xnu-3247.10.11.tar.gz

[apple/xnu.git] / bsd / security / audit / audit.c

diff --git a/bsd/security/audit/audit.c b/bsd/security/audit/audit.c
index 1ee6c85cd5986434b8d9707324318a54d4edc2c5..c5f18ebe4d8c74ee8d918294a947864b85150aa9 100644 (file)
--- a/bsd/security/audit/audit.c
+++ b/bsd/security/audit/audit.c
@@ -76,8 +76,6 @@
 #include <kern/host.h>
 #include <kern/kalloc.h>
 #include <kern/zalloc.h>
 #include <kern/host.h>
 #include <kern/kalloc.h>
 #include <kern/zalloc.h>

-#include <kern/lock.h>
-#include <kern/wait_queue.h>

 #include <kern/sched_prim.h>
 
 #include <net/route.h>
 #include <kern/sched_prim.h>
 
 #include <net/route.h>


@@ -487,6 +485,26 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
                    ar->k_ar.ar_arg_fflags, error);
                break;
 
                    ar->k_ar.ar_arg_fflags, error);
                break;
 

+       case AUE_OPENAT_RWTC:
+               /*
+                * The openat syscall always writes a
+                * AUE_OPENAT_RWTC event; change it to the proper type of
+                * event based on the flags and the error value.
+                */
+               ar->k_ar.ar_event = audit_flags_and_error_to_openatevent(
+                   ar->k_ar.ar_arg_fflags, error);
+               break;
+
+       case AUE_OPENBYID_RWT:
+               /*
+                * The openbyid syscall always writes a
+                * AUE_OPENBYID_RWT event; change it to the proper type of
+                * event based on the flags and the error value.
+                */
+               ar->k_ar.ar_event = audit_flags_and_error_to_openbyidevent(
+                   ar->k_ar.ar_arg_fflags, error);
+               break;
+

        case AUE_SYSCTL:
                ar->k_ar.ar_event = audit_ctlname_to_sysctlevent(
                    ar->k_ar.ar_arg_ctlname, ar->k_ar.ar_valid_arg);
        case AUE_SYSCTL:
                ar->k_ar.ar_event = audit_ctlname_to_sysctlevent(
                    ar->k_ar.ar_arg_ctlname, ar->k_ar.ar_valid_arg);