//
// This no longer talks to securityd; it is a kernel function.
//
OSStatus SessionGetInfo(SecuritySessionId requestedSession,
SecuritySessionId *sessionId,
SessionAttributeBits *attributes)
{
BEGIN_API
CommonCriteria::AuditInfo session;
if (requestedSession == callerSecuritySession)
session.get();
else
session.get(requestedSession);
if (sessionId)
*sessionId = session.sessionId();
if (attributes)
*attributes = (SessionAttributeBits)session.flags();
END_API(CSSM)
}
//
// Refetch audit session data for the current audit session (to catch outside updates
// to the audit record). This is the price we're paying for not requiring an IPC to
// securityd when audit session data changes (this is desirable for delayering the
// software layer cake).
// If we ever disallow changes to (parts of the) audit session record in the kernel,
// we can loosen up on this continual re-fetching.
//
void Session::updateAudit() const
{
CommonCriteria::AuditInfo info;
try {
info.get(mAudit.sessionId());
} catch (...) {
return;
}
mAudit = info;
}