#include <sys/queue.h>
#include <security/mac_internal.h>
#include <bsd/bsm/audit.h>
-#include <bsd/bsm/audit_kernel.h>
+#include <bsd/security/audit/audit.h>
#include <bsd/sys/malloc.h>
#include <vm/vm_kern.h>
#include <kern/kalloc.h>
#include <kern/zalloc.h>
-#if AUDIT
+#if CONFIG_AUDIT
/* The zone allocator is initialized in mac_base.c. */
zone_t mac_audit_data_zone;
kauth_cred_t cred;
int error;
- if (!mac_proc_enforce ||
- !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
+#endif
+
+ if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
return 0;
cred = kauth_cred_proc_ref(curp);
kauth_cred_t cred;
int error;
- if (!mac_proc_enforce ||
- !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
+#endif
+ if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_setauid, cred, auid);
kauth_cred_t cred;
int error;
- if (!mac_proc_enforce ||
- !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
+#endif
+ if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_getaudit, cred);
}
int
-mac_proc_check_setaudit(struct proc *curp, struct auditinfo *ai)
+mac_proc_check_setaudit(struct proc *curp, struct auditinfo_addr *ai)
{
kauth_cred_t cred;
int error;
- if (!mac_proc_enforce ||
- !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
+#endif
+ if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_setaudit, cred, ai);
return (ret);
}
-#else /* AUDIT */
+#else /* !CONFIG_AUDIT */
/*
* Function stubs for when AUDIT isn't defined.
*/
int
-mac_system_check_audit(struct ucred *cred, void *record, int length)
+mac_system_check_audit(__unused struct ucred *cred, __unused void *record, __unused int length)
{
return (0);
}
int
-mac_system_check_auditon(struct ucred *cred, int cmd)
+mac_system_check_auditon(__unused struct ucred *cred, __unused int cmd)
{
return (0);
}
int
-mac_system_check_auditctl(struct ucred *cred, struct vnode *vp)
+mac_system_check_auditctl(__unused struct ucred *cred, __unused struct vnode *vp)
{
return (0);
}
int
-mac_proc_check_setaudit(__unused struct proc *curp, struct auditinfo *ai)
+mac_proc_check_setaudit(__unused struct proc *curp,
+ __unused struct auditinfo_addr *ai)
{
return (0);
return (MAC_AUDIT_DEFAULT);
}
-int
-mac_audit(int len, u_char *data)
-{
-
- return (0);
-}
-
int
mac_audit_text(__unused char *text, __unused mac_policy_handle_t handle)
{
return (0);
}
-#endif /* !AUDIT */
+#endif /* !CONFIG_AUDIT */
projects / apple / xnu.git / blobdiff