X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/0a7de7458d150b5d4dffc935ba399be265ef0a1a..eb6b6ca394357805f2bdba989abae309f718b4d8:/bsd/security/audit/audit_bsm.c

diff --git a/bsd/security/audit/audit_bsm.c b/bsd/security/audit/audit_bsm.c
index 9610b52dd..18e98c0f5 100644
--- a/bsd/security/audit/audit_bsm.c
+++ b/bsd/security/audit/audit_bsm.c
@@ -1846,6 +1846,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		}
 		break;
 
+	case AUE_FSGETPATH_EXTENDED:
 	case AUE_FSGETPATH:
 		if (ARG_IS_VALID(kar, ARG_VALUE32)) {
 			tok = au_to_arg32(3, "volfsid", ar->ar_arg_value32);
@@ -2068,7 +2069,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
  * record is good, 0 otherwise.
  */
 int
-bsm_rec_verify(void *rec, int length)
+bsm_rec_verify(void *rec, int length, boolean_t kern_events_allowed)
 {
 	/* Used to partially deserialize the buffer */
 	struct hdr_tok_partial *hdr;
@@ -2105,6 +2106,10 @@ bsm_rec_verify(void *rec, int length)
 		return 0;
 	}
 
+	if (!kern_events_allowed && AUE_IS_A_KEVENT(ntohs(hdr->e_type))) {
+		return 0;
+	}
+
 	return 1;
 }
 #endif /* CONFIG_AUDIT */