X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/6d2010ae8f7a6078e10b361c6962983bab233e0f..d9a64523371fa019c4575bb400cbbc3a50ac9903:/bsd/security/audit/audit_arg.c?ds=inline

diff --git a/bsd/security/audit/audit_arg.c b/bsd/security/audit/audit_arg.c
index eb6d5d434..950d1f49f 100644
--- a/bsd/security/audit/audit_arg.c
+++ b/bsd/security/audit/audit_arg.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2009 Apple Inc.
+ * Copyright (c) 1999-2016 Apple Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -59,6 +59,8 @@
 #include <sys/domain.h>
 #include <sys/protosw.h>
 #include <sys/socketvar.h>
+#include <sys/codesign.h>
+#include <sys/ubc.h>
 
 #include <bsm/audit.h>
 #include <bsm/audit_internal.h>
@@ -75,8 +77,6 @@
 #include <kern/host.h>
 #include <kern/kalloc.h>
 #include <kern/zalloc.h>
-#include <kern/lock.h>
-#include <kern/wait_queue.h>
 #include <kern/sched_prim.h>
 
 #if CONFIG_MACF
@@ -136,6 +136,14 @@ audit_arg_len(struct kaudit_record *ar, user_size_t len)
 	ARG_SET_VALID(ar, ARG_LEN);
 }
 
+void
+audit_arg_fd2(struct kaudit_record *ar, int fd)
+{
+
+	ar->k_ar.ar_arg_fd2 = fd;
+	ARG_SET_VALID(ar, ARG_FD2);
+}
+
 void
 audit_arg_fd(struct kaudit_record *ar, int fd)
 {
@@ -348,16 +356,20 @@ void
 audit_arg_sockaddr(struct kaudit_record *ar, struct vnode *cwd_vp,
     struct sockaddr *sa)
 {
-	int slen;
+	char path[SOCK_MAXADDRLEN - offsetof(struct sockaddr_un, sun_path) + 1] = "";
 	struct sockaddr_un *sun;
-	char path[SOCK_MAXADDRLEN - offsetof(struct sockaddr_un, sun_path) + 1];
+	ssize_t namelen;
 
 	KASSERT(sa != NULL, ("audit_arg_sockaddr: sa == NULL"));
 
 	if (cwd_vp == NULL || sa == NULL)
 		return;
 
-	bcopy(sa, &ar->k_ar.ar_arg_sockaddr, sa->sa_len);
+	if (sa->sa_len > sizeof(ar->k_ar.ar_arg_sockaddr))
+		bcopy(sa, &ar->k_ar.ar_arg_sockaddr, sizeof(ar->k_ar.ar_arg_sockaddr));
+	else
+		bcopy(sa, &ar->k_ar.ar_arg_sockaddr, sa->sa_len);
+
 	switch (sa->sa_family) {
 	case AF_INET:
 		ARG_SET_VALID(ar, ARG_SADDRINET);
@@ -369,20 +381,14 @@ audit_arg_sockaddr(struct kaudit_record *ar, struct vnode *cwd_vp,
 
 	case AF_UNIX:
 		sun = (struct sockaddr_un *)sa;
-		slen = sun->sun_len - offsetof(struct sockaddr_un, sun_path);
-
-		if (slen >= 0) {
+		namelen = sun->sun_len - offsetof(struct sockaddr_un, sun_path);
+		if (namelen > 0 && (size_t)namelen < sizeof(path)) {
 			/*
-			 * Make sure the path is NULL-terminated
+			 * Make sure the path is NUL-terminated
 			 */
-			if (sun->sun_path[slen] != 0) {
-				bcopy(sun->sun_path, path, slen);
-				path[slen] = 0;
-				audit_arg_upath(ar, cwd_vp, path, ARG_UPATH1);
-			} else {
-				audit_arg_upath(ar, cwd_vp, sun->sun_path, 
-					ARG_UPATH1);
-			}
+			bcopy(sun->sun_path, path, namelen);
+			path[namelen] = 0;
+			audit_arg_upath(ar, cwd_vp, path, ARG_UPATH1);
 		}
 		ARG_SET_VALID(ar, ARG_SADDRUNIX);
 		break;
@@ -594,7 +600,7 @@ audit_arg_file(struct kaudit_record *ar, __unused proc_t p,
 	struct sockaddr_in *sin;
 	struct sockaddr_in6 *sin6;
 
-	switch (fp->f_fglob->fg_type) {
+	switch (FILEGLOB_DTYPE(fp->f_fglob)) {
 	case DTYPE_VNODE:
 	/* case DTYPE_FIFO: */
 		audit_arg_vnpath_withref(ar,
@@ -603,15 +609,13 @@ audit_arg_file(struct kaudit_record *ar, __unused proc_t p,
 
