+#define AUDIT_ARG_RGID(rgid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_gid((rgid)); \
+} while (0)
+
+#define AUDIT_ARG_RUID(ruid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_ruid((ruid)); \
+} while (0)
+
+#define AUDIT_ARG_SIGNUM(signum) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_signum((signum)); \
+} while (0)
+
+#define AUDIT_ARG_SGID(sgid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_sgid((sgid)); \
+} while (0)
+
+#define AUDIT_ARG_SUID(suid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_suid((suid)); \
+} while (0)
+
+#define AUDIT_ARG_TEXT(text) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_text((text)); \
+} while (0)
+
+#define AUDIT_ARG_UID(uid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_uid((uid)); \
+} while (0)
+
+#define AUDIT_ARG_UPATH(td, upath, flags) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_upath((td), (upath), (flags)); \
+} while (0)
+
+#define AUDIT_ARG_VALUE(value) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_value((value)); \
+} while (0)
+
+#define AUDIT_ARG_VNODE(vp, flags) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_vnode((vp), (flags)); \
} while (0)
#define AUDIT_SYSCALL_ENTER(code, td) do { \
@@ -216,17 +353,39 @@ void audit_thread_free(struct thread *td);
#else /* !AUDIT */
-#define AUDIT_ARG(op, args...) do { \
-} while (0)
+#define AUDIT_ARG_ADDR(addr)
+#define AUDIT_ARG_ARGV(argv, argc, length)
+#define AUDIT_ARG_AUDITON(udata)
+#define AUDIT_ARG_CMD(cmd)
+#define AUDIT_ARG_DEV(dev)
+#define AUDIT_ARG_EGID(egid)
+#define AUDIT_ARG_ENVV(envv, envc, length)
+#define AUDIT_ARG_EXIT(status, retval)
+#define AUDIT_ARG_EUID(euid)
+#define AUDIT_ARG_FD(fd)
+#define AUDIT_ARG_FILE(p, fp)
+#define AUDIT_ARG_FFLAGS(fflags)
+#define AUDIT_ARG_GID(gid)
+#define AUDIT_ARG_GROUPSET(gidset, gidset_size)
+#define AUDIT_ARG_MODE(mode)
+#define AUDIT_ARG_OWNER(uid, gid)
+#define AUDIT_ARG_PID(pid)
+#define AUDIT_ARG_PROCESS(p)
+#define AUDIT_ARG_RGID(rgid)
+#define AUDIT_ARG_RUID(ruid)
+#define AUDIT_ARG_SIGNUM(signum)
+#define AUDIT_ARG_SGID(sgid)
+#define AUDIT_ARG_SUID(suid)
+#define AUDIT_ARG_TEXT(text)
+#define AUDIT_ARG_UID(uid)
+#define AUDIT_ARG_UPATH(td, upath, flags)
+#define AUDIT_ARG_VALUE(value)
+#define AUDIT_ARG_VNODE(vp, flags)
-#define AUDIT_SYSCALL_ENTER(code, td) do { \
-} while (0)
+#define AUDIT_SYSCALL_ENTER(code, td)
+#define AUDIT_SYSCALL_EXIT(error, td)
-#define AUDIT_SYSCALL_EXIT(error, td) do { \
-} while (0)
-
-#define AUDIT_SYSCLOSE(p, fd) do { \
-} while (0)
+#define AUDIT_SYSCLOSE(p, fd)
#endif /* AUDIT */
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c
index 18116609038f..075aac549ac9 100644
--- a/sys/security/audit/audit_syscalls.c
+++ b/sys/security/audit/audit_syscalls.c
@@ -163,7 +163,7 @@ auditon(struct thread *td, struct auditon_args *uap)
if (jailed(td->td_ucred))
return (ENOSYS);
- AUDIT_ARG(cmd, uap->cmd);
+ AUDIT_ARG_CMD(uap->cmd);
#ifdef MAC
error = mac_system_check_auditon(td->td_ucred, uap->cmd);
@@ -205,7 +205,7 @@ auditon(struct thread *td, struct auditon_args *uap)
error = copyin(uap->data, (void *)&udata, uap->length);
if (error)
return (error);
- AUDIT_ARG(auditon, &udata);
+ AUDIT_ARG_AUDITON(&udata);
break;
}