/*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2010 Apple Inc. All rights reserved.
*
- * @APPLE_LICENSE_HEADER_START@
- *
- * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* Please see the License for the specific language governing rights and
* limitations under the License.
*
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
/* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
/*-
* Purged old history
* New version based on 4.4
*/
+/*
+ * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
+ * support for mandatory and extensible security protections. This notice
+ * is included in support of clause 2.2 (b) of the Apple Public License,
+ * Version 2.0.
+ */
#include <sys/param.h>
-#include <sys/proc.h>
-#include <sys/mount.h>
-#include <sys/vnode.h>
-#include <sys/file.h>
+#include <sys/proc_internal.h>
+#include <sys/kauth.h>
+#include <sys/mount_internal.h>
+#include <sys/vnode_internal.h>
+#include <sys/file_internal.h>
#include <sys/syslog.h>
#include <sys/kernel.h>
#include <sys/namei.h>
#include <sys/resourcevar.h>
#include <sys/ioctl.h>
#include <sys/tty.h>
+#include <sys/sysproto.h>
+#include <machine/spl.h>
+#if CONFIG_MACF
+#include <security/mac_framework.h>
+#endif
/*
* The routines implemented in this file are described in:
* The former's operation is described in Leffler, et al., and the latter
* was provided by UCB with the 4.4BSD-Lite release
*/
-comp_t encode_comp_t __P((u_long, u_long));
-void acctwatch __P((void *));
-void acctwatch_funnel __P((void *));
+comp_t encode_comp_t(uint32_t, uint32_t);
+void acctwatch(void *);
+void acct_init(void);
/*
- * Accounting vnode pointer, and saved vnode pointer.
+ * Accounting vnode pointer, and suspended accounting vnode pointer. States
+ * are as follows:
+ *
+ * acctp suspend_acctp state
+ * ------------- ------------ ------------------------------
+ * NULL NULL Accounting disabled
+ * !NULL NULL Accounting enabled
+ * NULL !NULL Accounting enabled, but suspended
+ * !NULL !NULL <not allowed>
*/
struct vnode *acctp;
-struct vnode *savacctp;
+struct vnode *suspend_acctp;
/*
* Values associated with enabling and disabling accounting
int acctresume = 4; /* resume when free space risen to > 4% */
int acctchkfreq = 15; /* frequency (in seconds) to check space */
+
+static lck_grp_t *acct_subsys_lck_grp;
+static lck_mtx_t *acct_subsys_mutex;
+
+#define ACCT_SUBSYS_LOCK() lck_mtx_lock(acct_subsys_mutex)
+#define ACCT_SUBSYS_UNLOCK() lck_mtx_unlock(acct_subsys_mutex)
+
+void
+acct_init(void)
+{
+ acct_subsys_lck_grp = lck_grp_alloc_init("acct", NULL);
+ acct_subsys_mutex = lck_mtx_alloc_init(acct_subsys_lck_grp, NULL);
+}
+
+
/*
* Accounting system call. Written based on the specification and
* previous implementation done by Mark Tinguely.
*/
-struct acct_args {
- char *path;
-};
-acct(p, uap, retval)
- struct proc *p;
- struct acct_args *uap;
- int *retval;
+int
+acct(proc_t p, struct acct_args *uap, __unused int *retval)
{
struct nameidata nd;
int error;
+ struct vfs_context *ctx;
+
+ ctx = vfs_context_current();
/* Make sure that the caller is root. */
- if (error = suser(p->p_ucred, &p->p_acflag))
+ if ((error = suser(vfs_context_ucred(ctx), &p->p_acflag)))
return (error);
/*
* If accounting is to be started to a file, open that file for
* writing and make sure it's a 'normal'.
*/
- if (uap->path != NULL) {
- NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, p);
- if (error = vn_open(&nd, FWRITE, 0))
+ if (uap->path != USER_ADDR_NULL) {
+ NDINIT(&nd, LOOKUP, OP_OPEN, NOFOLLOW, UIO_USERSPACE, uap->path, ctx);
+ if ((error = vn_open(&nd, FWRITE, 0)))
+ return (error);
+#if CONFIG_MACF
+ error = mac_system_check_acct(vfs_context_ucred(ctx), nd.ni_vp);
+ if (error) {
+ vnode_put(nd.ni_vp);
+ vn_close(nd.ni_vp, FWRITE, ctx);
return (error);
- VOP_UNLOCK(nd.ni_vp, 0, p);
+ }
+#endif
+ vnode_put(nd.ni_vp);
+
if (nd.ni_vp->v_type != VREG) {
- vn_close(nd.ni_vp, FWRITE, p->p_ucred, p);
+ vn_close(nd.ni_vp, FWRITE, ctx);
return (EACCES);
}
}
+#if CONFIG_MACF
+ else {
+ error = mac_system_check_acct(vfs_context_ucred(ctx), NULL);
+ if (error)
+ return (error);
+ }
+#endif
/*
* If accounting was previously enabled, kill the old space-watcher,
* close the file, and (if no new file was specified, leave).
