X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/de355530ae67247cbd0da700edb3a2a1dae884c2..bb59bff194111743b33cc36712410b5656329d3c:/bsd/kern/kern_acct.c

diff --git a/bsd/kern/kern_acct.c b/bsd/kern/kern_acct.c
index 3654a9dc8..aec90c9e0 100644
--- a/bsd/kern/kern_acct.c
+++ b/bsd/kern/kern_acct.c
@@ -1,23 +1,29 @@
 /*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2010 Apple Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License").  You may not use this file except in compliance with the
- * License.  Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
  * 
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
- * License for the specific language governing rights and limitations
- * under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
  * 
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
 /*-
@@ -64,13 +70,20 @@
  *	Purged old history
  *  	New version based on 4.4
  */
+/*
+ * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
+ * support for mandatory and extensible security protections.  This notice
+ * is included in support of clause 2.2 (b) of the Apple Public License,
+ * Version 2.0.
+ */
 
 
 #include <sys/param.h>
-#include <sys/proc.h>
-#include <sys/mount.h>
-#include <sys/vnode.h>
-#include <sys/file.h>
+#include <sys/proc_internal.h>
+#include <sys/kauth.h>
+#include <sys/mount_internal.h>
+#include <sys/vnode_internal.h>
+#include <sys/file_internal.h>
 #include <sys/syslog.h>
 #include <sys/kernel.h>
 #include <sys/namei.h>
@@ -79,6 +92,11 @@
 #include <sys/resourcevar.h>
 #include <sys/ioctl.h>
 #include <sys/tty.h>
+#include <sys/sysproto.h>
+#include <machine/spl.h>
+#if CONFIG_MACF
+#include <security/mac_framework.h>
+#endif
 
 /*
  * The routines implemented in this file are described in:
@@ -96,15 +114,23 @@
  * The former's operation is described in Leffler, et al., and the latter
  * was provided by UCB with the 4.4BSD-Lite release
  */
-comp_t	encode_comp_t __P((u_long, u_long));
-void	acctwatch __P((void *));
-void	acctwatch_funnel __P((void *));
+comp_t	encode_comp_t(uint32_t, uint32_t);
+void	acctwatch(void *);
+void	acct_init(void);
 
 /*
- * Accounting vnode pointer, and saved vnode pointer.
+ * Accounting vnode pointer, and suspended accounting vnode pointer.  States
+ * are as follows:
+ *
+ *	acctp		suspend_acctp	state
+ *	-------------	------------	------------------------------
+ *	NULL		NULL		Accounting disabled
+ *	!NULL		NULL		Accounting enabled
+ *	NULL		!NULL		Accounting enabled, but suspended
+ *	!NULL		!NULL		<not allowed>
  */
 struct	vnode *acctp;
-struct	vnode *savacctp;
+struct	vnode *suspend_acctp;
 
 /*
  * Values associated with enabling and disabling accounting
@@ -113,58 +139,93 @@ int	acctsuspend = 2;	/* stop accounting when < 2% free space left */
 int	acctresume = 4;		/* resume when free space risen to > 4% */
 int	acctchkfreq = 15;	/* frequency (in seconds) to check space */
 
+
+static lck_grp_t       *acct_subsys_lck_grp;
+static lck_mtx_t       *acct_subsys_mutex;
+
+#define ACCT_SUBSYS_LOCK() lck_mtx_lock(acct_subsys_mutex)
+#define ACCT_SUBSYS_UNLOCK() lck_mtx_unlock(acct_subsys_mutex)
+
+void
+acct_init(void)
+{
+	acct_subsys_lck_grp = lck_grp_alloc_init("acct", NULL);
+	acct_subsys_mutex = lck_mtx_alloc_init(acct_subsys_lck_grp, NULL);
+}
+
+
 /*
  * Accounting system call.  Written based on the specification and
  * previous implementation done by Mark Tinguely.
  */
-struct acct_args {
-	char	*path;
-};
-acct(p, uap, retval)
-	struct proc *p;
-	struct acct_args *uap;
-	int *retval;
+int
+acct(proc_t p, struct acct_args *uap, __unused int *retval)
 {
 	struct nameidata nd;
 	int error;
+	struct vfs_context *ctx; 
+
+	ctx = vfs_context_current();
 
