X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/b0d623f7f2ae71ed96e60569f61f9a9a27016e80..5ba3f43ea354af8ad55bea84372a2bc834d8757c:/security/mac_audit.c

diff --git a/security/mac_audit.c b/security/mac_audit.c
index 504c55ae8..5459cf54a 100644
--- a/security/mac_audit.c
+++ b/security/mac_audit.c
@@ -74,10 +74,6 @@
 #include <kern/kalloc.h>
 #include <kern/zalloc.h>
 
-
-int mac_audit(__unused int len, __unused u_char *data);
-
-
 #if CONFIG_AUDIT
 
 /* The zone allocator is initialized in mac_base.c. */
@@ -120,8 +116,13 @@ mac_proc_check_getauid(struct proc *curp)
 	kauth_cred_t cred;
 	int error;
 
-	if (!mac_proc_enforce ||
-	    !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+#if SECURITY_MAC_CHECK_ENFORCE
+	/* 21167099 - only check if we allow write */
+	if (!mac_proc_enforce)
+		return 0;
+#endif
+    
+	if (!mac_proc_check_enforce(curp))
 		return 0;
 
 	cred = kauth_cred_proc_ref(curp);
@@ -137,8 +138,12 @@ mac_proc_check_setauid(struct proc *curp, uid_t auid)
 	kauth_cred_t cred;
 	int error;
 
-	if (!mac_proc_enforce ||
-	    !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+#if SECURITY_MAC_CHECK_ENFORCE
+	/* 21167099 - only check if we allow write */
+	if (!mac_proc_enforce)
+		return 0;
+#endif
+	if (!mac_proc_check_enforce(curp))
 		return 0;
 
 	cred = kauth_cred_proc_ref(curp);
@@ -154,8 +159,12 @@ mac_proc_check_getaudit(struct proc *curp)
 	kauth_cred_t cred;
 	int error;
 
-	if (!mac_proc_enforce ||
-	    !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+#if SECURITY_MAC_CHECK_ENFORCE
+	/* 21167099 - only check if we allow write */
+	if (!mac_proc_enforce)
+		return 0;
+#endif
+	if (!mac_proc_check_enforce(curp))
 		return 0;
 
 	cred = kauth_cred_proc_ref(curp);
@@ -171,8 +180,12 @@ mac_proc_check_setaudit(struct proc *curp, struct auditinfo_addr *ai)
 	kauth_cred_t cred;
 	int error;
 
-	if (!mac_proc_enforce ||
-	    !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+#if SECURITY_MAC_CHECK_ENFORCE
+	/* 21167099 - only check if we allow write */
+	if (!mac_proc_enforce)
+		return 0;
+#endif
+	if (!mac_proc_check_enforce(curp))
 		return 0;
 
 	cred = kauth_cred_proc_ref(curp);
@@ -394,13 +407,6 @@ mac_audit_check_postselect(__unused struct ucred *cred, __unused unsigned short
 	return (MAC_AUDIT_DEFAULT);
 }
 
-int
-mac_audit(__unused int len, __unused u_char *data)
-{
-
-	return (0);
-}
-
 int
 mac_audit_text(__unused char *text, __unused mac_policy_handle_t handle)
 {