Revision: 23646 http://trac.macosforge.org/projects/launchd/changeset/23646 Author: zarzycki@apple.com Date: 2008-08-05 18:28:01 -0700 (Tue, 05 Aug 2008) Log Message: ----------- <rdar://problem/6120462> gSULeoGaia: Add Common Criteria (a.k.a. BSM a.k.a. audit) support to launchd Modified Paths: -------------- branches/SULeopard/launchd/src/launchd_core_logic.c Modified: branches/SULeopard/launchd/src/launchd_core_logic.c =================================================================== --- branches/SULeopard/launchd/src/launchd_core_logic.c 2008-07-28 18:12:23 UTC (rev 23645) +++ branches/SULeopard/launchd/src/launchd_core_logic.c 2008-08-06 01:28:01 UTC (rev 23646) @@ -420,6 +420,7 @@ static bool job_setup_machport(job_t j); static void job_setup_fd(job_t j, int target_fd, const char *path, int flags); static void job_postfork_become_user(job_t j); +static void job_enable_audit_for_user(job_t j, uid_t u, char *name); static void job_find_and_blame_pids_with_weird_uids(job_t j); static void job_force_sampletool(job_t j); static void job_setup_exception_port(job_t j, task_t target_task); @@ -2925,6 +2926,28 @@ } void +job_enable_audit_for_user(job_t j, uid_t u, char *name) +{ + auditinfo_t auinfo = { + .ai_auid = u, + .ai_asid = j->p, + }; + long au_cond; + + if (!job_assumes(j, auditon(A_GETCOND, &au_cond, sizeof(long)) == 0)) { + _exit(EXIT_FAILURE); + } + + if (au_cond != AUC_NOAUDIT) { + if (!job_assumes(j, au_user_mask(name, &auinfo.ai_mask) == 0)) { + _exit(EXIT_FAILURE); + } else if (!job_assumes(j, setaudit(&auinfo) == 0)) { + _exit(EXIT_FAILURE); + } + } +} + +void job_postfork_become_user(job_t j) { char loginname[2000]; @@ -3001,6 +3024,8 @@ desired_gid = gre->gr_gid; } + job_enable_audit_for_user(j, desired_uid, loginname); + if (!job_assumes(j, setlogin(loginname) != -1)) { _exit(EXIT_FAILURE); }