]> git.saurik.com Git - apple/xnu.git/blob - bsd/security/audit/audit_session.c
projects / apple / xnu.git / blob
? search:


d99b186fa582423f709aebedbb266cb1c6ed5779
[apple/xnu.git] / bsd / security / audit / audit_session.c
1 /*-
2 * Copyright (c) 2008-2009 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #include <stdarg.h>
31
32 #include <sys/kernel.h>
33 #include <sys/fcntl.h>
34 #include <sys/kauth.h>
35 #include <sys/conf.h>
36 #include <sys/poll.h>
37 #include <sys/queue.h>
38 #include <sys/signalvar.h>
39 #include <sys/syscall.h>
40 #include <sys/sysent.h>
41 #include <sys/sysproto.h>
42 #include <sys/systm.h>
43 #include <sys/ucred.h>
44 #include <sys/user.h>
45
46 #include <miscfs/devfs/devfs.h>
47
48 #include <libkern/OSAtomic.h>
49
50 #include <bsm/audit.h>
51 #include <bsm/audit_internal.h>
52 #include <bsm/audit_kevents.h>
53
54 #include <security/audit/audit.h>
55 #include <security/audit/audit_bsd.h>
56 #include <security/audit/audit_ioctl.h>
57 #include <security/audit/audit_private.h>
58
59 #include <vm/vm_protos.h>
60 #include <mach/mach_port.h>
61 #include <kern/audit_sessionport.h>
62
63 #include <libkern/OSDebug.h>
64
65 /*
66 * Audit Session Entry. This is treated as an object with public and private
67 * data. The se_auinfo field is the only information that is public and
68 * needs to be the first entry.
69 */
70 struct au_sentry {
71 auditinfo_addr_t se_auinfo; /* Public audit session data. */
72 #define se_asid se_auinfo.ai_asid
73 #define se_auid se_auinfo.ai_auid
74 #define se_mask se_auinfo.ai_mask
75 #define se_termid se_auinfo.ai_termid
76 #define se_flags se_auinfo.ai_flags
77
78 long se_refcnt; /* Reference count. */
79 long se_procnt; /* Processes in session. */
80 ipc_port_t se_port; /* Session port. */
81 LIST_ENTRY(au_sentry) se_link; /* Hash bucket link list (1) */
82 };
83 typedef struct au_sentry au_sentry_t;
84
85 #define AU_SENTRY_PTR(aia_p) ((au_sentry_t *)(aia_p))
86
87 /*
88 * The default au_sentry/auditinfo_addr entry for ucred.
89 */
90
91 static au_sentry_t audit_default_se = {
92 .se_auinfo = {
93 .ai_auid = AU_DEFAUDITID,
94 .ai_asid = AU_DEFAUDITSID,
95 .ai_termid = { .at_type = AU_IPv4, },
96 },
97 .se_refcnt = 1,
98 .se_procnt = 1,
99 };
100
101 struct auditinfo_addr *audit_default_aia_p = &audit_default_se.se_auinfo;
102
103 kern_return_t ipc_object_copyin(ipc_space_t, mach_port_name_t,
104 mach_msg_type_name_t, ipc_port_t *);
105 void ipc_port_release_send(ipc_port_t);
106
107 #if CONFIG_AUDIT
108
109
110 /*
111 * Currently the hash table is a fixed size.
112 */
113 #define HASH_TABLE_SIZE 97
114 #define HASH_ASID(asid) (audit_session_hash(asid) % HASH_TABLE_SIZE)
115
116 static struct rwlock se_entry_lck; /* (1) lock for se_link above */
117
118 LIST_HEAD(au_sentry_head, au_sentry);
119 static struct au_sentry_head *au_sentry_bucket = NULL;
120
121 #define AU_HISTORY_LOGGING 0
122 #if AU_HISTORY_LOGGING
123 typedef enum au_history_event {
124 AU_HISTORY_EVENT_UNKNOWN = 0,
125 AU_HISTORY_EVENT_REF = 1,
126 AU_HISTORY_EVENT_UNREF = 2,
127 AU_HISTORY_EVENT_BIRTH = 3,
128 AU_HISTORY_EVENT_DEATH = 4,
129 AU_HISTORY_EVENT_FIND = 5
130 } au_history_event_t;
131
132 #define AU_HISTORY_MAX_STACK_DEPTH 8
133
134 struct au_history {
135 struct au_sentry *ptr;
136 struct au_sentry se;
137 void *stack[AU_HISTORY_MAX_STACK_DEPTH];
138 unsigned int stack_depth;
139 au_history_event_t event;
140 };
141
142 static struct au_history *au_history;
143 static size_t au_history_size = 65536;
144 static unsigned int au_history_index;
145
146 static inline unsigned int
147 au_history_entries(void)
148 {
149 if (au_history_index >= au_history_size) {
150 return au_history_size;
151 } else {
152 return au_history_index;
153 }
154 }
155
156 static inline void
157 au_history_record(au_sentry_t *se, au_history_event_t event)
158 {
159 struct au_history *p;
160 unsigned int i;
161
162 i = OSAddAtomic(1, &au_history_index);
163 p = &au_history[i % au_history_size];
164
165 bzero(p, sizeof(*p));
166 p->event = event;
167 bcopy(se, &p->se, sizeof(p->se));
168 p->stack_depth = OSBacktrace(&p->stack[0], AU_HISTORY_MAX_STACK_DEPTH);
169 p->ptr = se;
170 }
171 #else
172 #define au_history_record(se, event) do {} while (0)
173 #endif
174
175 MALLOC_DEFINE(M_AU_SESSION, "audit_session", "Audit session data");
176
177 static void audit_ref_session(au_sentry_t *se);
178 static void audit_unref_session(au_sentry_t *se);
179
180 static void audit_session_event(int event, auditinfo_addr_t *aia_p);
181
182 /*
183 * Audit session device.
184 */
185
186 static MALLOC_DEFINE(M_AUDIT_SDEV, "audit_sdev", "Audit sdevs");
187 static MALLOC_DEFINE(M_AUDIT_SDEV_ENTRY, "audit_sdevent",
188 "Audit sdev entries and buffers");
189
190 /*
191 * Default audit sdev buffer parameters.
192 */
193 #define AUDIT_SDEV_QLIMIT_DEFAULT 128
194 #define AUDIT_SDEV_QLIMIT_MIN 1
195 #define AUDIT_SDEV_QLIMIT_MAX 1024
196
197 /*
198 * Entry structure.
199 */
200 struct audit_sdev_entry {
201 void *ase_record;
202 u_int ase_record_len;
203 TAILQ_ENTRY(audit_sdev_entry) ase_queue;
204 };
205
206 /*
207 * Per audit sdev structure.
208 */
209
210 struct audit_sdev {
211 int asdev_open;
212
213 #define AUDIT_SDEV_ASYNC 0x00000001
214 #define AUDIT_SDEV_NBIO 0x00000002
215
216 #define AUDIT_SDEV_ALLSESSIONS 0x00010000
217 u_int asdev_flags;
218
219 struct selinfo asdev_selinfo;
220 pid_t asdev_sigio;
221
222 au_id_t asdev_auid;
223 au_asid_t asdev_asid;
224
225 /* Per-sdev mutex for most fields in this struct. */
226 struct mtx asdev_mtx;
227
228 /*
229 * Per-sdev sleep lock serializing user-generated reads and
230 * flushes. uiomove() is called to copy out the current head
231 * record's data whie the record remains in the queue, so we
232 * prevent other threads from removing it using this lock.
233 */
234 struct slck asdev_sx;
235
236 /*
237 * Condition variable to signal when data has been delivered to
238 * a sdev.
239 */
240 struct cv asdev_cv;
241
242 /* Count and bound of records in the queue. */
243 u_int asdev_qlen;
244 u_int asdev_qlimit;
245
246 /* The number of bytes of data across all records. */
247 u_int asdev_qbyteslen;
248
249 /*
250 * The amount read so far of the first record in the queue.
251 * (The number of bytes available for reading in the queue is
252 * qbyteslen - qoffset.)
253 */
254 u_int asdev_qoffset;
255
256 /*
257 * Per-sdev operation statistics.
258 */
259 u_int64_t asdev_inserts; /* Records added. */
260 u_int64_t asdev_reads; /* Records read. */
261 u_int64_t asdev_drops; /* Records dropped. */
262
263 /*
264 * Current pending record list. This is protected by a
265 * combination of asdev_mtx and asdev_sx. Note that both
266 * locks are required to remove a record from the head of the
267 * queue, as an in-progress read may sleep while copying and,
268 * therefore, cannot hold asdev_mtx.
269 */
270 TAILQ_HEAD(, audit_sdev_entry) asdev_queue;
271
272 /* Global sdev list. */
273 TAILQ_ENTRY(audit_sdev) asdev_list;
274 };
275
276 #define AUDIT_SDEV_LOCK(asdev) mtx_lock(&(asdev)->asdev_mtx)
277 #define AUDIT_SDEV_LOCK_ASSERT(asdev) mtx_assert(&(asdev)->asdev_mtx, \
278 MA_OWNED)
279 #define AUDIT_SDEV_LOCK_DESTROY(asdev) mtx_destroy(&(asdev)->asdev_mtx)
280 #define AUDIT_SDEV_LOCK_INIT(asdev) mtx_init(&(asdev)->asdev_mtx, \
281 "audit_sdev_mtx", NULL, MTX_DEF)
282 #define AUDIT_SDEV_UNLOCK(asdev) mtx_unlock(&(asdev)->asdev_mtx)
283 #define AUDIT_SDEV_MTX(asdev) (&(asdev)->asdev_mtx)
284
285 #define AUDIT_SDEV_SX_LOCK_DESTROY(asd) slck_destroy(&(asd)->asdev_sx)
286 #define AUDIT_SDEV_SX_LOCK_INIT(asd) slck_init(&(asd)->asdev_sx, \
287 "audit_sdev_sx")
288 #define AUDIT_SDEV_SX_XLOCK_ASSERT(asd) slck_assert(&(asd)->asdev_sx, \
289 SA_XLOCKED)
290 #define AUDIT_SDEV_SX_XLOCK_SIG(asd) slck_lock_sig(&(asd)->asdev_sx)
291 #define AUDIT_SDEV_SX_XUNLOCK(asd) slck_unlock(&(asd)->asdev_sx)
292
293 /*
294 * Cloning variables and constants.
