| audit_bsm.c (4b6d6bcffdcd30ec5367cb499f444c1f0de628fb) | audit_bsm.c (5619113c9630cfa0437eae759b329d170b254163) |
|---|---|
| 1/* 2 * Copyright (c) 1999-2005 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 209 unchanged lines hidden (view full) --- 218 tok = au_to_arg32(1, "non-file: fd", \ 219 ar->ar_arg_fd); \ 220 kau_write(rec, tok); \ 221 } \ 222 } \ 223} while (0) 224 225#define PROCESS_PID_TOKENS(argn) do { \ | 1/* 2 * Copyright (c) 1999-2005 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 209 unchanged lines hidden (view full) --- 218 tok = au_to_arg32(1, "non-file: fd", \ 219 ar->ar_arg_fd); \ 220 kau_write(rec, tok); \ 221 } \ 222 } \ 223} while (0) 224 225#define PROCESS_PID_TOKENS(argn) do { \ |
| 226 if (ARG_IS_VALID(kar, ARG_PID)) { \ 227 if ((ar->ar_arg_pid > 0) /* Kill a single process */ \ 228 && (ARG_IS_VALID(kar, ARG_PROCESS))) { \ 229 tok = au_to_process(ar->ar_arg_auid, \ 230 ar->ar_arg_euid, ar->ar_arg_egid, \ 231 ar->ar_arg_ruid, ar->ar_arg_rgid, \ 232 ar->ar_arg_pid, ar->ar_arg_asid, \ 233 &ar->ar_arg_termid); \ 234 kau_write(rec, tok); \ 235 } else { \ 236 tok = au_to_arg32(argn, "process", \ 237 ar->ar_arg_pid); \ 238 kau_write(rec, tok); \ 239 } \ | 226 if ((ar->ar_arg_pid > 0) /* Reference a single process */ \ 227 && (ARG_IS_VALID(kar, ARG_PROCESS))) { \ 228 tok = au_to_process(ar->ar_arg_auid, \ 229 ar->ar_arg_euid, ar->ar_arg_egid, \ 230 ar->ar_arg_ruid, ar->ar_arg_rgid, \ 231 ar->ar_arg_pid, ar->ar_arg_asid, \ 232 &ar->ar_arg_termid); \ 233 kau_write(rec, tok); \ 234 } else if (ARG_IS_VALID(kar, ARG_PID)) { \ 235 tok = au_to_arg32(argn, "process", ar->ar_arg_pid); \ 236 kau_write(rec, tok); \ |
| 240 } \ 241} while (0) \ 242 243/* 244 * Implement auditing for the auditon() system call. The audit tokens that 245 * are generated depend on the command that was sent into the auditon() 246 * system call. 247 */ --- 1034 unchanged lines hidden --- | 237 } \ 238} while (0) \ 239 240/* 241 * Implement auditing for the auditon() system call. The audit tokens that 242 * are generated depend on the command that was sent into the auditon() 243 * system call. 244 */ --- 1034 unchanged lines hidden --- |