X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/6d2010ae8f7a6078e10b361c6962983bab233e0f..008676633c2ad2c325837c2b64915f7ded690a8f:/bsd/security/audit/audit_syscalls.c

diff --git a/bsd/security/audit/audit_syscalls.c b/bsd/security/audit/audit_syscalls.c
index 43d93bdda..2a46a579d 100644
--- a/bsd/security/audit/audit_syscalls.c
+++ b/bsd/security/audit/audit_syscalls.c
@@ -73,8 +73,6 @@
 #include <kern/host.h>
 #include <kern/kalloc.h>
 #include <kern/zalloc.h>
-#include <kern/lock.h>
-#include <kern/wait_queue.h>
 #include <kern/sched_prim.h>
 
 #if CONFIG_MACF
@@ -800,129 +798,6 @@ setauid(proc_t p, struct setauid_args *uap, __unused int32_t *retval)
 	return (error);
 }
 
-static int
-getaudit_internal(proc_t p, user_addr_t user_addr)
-{
-	struct auditinfo ai;
-	kauth_cred_t scred;
-
-	scred = kauth_cred_proc_ref(p);
-	if (scred->cr_audit.as_aia_p->ai_termid.at_type == AU_IPv6) {
-		kauth_cred_unref(&scred);
-		return (ERANGE);
-	}
-
-	bzero(&ai, sizeof(ai));
-	ai.ai_auid = scred->cr_audit.as_aia_p->ai_auid;
-	ai.ai_asid = scred->cr_audit.as_aia_p->ai_asid;
-
-	/*
-	 * Only superuser gets to see the real mask.
-	 */
-	if (suser(scred, &p->p_acflag)) {
-		ai.ai_mask.am_success = ~0;
-		ai.ai_mask.am_failure = ~0;
-	} else {
-		ai.ai_mask.am_success = scred->cr_audit.as_mask.am_success;
-		ai.ai_mask.am_failure = scred->cr_audit.as_mask.am_failure;
-	}
-	ai.ai_termid.machine = scred->cr_audit.as_aia_p->ai_termid.at_addr[0];
-	ai.ai_termid.port = scred->cr_audit.as_aia_p->ai_termid.at_port;
-	kauth_cred_unref(&scred);
-
-	return (copyout(&ai, user_addr,  sizeof (ai)));
-}
-
-/*
- * System calls to get and set process audit information.
- */
-/* ARGSUSED */
-int
-getaudit(proc_t p, struct getaudit_args *uap, __unused int32_t *retval)
-{
-	int error;
-
-#if CONFIG_MACF
-	error = mac_proc_check_getaudit(p);
-	if (error)
-		return (error);
-#endif
-	return (getaudit_internal(p, uap->auditinfo));
-}
-
-/* ARGSUSED */
-int
-setaudit(proc_t p, struct setaudit_args *uap, __unused int32_t *retval)
-{
-	struct auditinfo ai;
-	struct auditinfo_addr newaia;
-	kauth_cred_t scred;
-	int error;
-
-	error = copyin(uap->auditinfo, &ai, sizeof(ai));
-	if (error)
-		return (error);
-	AUDIT_ARG(auditinfo, &ai);
-
-	if (ai.ai_asid != AU_ASSIGN_ASID && 
-	    (uint32_t)ai.ai_asid > ASSIGNED_ASID_MAX)
-		return (EINVAL);
-
-#if CONFIG_MACF
-	{
-	struct auditinfo_addr aia = {
-		.ai_auid = ai.ai_auid,
-		.ai_mask = ai.ai_mask,
-		.ai_termid = {
-			.at_port = ai.ai_termid.port,
-			.at_type = AU_IPv4,
-			.at_addr = { ai.ai_termid.machine, 0, 0, 0 } },
-		.ai_asid = ai.ai_asid,
-		.ai_flags = 0 };
-	error = mac_proc_check_setaudit(p, &aia);
-	}
-	if (error)
-		return (error);
-#endif
-
-	bzero(&newaia, sizeof(newaia));
-	scred = kauth_cred_proc_ref(p);
-	error = suser(scred, &p->p_acflag);
-	if (error) {
-		kauth_cred_unref(&scred);
-		return (error);
-	}
-	newaia.ai_flags = scred->cr_audit.as_aia_p->ai_flags;
-	kauth_cred_unref(&scred);
-	
-	WARN_IF_BAD_ASID(ai.ai_asid, "setaudit(2)");
-
-	newaia.ai_auid = ai.ai_auid;
-	bcopy(&ai.ai_mask, &newaia.ai_mask, sizeof(au_mask_t));
-	AUDIT_CHECK_IF_KEVENTS_MASK(ai.ai_mask);
-	newaia.ai_asid = ai.ai_asid;
-	if (ai.ai_asid == AU_DEFAUDITSID)
-		newaia.ai_asid = AU_ASSIGN_ASID;
-	else
-		newaia.ai_asid = ai.ai_asid;
-	newaia.ai_termid.at_addr[0] = ai.ai_termid.machine;
-	newaia.ai_termid.at_port = ai.ai_termid.port;
-	newaia.ai_termid.at_type = AU_IPv4;
-
-	error = audit_session_setaia(p, &newaia);
-	if (error)
-		return (error);
-
-	/*
-	 * If asked to assign an ASID then let the user know what the ASID is
-	 * by copying the auditinfo struct back out.
-	 */
-	if (newaia.ai_asid == AU_ASSIGN_ASID)
-		error = getaudit_internal(p, uap->auditinfo);
-	
-	return (error);
-}
-
 static int
 getaudit_addr_internal(proc_t p, user_addr_t user_addr, size_t length)
 {
@@ -948,7 +823,12 @@ int
 getaudit_addr(proc_t p, struct getaudit_addr_args *uap,
     __unused int32_t *retval)
 {
+#if CONFIG_MACF
+	int error = mac_proc_check_getaudit(p);
 
+	if (error)
+		return (error);
+#endif /* CONFIG_MACF */
 	WARN_IF_AINFO_ADDR_CHANGED(uap->length, sizeof(auditinfo_addr_t),
 	    "getaudit_addr(2)", "auditinfo_addr_t");
 	
@@ -1126,22 +1006,6 @@ setauid(proc_t p, struct setauid_args *uap, int32_t *retval)
 	return (ENOSYS);
 }
 
-int
-getaudit(proc_t p, struct getaudit_args *uap, int32_t *retval)
-{
-#pragma unused(p, uap, retval)
-
-	return (ENOSYS);
-}
-
-int
-setaudit(proc_t p, struct setaudit_args *uap, int32_t *retval)
-{
-#pragma unused(p, uap, retval)
-
-	return (ENOSYS);
-}
-
 int
 getaudit_addr(proc_t p, struct getaudit_addr_args *uap, int32_t *retval)
 {