295 */
296 #define AUDIT_SDEV_NAME "auditsessions"
297 #define MAX_AUDIT_SDEVS 32
298
299 static int audit_sdev_major;
300 static void *devnode;
301
302 /*
303 * Global list of audit sdevs. The list is protected by a rw lock.
304 * Individaul record queues are protected by per-sdev locks. These
305 * locks synchronize between threads walking the list to deliver to
306 * individual sdevs and adds/removes of sdevs.
307 */
308 static TAILQ_HEAD(, audit_sdev) audit_sdev_list;
309 static struct rwlock audit_sdev_lock;
310
311 #define AUDIT_SDEV_LIST_LOCK_INIT() rw_init(&audit_sdev_lock, \
312 "audit_sdev_list_lock")
313 #define AUDIT_SDEV_LIST_RLOCK() rw_rlock(&audit_sdev_lock)
314 #define AUDIT_SDEV_LIST_RUNLOCK() rw_runlock(&audit_sdev_lock)
315 #define AUDIT_SDEV_LIST_WLOCK() rw_wlock(&audit_sdev_lock)
316 #define AUDIT_SDEV_LIST_WLOCK_ASSERT() rw_assert(&audit_sdev_lock, \
317 RA_WLOCKED)
318 #define AUDIT_SDEV_LIST_WUNLOCK() rw_wunlock(&audit_sdev_lock)
319
320 /*
321 * dev_t doesn't have a pointer for "softc" data so we have to keep track of
322 * it with the following global array (indexed by the minor number).
323 *
324 * XXX We may want to dynamically grow this as need.
325 */
326 static struct audit_sdev *audit_sdev_dtab[MAX_AUDIT_SDEVS];
327
328 /*
329 * Special device methods and definition.
330 */
331 static open_close_fcn_t audit_sdev_open;
332 static open_close_fcn_t audit_sdev_close;
333 static read_write_fcn_t audit_sdev_read;
334 static ioctl_fcn_t audit_sdev_ioctl;
335 static select_fcn_t audit_sdev_poll;
336
337 static struct cdevsw audit_sdev_cdevsw = {
338 .d_open = audit_sdev_open,
339 .d_close = audit_sdev_close,
340 .d_read = audit_sdev_read,
341 .d_write = eno_rdwrt,
342 .d_ioctl = audit_sdev_ioctl,
343 .d_stop = eno_stop,
344 .d_reset = eno_reset,
345 .d_ttys = NULL,
346 .d_select = audit_sdev_poll,
347 .d_mmap = eno_mmap,
348 .d_strategy = eno_strat,
349 .d_type = 0
350 };
351
352 /*
353 * Global statistics on audit sdevs.
354 */
355 static int audit_sdev_count; /* Current number of sdevs. */
356 static u_int64_t audit_sdev_ever; /* Sdevs ever allocated. */
357 static u_int64_t audit_sdev_records; /* Total records seen. */
358 static u_int64_t audit_sdev_drops; /* Global record drop count. */
359
360 static int audit_sdev_init(void);
361
362 #define AUDIT_SENTRY_RWLOCK_INIT() rw_init(&se_entry_lck, \
363 "se_entry_lck")
364 #define AUDIT_SENTRY_RLOCK() rw_rlock(&se_entry_lck)
365 #define AUDIT_SENTRY_WLOCK() rw_wlock(&se_entry_lck)
366 #define AUDIT_SENTRY_RWLOCK_ASSERT() rw_assert(&se_entry_lck, RA_LOCKED)
367 #define AUDIT_SENTRY_RUNLOCK() rw_runlock(&se_entry_lck)
368 #define AUDIT_SENTRY_WUNLOCK() rw_wunlock(&se_entry_lck)
369
370 /* Access control on the auditinfo_addr.ai_flags member. */
371 static uint64_t audit_session_superuser_set_sflags_mask;
372 static uint64_t audit_session_superuser_clear_sflags_mask;
373 static uint64_t audit_session_member_set_sflags_mask;
374 static uint64_t audit_session_member_clear_sflags_mask;
375 SYSCTL_NODE(, OID_AUTO, audit, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "Audit controls");
376 SYSCTL_NODE(_audit, OID_AUTO, session, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "Audit sessions");
377 SYSCTL_QUAD(_audit_session, OID_AUTO, superuser_set_sflags_mask, CTLFLAG_RW | CTLFLAG_LOCKED,
378 &audit_session_superuser_set_sflags_mask,
379 "Audit session flags settable by superuser");
380 SYSCTL_QUAD(_audit_session, OID_AUTO, superuser_clear_sflags_mask, CTLFLAG_RW | CTLFLAG_LOCKED,
381 &audit_session_superuser_clear_sflags_mask,
382 "Audit session flags clearable by superuser");
383 SYSCTL_QUAD(_audit_session, OID_AUTO, member_set_sflags_mask, CTLFLAG_RW | CTLFLAG_LOCKED,
384 &audit_session_member_set_sflags_mask,
385 "Audit session flags settable by a session member");
386 SYSCTL_QUAD(_audit_session, OID_AUTO, member_clear_sflags_mask, CTLFLAG_RW | CTLFLAG_LOCKED,
387 &audit_session_member_clear_sflags_mask,
388 "Audit session flags clearable by a session member");
389
390 extern int set_security_token_task_internal(proc_t p, void *task);
391
392 #define AUDIT_SESSION_DEBUG 0
393 #if AUDIT_SESSION_DEBUG
394 /*
395 * The following is debugging code that can be used to get a snapshot of the
396 * session state. The audit session information is read out using sysctl:
397 *
398 * error = sysctlbyname("kern.audit_session_debug", buffer_ptr, &buffer_len,
399 * NULL, 0);
400 */
401 #include <kern/kalloc.h>
402
403 /*
404 * The per session record structure for the snapshot data.
405 */
406 struct au_sentry_debug {
407 auditinfo_addr_t se_auinfo;
408 int64_t se_refcnt; /* refereence count */
409 int64_t se_procnt; /* process count */
410 int64_t se_ptcnt; /* process count from
411 * proc table */
412 };
413 typedef struct au_sentry_debug au_sentry_debug_t;
414
415 static int audit_sysctl_session_debug(struct sysctl_oid *oidp, void *arg1,
416 int arg2, struct sysctl_req *req);
417
418 SYSCTL_PROC(_kern, OID_AUTO, audit_session_debug, CTLFLAG_RD | CTLFLAG_LOCKED,
419 NULL, 0, audit_sysctl_session_debug, "S,audit_session_debug",
420 "Current session debug info for auditing.");
421
422 /*
423 * Callouts for proc_interate() which is used to reconcile the audit session
424 * proc state information with the proc table. We get everything we need
425 * in the filterfn while the proc_lock() is held so we really don't need the
426 * callout() function.
427 */
428 static int
429 audit_session_debug_callout(__unused proc_t p, __unused void *arg)
430 {
431 return PROC_RETURNED_DONE;
432 }
433
434 static int
435 audit_session_debug_filterfn(proc_t p, void *st)
436 {
437 kauth_cred_t cred = p->p_ucred;
438 auditinfo_addr_t *aia_p = cred->cr_audit.as_aia_p;
439 au_sentry_debug_t *sed_tab = (au_sentry_debug_t *) st;
440 au_sentry_debug_t *sdtp;
441 au_sentry_t *se;
442
443 if (IS_VALID_SESSION(aia_p)) {
444 sdtp = &sed_tab[0];
445 do {
446 if (aia_p->ai_asid == sdtp->se_asid) {
447 sdtp->se_ptcnt++;
448
449 /* Do some santy checks. */
450 se = AU_SENTRY_PTR(aia_p);
451 if (se->se_refcnt != sdtp->se_refcnt) {
452 sdtp->se_refcnt =
453 (int64_t)se->se_refcnt;
454 }
455 if (se->se_procnt != sdtp->se_procnt) {
456 sdtp->se_procnt =
457 (int64_t)se->se_procnt;
458 }
459 break;
460 }
461 sdtp++;
462 } while (sdtp->se_asid != 0 && sdtp->se_auid != 0);
463 } else {
464 /* add it to the default sesison */
465 sed_tab->se_ptcnt++;
466 }
467
468 return 0;
469 }
470
471 /*
472 * Copy out the session debug info via the sysctl interface.
473 *
474 */
475 static int
476 audit_sysctl_session_debug(__unused struct sysctl_oid *oidp,
477 __unused void *arg1, __unused int arg2, struct sysctl_req *req)
478 {
479 au_sentry_t *se;
480 au_sentry_debug_t *sed_tab, *next_sed;
481 int i, entry_cnt = 0;
482 size_t sz;
483 int err = 0;
484
485 /*
486 * This provides a read-only node.
487 */
488 if (req->newptr != USER_ADDR_NULL) {
489 return EPERM;
490 }
491
492 /*
493 * Walk the audit session hash table to determine the size.
