Cradicle Explorer
darling-security
/ securityd / src / auditevents.cpp
auditevents.cpp
 1  /*
 2   * Copyright (c) 2009-2010 Apple Inc. All Rights Reserved.
 3   * 
 4   * @APPLE_LICENSE_HEADER_START@
 5   * 
 6   * This file contains Original Code and/or Modifications of Original Code
 7   * as defined in and that are subject to the Apple Public Source License
 8   * Version 2.0 (the 'License'). You may not use this file except in
 9   * compliance with the License. Please obtain a copy of the License at
10   * http://www.opensource.apple.com/apsl/ and read it before using this
11   * file.
12   * 
13   * The Original Code and all software distributed under the License are
14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18   * Please see the License for the specific language governing rights and
19   * limitations under the License.
20   * 
21   * @APPLE_LICENSE_HEADER_END@
22   */
23  
24  
25  //
26  // auditevents - monitor and act upon audit subsystem events
27  //
28  #include <os/log.h>
29  #include "auditevents.h"
30  #include "dtrace.h"
31  #include <security_utilities/logging.h>
32  #include "self.h"
33  
34  using namespace UnixPlusPlus;
35  using namespace MachPlusPlus;
36  
37  
38  AuditMonitor::AuditMonitor(Port relay)
39  	: Thread("AuditMonitor"), mRelay(relay)
40  {
41  }
42  
43  AuditMonitor::~AuditMonitor()
44  {
45  }
46  
47  
48  //
49  // Endlessly retrieve session events and dispatch them.
50  // (The current version of MachServer cannot receive FileDesc-based events,
51  // so we need a monitor thread for this.)
52  //
53  void AuditMonitor::threadAction()
54  {
55      au_sdev_handle_t *dev;
56  	int event;
57  	auditinfo_addr_t aia;
58  
59      // This retries forever since securityd can't functions correctly without getting audit sessions events
60      while (1) {
61          dev = au_sdev_open(AU_SDEVF_ALLSESSIONS);
62          if (NULL == dev) {
63              os_log_fault(OS_LOG_DEFAULT, "auditevents count not open audit device: %d, retrying in a bit", errno);
64              sleep(10);
65              continue;
66          }
67  
68          for (;;) {
69              if (0 != au_sdev_read_aia(dev, &event, &aia)) {
70                  secerror("au_sdev_read_aia failed: %d\n", errno);
71                  break;
72              }
73              secinfo("SecServer", "%p session notify %d %d %d", this, aia.ai_asid, event, aia.ai_auid);
74              if (kern_return_t rc = self_client_handleSession(mRelay, event, aia.ai_asid)) {
75                  secerror("self-send failed (mach error %d)", rc);
76              }
77          }
78          au_sdev_close(dev);
79      }
80  }