 	/* Make sure that the caller is root. */
-	if (error = suser(p->p_ucred, &p->p_acflag))
+	if ((error = suser(vfs_context_ucred(ctx), &p->p_acflag)))
 		return (error);
 
 	/*
 	 * If accounting is to be started to a file, open that file for
 	 * writing and make sure it's a 'normal'.
 	 */
-	if (uap->path != NULL) {
-		NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, p);
-		if (error = vn_open(&nd, FWRITE, 0))
+	if (uap->path != USER_ADDR_NULL) {
+		NDINIT(&nd, LOOKUP, OP_OPEN, NOFOLLOW, UIO_USERSPACE, uap->path, ctx);
+		if ((error = vn_open(&nd, FWRITE, 0)))
+			return (error);
+#if CONFIG_MACF
+		error = mac_system_check_acct(vfs_context_ucred(ctx), nd.ni_vp);
+		if (error) {
+			vnode_put(nd.ni_vp);
+			vn_close(nd.ni_vp, FWRITE, ctx);
 			return (error);
-		VOP_UNLOCK(nd.ni_vp, 0, p);
+		}
+#endif
+		vnode_put(nd.ni_vp);
+
 		if (nd.ni_vp->v_type != VREG) {
-			vn_close(nd.ni_vp, FWRITE, p->p_ucred, p);
+			vn_close(nd.ni_vp, FWRITE, ctx);
 			return (EACCES);
 		}
 	}
+#if CONFIG_MACF
+	else {
+		error = mac_system_check_acct(vfs_context_ucred(ctx), NULL);
+		if (error)
+			return (error);
+	}
+#endif
 
 	/*
 	 * If accounting was previously enabled, kill the old space-watcher,
 	 * close the file, and (if no new file was specified, leave).
 	 */
-	if (acctp != NULLVP || savacctp != NULLVP) {
-		untimeout(acctwatch_funnel, NULL);
-		error = vn_close((acctp != NULLVP ? acctp : savacctp), FWRITE,
-		    p->p_ucred, p);
-		acctp = savacctp = NULLVP;
+	ACCT_SUBSYS_LOCK();
+	if (acctp != NULLVP || suspend_acctp != NULLVP) {
+		untimeout(acctwatch, NULL);
+		error = vn_close((acctp != NULLVP ? acctp : suspend_acctp),
+				FWRITE, vfs_context_current());
+
+		acctp = suspend_acctp = NULLVP;
 	}
-	if (uap->path == NULL)
+	if (uap->path == USER_ADDR_NULL) {
+		ACCT_SUBSYS_UNLOCK();
 		return (error);
+	}
 
 	/*
 	 * Save the new accounting file vnode, and schedule the new
 	 * free space watcher.
 	 */
 	acctp = nd.ni_vp;
+	ACCT_SUBSYS_UNLOCK();
+
 	acctwatch(NULL);
 	return (error);
 }
@@ -175,73 +236,97 @@ acct(p, uap, retval)
  * and are enumerated below.  (They're also noted in the system
  * "acct.h" header file.)
  */
-acct_process(p)
-	struct proc *p;
+int
+acct_process(proc_t p)
 {
-	struct acct acct;
-	struct rusage *r;
+	struct acct an_acct;
+	struct rusage rup, *r;
 	struct timeval ut, st, tmp;
-	int s, t;
+	int t;
+	int error;
 	struct vnode *vp;
+	kauth_cred_t safecred;
+	struct session * sessp;
+	struct  tty *tp;
 
 	/* If accounting isn't enabled, don't bother */
+	ACCT_SUBSYS_LOCK();
 	vp = acctp;
-	if (vp == NULLVP)
+	if (vp == NULLVP) {
+		ACCT_SUBSYS_UNLOCK();
 		return (0);
+	}
 
 	/*
 	 * Get process accounting information.
 	 */
 
 	/* (1) The name of the command that ran */
-	bcopy(p->p_comm, acct.ac_comm, sizeof acct.ac_comm);
+	bcopy(p->p_comm, an_acct.ac_comm, sizeof an_acct.ac_comm);
 