494 */
495 AUDIT_SENTRY_RLOCK();
496 for (i = 0; i < HASH_TABLE_SIZE; i++) {
497 LIST_FOREACH(se, &au_sentry_bucket[i], se_link)
498 if (se != NULL) {
499 entry_cnt++;
500 }
501 }
502
503 entry_cnt++; /* add one for the default entry */
504 /*
505 * If just querying then return the space required. There is an
506 * obvious race condition here so we just fudge this by 3 in case
507 * the audit session table grows.
508 */
509 if (req->oldptr == USER_ADDR_NULL) {
510 req->oldidx = (entry_cnt + 3) * sizeof(au_sentry_debug_t);
511 AUDIT_SENTRY_RUNLOCK();
512 return 0;
513 }
514
515 /*
516 * Alloc a temporary buffer.
517 */
518 if (req->oldlen < (entry_cnt * sizeof(au_sentry_debug_t))) {
519 AUDIT_SENTRY_RUNLOCK();
520 return ENOMEM;
521 }
522 /*
523 * We hold the lock over the alloc since we don't want the table to
524 * grow on us. Therefore, use the non-blocking version of kalloc().
525 */
526 sed_tab = (au_sentry_debug_t *)kalloc_noblock(entry_cnt *
527 sizeof(au_sentry_debug_t));
528 if (sed_tab == NULL) {
529 AUDIT_SENTRY_RUNLOCK();
530 return ENOMEM;
531 }
532 bzero(sed_tab, entry_cnt * sizeof(au_sentry_debug_t));
533
534 /*
535 * Walk the audit session hash table and build the record array.
536 */
537 sz = 0;
538 next_sed = sed_tab;
539 /* add the first entry for processes not tracked in sessions. */
540 bcopy(audit_default_aia_p, &next_sed->se_auinfo, sizeof(au_sentry_t));
541 next_sed->se_refcnt = (int64_t)audit_default_se.se_refcnt;
542 next_sed->se_procnt = (int64_t)audit_default_se.se_procnt;
543 next_sed++;
544 sz += sizeof(au_sentry_debug_t);
545 for (i = 0; i < HASH_TABLE_SIZE; i++) {
546 LIST_FOREACH(se, &au_sentry_bucket[i], se_link) {
547 if (se != NULL) {
548 next_sed->se_auinfo = se->se_auinfo;
549 next_sed->se_refcnt = (int64_t)se->se_refcnt;
550 next_sed->se_procnt = (int64_t)se->se_procnt;
551 next_sed++;
552 sz += sizeof(au_sentry_debug_t);
553 }
554 }
555 }
556 AUDIT_SENTRY_RUNLOCK();
557
558 /* Reconcile with the process table. */
559 (void) proc_iterate(PROC_ALLPROCLIST | PROC_ZOMBPROCLIST,
560 audit_session_debug_callout, NULL,
561 audit_session_debug_filterfn, (void *)&sed_tab[0]);
562
563
564 req->oldlen = sz;
565 err = SYSCTL_OUT(req, sed_tab, sz);
566 kfree(sed_tab, entry_cnt * sizeof(au_sentry_debug_t));
567
568 return err;
569 }
570
571 #endif /* AUDIT_SESSION_DEBUG */
572
573 /*
574 * Create and commit a session audit event. The proc and se arguments needs to
575 * be that of the subject and not necessarily the current process.
576 */
577 static void
578 audit_session_event(int event, auditinfo_addr_t *aia_p)
579 {
580 struct kaudit_record *ar;
581
582 KASSERT(AUE_SESSION_START == event || AUE_SESSION_UPDATE == event ||
583 AUE_SESSION_END == event || AUE_SESSION_CLOSE == event,
584 ("audit_session_event: invalid event: %d", event));
585
586 if (NULL == aia_p) {
587 return;
588 }
589
590 /*
591 * Create a new audit record. The record will contain the subject
592 * ruid, rgid, egid, pid, auid, asid, amask, and term_addr
593 * (implicitly added by audit_new).
594 */
595 ar = audit_new(event, PROC_NULL, /* Not used */ NULL);
596 if (NULL == ar) {
597 return;
598 }
599
600 /*
601 * Audit session events are always generated because they are used
602 * by some userland consumers so just set the preselect flag.
603 */
604 ar->k_ar_commit |= AR_PRESELECT_FILTER;
605
606 /*
607 * Populate the subject information. Note that the ruid, rgid,
608 * egid, and pid values are incorrect. We only need the auditinfo_addr
609 * information.
610 */
611 ar->k_ar.ar_subj_ruid = 0;
612 ar->k_ar.ar_subj_rgid = 0;
613 ar->k_ar.ar_subj_egid = 0;
614 ar->k_ar.ar_subj_pid = 0;
615 ar->k_ar.ar_subj_auid = aia_p->ai_auid;
616 ar->k_ar.ar_subj_asid = aia_p->ai_asid;
617 bcopy(&aia_p->ai_termid, &ar->k_ar.ar_subj_term_addr,
618 sizeof(struct au_tid_addr));
619
620 /* Add the audit masks to the record. */
621 ar->k_ar.ar_arg_amask.am_success = aia_p->ai_mask.am_success;
622 ar->k_ar.ar_arg_amask.am_failure = aia_p->ai_mask.am_failure;
623 ARG_SET_VALID(ar, ARG_AMASK);
624
625 /* Add the audit session flags to the record. */
626 ar->k_ar.ar_arg_value64 = aia_p->ai_flags;
627 ARG_SET_VALID(ar, ARG_VALUE64);
628
629
630 /* Commit the record to the queue. */
631 audit_commit(ar, 0, 0);
632 }
633
634 /*
635 * Hash the audit session ID using a simple 32-bit mix.
636 */
637 static inline uint32_t
638 audit_session_hash(au_asid_t asid)
639 {
640 uint32_t a = (uint32_t) asid;
641
642 a = (a - (a << 6)) ^ (a >> 17);
643 a = (a - (a << 9)) ^ (a << 4);
644 a = (a - (a << 3)) ^ (a << 10);
645 a = a ^ (a >> 15);
646
647 return a;
648 }
649
650 /*
651 * Do an hash lookup and find the session entry for a given ASID. Return NULL
652 * if not found. If the session is found then audit_session_find takes a
653 * reference.
654 */
655 static au_sentry_t *
656 audit_session_find(au_asid_t asid)
657 {
658 uint32_t hkey;
659 au_sentry_t *found_se;
660
661 AUDIT_SENTRY_RWLOCK_ASSERT();
662
663 hkey = HASH_ASID(asid);
664
665 LIST_FOREACH(found_se, &au_sentry_bucket[hkey], se_link)
666 if (found_se->se_asid == asid) {
667 au_history_record(found_se, AU_HISTORY_EVENT_FIND);
668 audit_ref_session(found_se);
669 return found_se;
670 }
671 return NULL;
672 }
673
674 /*
675 * Remove the given audit_session entry from the hash table.
676 */
677 static void
678 audit_session_remove(au_sentry_t *se)
679 {
680 uint32_t hkey;
681 au_sentry_t *found_se, *tmp_se;
682
683 au_history_record(se, AU_HISTORY_EVENT_DEATH);
684 KASSERT(se->se_refcnt == 0, ("audit_session_remove: ref count != 0"));
685 KASSERT(se != &audit_default_se,
686 ("audit_session_remove: removing default session"));
687
688 hkey = HASH_ASID(se->se_asid);
689
690 AUDIT_SENTRY_WLOCK();
691 /*
692 * Check and see if someone got a reference before we got the lock.
693 */
694 if (se->se_refcnt != 0) {
695 AUDIT_SENTRY_WUNLOCK();
696 return;
697 }
698
699 audit_session_portdestroy(&se->se_port);
700 LIST_FOREACH_SAFE(found_se, &au_sentry_bucket[hkey], se_link, tmp_se) {
701 if (found_se == se) {
702 /*
703 * Generate an audit event to notify userland of the
704 * session close.
705 */
706 audit_session_event(AUE_SESSION_CLOSE,
707 &found_se->se_auinfo);
708
709 LIST_REMOVE(found_se, se_link);
710 AUDIT_SENTRY_WUNLOCK();
711 free(found_se, M_AU_SESSION);
712
713 return;
714 }
715 }
716 AUDIT_SENTRY_WUNLOCK();
717 }
718
719 /*
720 * Reference the session by incrementing the sentry ref count.
721 */
722 static void
723 audit_ref_session(au_sentry_t *se)
724 {
725 long old_val;
726
727 if (se == NULL || se == &audit_default_se) {
728 return;
729 }
730
731 au_history_record(se, AU_HISTORY_EVENT_REF);
732
733 old_val = OSAddAtomicLong(1, &se->se_refcnt);
734 KASSERT(old_val < 100000,
735 ("audit_ref_session: Too many references on session."));
736 }
737
738 /*
739 * Decrement the sentry ref count and remove the session entry if last one.
740 */
741 static void
742 audit_unref_session(au_sentry_t *se)
743 {
744 long old_val;
745
746 if (se == NULL || se == &audit_default_se) {
747 return;
748 }
749
750 au_history_record(se, AU_HISTORY_EVENT_UNREF);
751
752 old_val = OSAddAtomicLong(-1, &se->se_refcnt);
753 if (old_val == 1) {
754 audit_session_remove(se);
755 }
756 KASSERT(old_val > 0,
757 ("audit_unref_session: Too few references on session."));
758 }
759
760 /*
761 * Increment the process count in the session.
762 */
763 static void
764 audit_inc_procount(au_sentry_t *se)
765 {
766 long old_val;
767
768 if (se == NULL || se == &audit_default_se) {
769 return;
770 }
771
772 old_val = OSAddAtomicLong(1, &se->se_procnt);
773 KASSERT(old_val <= PID_MAX,
774 ("audit_inc_procount: proc count > PID_MAX"));
775 }
776
777 /*
778 * Decrement the process count and add a knote if it is the last process
779 * to exit the session.
