X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/6d2010ae8f7a6078e10b361c6962983bab233e0f..2dced7af2b695f87fe26496a3e73c219b7880cbc:/bsd/security/audit/audit_bsm.c?ds=sidebyside diff --git a/bsd/security/audit/audit_bsm.c b/bsd/security/audit/audit_bsm.c index 6f665d890..7ca2771d4 100644 --- a/bsd/security/audit/audit_bsm.c +++ b/bsd/security/audit/audit_bsm.c @@ -57,8 +57,6 @@ #include #include -#include - #if CONFIG_AUDIT MALLOC_DEFINE(M_AUDITBSM, "audit_bsm", "Audit BSM data"); @@ -1022,6 +1020,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) case AUE_FUTIMES: case AUE_GETDIRENTRIES: case AUE_GETDIRENTRIESATTR: + case AUE_GETATTRLISTBULK: #if 0 /* XXXss new */ case AUE_POLL: #endif @@ -1282,22 +1281,47 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) } break; - case AUE_OPENAT_RC: - case AUE_OPENAT_RTC: - case AUE_OPENAT_RWC: - case AUE_OPENAT_RWTC: - case AUE_OPENAT_WC: - case AUE_OPENAT_WTC: + case AUE_OPEN: + case AUE_OPEN_R: + case AUE_OPEN_RT: + case AUE_OPEN_RW: + case AUE_OPEN_RWT: + case AUE_OPEN_W: + case AUE_OPEN_WT: + if (ARG_IS_VALID(kar, ARG_FFLAGS)) { + tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } + UPATH1_VNODE1_TOKENS; + break; + + case AUE_OPEN_RC: + case AUE_OPEN_RTC: + case AUE_OPEN_RWC: + case AUE_OPEN_RWTC: + case AUE_OPEN_WC: + case AUE_OPEN_WTC: if (ARG_IS_VALID(kar, ARG_MODE)) { tok = au_to_arg32(3, "mode", ar->ar_arg_mode); kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_FFLAGS)) { - tok = au_to_arg32(3, "flags", ar->ar_arg_fflags); + tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); kau_write(rec, tok); } - if (ARG_IS_VALID(kar, ARG_FD)) { - tok = au_to_arg32(1, "dir fd", ar->ar_arg_fd); + UPATH1_VNODE1_TOKENS; + break; + + case AUE_OPEN_EXTENDED: + case AUE_OPEN_EXTENDED_R: + case AUE_OPEN_EXTENDED_RT: + case AUE_OPEN_EXTENDED_RW: + case AUE_OPEN_EXTENDED_RWT: + case AUE_OPEN_EXTENDED_W: + case AUE_OPEN_EXTENDED_WT: + EXTENDED_TOKENS(3); + if (ARG_IS_VALID(kar, ARG_FFLAGS)) { + tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); kau_write(rec, tok); } UPATH1_VNODE1_TOKENS; @@ -1317,23 +1341,6 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) UPATH1_VNODE1_TOKENS; break; - case AUE_OPEN_RC: - case AUE_OPEN_RTC: - case AUE_OPEN_RWC: - case AUE_OPEN_RWTC: - case AUE_OPEN_WC: - case AUE_OPEN_WTC: - if (ARG_IS_VALID(kar, ARG_MODE)) { - tok = au_to_arg32(3, "mode", ar->ar_arg_mode); - kau_write(rec, tok); - } - if (ARG_IS_VALID(kar, ARG_FFLAGS)) { - tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); - kau_write(rec, tok); - } - UPATH1_VNODE1_TOKENS; - break; - case AUE_OPENAT: case AUE_OPENAT_R: case AUE_OPENAT_RT: @@ -1352,36 +1359,59 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) UPATH1_VNODE1_TOKENS; break; - case AUE_OPEN_EXTENDED: - case AUE_OPEN_EXTENDED_R: - case AUE_OPEN_EXTENDED_RT: - case AUE_OPEN_EXTENDED_RW: - case AUE_OPEN_EXTENDED_RWT: - case AUE_OPEN_EXTENDED_W: - case AUE_OPEN_EXTENDED_WT: - EXTENDED_TOKENS(3); + case AUE_OPENAT_RC: + case AUE_OPENAT_RTC: + case AUE_OPENAT_RWC: + case AUE_OPENAT_RWTC: + case AUE_OPENAT_WC: + case AUE_OPENAT_WTC: + if (ARG_IS_VALID(kar, ARG_MODE)) { + tok = au_to_arg32(4, "mode", ar->ar_arg_mode); + kau_write(rec, tok); + } if (ARG_IS_VALID(kar, ARG_FFLAGS)) { - tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); + tok = au_to_arg32(3, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(1, "dir fd", ar->ar_arg_fd); kau_write(rec, tok); } UPATH1_VNODE1_TOKENS; break; - case AUE_OPEN: - case AUE_OPEN_R: - case AUE_OPEN_RT: - case AUE_OPEN_RW: - case AUE_OPEN_RWT: - case AUE_OPEN_W: - case AUE_OPEN_WT: + case AUE_OPENBYID: + case AUE_OPENBYID_R: + case AUE_OPENBYID_RT: + case AUE_OPENBYID_RW: + case AUE_OPENBYID_RWT: + case AUE_OPENBYID_W: + case AUE_OPENBYID_WT: if (ARG_IS_VALID(kar, ARG_FFLAGS)) { - tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); + tok = au_to_arg32(3, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_VALUE32)) { + tok = au_to_arg32(1, "volfsid", ar->ar_arg_value32); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_VALUE64)) { + tok = au_to_arg64(2, "objid", ar->ar_arg_value64); kau_write(rec, tok); } - UPATH1_VNODE1_TOKENS; break; + case AUE_RENAMEAT: + case AUE_FACCESSAT: + case AUE_FCHMODAT: + case AUE_FCHOWNAT: + case AUE_FSTATAT: + case AUE_LINKAT: case AUE_UNLINKAT: + case AUE_READLINKAT: + case AUE_SYMLINKAT: + case AUE_MKDIRAT: + case AUE_GETATTRLISTAT: if (ARG_IS_VALID(kar, ARG_FD)) { tok = au_to_arg32(1, "dir fd", ar->ar_arg_fd); kau_write(rec, tok); @@ -1881,8 +1911,6 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) case AUE_MAC_GET_PROC: case AUE_MAC_SET_PROC: - case AUE_MAC_GET_LCTX: - case AUE_MAC_SET_LCTX: PROCESS_MAC_TOKENS; break; #endif