#include <kern/host.h>
#include <kern/kalloc.h>
#include <kern/zalloc.h>
-#include <kern/lock.h>
-#include <kern/wait_queue.h>
#include <kern/sched_prim.h>
#if CONFIG_MACF
return (error);
}
-static int
-getaudit_internal(proc_t p, user_addr_t user_addr)
-{
- struct auditinfo ai;
- kauth_cred_t scred;
-
- scred = kauth_cred_proc_ref(p);
- if (scred->cr_audit.as_aia_p->ai_termid.at_type == AU_IPv6) {
- kauth_cred_unref(&scred);
- return (ERANGE);
- }
-
- bzero(&ai, sizeof(ai));
- ai.ai_auid = scred->cr_audit.as_aia_p->ai_auid;
- ai.ai_asid = scred->cr_audit.as_aia_p->ai_asid;
-
- /*
- * Only superuser gets to see the real mask.
- */
- if (suser(scred, &p->p_acflag)) {
- ai.ai_mask.am_success = ~0;
- ai.ai_mask.am_failure = ~0;
- } else {
- ai.ai_mask.am_success = scred->cr_audit.as_mask.am_success;
- ai.ai_mask.am_failure = scred->cr_audit.as_mask.am_failure;
- }
- ai.ai_termid.machine = scred->cr_audit.as_aia_p->ai_termid.at_addr[0];
- ai.ai_termid.port = scred->cr_audit.as_aia_p->ai_termid.at_port;
- kauth_cred_unref(&scred);
-
- return (copyout(&ai, user_addr, sizeof (ai)));
-}
-
-/*
- * System calls to get and set process audit information.
- */
-/* ARGSUSED */
-int
-getaudit(proc_t p, struct getaudit_args *uap, __unused int32_t *retval)
-{
- int error;
-
-#if CONFIG_MACF
- error = mac_proc_check_getaudit(p);
- if (error)
- return (error);
-#endif
- return (getaudit_internal(p, uap->auditinfo));
-}
-
-/* ARGSUSED */
-int
-setaudit(proc_t p, struct setaudit_args *uap, __unused int32_t *retval)
-{
- struct auditinfo ai;
- struct auditinfo_addr newaia;
- kauth_cred_t scred;
- int error;
-
- error = copyin(uap->auditinfo, &ai, sizeof(ai));
- if (error)
- return (error);
- AUDIT_ARG(auditinfo, &ai);
-
- if (ai.ai_asid != AU_ASSIGN_ASID &&
- (uint32_t)ai.ai_asid > ASSIGNED_ASID_MAX)
- return (EINVAL);
-
-#if CONFIG_MACF
- {
- struct auditinfo_addr aia = {
- .ai_auid = ai.ai_auid,
- .ai_mask = ai.ai_mask,
- .ai_termid = {
- .at_port = ai.ai_termid.port,
- .at_type = AU_IPv4,
- .at_addr = { ai.ai_termid.machine, 0, 0, 0 } },
- .ai_asid = ai.ai_asid,
- .ai_flags = 0 };
- error = mac_proc_check_setaudit(p, &aia);
- }
- if (error)
- return (error);
-#endif
-
- bzero(&newaia, sizeof(newaia));
- scred = kauth_cred_proc_ref(p);
- error = suser(scred, &p->p_acflag);
- if (error) {
- kauth_cred_unref(&scred);
- return (error);
- }
- newaia.ai_flags = scred->cr_audit.as_aia_p->ai_flags;
- kauth_cred_unref(&scred);
-
- WARN_IF_BAD_ASID(ai.ai_asid, "setaudit(2)");
-
- newaia.ai_auid = ai.ai_auid;
- bcopy(&ai.ai_mask, &newaia.ai_mask, sizeof(au_mask_t));
- AUDIT_CHECK_IF_KEVENTS_MASK(ai.ai_mask);
- newaia.ai_asid = ai.ai_asid;
- if (ai.ai_asid == AU_DEFAUDITSID)
- newaia.ai_asid = AU_ASSIGN_ASID;
- else
- newaia.ai_asid = ai.ai_asid;
- newaia.ai_termid.at_addr[0] = ai.ai_termid.machine;
- newaia.ai_termid.at_port = ai.ai_termid.port;
- newaia.ai_termid.at_type = AU_IPv4;
-
- error = audit_session_setaia(p, &newaia);
- if (error)
- return (error);
-
- /*
- * If asked to assign an ASID then let the user know what the ASID is
- * by copying the auditinfo struct back out.
- */
- if (newaia.ai_asid == AU_ASSIGN_ASID)
- error = getaudit_internal(p, uap->auditinfo);
-
- return (error);
-}
-
static int
getaudit_addr_internal(proc_t p, user_addr_t user_addr, size_t length)
{
getaudit_addr(proc_t p, struct getaudit_addr_args *uap,
__unused int32_t *retval)
{
+#if CONFIG_MACF
+ int error = mac_proc_check_getaudit(p);
+ if (error)
+ return (error);
+#endif /* CONFIG_MACF */
WARN_IF_AINFO_ADDR_CHANGED(uap->length, sizeof(auditinfo_addr_t),
"getaudit_addr(2)", "auditinfo_addr_t");
return (ENOSYS);
}
-int
-getaudit(proc_t p, struct getaudit_args *uap, int32_t *retval)
-{
-#pragma unused(p, uap, retval)
-
- return (ENOSYS);
-}
-
-int
-setaudit(proc_t p, struct setaudit_args *uap, int32_t *retval)
-{
-#pragma unused(p, uap, retval)
-
- return (ENOSYS);
-}
-
int
getaudit_addr(proc_t p, struct getaudit_addr_args *uap, int32_t *retval)
{
projects / apple / xnu.git / blobdiff