780 */
781 static void
782 audit_dec_procount(au_sentry_t *se)
783 {
784 long old_val;
785
786 if (se == NULL || se == &audit_default_se) {
787 return;
788 }
789
790 old_val = OSAddAtomicLong(-1, &se->se_procnt);
791 /*
792 * If this was the last process generate an audit event to notify
793 * userland of the session ending.
794 */
795 if (old_val == 1) {
796 audit_session_event(AUE_SESSION_END, &se->se_auinfo);
797 }
798 KASSERT(old_val >= 1,
799 ("audit_dec_procount: proc count < 0"));
800 }
801
802 /*
803 * Update the session entry and check to see if anything was updated.
804 * Returns:
805 * 0 Nothing was updated (We don't care about process preselection masks)
806 * 1 Something was updated.
807 */
808 static int
809 audit_update_sentry(au_sentry_t *se, auditinfo_addr_t *new_aia)
810 {
811 auditinfo_addr_t *aia = &se->se_auinfo;
812 int update;
813
814 KASSERT(new_aia != audit_default_aia_p,
815 ("audit_update_sentry: Trying to update the default aia."));
816
817 update = (aia->ai_auid != new_aia->ai_auid ||
818 bcmp(&aia->ai_termid, &new_aia->ai_termid,
819 sizeof(new_aia->ai_termid)) ||
820 aia->ai_flags != new_aia->ai_flags);
821
822 if (update) {
823 bcopy(new_aia, aia, sizeof(*aia));
824 }
825
826 return update;
827 }
828
829 /*
830 * Return the next session ID. The range of kernel generated audit session IDs
831 * is ASSIGNED_ASID_MIN to ASSIGNED_ASID_MAX.
832 */
833 static uint32_t
834 audit_session_nextid(void)
835 {
836 static uint32_t next_asid = ASSIGNED_ASID_MIN;
837
838 AUDIT_SENTRY_RWLOCK_ASSERT();
839
840 if (next_asid > ASSIGNED_ASID_MAX) {
841 next_asid = ASSIGNED_ASID_MIN;
842 }
843
844 return next_asid++;
845 }
846
847 /*
848 * Allocated a new audit_session entry and add it to the hash table. If the
849 * given ASID is set to AU_ASSIGN_ASID then audit_session_new() will pick an
850 * audit session ID. Otherwise, it attempts use the one given. It creates a
851 * reference to the entry that must be unref'ed.
852 */
853 static auditinfo_addr_t *
854 audit_session_new(auditinfo_addr_t *new_aia_p, auditinfo_addr_t *old_aia_p)
855 {
856 au_asid_t new_asid;
857 au_sentry_t *se = NULL;
858 au_sentry_t *found_se = NULL;
859 auditinfo_addr_t *aia = NULL;
860
861 KASSERT(new_aia_p != NULL, ("audit_session_new: new_aia_p == NULL"));
862
863 new_asid = new_aia_p->ai_asid;
864
865 /*
866 * Alloc a new session entry now so we don't wait holding the lock.
867 */
868 se = malloc(sizeof(au_sentry_t), M_AU_SESSION, M_WAITOK | M_ZERO);
869
870 /*
871 * Find an unique session ID, if desired.
872 */
873 AUDIT_SENTRY_WLOCK();
874 if (new_asid == AU_ASSIGN_ASID) {
875 do {
876 new_asid = (au_asid_t)audit_session_nextid();
877 found_se = audit_session_find(new_asid);
878
879 /*
880 * If the session ID is currently active then drop the
881 * reference and try again.
882 */
883 if (found_se != NULL) {
884 audit_unref_session(found_se);
885 } else {
886 break;
887 }
888 } while (1);
889 } else {
890 /*
891 * Check to see if the requested ASID is already in the
892 * hash table. If so, update it with the new auditinfo.
893 */
894 if ((found_se = audit_session_find(new_asid)) != NULL) {
895 int updated;
896
897 updated = audit_update_sentry(found_se, new_aia_p);
898
899 AUDIT_SENTRY_WUNLOCK();
900 free(se, M_AU_SESSION);
901
902 /* If a different session then add this process in. */
903 if (new_aia_p != old_aia_p) {
904 audit_inc_procount(found_se);
905 }
906
907 /*
908 * If the session information was updated then
909 * generate an audit event to notify userland.
910 */
911 if (updated) {
912 audit_session_event(AUE_SESSION_UPDATE,
913 &found_se->se_auinfo);
914 }
915
916 return &found_se->se_auinfo;
917 }
918 }
919
920 /*
921 * Start the reference and proc count at 1 to account for the process
922 * that invoked this via setaudit_addr() (or friends).
923 */
924 se->se_refcnt = se->se_procnt = 1;
925
926 /*
927 * Populate the new session entry. Note that process masks are stored
928 * in kauth ucred so just zero them here.
929 */
930 se->se_port = IPC_PORT_NULL;
931 aia = &se->se_auinfo;
932 aia->ai_asid = new_asid;
933 aia->ai_auid = new_aia_p->ai_auid;
934 bzero(&new_aia_p->ai_mask, sizeof(new_aia_p->ai_mask));
935 bcopy(&new_aia_p->ai_termid, &aia->ai_termid, sizeof(aia->ai_termid));
936 aia->ai_flags = new_aia_p->ai_flags;
937
938 /*
939 * Add it to the hash table.
940 */
941 LIST_INSERT_HEAD(&au_sentry_bucket[HASH_ASID(new_asid)], se, se_link);
942 AUDIT_SENTRY_WUNLOCK();
943
944 /*
945 * Generate an audit event to notify userland of the new session.
946 */
947 audit_session_event(AUE_SESSION_START, aia);
948 au_history_record(se, AU_HISTORY_EVENT_BIRTH);
949 return aia;
950 }
951
952 /*
953 * Lookup an existing session. A copy of the audit session info for a given
954 * ASID is returned in ret_aia. Returns 0 on success.
955 */
956 int
957 audit_session_lookup(au_asid_t asid, auditinfo_addr_t *ret_aia)
958 {
959 au_sentry_t *se = NULL;
960
961 if ((uint32_t)asid > ASSIGNED_ASID_MAX) {
962 return -1;
963 }
964 AUDIT_SENTRY_RLOCK();
965 if ((se = audit_session_find(asid)) == NULL) {
966 AUDIT_SENTRY_RUNLOCK();
967 return 1;
968 }
969 /* We have a reference on the session so it is safe to drop the lock. */
970 AUDIT_SENTRY_RUNLOCK();
971 if (ret_aia != NULL) {
972 bcopy(&se->se_auinfo, ret_aia, sizeof(*ret_aia));
973 }
974 audit_unref_session(se);
975
976 return 0;
977 }
978
979 void
980 audit_session_aiaref(auditinfo_addr_t *aia_p)
981 {
982 audit_ref_session(AU_SENTRY_PTR(aia_p));
983 }
984
985 /*
986 * Add a reference to the session entry.
987 */
988 void
989 audit_session_ref(kauth_cred_t cred)
990 {
991 auditinfo_addr_t *aia_p;
992
993 KASSERT(IS_VALID_CRED(cred),
994 ("audit_session_ref: Invalid kauth_cred."));
995
996 aia_p = cred->cr_audit.as_aia_p;
997 audit_session_aiaref(aia_p);
998 }
999
1000 void
1001 audit_session_aiaunref(auditinfo_addr_t *aia_p)
1002 {
1003 audit_unref_session(AU_SENTRY_PTR(aia_p));
1004 }
1005
1006 /*
1007 * Remove a reference to the session entry.
1008 */
1009 void
1010 audit_session_unref(kauth_cred_t cred)
1011 {
1012 auditinfo_addr_t *aia_p;
1013
1014 KASSERT(IS_VALID_CRED(cred),
1015 ("audit_session_unref: Invalid kauth_cred."));
1016
1017 aia_p = cred->cr_audit.as_aia_p;
1018 audit_session_aiaunref(aia_p);
1019 }
1020
1021 /*
1022 * Increment the per audit session process count. Assumes that the caller has
1023 * a reference on the process' cred.
1024 */
1025 void
1026 audit_session_procnew(proc_t p)
1027 {
1028 kauth_cred_t cred = p->p_ucred;
1029 auditinfo_addr_t *aia_p;
1030
1031 KASSERT(IS_VALID_CRED(cred),
1032 ("audit_session_procnew: Invalid kauth_cred."));
1033
1034 aia_p = cred->cr_audit.as_aia_p;
1035
1036 audit_inc_procount(AU_SENTRY_PTR(aia_p));
1037 }
1038
1039 /*
1040 * Decrement the per audit session process count. Assumes that the caller has
1041 * a reference on the cred.
1042 */
1043 void
1044 audit_session_procexit(proc_t p)
1045 {
1046 kauth_cred_t cred = p->p_ucred;
1047 auditinfo_addr_t *aia_p;
1048
1049 KASSERT(IS_VALID_CRED(cred),
1050 ("audit_session_procexit: Invalid kauth_cred."));
1051
1052 aia_p = cred->cr_audit.as_aia_p;
1053
1054 audit_dec_procount(AU_SENTRY_PTR(aia_p));
1055 }
1056
1057 /*
1058 * Init the audit session code.
