71 	auditinfo_addr_t	se_auinfo;	/* Public audit session data. */
79 	long			se_procnt;	/* Processes in session. */
174 MALLOC_DEFINE(M_AU_SESSION, "audit_session", "Audit session data");
182  * Audit session device.
375 SYSCTL_NODE(_audit, OID_AUTO, session, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "Audit sessions");
378     "Audit session flags settable by superuser");
381     "Audit session flags clearable by superuser");
384     "Audit session flags settable by a session member");
387     "Audit session flags clearable by a session member");
393  * session state.  The audit session information is read out using sysctl:
401  * The per session record structure for the snapshot data.
417     "Current session debug info for auditing.");
420  * Callouts for proc_interate() which is used to reconcile the audit session
470  * Copy out the session debug info via the sysctl interface.
490 	 * Walk the audit session hash table to determine the size.
502 	 * the audit session table grows.
530 	 * Walk the audit session hash table and build the record array.
569  * Create and commit a session audit event. The proc and se arguments needs to
594 	 * Audit session events are always generated because they are used
618 	/* Add the audit session flags to the record. */
628  * Hash the audit session ID using a simple 32-bit mix.
644  * Do an hash lookup and find the session entry for a given ASID.  Return NULL
645  * if not found. If the session is found then audit_session_find takes a 
679 		("audit_session_remove: removing default session"));
698 			 * session close.
714  * Reference the session by incrementing the sentry ref count.
728 	    ("audit_ref_session: Too many references on session."));
732  * Decrement the sentry ref count and remove the session entry if last one.
748 	    ("audit_unref_session: Too few references on session."));
752  * Increment the process count in the session.
769  * to exit the session.
782 	 * userland of the session ending.
791  * Update the session entry and check to see if anything was updated.
817  * Return the next session ID.  The range of kernel generated audit session IDs
836  * audit session ID.  Otherwise, it attempts use the one given. It creates a
852 	 * Alloc a new session entry now so we don't wait holding the lock.
857 	 * Find an unique session ID, if desired.
867 			 * If the session ID is currently active then drop the
889 			/* If a different session then add this process in. */
894 			 * If the session information was updated then
912 	 * Populate the new session entry.  Note that process masks are stored
930 	 * Generate an audit event to notify userland of the new session.
938  * Lookup an existing session.  A copy of the audit session info for a given
953 	/* We have a reference on the session so it is safe to drop the lock. */
970  * Add a reference to the session entry.
991  * Remove a reference to the session entry.
1006  * Increment the per audit session process count.  Assumes that the caller has
1024  * Decrement the per audit session process count.  Assumes that the caller has
1042  * Init the audit session code.  
1126 	 * If this is going to modify an existing session then do some
1140 	/* audit_session_new() adds a reference on the session */
1143 	/* If the process left a session then update the process count. */
1206  * Description: Obtain a Mach send right for the current session.   
1214  * 		EINVAL		The calling process' session has not be set.
1236 		/* Can't join the default session. */
1252 	 * Get a send right to the session's Mach port and insert it in the
1269  * Description: Obtain a Mach send right for the given session ID.
1272  *              uap->asid       The target audit session ID.  The special
1274  *              		own session.
1278  * 		EINVAL		The calling process' session has not be set.
1279  * 		EINVAL		The given session ID could not be found.
1311 	/* Find the session corresponding to the requested audit
1312 	 * session ID.  If found, take a reference on it so that
1313 	 * the session is not dropped until the join is later done.
1319 			/* Can't join the default session. */
1325 		 * own session.
1331 		 * session.
1355 	 * Use the session reference to create a mach port reference for the
1356 	 * session (at which point we are free to drop the session reference)
1407 	 * Add process in if not already in the session.
1421 		/* Increment the proc count of new session */
1429 		/* Decrement the process count of the former session. */
1463  * Description:	Join the session for a given Mach port send right.
1465  * Parameters:	p		Process calling session join.
1468  * Returns:	*ret_asid	Audit session ID of new session.
1497  * Audit session device.
1559  * Submit an audit record to be queued in the audit session device.
1580 		 * of the process that opened this session device or if the
1692  * Audit session dev open method.
1732  * Audit session dev close method.
1758  * Audit session dev ioctl method.
1867  * Audit session dev read method. 
1949  * Audit session device poll method.

Indexes created Fri Aug 02 20:52:59 MDT 2024