&audit_session_member_clear_sflags_mask,
"Audit session flags clearable by a session member");
+extern int set_security_token_task_internal(proc_t p, void *task);
+
#define AUDIT_SESSION_DEBUG 0
#if AUDIT_SESSION_DEBUG
/*
my_new_cred = kauth_cred_setauditinfo(my_cred, &tmp_as);
if (my_cred != my_new_cred) {
- proc_lock(p);
+ proc_ucred_lock(p);
/* Need to protect for a race where another thread also
* changed the credential after we took our reference.
* If p_ucred has changed then we should restart this
* again with the new cred.
*/
if (p->p_ucred != my_cred) {
- proc_unlock(p);
+ proc_ucred_unlock(p);
audit_session_unref(my_new_cred);
kauth_cred_unref(&my_new_cred);
/* try again */
p->p_ucred = my_new_cred;
/* update cred on proc */
PROC_UPDATE_CREDS_ONPROC(p);
- proc_unlock(p);
+ proc_ucred_unlock(p);
}
/*
* Drop old proc reference or our extra reference.
}
static int
-audit_session_join_internal(proc_t p, ipc_port_t port, au_asid_t *new_asid)
+audit_session_join_internal(proc_t p, task_t task, ipc_port_t port, au_asid_t *new_asid)
{
auditinfo_addr_t *new_aia_p, *old_aia_p;
kauth_cred_t my_cred = NULL;
goto done;
}
- proc_lock(p);
+ proc_ucred_lock(p);
kauth_cred_ref(p->p_ucred);
my_cred = p->p_ucred;
if (!IS_VALID_CRED(my_cred)) {
kauth_cred_unref(&my_cred);
- proc_unlock(p);
+ proc_ucred_unlock(p);
err = ESRCH;
goto done;
}
/* Increment the proc count of new session */
audit_inc_procount(AU_SENTRY_PTR(new_aia_p));
- proc_unlock(p);
+ proc_ucred_unlock(p);
/* Propagate the change from the process to the Mach task. */
- set_security_token(p);
+ set_security_token_task_internal(p, task);
/* Decrement the process count of the former session. */
audit_dec_procount(AU_SENTRY_PTR(old_aia_p));
} else {
- proc_unlock(p);
+ proc_ucred_unlock(p);
}
kauth_cred_unref(&my_cred);
* ESRCH Invalid calling process/cred.
*/
int
-audit_session_spawnjoin(proc_t p, ipc_port_t port)
+audit_session_spawnjoin(proc_t p, task_t task, ipc_port_t port)
{
au_asid_t new_asid;
- return (audit_session_join_internal(p, port, &new_asid));
+ return (audit_session_join_internal(p, task, port, &new_asid));
}
/*
*ret_asid = AU_DEFAUDITSID;
err = EINVAL;
} else
- err = audit_session_join_internal(p, port, ret_asid);
+ err = audit_session_join_internal(p, p->task, port, ret_asid);
return (err);
}
AUDIT_SDEV_LIST_WLOCK_ASSERT();
- asdev = malloc(sizeof (*asdev), M_AUDIT_SDEV, M_NOWAIT | M_ZERO);
+ asdev = malloc(sizeof (*asdev), M_AUDIT_SDEV, M_WAITOK | M_ZERO);
if (NULL == asdev)
return (NULL);
audit_sdev_flush(asdev);
cv_destroy(&asdev->asdev_cv);
AUDIT_SDEV_SX_LOCK_DESTROY(asdev);
+ AUDIT_SDEV_UNLOCK(asdev);
AUDIT_SDEV_LOCK_DESTROY(asdev);
TAILQ_REMOVE(&audit_sdev_list, asdev, asdev_list);
KASSERT(ase->ase_record_len > asdev->asdev_qoffset,
("audit_sdev_read: record_len > qoffset (1)"));
- toread = MIN(ase->ase_record_len - asdev->asdev_qoffset,
+ toread = MIN((int)(ase->ase_record_len - asdev->asdev_qoffset),
uio_resid(uio));
AUDIT_SDEV_UNLOCK(asdev);
error = uiomove((char *) ase->ase_record + asdev->asdev_qoffset,