/*
- * Copyright (c) 1999-2009 Apple Inc.
+ * Copyright (c) 1999-2016 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include <netinet/in.h>
#include <netinet/ip.h>
-#include <kern/lock.h>
-
#if CONFIG_AUDIT
MALLOC_DEFINE(M_AUDITBSM, "audit_bsm", "Audit BSM data");
case AUE_FUTIMES:
case AUE_GETDIRENTRIES:
case AUE_GETDIRENTRIESATTR:
+ case AUE_GETATTRLISTBULK:
#if 0 /* XXXss new */
case AUE_POLL:
#endif
}
break;
- case AUE_OPENAT_RC:
- case AUE_OPENAT_RTC:
- case AUE_OPENAT_RWC:
- case AUE_OPENAT_RWTC:
- case AUE_OPENAT_WC:
- case AUE_OPENAT_WTC:
+ case AUE_OPEN:
+ case AUE_OPEN_R:
+ case AUE_OPEN_RT:
+ case AUE_OPEN_RW:
+ case AUE_OPEN_RWT:
+ case AUE_OPEN_W:
+ case AUE_OPEN_WT:
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
+ UPATH1_VNODE1_TOKENS;
+ break;
+
+ case AUE_OPEN_RC:
+ case AUE_OPEN_RTC:
+ case AUE_OPEN_RWC:
+ case AUE_OPEN_RWTC:
+ case AUE_OPEN_WC:
+ case AUE_OPEN_WTC:
if (ARG_IS_VALID(kar, ARG_MODE)) {
tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
kau_write(rec, tok);
}
if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
- tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
+ tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
kau_write(rec, tok);
}
- if (ARG_IS_VALID(kar, ARG_FD)) {
- tok = au_to_arg32(1, "dir fd", ar->ar_arg_fd);
+ UPATH1_VNODE1_TOKENS;
+ break;
+
+ case AUE_OPEN_EXTENDED:
+ case AUE_OPEN_EXTENDED_R:
+ case AUE_OPEN_EXTENDED_RT:
+ case AUE_OPEN_EXTENDED_RW:
+ case AUE_OPEN_EXTENDED_RWT:
+ case AUE_OPEN_EXTENDED_W:
+ case AUE_OPEN_EXTENDED_WT:
+ EXTENDED_TOKENS(3);
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
kau_write(rec, tok);
}
UPATH1_VNODE1_TOKENS;
UPATH1_VNODE1_TOKENS;
break;
- case AUE_OPEN_RC:
- case AUE_OPEN_RTC:
- case AUE_OPEN_RWC:
- case AUE_OPEN_RWTC:
- case AUE_OPEN_WC:
- case AUE_OPEN_WTC:
- if (ARG_IS_VALID(kar, ARG_MODE)) {
- tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
- kau_write(rec, tok);
- }
- if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
- tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
- kau_write(rec, tok);
- }
- UPATH1_VNODE1_TOKENS;
- break;
-
case AUE_OPENAT:
case AUE_OPENAT_R:
case AUE_OPENAT_RT:
UPATH1_VNODE1_TOKENS;
break;
- case AUE_OPEN_EXTENDED:
- case AUE_OPEN_EXTENDED_R:
- case AUE_OPEN_EXTENDED_RT:
- case AUE_OPEN_EXTENDED_RW:
- case AUE_OPEN_EXTENDED_RWT:
- case AUE_OPEN_EXTENDED_W:
- case AUE_OPEN_EXTENDED_WT:
- EXTENDED_TOKENS(3);
+ case AUE_OPENAT_RC:
+ case AUE_OPENAT_RTC:
+ case AUE_OPENAT_RWC:
+ case AUE_OPENAT_RWTC:
+ case AUE_OPENAT_WC:
+ case AUE_OPENAT_WTC:
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(4, "mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
- tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
+ tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_FD)) {
+ tok = au_to_arg32(1, "dir fd", ar->ar_arg_fd);
kau_write(rec, tok);
}
