From 42dd15f50489e37efeb3a25810404dafc3b1271b Mon Sep 17 00:00:00 2001
From: K Rin <rin@sandb0x.tw>
Date: Mon, 4 Nov 2024 03:39:13 +0800
Subject: [PATCH] Add logger for sys/security/mac_do/mac_do.c

---
 sys/security/mac_do/mac_do.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 1aad37f549bc16..4a930561033965 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -17,6 +17,7 @@
 #include <sys/socket.h>
 #include <sys/sx.h>
 #include <sys/sysctl.h>
+#include <sys/syslog.h>
 #include <sys/systm.h>
 #include <sys/ucred.h>
 #include <sys/vnode.h>
@@ -432,6 +433,7 @@ priv_grant(struct ucred *cred, int priv)
 			switch (priv) {
 			case PRIV_CRED_SETGROUPS:
 			case PRIV_CRED_SETUID:
+				log(LOG_SECURITY | LOG_INFO, "Uid %d met the condition and will be granted privileges.\n", cred->cr_uid);
 				mtx_unlock(&pr->pr_mtx);
 				return (0);
 			default:
@@ -439,6 +441,7 @@ priv_grant(struct ucred *cred, int priv)
 			}
 		}
 	}
+	log(LOG_SECURITY | LOG_WARNING, "Uid %d failed to meet the condition.\n", cred->cr_uid);
 	mtx_unlock(&pr->pr_mtx);
 	return (EPERM);
 }