 	/* (2) The amount of user and system time that was used */
 	calcru(p, &ut, &st, NULL);
-	acct.ac_utime = encode_comp_t(ut.tv_sec, ut.tv_usec);
-	acct.ac_stime = encode_comp_t(st.tv_sec, st.tv_usec);
+	an_acct.ac_utime = encode_comp_t(ut.tv_sec, ut.tv_usec);
+	an_acct.ac_stime = encode_comp_t(st.tv_sec, st.tv_usec);
 
 	/* (3) The elapsed time the commmand ran (and its starting time) */
-	acct.ac_btime = p->p_stats->p_start.tv_sec;
-	s = splclock();
-	tmp = time;
-	splx(s);
-	timevalsub(&tmp, &p->p_stats->p_start);
-	acct.ac_etime = encode_comp_t(tmp.tv_sec, tmp.tv_usec);
+	an_acct.ac_btime = p->p_start.tv_sec;
+	microtime(&tmp);
+	timevalsub(&tmp, &p->p_start);
+	an_acct.ac_etime = encode_comp_t(tmp.tv_sec, tmp.tv_usec);
 
 	/* (4) The average amount of memory used */
-	r = &p->p_stats->p_ru;
+	proc_lock(p);
+	rup = p->p_stats->p_ru;
+	proc_unlock(p);
+	r = &rup;
 	tmp = ut;
 	timevaladd(&tmp, &st);
 	t = tmp.tv_sec * hz + tmp.tv_usec / tick;
 	if (t)
-		acct.ac_mem = (r->ru_ixrss + r->ru_idrss + r->ru_isrss) / t;
+		an_acct.ac_mem = (r->ru_ixrss + r->ru_idrss + r->ru_isrss) / t;
 	else
-		acct.ac_mem = 0;
+		an_acct.ac_mem = 0;
 
 	/* (5) The number of disk I/O operations done */
-	acct.ac_io = encode_comp_t(r->ru_inblock + r->ru_oublock, 0);
+	an_acct.ac_io = encode_comp_t(r->ru_inblock + r->ru_oublock, 0);
 
 	/* (6) The UID and GID of the process */
-	acct.ac_uid = p->p_cred->p_ruid;
-	acct.ac_gid = p->p_cred->p_rgid;
+	safecred = kauth_cred_proc_ref(p);
+
+	an_acct.ac_uid = kauth_cred_getruid(safecred);
+	an_acct.ac_gid = kauth_cred_getrgid(safecred);
 
 	/* (7) The terminal from which the process was started */
-	if ((p->p_flag & P_CONTROLT) && p->p_pgrp->pg_session->s_ttyp)
-		acct.ac_tty = p->p_pgrp->pg_session->s_ttyp->t_dev;
-	else
-		acct.ac_tty = NODEV;
+	
+	sessp = proc_session(p);
+	if ((p->p_flag & P_CONTROLT) && (sessp != SESSION_NULL) && ((tp = SESSION_TP(sessp)) != TTY_NULL)) {
+		tty_lock(tp);
+		an_acct.ac_tty = tp->t_dev;
+		tty_unlock(tp);
+	 }else
+		an_acct.ac_tty = NODEV;
+
+	if (sessp != SESSION_NULL)
+		session_rele(sessp);
 
 	/* (8) The boolean flags that tell how the process terminated, etc. */
-	acct.ac_flag = p->p_acflag;
+	an_acct.ac_flag = p->p_acflag;
 
 	/*
 	 * Now, just write the accounting information to the file.
 	 */
-	VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
-	return (vn_rdwr(UIO_WRITE, vp, (caddr_t)&acct, sizeof (acct),
-	    (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, p->p_ucred,
-	    (int *)0, p));
+	if ((error = vnode_getwithref(vp)) == 0) {
+	        error = vn_rdwr(UIO_WRITE, vp, (caddr_t)&an_acct, sizeof (an_acct),
+				(off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, safecred,
+				(int *)0, p);
+		vnode_put(vp);
+	}
+
+	kauth_cred_unref(&safecred);
+	ACCT_SUBSYS_UNLOCK();
+
+	return (error);
 }
 
