[apple/security.git] / securityd / src / auditevents.cpp

/*
 * Copyright (c) 2009-2010 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// auditevents - monitor and act upon audit subsystem events
//
#include "auditevents.h"
#include "dtrace.h"
#include <security_utilities/logging.h>
#include "self.h"

using namespace UnixPlusPlus;
using namespace MachPlusPlus;


AuditMonitor::AuditMonitor(Port relay)
	: mRelay(relay)
{
}

AuditMonitor::~AuditMonitor()
{
}


//
// Endlessly retrieve session events and dispatch them.
// (The current version of MachServer cannot receive FileDesc-based events,
// so we need a monitor thread for this.)
//
void AuditMonitor::action()
{
	au_sdev_handle_t *dev = au_sdev_open(AU_SDEVF_ALLSESSIONS);
	int event;
	auditinfo_addr_t aia;

	if (NULL == dev) {
		Syslog::error("This is bad, man. I've got bad vibes here. Could not open %s: %d", AUDIT_SDEV_PATH, errno);
		return;
	}

	for (;;) {
		if (0 != au_sdev_read_aia(dev, &event, &aia)) {
			Syslog::error("au_sdev_read_aia failed: %d\n", errno);
			continue;
		}
        secinfo("SecServer", "%p session notify %d %d %d", this, aia.ai_asid, event, aia.ai_auid);
		if (kern_return_t rc = self_client_handleSession(mRelay, mach_task_self(), event, aia.ai_asid))
			Syslog::error("self-send failed (mach error %d)", rc);
	}
}
Commit	Line	Data
d8f41ccd A	1	/*
	2	* Copyright (c) 2009-2010 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// auditevents - monitor and act upon audit subsystem events
	27	//
	28	#include "auditevents.h"
	29	#include "dtrace.h"
	30	#include <security_utilities/logging.h>
	31	#include "self.h"
	32
	33	using namespace UnixPlusPlus;
	34	using namespace MachPlusPlus;
	35
	36
	37	AuditMonitor::AuditMonitor(Port relay)
	38	: mRelay(relay)
	39	{
	40	}
	41
	42	AuditMonitor::~AuditMonitor()
	43	{
	44	}
	45
	46
	47	//
	48	// Endlessly retrieve session events and dispatch them.
	49	// (The current version of MachServer cannot receive FileDesc-based events,
	50	// so we need a monitor thread for this.)
	51	//
	52	void AuditMonitor::action()
	53	{
	54	au_sdev_handle_t *dev = au_sdev_open(AU_SDEVF_ALLSESSIONS);
	55	int event;
	56	auditinfo_addr_t aia;
	57
	58	if (NULL == dev) {
	59	Syslog::error("This is bad, man. I've got bad vibes here. Could not open %s: %d", AUDIT_SDEV_PATH, errno);
	60	return;
	61	}
	62
	63	for (;;) {
	64	if (0 != au_sdev_read_aia(dev, &event, &aia)) {
65	Syslog::error("au_sdev_read_aia failed: %d\n", errno);
66	continue;
67	}
79b9da22	68	secinfo("SecServer", "%p session notify %d %d %d", this, aia.ai_asid, event, aia.ai_auid);
d8f41ccd A	69	if (kern_return_t rc = self_client_handleSession(mRelay, mach_task_self(), event, aia.ai_asid))
	70	Syslog::error("self-send failed (mach error %d)", rc);
	71	}
	72	}