1059 */
1060 void
1061 audit_session_init(void)
1062 {
1063 int i;
1064
1065 KASSERT((ASSIGNED_ASID_MAX - ASSIGNED_ASID_MIN) > PID_MAX,
1066 ("audit_session_init: ASSIGNED_ASID_MAX is not large enough."));
1067
1068 AUDIT_SENTRY_RWLOCK_INIT();
1069
1070 au_sentry_bucket = malloc( sizeof(struct au_sentry) *
1071 HASH_TABLE_SIZE, M_AU_SESSION, M_WAITOK | M_ZERO);
1072
1073 for (i = 0; i < HASH_TABLE_SIZE; i++) {
1074 LIST_INIT(&au_sentry_bucket[i]);
1075 }
1076
1077 (void)audit_sdev_init();
1078 #if AU_HISTORY_LOGGING
1079 au_history = malloc(sizeof(struct au_history) * au_history_size,
1080 M_AU_SESSION, M_WAITOK | M_ZERO);
1081 #endif
1082 }
1083
1084 static int
1085 audit_session_update_check(kauth_cred_t cred, auditinfo_addr_t *old,
1086 auditinfo_addr_t *new)
1087 {
1088 uint64_t n;
1089
1090 /* If the current audit ID is not the default then it is immutable. */
1091 if (old->ai_auid != AU_DEFAUDITID && old->ai_auid != new->ai_auid) {
1092 return EINVAL;
1093 }
1094
1095 /* If the current termid is not the default then it is immutable. */
1096 if ((old->ai_termid.at_type != AU_IPv4 ||
1097 old->ai_termid.at_port != 0 ||
1098 old->ai_termid.at_addr[0] != 0) &&
1099 (old->ai_termid.at_port != new->ai_termid.at_port ||
1100 old->ai_termid.at_type != new->ai_termid.at_type ||
1101 0 != bcmp(&old->ai_termid.at_addr, &new->ai_termid.at_addr,
1102 sizeof(old->ai_termid.at_addr)))) {
1103 return EINVAL;
1104 }
1105
1106 /* The flags may be set only according to the
1107 * audit_session_*_set_sflags_masks.
1108 */
1109 n = ~old->ai_flags & new->ai_flags;
1110 if (0 != n &&
1111 !((n == (audit_session_superuser_set_sflags_mask & n) &&
1112 kauth_cred_issuser(cred)) ||
1113 (n == (audit_session_member_set_sflags_mask & n) &&
1114 old->ai_asid == new->ai_asid))) {
1115 return EINVAL;
1116 }
1117
1118 /* The flags may be cleared only according to the
1119 * audit_session_*_clear_sflags_masks.
1120 */
1121 n = ~new->ai_flags & old->ai_flags;
1122 if (0 != n &&
1123 !((n == (audit_session_superuser_clear_sflags_mask & n) &&
1124 kauth_cred_issuser(cred)) ||
1125 (n == (audit_session_member_clear_sflags_mask & n) &&
1126 old->ai_asid == new->ai_asid))) {
1127 return EINVAL;
1128 }
1129
1130 /* The audit masks are mutable. */
1131 return 0;
1132 }
1133
1134 /*
1135 * Safely update kauth cred of the given process with new the given audit info.
1136 */
1137 int
1138 audit_session_setaia(proc_t p, auditinfo_addr_t *new_aia_p)
1139 {
1140 kauth_cred_t my_cred, my_new_cred;
1141 struct au_session as;
1142 struct au_session tmp_as;
1143 auditinfo_addr_t caia, *old_aia_p;
1144 int ret;
1145
1146 /*
1147 * If this is going to modify an existing session then do some
1148 * immutable checks.
1149 */
1150 if (audit_session_lookup(new_aia_p->ai_asid, &caia) == 0) {
1151 my_cred = kauth_cred_proc_ref(p);
1152 ret = audit_session_update_check(my_cred, &caia, new_aia_p);
1153 kauth_cred_unref(&my_cred);
1154 if (ret) {
1155 return ret;
1156 }
1157 }
1158
1159 my_cred = kauth_cred_proc_ref(p);
1160 bcopy(&new_aia_p->ai_mask, &as.as_mask, sizeof(as.as_mask));
1161 old_aia_p = my_cred->cr_audit.as_aia_p;
1162 /* audit_session_new() adds a reference on the session */
1163 as.as_aia_p = audit_session_new(new_aia_p, old_aia_p);
1164
1165 /* If the process left a session then update the process count. */
1166 if (old_aia_p != new_aia_p) {
1167 audit_dec_procount(AU_SENTRY_PTR(old_aia_p));
1168 }
1169
1170
1171 /*
1172 * We are modifying the audit info in a credential so we need a new
1173 * credential (or take another reference on an existing credential that
1174 * matches our new one). We must do this because the audit info in the
1175 * credential is used as part of our hash key. Get current credential
1176 * in the target process and take a reference while we muck with it.
1177 */
1178 for (;;) {
1179 /*
1180 * Set the credential with new info. If there is no change,
1181 * we get back the same credential we passed in; if there is
1182 * a change, we drop the reference on the credential we
1183 * passed in. The subsequent compare is safe, because it is
1184 * a pointer compare rather than a contents compare.
1185 */
1186 bcopy(&as, &tmp_as, sizeof(tmp_as));
1187 my_new_cred = kauth_cred_setauditinfo(my_cred, &tmp_as);
1188
1189 if (my_cred != my_new_cred) {
1190 proc_ucred_lock(p);
1191 /* Need to protect for a race where another thread also
1192 * changed the credential after we took our reference.
1193 * If p_ucred has changed then we should restart this
1194 * again with the new cred.
1195 */
1196 if (p->p_ucred != my_cred) {
1197 proc_ucred_unlock(p);
1198 audit_session_unref(my_new_cred);
1199 kauth_cred_unref(&my_new_cred);
1200 /* try again */
1201 my_cred = kauth_cred_proc_ref(p);
1202 continue;
1203 }
1204 p->p_ucred = my_new_cred;
1205 /* update cred on proc */
1206 PROC_UPDATE_CREDS_ONPROC(p);
1207 proc_ucred_unlock(p);
1208 }
1209 /*
1210 * Drop old proc reference or our extra reference.
1211 */
1212 kauth_cred_unref(&my_cred);
1213 break;
1214 }
1215
1216 /* Drop the reference taken by audit_session_new() above. */
1217 audit_unref_session(AU_SENTRY_PTR(as.as_aia_p));
1218
1219 /* Propagate the change from the process to the Mach task. */
1220 set_security_token(p);
1221
1222 return 0;
1223 }
1224
1225 /*
1226 * audit_session_self (system call)
1227 *
1228 * Description: Obtain a Mach send right for the current session.
1229 *
1230 * Parameters: p Process calling audit_session_self().
1231 *
1232 * Returns: *ret_port Named Mach send right, which may be
1233 * MACH_PORT_NULL in the failure case.
1234 *
1235 * Errno: 0 Success
1236 * EINVAL The calling process' session has not be set.
1237 * ESRCH Bad process, can't get valid cred for process.
1238 * ENOMEM Port allocation failed due to no free memory.
1239 */
1240 int
1241 audit_session_self(proc_t p, __unused struct audit_session_self_args *uap,
1242 mach_port_name_t *ret_port)
1243 {
1244 ipc_port_t sendport = IPC_PORT_NULL;
1245 kauth_cred_t cred = NULL;
1246 auditinfo_addr_t *aia_p;
1247 au_sentry_t *se;
1248 int err = 0;
1249
1250 cred = kauth_cred_proc_ref(p);
1251 if (!IS_VALID_CRED(cred)) {
1252 err = ESRCH;
1253 goto done;
1254 }
1255
1256 aia_p = cred->cr_audit.as_aia_p;
1257 if (!IS_VALID_SESSION(aia_p)) {
1258 /* Can't join the default session. */
1259 err = EINVAL;
1260 goto done;
1261 }
1262
1263 se = AU_SENTRY_PTR(aia_p);
1264
1265 /*
1266 * Processes that join using this mach port will inherit this process'
1267 * pre-selection masks.
1268 */
1269 if (se->se_port == IPC_PORT_NULL) {
1270 bcopy(&cred->cr_audit.as_mask, &se->se_mask,
1271 sizeof(se->se_mask));
1272 }
1273
1274 /*
1275 * Get a send right to the session's Mach port and insert it in the
1276 * process' mach port namespace.
1277 */
1278 sendport = audit_session_mksend(aia_p, &se->se_port);
1279 *ret_port = ipc_port_copyout_send(sendport, get_task_ipcspace(p->task));
1280
1281 done:
1282 if (cred != NULL) {
1283 kauth_cred_unref(&cred);
1284 }
1285 if (err != 0) {
1286 *ret_port = MACH_PORT_NULL;
1287 }
1288 return err;
1289 }
1290
1291 /*
1292 * audit_session_port (system call)
1293 *
1294 * Description: Obtain a Mach send right for the given session ID.
1295 *
1296 * Parameters: p Process calling audit_session_port().
1297 * uap->asid The target audit session ID. The special
1298 * value -1 can be used to target the process's
1299 * own session.
1300 * uap->portnamep User address at which to place port name.
1301 *
1302 * Returns: 0 Success
1303 * EINVAL The calling process' session has not be set.
1304 * EINVAL The given session ID could not be found.
1305 * EINVAL The Mach port right could not be copied out.
1306 * ESRCH Bad process, can't get valid cred for process.
1307 * EPERM Only the superuser can reference sessions other
1308 * than the process's own.
1309 * ENOMEM Port allocation failed due to no free memory.
1310 */
1311 int
1312 audit_session_port(proc_t p, struct audit_session_port_args *uap,
1313 __unused int *retval)
1314 {
1315 ipc_port_t sendport = IPC_PORT_NULL;
1316 mach_port_name_t portname = MACH_PORT_NULL;
1317 kauth_cred_t cred = NULL;
1318 auditinfo_addr_t *aia_p = NULL;
1319 au_sentry_t *se = NULL;
1320 int err = 0;
1321
1322 /* Note: Currently this test will never be true, because
1323 * ASSIGNED_ASID_MAX is effectively (uint32_t)-2.
