//
// Refetch audit session data for the current audit session (to catch outside updates
// to the audit record). This is the price we're paying for not requiring an IPC to
// securityd when audit session data changes (this is desirable for delayering the
// software layer cake).
// If we ever disallow changes to (parts of the) audit session record in the kernel,
// we can loosen up on this continual re-fetching.
//
void Session::updateAudit() const
{
CommonCriteria::AuditInfo info;
try {
info.get(mAudit.sessionId());
} catch (...) {
return;
}
mAudit = info;
}
//
// This no longer talks to securityd; it is a kernel function.
//
OSStatus SessionGetInfo(SecuritySessionId requestedSession,
SecuritySessionId *sessionId,
SessionAttributeBits *attributes)
{
BEGIN_API
CommonCriteria::AuditInfo session;
if (requestedSession == callerSecuritySession)
session.get();
else
session.get(requestedSession);
if (sessionId)
*sessionId = session.sessionId();
if (attributes)
*attributes = (SessionAttributeBits)session.flags();
END_API(CSSM)
}
//
// Create a new session.
// This no longer talks to securityd; it is a kernel function.
// Securityd will pick up the new session when we next talk to it.
//
OSStatus SessionCreate(SessionCreationFlags flags,
SessionAttributeBits attributes)
{
BEGIN_API
// we don't support the session creation flags anymore
if (flags)
Syslog::warning("SessionCreate flags=0x%lx unsupported (ignored)", (unsigned long)flags);
CommonCriteria::AuditInfo session;
session.create(attributes);
// retrieve the (new) session id and set it into the process environment
session.get();
char idString[80];
snprintf(idString, sizeof(idString), "%x", session.sessionId());
setenv("SECURITYSESSIONID", idString, 1);
END_API(CSSM)
}
//
// Get and set the distinguished uid (optionally) associated with the session.
//