*/
- if (acctp != NULLVP || savacctp != NULLVP) {
- untimeout(acctwatch_funnel, NULL);
- error = vn_close((acctp != NULLVP ? acctp : savacctp), FWRITE,
- p->p_ucred, p);
- acctp = savacctp = NULLVP;
+ ACCT_SUBSYS_LOCK();
+ if (acctp != NULLVP || suspend_acctp != NULLVP) {
+ untimeout(acctwatch, NULL);
+ error = vn_close((acctp != NULLVP ? acctp : suspend_acctp),
+ FWRITE, vfs_context_current());
+
+ acctp = suspend_acctp = NULLVP;
}
- if (uap->path == NULL)
+ if (uap->path == USER_ADDR_NULL) {
+ ACCT_SUBSYS_UNLOCK();
return (error);
+ }
/*
* Save the new accounting file vnode, and schedule the new
* free space watcher.
*/
acctp = nd.ni_vp;
+ ACCT_SUBSYS_UNLOCK();
+
acctwatch(NULL);
return (error);
}
* and are enumerated below. (They're also noted in the system
* "acct.h" header file.)
*/
-acct_process(p)
- struct proc *p;
+int
+acct_process(proc_t p)
{
- struct acct acct;
- struct rusage *r;
+ struct acct an_acct;
+ struct rusage rup, *r;
struct timeval ut, st, tmp;
- int s, t;
+ int t;
+ int error;
struct vnode *vp;
+ kauth_cred_t safecred;
+ struct session * sessp;
+ struct tty *tp;
/* If accounting isn't enabled, don't bother */
+ ACCT_SUBSYS_LOCK();
vp = acctp;
- if (vp == NULLVP)
+ if (vp == NULLVP) {
+ ACCT_SUBSYS_UNLOCK();
return (0);
+ }
/*
* Get process accounting information.
*/
/* (1) The name of the command that ran */
- bcopy(p->p_comm, acct.ac_comm, sizeof acct.ac_comm);
+ bcopy(p->p_comm, an_acct.ac_comm, sizeof an_acct.ac_comm);
/* (2) The amount of user and system time that was used */
calcru(p, &ut, &st, NULL);
- acct.ac_utime = encode_comp_t(ut.tv_sec, ut.tv_usec);
- acct.ac_stime = encode_comp_t(st.tv_sec, st.tv_usec);
+ an_acct.ac_utime = encode_comp_t(ut.tv_sec, ut.tv_usec);
+ an_acct.ac_stime = encode_comp_t(st.tv_sec, st.tv_usec);
/* (3) The elapsed time the commmand ran (and its starting time) */
- acct.ac_btime = p->p_stats->p_start.tv_sec;
- s = splclock();
- tmp = time;
- splx(s);
- timevalsub(&tmp, &p->p_stats->p_start);
- acct.ac_etime = encode_comp_t(tmp.tv_sec, tmp.tv_usec);
+ an_acct.ac_btime = p->p_start.tv_sec;
+ microtime(&tmp);
+ timevalsub(&tmp, &p->p_start);
+ an_acct.ac_etime = encode_comp_t(tmp.tv_sec, tmp.tv_usec);
/* (4) The average amount of memory used */
- r = &p->p_stats->p_ru;
+ proc_lock(p);
+ rup = p->p_stats->p_ru;
+ proc_unlock(p);
+ r = &rup;
tmp = ut;
timevaladd(&tmp, &st);
t = tmp.tv_sec * hz + tmp.tv_usec / tick;
if (t)
- acct.ac_mem = (r->ru_ixrss + r->ru_idrss + r->ru_isrss) / t;
+ an_acct.ac_mem = (r->ru_ixrss + r->ru_idrss + r->ru_isrss) / t;
else
- acct.ac_mem = 0;
+ an_acct.ac_mem = 0;
/* (5) The number of disk I/O operations done */
- acct.ac_io = encode_comp_t(r->ru_inblock + r->ru_oublock, 0);
+ an_acct.ac_io = encode_comp_t(r->ru_inblock + r->ru_oublock, 0);
/* (6) The UID and GID of the process */
- acct.ac_uid = p->p_cred->p_ruid;
- acct.ac_gid = p->p_cred->p_rgid;
+ safecred = kauth_cred_proc_ref(p);
+
+ an_acct.ac_uid = kauth_cred_getruid(safecred);
+ an_acct.ac_gid = kauth_cred_getrgid(safecred);
/* (7) The terminal from which the process was started */
- if ((p->p_flag & P_CONTROLT) && p->p_pgrp->pg_session->s_ttyp)
- acct.ac_tty = p->p_pgrp->pg_session->s_ttyp->t_dev;
- else
- acct.ac_tty = NODEV;
+
+ sessp = proc_session(p);
+ if ((p->p_flag & P_CONTROLT) && (sessp != SESSION_NULL) && ((tp = SESSION_TP(sessp)) != TTY_NULL)) {
+ tty_lock(tp);
+ an_acct.ac_tty = tp->t_dev;
+ tty_unlock(tp);
+ }else
+ an_acct.ac_tty = NODEV;
+
+ if (sessp != SESSION_NULL)
+ session_rele(sessp);
/* (8) The boolean flags that tell how the process terminated, etc. */
- acct.ac_flag = p->p_acflag;
+ an_acct.ac_flag = p->p_acflag;
/*
* Now, just write the accounting information to the file.