1324 */
1325 if (uap->asid != -1 && (uint32_t)uap->asid > ASSIGNED_ASID_MAX) {
1326 err = EINVAL;
1327 goto done;
1328 }
1329 cred = kauth_cred_proc_ref(p);
1330 if (!IS_VALID_CRED(cred)) {
1331 err = ESRCH;
1332 goto done;
1333 }
1334 aia_p = cred->cr_audit.as_aia_p;
1335
1336 /* Find the session corresponding to the requested audit
1337 * session ID. If found, take a reference on it so that
1338 * the session is not dropped until the join is later done.
1339 */
1340 if (uap->asid == (au_asid_t)-1 ||
1341 uap->asid == aia_p->ai_asid) {
1342 if (!IS_VALID_SESSION(aia_p)) {
1343 /* Can't join the default session. */
1344 err = EINVAL;
1345 goto done;
1346 }
1347
1348 /* No privilege is required to obtain a port for our
1349 * own session.
1350 */
1351 se = AU_SENTRY_PTR(aia_p);
1352 audit_ref_session(se);
1353 } else if (kauth_cred_issuser(cred)) {
1354 /* The superuser may obtain a port for any existing
1355 * session.
1356 */
1357 AUDIT_SENTRY_RLOCK();
1358 se = audit_session_find(uap->asid);
1359 AUDIT_SENTRY_RUNLOCK();
1360 if (NULL == se) {
1361 err = EINVAL;
1362 goto done;
1363 }
1364 aia_p = &se->se_auinfo;
1365 } else {
1366 err = EPERM;
1367 goto done;
1368 }
1369
1370 /*
1371 * Processes that join using this mach port will inherit this process'
1372 * pre-selection masks.
1373 */
1374 if (se->se_port == IPC_PORT_NULL) {
1375 bcopy(&cred->cr_audit.as_mask, &se->se_mask,
1376 sizeof(se->se_mask));
1377 }
1378
1379 /*
1380 * Use the session reference to create a mach port reference for the
1381 * session (at which point we are free to drop the session reference)
1382 * and then copy out the mach port to the process' mach port namespace.
1383 */
1384 sendport = audit_session_mksend(aia_p, &se->se_port);
1385 portname = ipc_port_copyout_send(sendport, get_task_ipcspace(p->task));
1386 if (!MACH_PORT_VALID(portname)) {
1387 err = EINVAL;
1388 goto done;
1389 }
1390 err = copyout(&portname, uap->portnamep, sizeof(mach_port_name_t));
1391 done:
1392 if (cred != NULL) {
1393 kauth_cred_unref(&cred);
1394 }
1395 if (NULL != se) {
1396 audit_unref_session(se);
1397 }
1398 if (MACH_PORT_VALID(portname) && 0 != err) {
1399 (void)mach_port_deallocate(get_task_ipcspace(p->task),
1400 portname);
1401 }
1402
1403 return err;
1404 }
1405
1406 static int
1407 audit_session_join_internal(proc_t p, task_t task, ipc_port_t port, au_asid_t *new_asid)
1408 {
1409 auditinfo_addr_t *new_aia_p, *old_aia_p;
1410 kauth_cred_t my_cred = NULL;
1411 au_asid_t old_asid;
1412 int err = 0;
1413
1414 *new_asid = AU_DEFAUDITSID;
1415
1416 if ((new_aia_p = audit_session_porttoaia(port)) == NULL) {
1417 err = EINVAL;
1418 goto done;
1419 }
1420
1421 proc_ucred_lock(p);
1422 kauth_cred_ref(p->p_ucred);
1423 my_cred = p->p_ucred;
1424 if (!IS_VALID_CRED(my_cred)) {
1425 kauth_cred_unref(&my_cred);
1426 proc_ucred_unlock(p);
1427 err = ESRCH;
1428 goto done;
1429 }
1430 old_aia_p = my_cred->cr_audit.as_aia_p;
1431 old_asid = old_aia_p->ai_asid;
1432 *new_asid = new_aia_p->ai_asid;
1433
1434 /*
1435 * Add process in if not already in the session.
1436 */
1437 if (*new_asid != old_asid) {
1438 kauth_cred_t my_new_cred;
1439 struct au_session new_as;
1440
1441 bcopy(&new_aia_p->ai_mask, &new_as.as_mask,
1442 sizeof(new_as.as_mask));
1443 new_as.as_aia_p = new_aia_p;
1444
1445 my_new_cred = kauth_cred_setauditinfo(my_cred, &new_as);
1446 p->p_ucred = my_new_cred;
1447 PROC_UPDATE_CREDS_ONPROC(p);
1448
1449 /* Increment the proc count of new session */
1450 audit_inc_procount(AU_SENTRY_PTR(new_aia_p));
1451
1452 proc_ucred_unlock(p);
1453
1454 /* Propagate the change from the process to the Mach task. */
1455 set_security_token_task_internal(p, task);
1456
1457 /* Decrement the process count of the former session. */
1458 audit_dec_procount(AU_SENTRY_PTR(old_aia_p));
1459 } else {
1460 proc_ucred_unlock(p);
1461 }
1462 kauth_cred_unref(&my_cred);
1463
1464 done:
1465 if (port != IPC_PORT_NULL) {
1466 ipc_port_release_send(port);
1467 }
1468
1469 return err;
1470 }
1471
1472 /*
1473 * audit_session_spawnjoin
1474 *
1475 * Description: posix_spawn() interface to audit_session_join_internal().
1476 *
1477 * Returns: 0 Success
1478 * EINVAL Invalid Mach port name.
1479 * ESRCH Invalid calling process/cred.
1480 */
1481 int
1482 audit_session_spawnjoin(proc_t p, task_t task, ipc_port_t port)
1483 {
1484 au_asid_t new_asid;
1485
1486 return audit_session_join_internal(p, task, port, &new_asid);
1487 }
1488
1489 /*
1490 * audit_session_join (system call)
1491 *
1492 * Description: Join the session for a given Mach port send right.
1493 *
1494 * Parameters: p Process calling session join.
1495 * uap->port A Mach send right.
1496 *
1497 * Returns: *ret_asid Audit session ID of new session.
1498 * In the failure case the return value will be -1
1499 * and 'errno' will be set to a non-zero value
1500 * described below.
1501 *
1502 * Errno: 0 Success
1503 * EINVAL Invalid Mach port name.
1504 * ESRCH Invalid calling process/cred.
1505 */
1506 int
1507 audit_session_join(proc_t p, struct audit_session_join_args *uap,
1508 au_asid_t *ret_asid)
1509 {
1510 ipc_port_t port = IPC_PORT_NULL;
1511 mach_port_name_t send = uap->port;
1512 int err = 0;
1513
1514
1515 if (ipc_object_copyin(get_task_ipcspace(p->task), send,
1516 MACH_MSG_TYPE_COPY_SEND, &port) != KERN_SUCCESS) {
1517 *ret_asid = AU_DEFAUDITSID;
1518 err = EINVAL;
1519 } else {
1520 err = audit_session_join_internal(p, p->task, port, ret_asid);
1521 }
1522
1523 return err;
1524 }
1525
1526 /*
1527 * Audit session device.
1528 */
1529
1530 /*
1531 * Free an audit sdev entry.
1532 */
1533 static void
1534 audit_sdev_entry_free(struct audit_sdev_entry *ase)
1535 {
1536 free(ase->ase_record, M_AUDIT_SDEV_ENTRY);
1537 free(ase, M_AUDIT_SDEV_ENTRY);
1538 }
1539
1540 /*
1541 * Append individual record to a queue. Allocate queue-local buffer and
1542 * add to the queue. If the queue is full or we can't allocate memory,
1543 * drop the newest record.
1544 */
1545 static void
1546 audit_sdev_append(struct audit_sdev *asdev, void *record, u_int record_len)
1547 {
1548 struct audit_sdev_entry *ase;
1549
1550 AUDIT_SDEV_LOCK_ASSERT(asdev);
1551
1552 if (asdev->asdev_qlen >= asdev->asdev_qlimit) {
1553 asdev->asdev_drops++;
1554 audit_sdev_drops++;
1555 return;
1556 }
1557
1558 ase = malloc(sizeof(*ase), M_AUDIT_SDEV_ENTRY, M_NOWAIT | M_ZERO);
1559 if (NULL == ase) {
1560 asdev->asdev_drops++;
1561 audit_sdev_drops++;
1562 return;
1563 }
1564
1565 ase->ase_record = malloc(record_len, M_AUDIT_SDEV_ENTRY, M_NOWAIT);
1566 if (NULL == ase->ase_record) {
1567 free(ase, M_AUDIT_SDEV_ENTRY);
1568 asdev->asdev_drops++;
1569 audit_sdev_drops++;
1570 return;
1571 }
1572
1573 bcopy(record, ase->ase_record, record_len);
1574 ase->ase_record_len = record_len;
1575
1576 TAILQ_INSERT_TAIL(&asdev->asdev_queue, ase, ase_queue);
1577 asdev->asdev_inserts++;
1578 asdev->asdev_qlen++;
1579 asdev->asdev_qbyteslen += ase->ase_record_len;
1580 selwakeup(&asdev->asdev_selinfo);
1581 if (asdev->asdev_flags & AUDIT_SDEV_ASYNC) {
1582 pgsigio(asdev->asdev_sigio, SIGIO);
1583 }
1584
1585 cv_broadcast(&asdev->asdev_cv);
1586 }
1587
1588 /*
1589 * Submit an audit record to be queued in the audit session device.
