#include <kern/kalloc.h>
#include <kern/zalloc.h>
-
-int mac_audit(__unused int len, __unused u_char *data);
-
-
#if CONFIG_AUDIT
/* The zone allocator is initialized in mac_base.c. */
kauth_cred_t cred;
int error;
- if (!mac_proc_enforce ||
- !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
+#endif
+
+ if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
return 0;
cred = kauth_cred_proc_ref(curp);
kauth_cred_t cred;
int error;
- if (!mac_proc_enforce ||
- !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
+#endif
+ if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_setauid, cred, auid);
kauth_cred_t cred;
int error;
- if (!mac_proc_enforce ||
- !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
+#endif
+ if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_getaudit, cred);
kauth_cred_t cred;
int error;
- if (!mac_proc_enforce ||
- !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
+#endif
+ if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_setaudit, cred, ai);
return (MAC_AUDIT_DEFAULT);
}
-int
-mac_audit(__unused int len, __unused u_char *data)
-{
-
- return (0);
-}
-
int
mac_audit_text(__unused char *text, __unused mac_policy_handle_t handle)
{
projects / apple / xnu.git / blobdiff