 /*
@@ -255,8 +340,7 @@ acct_process(p)
 #define	MAXFRACT	((1 << MANTSIZE) - 1)	/* Maximum fractional value. */
 
 comp_t
-encode_comp_t(s, us)
-	u_long s, us;
+encode_comp_t(uint32_t s, uint32_t us)
 {
 	int exp, rnd;
 
@@ -283,16 +367,6 @@ encode_comp_t(s, us)
 	return (exp);
 }
 
-void
-acctwatch_funnel(a)
-	void *a;
-{
-        thread_funnel_set(kernel_flock, TRUE);
-	acctwatch(a);
-        thread_funnel_set(kernel_flock, FALSE);
-}
-
-
 /*
  * Periodically check the file system to see if accounting
  * should be turned on or off.  Beware the case where the vnode
@@ -301,38 +375,57 @@ acctwatch_funnel(a)
  */
 /* ARGSUSED */
 void
-acctwatch(a)
-	void *a;
+acctwatch(__unused void *a)
 {
-	struct statfs sb;
-
-	if (savacctp != NULLVP) {
-		if (savacctp->v_type == VBAD) {
-			(void) vn_close(savacctp, FWRITE, NOCRED, NULL);
-			savacctp = NULLVP;
+	vfs_context_t ctx = vfs_context_current();
+	struct vfs_attr va;
+
+	VFSATTR_INIT(&va);
+	VFSATTR_WANTED(&va, f_blocks);
+	VFSATTR_WANTED(&va, f_bavail);
+
+	ACCT_SUBSYS_LOCK();
+	if (suspend_acctp != NULLVP) {
+		/*
+		 * Resuming accounting when accounting is suspended, and the
+		 * filesystem containing the suspended accounting file goes
+		 * below a low watermark
+		 */
+		if (suspend_acctp->v_type == VBAD) {
+			(void) vn_close(suspend_acctp, FWRITE, vfs_context_kernel());
+			suspend_acctp = NULLVP;
+			ACCT_SUBSYS_UNLOCK();
 			return;
 		}
-		(void)VFS_STATFS(savacctp->v_mount, &sb, (struct proc *)0);
-		if (sb.f_bavail > acctresume * sb.f_blocks / 100) {
-			acctp = savacctp;
-			savacctp = NULLVP;
+		(void)vfs_getattr(suspend_acctp->v_mount, &va, ctx);
+		if (va.f_bavail > acctresume * va.f_blocks / 100) {
+			acctp = suspend_acctp;
+			suspend_acctp = NULLVP;
 			log(LOG_NOTICE, "Accounting resumed\n");
 		}
 	} else if (acctp != NULLVP) {
+		/*
+		 * Suspending accounting when accounting is currently active,
+		 * and the filesystem containing the active accounting file
+		 * goes over a high watermark
+		 */
 		if (acctp->v_type == VBAD) {
-			(void) vn_close(acctp, FWRITE, NOCRED, NULL);
+			(void) vn_close(acctp, FWRITE, vfs_context_kernel());
 			acctp = NULLVP;
+			ACCT_SUBSYS_UNLOCK();
 			return;
 		}
-		(void)VFS_STATFS(acctp->v_mount, &sb, (struct proc *)0);
-		if (sb.f_bavail <= acctsuspend * sb.f_blocks / 100) {
-			savacctp = acctp;
+		(void)vfs_getattr(acctp->v_mount, &va, ctx);
+		if (va.f_bavail <= acctsuspend * va.f_blocks / 100) {
+			suspend_acctp = acctp;
 			acctp = NULLVP;
 			log(LOG_NOTICE, "Accounting suspended\n");
 		}
 	} else {
+		ACCT_SUBSYS_UNLOCK();
 		return;
-        }
-        
-	timeout(acctwatch_funnel, NULL, acctchkfreq * hz);
+	}
+	ACCT_SUBSYS_UNLOCK();
+    
+	timeout(acctwatch, NULL, acctchkfreq * hz);
 }