xnu-6153.141.1.tar.gz

[apple/xnu.git] / bsd / security / audit / audit_bsm.c

diff --git a/bsd/security/audit/audit_bsm.c b/bsd/security/audit/audit_bsm.c
index 9610b52dd4d24a55a201bb8544be968f82dad9ff..18e98c0f5c1f256e8864a0d1b4660bdbfce46859 100644 (file)
--- a/bsd/security/audit/audit_bsm.c
+++ b/bsd/security/audit/audit_bsm.c
@@ -1846,6 +1846,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
                }
                break;
 
+       case AUE_FSGETPATH_EXTENDED:
        case AUE_FSGETPATH:
                if (ARG_IS_VALID(kar, ARG_VALUE32)) {
                        tok = au_to_arg32(3, "volfsid", ar->ar_arg_value32);
@@ -2068,7 +2069,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
  * record is good, 0 otherwise.
  */
 int
-bsm_rec_verify(void *rec, int length)
+bsm_rec_verify(void *rec, int length, boolean_t kern_events_allowed)
 {
        /* Used to partially deserialize the buffer */
        struct hdr_tok_partial *hdr;
@@ -2105,6 +2106,10 @@ bsm_rec_verify(void *rec, int length)
                return 0;
        }
 
+       if (!kern_events_allowed && AUE_IS_A_KEVENT(ntohs(hdr->e_type))) {
+               return 0;
+       }
+
        return 1;
 }
 #endif /* CONFIG_AUDIT */