Disable auditing

OSX/libsecurity_codesigning/lib/cskernel.cpp

@@ -126,16 +126,17 @@ SecStaticCode *KernelCode::identifyGuest(SecCode *iguest, CFDataRef *cdhash)
                        
                         SecPointer<SecStaticCode> code = new ProcessDynamicCode(guest);
 						guest->pidBased()->setCredentials(code->codeDirectory());
-
+#ifndef DARLING
                         SHA1::Digest kernelHash;
                         MacOSError::check(guest->csops(CS_OPS_CDHASH, kernelHash, sizeof(kernelHash)));
                         *cdhash = makeCFData(kernelHash, sizeof(kernelHash));
-
+#endif
                         return code.yield();
                 }
                 
 		char path[2 * MAXPATHLEN];	// reasonable upper limit
 		if (::proc_pidpath(guest->pid(), path, sizeof(path))) {
+#ifndef DARLING
 			off_t offset;
 			csops(guest, CS_OPS_PIDOFFSET, &offset, sizeof(offset));
 			SecPointer<SecStaticCode> code = new ProcessStaticCode(DiskRep::bestGuess(path, (size_t)offset));
@@ -156,6 +157,9 @@ SecStaticCode *KernelCode::identifyGuest(SecCode *iguest, CFDataRef *cdhash)
 					*cdhash = makeCFData(kernelHash, sizeof(kernelHash));
 				CODESIGN_GUEST_CDHASH_PROCESS(guest, kernelHash, sizeof(kernelHash));
 			}
+#else
+			SecPointer<SecStaticCode> code = new ProcessStaticCode(DiskRep::bestGuess(path));
+#endif
 			return code.yield();
 		} else
 			UnixError::throwMe();
@@ -221,6 +225,7 @@ void KernelCode::identify()
 //
 void KernelCode::csops(ProcessCode *proc, unsigned int op, void *addr, size_t length)
 {
+#ifndef DARLING
 	if (proc->csops(op, addr, length) == -1) {
 		switch (errno) {
 		case ESRCH:
@@ -229,6 +234,7 @@ void KernelCode::csops(ProcessCode *proc, unsigned int op, void *addr, size_t le
 			UnixError::throwMe();
 		}
 	}
+#endif
 }
 
 

OSX/libsecurity_utilities/lib/ccaudit.cpp

@@ -32,18 +32,22 @@ namespace CommonCriteria
 
 TerminalId::TerminalId()
 {
+#ifndef DARLING
 	if (audit_set_terminal_id(this) != kAUNoErr)
 	{
 		Syslog::warning("setting terminal ID info failed; using defaults");
 		port = 0;
 		machine = 0;
 	}
+#endif
 }
 
 AuditToken::AuditToken(const audit_token_t &token)
     : mAuditToken(token)
 {
+#ifndef DARLING
     ::audit_token_to_au32(token, &mAuditId, &mEuid, &mEgid, &mRuid, &mRgid, &mPid, &mSessionId, &mTerminalId);
+#endif
 }
 
 
@@ -52,47 +56,58 @@ AuditToken::AuditToken(const audit_token_t &token)
 //
 void AuditInfo::get()
 {
+#ifndef DARLING
 	this->clearPod();
 	UnixError::check(::getaudit_addr(this, sizeof(*this)));
+#endif
 }
 
 void AuditInfo::get(au_asid_t session)
 {
+#ifndef DARLING
 	this->get();
 	if (session != this->ai_asid) {
 		// need to use higher-privileged call to get info about a session that is not our own
 		this->ai_asid = session;
 		UnixError::check(::auditon(A_GETSINFO_ADDR, this, sizeof(*this)));
 	}
+#endif
 }
 
 void AuditInfo::getPid(pid_t pid)
 {
+#ifndef DARLING
 	auditpinfo_addr_t pinfo;
 	memset(&pinfo, 0, sizeof(pinfo));
 	pinfo.ap_pid = pid;
 	UnixError::check(::auditon(A_GETPINFO_ADDR, &pinfo, sizeof(pinfo)));
 	get(pinfo.ap_asid);
+#endif
 }
 
 void AuditInfo::set()
 {
+#ifndef DARLING
 	UnixError::check(::setaudit_addr(this, sizeof(*this)));
+#endif
 }
 
 void AuditInfo::create(uint64_t flags, uid_t auid /* = AU_DEFAUDITID */)
 {
+#ifndef DARLING
 	this->clearPod();
 	ai_auid = auid;
 	ai_asid = AU_ASSIGN_ASID;
 	ai_termid.at_type = AU_IPv4;
 	ai_flags = flags;
 	UnixError::check(::setaudit_addr(this, sizeof(*this)));
+#endif
 }
 
 
 void AuditSession::registerSession(void)
 {
+#ifndef DARLING
     auditinfo_t auinfo;
 
     auinfo.ai_auid = mAuditId;
@@ -107,11 +122,13 @@ void AuditSession::registerSession(void)
 		else
 			Syslog::warning("Could not initialize auditing (%m); continuing");
 	}
+#endif
 }
 
 void AuditRecord::submit(const short event_code, const int returnCode, 
 			 const char *msg)
 {
+#ifndef DARLING
     // If we're not auditing, do nothing
     if (!(au_get_state() == AUC_AUDITING))
 		return;
@@ -145,6 +162,7 @@ void AuditRecord::submit(const short event_code, const int returnCode,
     }
     if (ret != kAUNoErr)
 		MacOSError::throwMe(ret);
+#endif
 }
 
 

securityd/src/auditevents.cpp

@@ -51,6 +51,7 @@ AuditMonitor::~AuditMonitor()
 //
 void AuditMonitor::action()
 {
+#ifndef DARLING
 	au_sdev_handle_t *dev = au_sdev_open(AU_SDEVF_ALLSESSIONS);
 	int event;
 	auditinfo_addr_t aia;
@@ -69,4 +70,7 @@ void AuditMonitor::action()
 		if (kern_return_t rc = self_client_handleSession(mRelay, mach_task_self(), event, aia.ai_asid))
 			Syslog::error("self-send failed (mach error %d)", rc);
 	}
+#else
+	for (;;) pause();
+#endif
 }

securityd/src/process.cpp

@@ -40,7 +40,7 @@
 // Construct a Process object.
 //
 Process::Process(TaskPort taskPort,	const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit)
- :  mTaskPort(taskPort), mByteFlipped(false), mPid(audit.pid()), mUid(audit.euid()), mGid(audit.egid())
+ :  mTaskPort(taskPort), mByteFlipped(false), mPid(mTaskPort.pid()), mUid(0), mGid(0)
 {
 	StLock<Mutex> _(*this);