1590 */
1591 void
1592 audit_sdev_submit(__unused au_id_t auid, __unused au_asid_t asid, void *record,
1593 u_int record_len)
1594 {
1595 struct audit_sdev *asdev;
1596
1597 /*
1598 * Lockless read to avoid lock overhead if sessio devices are not in
1599 * use.
1600 */
1601 if (NULL == TAILQ_FIRST(&audit_sdev_list)) {
1602 return;
1603 }
1604
1605 AUDIT_SDEV_LIST_RLOCK();
1606 TAILQ_FOREACH(asdev, &audit_sdev_list, asdev_list) {
1607 AUDIT_SDEV_LOCK(asdev);
1608
1609 /*
1610 * Only append to the sdev queue if the AUID and ASID match that
1611 * of the process that opened this session device or if the
1612 * ALLSESSIONS flag is set.
1613 */
1614 if ((/* XXXss auid == asdev->asdev_auid && */
1615 asid == asdev->asdev_asid) ||
1616 (asdev->asdev_flags & AUDIT_SDEV_ALLSESSIONS) != 0) {
1617 audit_sdev_append(asdev, record, record_len);
1618 }
1619 AUDIT_SDEV_UNLOCK(asdev);
1620 }
1621 AUDIT_SDEV_LIST_RUNLOCK();
1622
1623 /* Unlocked increment. */
1624 audit_sdev_records++;
1625 }
1626
1627 /*
1628 * Allocate a new audit sdev. Connects the sdev, on succes, to the global
1629 * list and updates statistics.
1630 */
1631 static struct audit_sdev *
1632 audit_sdev_alloc(void)
1633 {
1634 struct audit_sdev *asdev;
1635
1636 AUDIT_SDEV_LIST_WLOCK_ASSERT();
1637
1638 asdev = malloc(sizeof(*asdev), M_AUDIT_SDEV, M_WAITOK | M_ZERO);
1639 if (NULL == asdev) {
1640 return NULL;
1641 }
1642
1643 asdev->asdev_qlimit = AUDIT_SDEV_QLIMIT_DEFAULT;
1644 TAILQ_INIT(&asdev->asdev_queue);
1645 AUDIT_SDEV_LOCK_INIT(asdev);
1646 AUDIT_SDEV_SX_LOCK_INIT(asdev);
1647 cv_init(&asdev->asdev_cv, "audit_sdev_cv");
1648
1649 /*
1650 * Add to global list and update global statistics.
1651 */
1652 TAILQ_INSERT_HEAD(&audit_sdev_list, asdev, asdev_list);
1653 audit_sdev_count++;
1654 audit_sdev_ever++;
1655
1656 return asdev;
1657 }
1658
1659 /*
1660 * Flush all records currently present in an audit sdev.
1661 */
1662 static void
1663 audit_sdev_flush(struct audit_sdev *asdev)
1664 {
1665 struct audit_sdev_entry *ase;
1666
1667 AUDIT_SDEV_LOCK_ASSERT(asdev);
1668
1669 while ((ase = TAILQ_FIRST(&asdev->asdev_queue)) != NULL) {
1670 TAILQ_REMOVE(&asdev->asdev_queue, ase, ase_queue);
1671 asdev->asdev_qbyteslen -= ase->ase_record_len;
1672 audit_sdev_entry_free(ase);
1673 asdev->asdev_qlen--;
1674 }
1675 asdev->asdev_qoffset = 0;
1676
1677 KASSERT(0 == asdev->asdev_qlen, ("audit_sdev_flush: asdev_qlen"));
1678 KASSERT(0 == asdev->asdev_qbyteslen,
1679 ("audit_sdev_flush: asdev_qbyteslen"));
1680 }
1681
1682 /*
1683 * Free an audit sdev.
1684 */
1685 static void
1686 audit_sdev_free(struct audit_sdev *asdev)
1687 {
1688 AUDIT_SDEV_LIST_WLOCK_ASSERT();
1689 AUDIT_SDEV_LOCK_ASSERT(asdev);
1690
1691 /* XXXss - preselect hook here */
1692 audit_sdev_flush(asdev);
1693 cv_destroy(&asdev->asdev_cv);
1694 AUDIT_SDEV_SX_LOCK_DESTROY(asdev);
1695 AUDIT_SDEV_UNLOCK(asdev);
1696 AUDIT_SDEV_LOCK_DESTROY(asdev);
1697
1698 TAILQ_REMOVE(&audit_sdev_list, asdev, asdev_list);
1699 free(asdev, M_AUDIT_SDEV);
1700 audit_sdev_count--;
1701 }
1702
1703 /*
1704 * Get the auditinfo_addr of the proc and check to see if suser. Will return
1705 * non-zero if not suser.
1706 */
1707 static int
1708 audit_sdev_get_aia(proc_t p, struct auditinfo_addr *aia_p)
1709 {
1710 int error;
1711 kauth_cred_t scred;
1712
1713 scred = kauth_cred_proc_ref(p);
1714 error = suser(scred, &p->p_acflag);
1715
1716 if (NULL != aia_p) {
1717 bcopy(scred->cr_audit.as_aia_p, aia_p, sizeof(*aia_p));
1718 }
1719 kauth_cred_unref(&scred);
1720
1721 return error;
1722 }
1723
1724 /*
1725 * Audit session dev open method.
1726 */
1727 static int
1728 audit_sdev_open(dev_t dev, __unused int flags, __unused int devtype, proc_t p)
1729 {
1730 struct audit_sdev *asdev;
1731 struct auditinfo_addr aia;
1732 int u;
1733
1734 u = minor(dev);
1735 if (u < 0 || u >= MAX_AUDIT_SDEVS) {
1736 return ENXIO;
1737 }
1738
1739 (void) audit_sdev_get_aia(p, &aia);
1740
1741 AUDIT_SDEV_LIST_WLOCK();
1742 asdev = audit_sdev_dtab[u];
1743 if (NULL == asdev) {
1744 asdev = audit_sdev_alloc();
1745 if (NULL == asdev) {
1746 AUDIT_SDEV_LIST_WUNLOCK();
1747 return ENOMEM;
1748 }
1749 audit_sdev_dtab[u] = asdev;
1750 } else {
1751 KASSERT(asdev->asdev_open, ("audit_sdev_open: Already open"));
1752 AUDIT_SDEV_LIST_WUNLOCK();
1753 return EBUSY;
1754 }
1755 asdev->asdev_open = 1;
1756 asdev->asdev_auid = aia.ai_auid;
1757 asdev->asdev_asid = aia.ai_asid;
1758 asdev->asdev_flags = 0;
1759
1760 AUDIT_SDEV_LIST_WUNLOCK();
1761
1762 return 0;
1763 }
1764
1765 /*
1766 * Audit session dev close method.
1767 */
1768 static int
1769 audit_sdev_close(dev_t dev, __unused int flags, __unused int devtype,
1770 __unused proc_t p)
1771 {
1772 struct audit_sdev *asdev;
1773 int u;
1774
1775 u = minor(dev);
1776 asdev = audit_sdev_dtab[u];
1777
1778 KASSERT(asdev != NULL, ("audit_sdev_close: asdev == NULL"));
1779 KASSERT(asdev->asdev_open, ("audit_sdev_close: !asdev_open"));
1780
1781 AUDIT_SDEV_LIST_WLOCK();
1782 AUDIT_SDEV_LOCK(asdev);
1783 asdev->asdev_open = 0;
1784 audit_sdev_free(asdev); /* sdev lock unlocked in audit_sdev_free() */
1785 audit_sdev_dtab[u] = NULL;
1786 AUDIT_SDEV_LIST_WUNLOCK();
1787
1788 return 0;
1789 }
1790
1791 /*
1792 * Audit session dev ioctl method.
1793 */
1794 static int
1795 audit_sdev_ioctl(dev_t dev, u_long cmd, caddr_t data,
1796 __unused int flag, proc_t p)
1797 {
1798 struct audit_sdev *asdev;
1799 int error;
1800
1801 asdev = audit_sdev_dtab[minor(dev)];
1802 KASSERT(asdev != NULL, ("audit_sdev_ioctl: asdev == NULL"));
1803
1804 error = 0;
1805
1806 switch (cmd) {
1807 case FIONBIO:
1808 AUDIT_SDEV_LOCK(asdev);
1809 if (*(int *)data) {
1810 asdev->asdev_flags |= AUDIT_SDEV_NBIO;
1811 } else {
1812 asdev->asdev_flags &= ~AUDIT_SDEV_NBIO;
1813 }
1814 AUDIT_SDEV_UNLOCK(asdev);
1815 break;
1816
1817 case FIONREAD:
1818 AUDIT_SDEV_LOCK(asdev);
1819 *(int *)data = asdev->asdev_qbyteslen - asdev->asdev_qoffset;
1820 AUDIT_SDEV_UNLOCK(asdev);
1821 break;
1822
1823 case AUDITSDEV_GET_QLEN:
1824 *(u_int *)data = asdev->asdev_qlen;
1825 break;
1826
1827 case AUDITSDEV_GET_QLIMIT:
1828 *(u_int *)data = asdev->asdev_qlimit;
1829 break;
1830
1831 case AUDITSDEV_SET_QLIMIT:
1832 if (*(u_int *)data >= AUDIT_SDEV_QLIMIT_MIN ||
1833 *(u_int *)data <= AUDIT_SDEV_QLIMIT_MAX) {
1834 asdev->asdev_qlimit = *(u_int *)data;
1835 } else {
1836 error = EINVAL;
1837 }
1838 break;
1839
1840 case AUDITSDEV_GET_QLIMIT_MIN:
1841 *(u_int *)data = AUDIT_SDEV_QLIMIT_MIN;
1842 break;
1843
1844 case AUDITSDEV_GET_QLIMIT_MAX:
1845 *(u_int *)data = AUDIT_SDEV_QLIMIT_MAX;
1846 break;
1847
1848 case AUDITSDEV_FLUSH:
1849 if (AUDIT_SDEV_SX_XLOCK_SIG(asdev) != 0) {
1850 return EINTR;
1851 }
1852 AUDIT_SDEV_LOCK(asdev);
1853 audit_sdev_flush(asdev);
1854 AUDIT_SDEV_UNLOCK(asdev);
1855 AUDIT_SDEV_SX_XUNLOCK(asdev);
1856 break;
1857
1858 case AUDITSDEV_GET_MAXDATA:
1859 *(u_int *)data = MAXAUDITDATA;
1860 break;
1861
1862 /* XXXss these should be 64 bit, maybe. */
1863 case AUDITSDEV_GET_INSERTS:
1864 *(u_int *)data = asdev->asdev_inserts;
1865 break;
1866
1867 case AUDITSDEV_GET_READS:
1868 *(u_int *)data = asdev->asdev_reads;
1869 break;
1870
1871 case AUDITSDEV_GET_DROPS:
1872 *(u_int *)data = asdev->asdev_drops;
1873 break;
1874
1875 case AUDITSDEV_GET_ALLSESSIONS:
1876 error = audit_sdev_get_aia(p, NULL);
1877 if (error) {
1878 break;
1879 }
1880 *(u_int *)data = (asdev->asdev_flags & AUDIT_SDEV_ALLSESSIONS) ?