UPATH1_VNODE1_TOKENS;
break;
- case AUE_OPEN:
- case AUE_OPEN_R:
- case AUE_OPEN_RT:
- case AUE_OPEN_RW:
- case AUE_OPEN_RWT:
- case AUE_OPEN_W:
- case AUE_OPEN_WT:
+ case AUE_OPENBYID:
+ case AUE_OPENBYID_R:
+ case AUE_OPENBYID_RT:
+ case AUE_OPENBYID_RW:
+ case AUE_OPENBYID_RWT:
+ case AUE_OPENBYID_W:
+ case AUE_OPENBYID_WT:
if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
- tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
+ tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_VALUE32)) {
+ tok = au_to_arg32(1, "volfsid", ar->ar_arg_value32);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_VALUE64)) {
+ tok = au_to_arg64(2, "objid", ar->ar_arg_value64);
kau_write(rec, tok);
}
- UPATH1_VNODE1_TOKENS;
break;
+ case AUE_RENAMEAT:
+ case AUE_FACCESSAT:
+ case AUE_FCHMODAT:
+ case AUE_FCHOWNAT:
+ case AUE_FSTATAT:
+ case AUE_LINKAT:
case AUE_UNLINKAT:
+ case AUE_READLINKAT:
+ case AUE_SYMLINKAT:
+ case AUE_MKDIRAT:
+ case AUE_GETATTRLISTAT:
if (ARG_IS_VALID(kar, ARG_FD)) {
tok = au_to_arg32(1, "dir fd", ar->ar_arg_fd);
kau_write(rec, tok);
UPATH1_VNODE1_TOKENS;
break;
+ case AUE_CLONEFILEAT:
+ if (ARG_IS_VALID(kar, ARG_FD)) {
+ tok = au_to_arg32(1, "src dir fd", ar->ar_arg_fd);
+ kau_write(rec, tok);
+ }
+ UPATH1_VNODE1_TOKENS;
+ if (ARG_IS_VALID(kar, ARG_FD2)) {
+ tok = au_to_arg32(1, "dst dir fd", ar->ar_arg_fd2);
+ kau_write(rec, tok);
+ }
+ UPATH2_TOKENS;
+ if (ARG_IS_VALID(kar, ARG_VALUE32)) {
+ tok = au_to_arg32(1, "flags", ar->ar_arg_value32);
+ kau_write(rec, tok);
+ }
+ break;
+
+ case AUE_FCLONEFILEAT:
+ FD_VNODE1_TOKENS;
+ if (ARG_IS_VALID(kar, ARG_FD2)) {
+ tok = au_to_arg32(1, "dst dir fd", ar->ar_arg_fd2);
+ kau_write(rec, tok);
+ }
+ UPATH2_TOKENS;
+ if (ARG_IS_VALID(kar, ARG_VALUE32)) {
+ tok = au_to_arg32(1, "flags", ar->ar_arg_value32);
+ kau_write(rec, tok);
+ }
+ break;
+
case AUE_PTRACE:
if (ARG_IS_VALID(kar, ARG_CMD)) {
tok = au_to_arg32(1, "request", ar->ar_arg_cmd);
}
break;
+ case AUE_SESSION_START:
+ case AUE_SESSION_UPDATE:
+ case AUE_SESSION_END:
+ case AUE_SESSION_CLOSE:
+ if (ARG_IS_VALID(kar, ARG_VALUE64)) {
+ tok = au_to_arg64(1, "sflags", ar->ar_arg_value64);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_AMASK)) {
+ tok = au_to_arg32(2, "am_success",
+ ar->ar_arg_amask.am_success);
+ kau_write(rec, tok);
+ tok = au_to_arg32(3, "am_failure",
+ ar->ar_arg_amask.am_failure);
+ kau_write(rec, tok);
+ }
+ break;
+
/************************
* Mach system calls *
************************/
case AUE_MAC_GET_PROC:
case AUE_MAC_SET_PROC:
- case AUE_MAC_GET_LCTX:
- case AUE_MAC_SET_LCTX:
PROCESS_MAC_TOKENS;
break;
#endif
}
#if CONFIG_MACF
- do {
+ if (NULL != ar->ar_mac_records) {
/* Convert the audit data from the MAC policies */
struct mac_audit_record *mar;
kau_write(rec, tok);
}
- } while (0);
+ }
#endif
kau_write(rec, subj_tok);
projects / apple / xnu.git / blobdiff