1*0Sstevel@tonic-gate /* 2*0Sstevel@tonic-gate * CDDL HEADER START 3*0Sstevel@tonic-gate * 4*0Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*0Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*0Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*0Sstevel@tonic-gate * with the License. 8*0Sstevel@tonic-gate * 9*0Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*0Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*0Sstevel@tonic-gate * See the License for the specific language governing permissions 12*0Sstevel@tonic-gate * and limitations under the License. 13*0Sstevel@tonic-gate * 14*0Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*0Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*0Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*0Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*0Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*0Sstevel@tonic-gate * 20*0Sstevel@tonic-gate * CDDL HEADER END 21*0Sstevel@tonic-gate */ 22*0Sstevel@tonic-gate /* 23*0Sstevel@tonic-gate * Copyright 1994,2002-2003 Sun Microsystems, Inc. All rights reserved. 24*0Sstevel@tonic-gate * Use is subject to license terms. 25*0Sstevel@tonic-gate */ 26*0Sstevel@tonic-gate 27*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*0Sstevel@tonic-gate 29*0Sstevel@tonic-gate #include <sys/systm.h> 30*0Sstevel@tonic-gate #include <sys/errno.h> 31*0Sstevel@tonic-gate #include <sys/policy.h> 32*0Sstevel@tonic-gate 33*0Sstevel@tonic-gate #include <c2/audit.h> 34*0Sstevel@tonic-gate 35*0Sstevel@tonic-gate /*ARGSUSED1*/ 36*0Sstevel@tonic-gate int 37*0Sstevel@tonic-gate auditsys(struct auditcalls *uap, rval_t *rvp) 38*0Sstevel@tonic-gate { 39*0Sstevel@tonic-gate int err; 40*0Sstevel@tonic-gate 41*0Sstevel@tonic-gate /* 42*0Sstevel@tonic-gate * this ugly hack is because auditsys returns 0 for 43*0Sstevel@tonic-gate * all cases except audit_active == 0 and 44*0Sstevel@tonic-gate * uap->code == BSM_AUDITCTRL || BSM_AUDITON || default) 45*0Sstevel@tonic-gate */ 46*0Sstevel@tonic-gate 47*0Sstevel@tonic-gate switch (uap->code) { 48*0Sstevel@tonic-gate case BSM_GETAUID: 49*0Sstevel@tonic-gate case BSM_SETAUID: 50*0Sstevel@tonic-gate case BSM_GETAUDIT: 51*0Sstevel@tonic-gate case BSM_SETAUDIT: 52*0Sstevel@tonic-gate case BSM_AUDIT: 53*0Sstevel@tonic-gate case BSM_AUDITSVC: 54*0Sstevel@tonic-gate return (0); 55*0Sstevel@tonic-gate case BSM_AUDITCTL: 56*0Sstevel@tonic-gate case BSM_AUDITON: 57*0Sstevel@tonic-gate if ((int)uap->a1 == A_GETCOND) 58*0Sstevel@tonic-gate err = secpolicy_audit_getattr(CRED()); 59*0Sstevel@tonic-gate else 60*0Sstevel@tonic-gate /* FALLTHROUGH */ 61*0Sstevel@tonic-gate default: 62*0Sstevel@tonic-gate /* Return a different error when not privileged */ 63*0Sstevel@tonic-gate err = secpolicy_audit_config(CRED()); 64*0Sstevel@tonic-gate if (err == 0) 65*0Sstevel@tonic-gate return (EINVAL); 66*0Sstevel@tonic-gate else 67*0Sstevel@tonic-gate return (err); 68*0Sstevel@tonic-gate } 69*0Sstevel@tonic-gate } 70