1881 1 : 0;
1882 break;
1883
1884 case AUDITSDEV_SET_ALLSESSIONS:
1885 error = audit_sdev_get_aia(p, NULL);
1886 if (error) {
1887 break;
1888 }
1889
1890 AUDIT_SDEV_LOCK(asdev);
1891 if (*(int *)data) {
1892 asdev->asdev_flags |= AUDIT_SDEV_ALLSESSIONS;
1893 } else {
1894 asdev->asdev_flags &= ~AUDIT_SDEV_ALLSESSIONS;
1895 }
1896 AUDIT_SDEV_UNLOCK(asdev);
1897 break;
1898
1899 default:
1900 error = ENOTTY;
1901 }
1902
1903 return error;
1904 }
1905
1906 /*
1907 * Audit session dev read method.
1908 */
1909 static int
1910 audit_sdev_read(dev_t dev, struct uio *uio, __unused int flag)
1911 {
1912 struct audit_sdev_entry *ase;
1913 struct audit_sdev *asdev;
1914 u_int toread;
1915 int error;
1916
1917 asdev = audit_sdev_dtab[minor(dev)];
1918 KASSERT(NULL != asdev, ("audit_sdev_read: asdev == NULL"));
1919
1920 /*
1921 * We hold a sleep lock over read and flush because we rely on the
1922 * stability of a record in the queue during uiomove.
1923 */
1924 if (0 != AUDIT_SDEV_SX_XLOCK_SIG(asdev)) {
1925 return EINTR;
1926 }
1927 AUDIT_SDEV_LOCK(asdev);
1928 while (TAILQ_EMPTY(&asdev->asdev_queue)) {
1929 if (asdev->asdev_flags & AUDIT_SDEV_NBIO) {
1930 AUDIT_SDEV_UNLOCK(asdev);
1931 AUDIT_SDEV_SX_XUNLOCK(asdev);
1932 return EAGAIN;
1933 }
1934 error = cv_wait_sig(&asdev->asdev_cv, AUDIT_SDEV_MTX(asdev));
1935 if (error) {
1936 AUDIT_SDEV_UNLOCK(asdev);
1937 AUDIT_SDEV_SX_XUNLOCK(asdev);
1938 return error;
1939 }
1940 }
1941
1942 /*
1943 * Copy as many remaining bytes from the current record to userspace
1944 * as we can. Keep processing records until we run out of records in
1945 * the queue or until the user buffer runs out of space.
1946 *
1947 * We rely on the sleep lock to maintain ase's stability here.
1948 */
1949 asdev->asdev_reads++;
1950 while ((ase = TAILQ_FIRST(&asdev->asdev_queue)) != NULL &&
1951 uio_resid(uio) > 0) {
1952 AUDIT_SDEV_LOCK_ASSERT(asdev);
1953
1954 KASSERT(ase->ase_record_len > asdev->asdev_qoffset,
1955 ("audit_sdev_read: record_len > qoffset (1)"));
1956 toread = MIN((int)(ase->ase_record_len - asdev->asdev_qoffset),
1957 uio_resid(uio));
1958 AUDIT_SDEV_UNLOCK(asdev);
1959 error = uiomove((char *) ase->ase_record + asdev->asdev_qoffset,
1960 toread, uio);
1961 if (error) {
1962 AUDIT_SDEV_SX_XUNLOCK(asdev);
1963 return error;
1964 }
1965
1966 /*
1967 * If the copy succeeded then update book-keeping, and if no
1968 * bytes remain in the current record then free it.
1969 */
1970 AUDIT_SDEV_LOCK(asdev);
1971 KASSERT(TAILQ_FIRST(&asdev->asdev_queue) == ase,
1972 ("audit_sdev_read: queue out of sync after uiomove"));
1973 asdev->asdev_qoffset += toread;
1974 KASSERT(ase->ase_record_len >= asdev->asdev_qoffset,
1975 ("audit_sdev_read: record_len >= qoffset (2)"));
1976 if (asdev->asdev_qoffset == ase->ase_record_len) {
1977 TAILQ_REMOVE(&asdev->asdev_queue, ase, ase_queue);
1978 asdev->asdev_qbyteslen -= ase->ase_record_len;
1979 audit_sdev_entry_free(ase);
1980 asdev->asdev_qlen--;
1981 asdev->asdev_qoffset = 0;
1982 }
1983 }
1984 AUDIT_SDEV_UNLOCK(asdev);
1985 AUDIT_SDEV_SX_XUNLOCK(asdev);
1986 return 0;
1987 }
1988
1989 /*
1990 * Audit session device poll method.
1991 */
1992 static int
1993 audit_sdev_poll(dev_t dev, int events, void *wql, struct proc *p)
1994 {
1995 struct audit_sdev *asdev;
1996 int revents;
1997
1998 revents = 0;
1999 asdev = audit_sdev_dtab[minor(dev)];
2000 KASSERT(NULL != asdev, ("audit_sdev_poll: asdev == NULL"));
2001
2002 if (events & (POLLIN | POLLRDNORM)) {
2003 AUDIT_SDEV_LOCK(asdev);
2004 if (NULL != TAILQ_FIRST(&asdev->asdev_queue)) {
2005 revents |= events & (POLLIN | POLLRDNORM);
2006 } else {
2007 selrecord(p, &asdev->asdev_selinfo, wql);
2008 }
2009 AUDIT_SDEV_UNLOCK(asdev);
2010 }
2011 return revents;
2012 }
2013
2014 /*
2015 * Audit sdev clone routine. Provides a new minor number or returns -1.
2016 * This called with DEVFS_LOCK held.
2017 */
2018 static int
2019 audit_sdev_clone(__unused dev_t dev, int action)
2020 {
2021 int i;
2022
2023 if (DEVFS_CLONE_ALLOC == action) {
2024 for (i = 0; i < MAX_AUDIT_SDEVS; i++) {
2025 if (NULL == audit_sdev_dtab[i]) {
2026 return i;
2027 }
2028 }
2029
2030 /*
2031 * This really should return -1 here but that seems to
2032 * hang things in devfs. We instead return 0 and let
2033 * audit_sdev_open tell userland the bad news.
2034 */
2035 return 0;
2036 }
2037
2038 return -1;
2039 }
2040
2041 static int
2042 audit_sdev_init(void)
2043 {
2044 dev_t dev;
2045
2046 TAILQ_INIT(&audit_sdev_list);
2047 AUDIT_SDEV_LIST_LOCK_INIT();
2048
2049 audit_sdev_major = cdevsw_add(-1, &audit_sdev_cdevsw);
2050 if (audit_sdev_major < 0) {
2051 return KERN_FAILURE;
2052 }
2053
2054 dev = makedev(audit_sdev_major, 0);
2055 devnode = devfs_make_node_clone(dev, DEVFS_CHAR, UID_ROOT, GID_WHEEL,
2056 0644, audit_sdev_clone, AUDIT_SDEV_NAME, 0);
2057
2058 if (NULL == devnode) {
2059 return KERN_FAILURE;
2060 }
2061
2062 return KERN_SUCCESS;
2063 }
2064
2065 /* XXXss
2066 * static int
2067 * audit_sdev_shutdown(void)
2068 * {
2069 *
2070 * devfs_remove(devnode);
2071 * (void) cdevsw_remove(audit_sdev_major, &audit_sdev_cdevsw);
2072 *
2073 * return (KERN_SUCCESS);
2074 * }
2075 */
2076
2077 #else
2078
2079 int
2080 audit_session_self(proc_t p, struct audit_session_self_args *uap,
2081 mach_port_name_t *ret_port)
2082 {
2083 #pragma unused(p, uap, ret_port)
2084
2085 return ENOSYS;
2086 }
2087
2088 int
2089 audit_session_join(proc_t p, struct audit_session_join_args *uap,
2090 au_asid_t *ret_asid)
2091 {
2092 #pragma unused(p, uap, ret_asid)
2093
2094 return ENOSYS;
2095 }
2096
2097 int
2098 audit_session_port(proc_t p, struct audit_session_port_args *uap, int *retval)
2099 {
2100 #pragma unused(p, uap, retval)
2101
2102 return ENOSYS;
2103 }
2104
2105 #endif /* CONFIG_AUDIT */
mirror of XNU