*/
- VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
- return (vn_rdwr(UIO_WRITE, vp, (caddr_t)&acct, sizeof (acct),
- (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, p->p_ucred,
- (int *)0, p));
+ if ((error = vnode_getwithref(vp)) == 0) {
+ error = vn_rdwr(UIO_WRITE, vp, (caddr_t)&an_acct, sizeof (an_acct),
+ (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, safecred,
+ (int *)0, p);
+ vnode_put(vp);
+ }
+
+ kauth_cred_unref(&safecred);
+ ACCT_SUBSYS_UNLOCK();
+
+ return (error);
}
/*
#define MAXFRACT ((1 << MANTSIZE) - 1) /* Maximum fractional value. */
comp_t
-encode_comp_t(s, us)
- u_long s, us;
+encode_comp_t(uint32_t s, uint32_t us)
{
int exp, rnd;
return (exp);
}
-void
-acctwatch_funnel(a)
- void *a;
-{
- thread_funnel_set(kernel_flock, TRUE);
- acctwatch(a);
- thread_funnel_set(kernel_flock, FALSE);
-}
-
-
/*
* Periodically check the file system to see if accounting
* should be turned on or off. Beware the case where the vnode
*/
/* ARGSUSED */
void
-acctwatch(a)
- void *a;
+acctwatch(__unused void *a)
{
- struct statfs sb;
-
- if (savacctp != NULLVP) {
- if (savacctp->v_type == VBAD) {
- (void) vn_close(savacctp, FWRITE, NOCRED, NULL);
- savacctp = NULLVP;
+ vfs_context_t ctx = vfs_context_current();
+ struct vfs_attr va;
+
+ VFSATTR_INIT(&va);
+ VFSATTR_WANTED(&va, f_blocks);
+ VFSATTR_WANTED(&va, f_bavail);
+
+ ACCT_SUBSYS_LOCK();
+ if (suspend_acctp != NULLVP) {
+ /*
+ * Resuming accounting when accounting is suspended, and the
+ * filesystem containing the suspended accounting file goes
+ * below a low watermark
+ */
+ if (suspend_acctp->v_type == VBAD) {
+ (void) vn_close(suspend_acctp, FWRITE, vfs_context_kernel());
+ suspend_acctp = NULLVP;
+ ACCT_SUBSYS_UNLOCK();
return;
}
- (void)VFS_STATFS(savacctp->v_mount, &sb, (struct proc *)0);
- if (sb.f_bavail > acctresume * sb.f_blocks / 100) {
- acctp = savacctp;
- savacctp = NULLVP;
+ (void)vfs_getattr(suspend_acctp->v_mount, &va, ctx);
+ if (va.f_bavail > acctresume * va.f_blocks / 100) {
+ acctp = suspend_acctp;
+ suspend_acctp = NULLVP;
log(LOG_NOTICE, "Accounting resumed\n");
}
} else if (acctp != NULLVP) {
+ /*
+ * Suspending accounting when accounting is currently active,
+ * and the filesystem containing the active accounting file
+ * goes over a high watermark
+ */
if (acctp->v_type == VBAD) {
- (void) vn_close(acctp, FWRITE, NOCRED, NULL);
+ (void) vn_close(acctp, FWRITE, vfs_context_kernel());
acctp = NULLVP;
+ ACCT_SUBSYS_UNLOCK();
return;
}
- (void)VFS_STATFS(acctp->v_mount, &sb, (struct proc *)0);
- if (sb.f_bavail <= acctsuspend * sb.f_blocks / 100) {
- savacctp = acctp;
+ (void)vfs_getattr(acctp->v_mount, &va, ctx);
+ if (va.f_bavail <= acctsuspend * va.f_blocks / 100) {
+ suspend_acctp = acctp;
acctp = NULLVP;
log(LOG_NOTICE, "Accounting suspended\n");
}
} else {
+ ACCT_SUBSYS_UNLOCK();
return;
- }
-
- timeout(acctwatch_funnel, NULL, acctchkfreq * hz);
+ }
+ ACCT_SUBSYS_UNLOCK();
+
+ timeout(acctwatch, NULL, acctchkfreq * hz);
}