 	case DTYPE_SOCKET:
 		so = (struct socket *)fp->f_fglob->fg_data;
-		if (INP_CHECK_SOCKAF(so, PF_INET)) {
+		if (SOCK_CHECK_DOM(so, PF_INET)) {
 			if (so->so_pcb == NULL)
 				break;
 			ar->k_ar.ar_arg_sockinfo.sai_type =
 			    so->so_type;
-			ar->k_ar.ar_arg_sockinfo.sai_domain =
-			    INP_SOCKAF(so);
-			ar->k_ar.ar_arg_sockinfo.sai_protocol =
-			    so->so_proto->pr_protocol;
+			ar->k_ar.ar_arg_sockinfo.sai_domain = SOCK_DOM(so);
+			ar->k_ar.ar_arg_sockinfo.sai_protocol = SOCK_PROTO(so);
 			pcb = (struct inpcb *)so->so_pcb;
 			sin = (struct sockaddr_in *)
 			    &ar->k_ar.ar_arg_sockinfo.sai_faddr;
@@ -623,15 +627,13 @@ audit_arg_file(struct kaudit_record *ar, __unused proc_t p,
 			sin->sin_port = pcb->inp_lport;
 			ARG_SET_VALID(ar, ARG_SOCKINFO);
 		}
-		if (INP_CHECK_SOCKAF(so, PF_INET6)) {
+		if (SOCK_CHECK_DOM(so, PF_INET6)) {
 			if (so->so_pcb == NULL)
 				break;
 			ar->k_ar.ar_arg_sockinfo.sai_type =
 			    so->so_type;
-			ar->k_ar.ar_arg_sockinfo.sai_domain =
-			    INP_SOCKAF(so);
-			ar->k_ar.ar_arg_sockinfo.sai_protocol =
-			    so->so_proto->pr_protocol;
+			ar->k_ar.ar_arg_sockinfo.sai_domain = SOCK_DOM(so);
+			ar->k_ar.ar_arg_sockinfo.sai_protocol = SOCK_PROTO(so);
 			pcb = (struct inpcb *)so->so_pcb;
 			sin6 = (struct sockaddr_in6 *)
 			    &ar->k_ar.ar_arg_sockinfo.sai_faddr;
@@ -900,4 +902,91 @@ audit_sysclose(struct kaudit_record *ar, proc_t p, int fd)
 	fp_drop(p, fd, fp, 0);
 }
 
+void
+audit_identity_info_destruct(struct au_identity_info *id_info)
+{
+	if (!id_info) {
+		return;
+	}
+
+	if (id_info->signing_id != NULL) {
+		free(id_info->signing_id, M_AUDITTEXT);
+		id_info->signing_id = NULL;
+	}
+
+	if (id_info->team_id != NULL) {
+		free(id_info->team_id, M_AUDITTEXT);
+		id_info->team_id = NULL;
+	}
+
+	if (id_info->cdhash != NULL) {
+		free(id_info->cdhash, M_AUDITDATA);
+		id_info->cdhash = NULL;
+	}
+}
+
+void
+audit_identity_info_construct(struct au_identity_info *id_info)
+{
+	struct proc *p;
+	struct cs_blob *blob;
+	unsigned int signer_type = 0;
+	const char *signing_id = NULL;
+	const char* team_id = NULL;
+	const uint8_t *cdhash = NULL;
+	size_t src_len = 0;
+
+	p = current_proc();
+	blob = csproc_get_blob(p);
+	if (blob) {
+		signing_id = csblob_get_identity(blob);
+		cdhash = csblob_get_cdhash(blob);
+		team_id = csblob_get_teamid(blob);
+		signer_type = csblob_get_platform_binary(blob) ? 1 : 0;
+	}
+
+	id_info->signer_type = signer_type;
+
+	if (id_info->signing_id == NULL && signing_id != NULL) {
+		id_info->signing_id = malloc( MAX_AU_IDENTITY_SIGNING_ID_LENGTH,
+			M_AUDITTEXT, M_WAITOK);
+		if (id_info->signing_id != NULL) {
+			src_len = strlcpy(id_info->signing_id,
+				signing_id, MAX_AU_IDENTITY_SIGNING_ID_LENGTH);
+
+			if (src_len >= MAX_AU_IDENTITY_SIGNING_ID_LENGTH) {
+				id_info->signing_id_trunc = 1;
+			}
+		}
+	}
+
+	if (id_info->team_id == NULL && team_id != NULL) {
+		id_info->team_id = malloc(MAX_AU_IDENTITY_TEAM_ID_LENGTH,
+			M_AUDITTEXT, M_WAITOK);
+		if (id_info->team_id != NULL) {
+			src_len = strlcpy(id_info->team_id, team_id,
+				MAX_AU_IDENTITY_TEAM_ID_LENGTH);
+
+			if (src_len >= MAX_AU_IDENTITY_TEAM_ID_LENGTH) {
+				id_info->team_id_trunc = 1;
+			}
+		}
+	}
+
+	if (id_info->cdhash == NULL && cdhash != NULL) {
+		id_info->cdhash = malloc(CS_CDHASH_LEN, M_AUDITDATA, M_WAITOK);
+		if (id_info->cdhash != NULL) {
+			memcpy(id_info->cdhash, cdhash, CS_CDHASH_LEN);
+			id_info->cdhash_len = CS_CDHASH_LEN;
+		}
+	}
+}
+
+void
+audit_arg_identity(struct kaudit_record *ar)
+{
+	audit_identity_info_construct(&ar->k_ar.ar_arg_identity);
+	ARG_SET_VALID(ar, ARG_IDENTITY);
+}
+
 #endif /* CONFIG_AUDIT */