--- /dev/null
+/*
+ * Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+#ifndef _H_CCAUDIT
+#define _H_CCAUDIT
+
+#include <security_utilities/utilities.h>
+#include <mach/message.h> // audit_token_t
+#include <bsm/audit.h> // au_tid_t, etc.
+#include <bsm/audit_kevents.h> // AUE_NULL
+
+namespace Security {
+namespace CommonCriteria {
+
+class AuditToken;
+
+
+/*
+ * For the most part, we won't have a machine ID to initialize the
+ * au_tid_t's machine field. There's no machine ID in the audit token,
+ * for example, since MIG is localhost-only.
+ */
+class TerminalId: public PodWrapper<TerminalId, au_tid_t>
+{
+ public:
+ TerminalId();
+ TerminalId(const TerminalId &t) { set(t); }
+ TerminalId(const au_tid_t &tid) { set(tid); }
+ ~TerminalId() { }
+
+ void set(const au_tid_t &tid) { port = tid.port; machine = tid.machine; }
+};
+
+/*
+ * audit_token_t provides all the info required for Common Criteria-mandated
+ * auditing. It's defined in <mach/mach_types.defs>. Its values are filled
+ * in by the kernel during a Mach RPC and it should be treated as read-only
+ * thereafter.
+ */
+class AuditToken {
+ public:
+ AuditToken(const audit_token_t &token);
+ ~AuditToken() { }
+
+ audit_token_t auditToken() const { return mAuditToken; }
+ uid_t auditId() const { return mAuditId; }
+ uid_t euid() const { return mEuid; }
+ gid_t egid() const { return mEgid; }
+ uid_t ruid() const { return mRuid; }
+ gid_t rgid() const { return mRgid; }
+ pid_t pid() const { return mPid; }
+ au_asid_t sessionId() const { return mSessionId; }
+ const au_tid_t &terminalId() const { return mTerminalId; }
+
+ private:
+ audit_token_t mAuditToken;
+ uid_t mAuditId;
+ uid_t mEuid;
+ gid_t mEgid;
+ uid_t mRuid;
+ gid_t mRgid;
+ pid_t mPid; // of client
+ au_asid_t mSessionId;
+ TerminalId mTerminalId;
+};
+
+
+/*
+ * The (new) audit information structure
+ */
+class AuditInfo : public PodWrapper<AuditInfo, auditinfo_addr_t> {
+public:
+ void get();
+ void get(au_asid_t session);
+ void getPid(pid_t pid);
+ void set();
+ void create(uint64_t flags, uid_t auid = AU_DEFAUDITID);
+
+ uid_t uid() const { return this->ai_auid; }
+ uint64_t flags() const { return this->ai_flags; }
+ au_asid_t sessionId() const { return this->ai_asid; }
+
+ static AuditInfo current() { AuditInfo info; info.get(); return info; }
+};
+
+
+// XXX/gh 3926739
+//
+// NB: Qualify all uses of these names with the namespace (CommonCriteria).
+// Existing source code already follows this convention.
+enum ExternalErrors
+{
+ errNone = 0,
+ errInvalidCredential = 1111, // try to make easier to find in log
+ errUserCanceled,
+ errTooManyTries,
+ errAuthDenied, // "Auth" --> authorization; named to
+ // avoid conflict with the C symbol
+ // errAuthorizationDenied already in
+ // use
+ errEndOfExternalErrors // sentry/placeholder
+};
+
+
+
+class AuditMask
+{
+ public:
+ AuditMask(unsigned int s = AUE_NULL, unsigned int f = AUE_NULL)
+ {
+ mMask.am_success = s; mMask.am_failure = f;
+ }
+ ~AuditMask() { }
+ const au_mask_t &get(void) const { return mMask; }
+
+ private:
+ au_mask_t mMask;
+};
+
+
+// audit session state for the current process; only used by Server
+class AuditSession
+{
+ public:
+ AuditSession(au_id_t auid, au_asid_t sid)
+ : mAuditId(auid), mSessionId(sid) { }
+ ~AuditSession() { }
+
+ // set audit info for this process in kernel
+ void registerSession(void);
+
+ void auditId(au_id_t auid) { mAuditId = auid; }
+ void eventMask(AuditMask &mask) { mEventMask = mask; }
+ void terminalId(TerminalId &tid) { mTerminalId = tid; }
+ void sessionId(au_asid_t sid) { mSessionId = sid; }
+
+ au_id_t auditId(void) { return mAuditId; }
+ AuditMask &eventMask(void) { return mEventMask; }
+ TerminalId &terminalId(void) { return mTerminalId; }
+ au_asid_t sessionId(void) { return mSessionId; }
+
+ private:
+ au_id_t mAuditId;
+ AuditMask mEventMask;
+ TerminalId mTerminalId;
+ au_asid_t mSessionId;
+};
+
+//
+// For submitting audit records. Not general-purpose: no ability to
+// submit arbitrary BSM tokens, for example. However, the SecurityServer
+// has only limited auditing requirements under Common Criteria.
+//
+class AuditRecord
+{
+ public:
+ AuditRecord(const AuditToken &auditToken)
+ : mAuditToken(auditToken) { }
+ AuditRecord(const audit_token_t &auditToken)
+ : mAuditToken(auditToken) { }
+ ~AuditRecord() { }
+
+ // returnCode == 0 --> success; nonzero returnCode --> failure
+ void submit(const short event_code, const int returnCode,
+ const char *msg = NULL);
+
+ private:
+ AuditToken mAuditToken;
+};
+
+} // end namespace CommonCriteria
+} // end namespace Security
+
+#endif // _H_CCAUDIT
projects / apple / security.git / blobdiff