Syscall BSD#432
svc · unix #432
audit_session_port
Retourne un droit d'envoi vers le port de la session d'audit pour un asid arbitraire.
Prototype
int audit_session_port(au_asid_t asid, user_addr_t portnamep);Retour: int
Arguments
| Name | Type | Dir | Description |
|---|---|---|---|
| asid | au_asid_t | - | |
| portnamep | user_addr_t | - |
Historique des versions
| XNU tag | macOS | # |
|---|---|---|
| xnu-1699.24.8 | macOS 10.7 Lion | 432 |
| xnu-2050.18.24 | macOS 10.8 Mountain Lion | 432 |
| xnu-2422.115.4 | macOS 10.9 Mavericks | 432 |
| xnu-2782.40.9 | macOS 10.10 Yosemite | 432 |
| xnu-3247.1.106 | macOS 10.11 El Capitan | 432 |
| xnu-3789.1.32 | macOS 10.12 Sierra | 432 |
| xnu-4570.1.46 | macOS 10.13 High Sierra | 432 |
| xnu-4903.221.2 | macOS 10.14 Mojave | 432 |
| xnu-6153.11.26 | macOS 10.15 Catalina | 432 |
| xnu-7195.50.7.100.1 | macOS 11.0 Big Sur | 432 |
| xnu-8019.41.5 | macOS 12.0 Monterey | 432 |
| xnu-8792.41.9 | macOS 13.0 Ventura | 432 |
| xnu-10002.1.13 | macOS 14.0 Sonoma | 432 |
| xnu-11215.1.10 | macOS 15.0 Sequoia | 432 |
| xnu-11417.101.15 | macOS 15.4 Sequoia | 432 |
| xnu-12377.1.9 | macOS 26.0 Tahoe | 432 |
| xnu-10002.41.9 | — | 432 |
| xnu-10002.61.3 | — | 432 |
| xnu-10002.81.5 | — | 432 |
| xnu-10063.101.15 | — | 432 |
| xnu-10063.121.3 | — | 432 |
| xnu-10063.141.1 | — | 432 |
| xnu-11215.41.3 | — | 432 |
| xnu-11215.61.5 | — | 432 |
| xnu-11215.81.4 | — | 432 |
| xnu-11417.121.6 | — | 432 |
| xnu-11417.140.69 | — | 432 |
| xnu-12377.101.15 | — | 432 |
| xnu-12377.41.6 | — | 432 |
| xnu-12377.61.12 | — | 432 |
| xnu-12377.81.4 | — | 432 |
| xnu-1699.22.73 | — | 432 |
| xnu-1699.22.81 | — | 432 |
| xnu-1699.24.23 | — | 432 |
| xnu-1699.26.8 | — | 432 |
| xnu-1699.32.7 | — | 432 |
| xnu-2050.22.13 | — | 432 |
| xnu-2050.24.15 | — | 432 |
| xnu-2050.48.11 | — | 432 |
| xnu-2050.7.9 | — | 432 |
| xnu-2050.9.2 | — | 432 |
| xnu-2422.1.72 | — | 432 |
| xnu-2422.100.13 | — | 432 |
| xnu-2422.110.17 | — | 432 |
| xnu-2422.90.20 | — | 432 |
| xnu-2782.1.97 | — | 432 |
| xnu-2782.10.72 | — | 432 |
| xnu-2782.20.48 | — | 432 |
| xnu-2782.30.5 | — | 432 |
| xnu-3247.10.11 | — | 432 |
| xnu-3248.20.55 | — | 432 |
| xnu-3248.30.4 | — | 432 |
| xnu-3248.40.184 | — | 432 |
| xnu-3248.50.21 | — | 432 |
| xnu-3248.60.10 | — | 432 |
| xnu-3789.21.4 | — | 432 |
| xnu-3789.31.2 | — | 432 |
| xnu-3789.41.3 | — | 432 |
| xnu-3789.51.2 | — | 432 |
| xnu-3789.60.24 | — | 432 |
| xnu-3789.70.16 | — | 432 |
| xnu-4570.20.62 | — | 432 |
| xnu-4570.31.3 | — | 432 |
| xnu-4570.41.2 | — | 432 |
| xnu-4570.51.1 | — | 432 |
| xnu-4570.61.1 | — | 432 |
| xnu-4570.71.2 | — | 432 |
| xnu-4903.231.4 | — | 432 |
| xnu-4903.241.1 | — | 432 |
| xnu-4903.270.47 | — | 432 |
| xnu-6153.101.6 | — | 432 |
| xnu-6153.121.1 | — | 432 |
| xnu-6153.141.1 | — | 432 |
| xnu-6153.41.3 | — | 432 |
| xnu-6153.61.1 | — | 432 |
| xnu-6153.81.5 | — | 432 |
| xnu-7195.101.1 | — | 432 |
| xnu-7195.121.3 | — | 432 |
| xnu-7195.141.2 | — | 432 |
| xnu-7195.60.75 | — | 432 |
| xnu-7195.81.3 | — | 432 |
| xnu-8019.61.5 | — | 432 |
| xnu-8019.80.24 | — | 432 |
| xnu-8020.101.4 | — | 432 |
| xnu-8020.121.3 | — | 432 |
| xnu-8020.140.41 | — | 432 |
| xnu-8792.61.2 | — | 432 |
| xnu-8792.81.2 | — | 432 |
| xnu-8796.101.5 | — | 432 |
| xnu-8796.121.2 | — | 432 |
| xnu-8796.141.3 | — | 432 |
Notes
À partir d'un asid_t et de flags, audit_session_port() renvoie le port Mach représentant cette session, permettant aux processus privilégiés (loginwindow, sessionlogoutd) de gérer des sessions qu'ils n'ont pas créées. Le noyau vérifie que l'appelant possède la session ou détient le privilège audit_control. Le port retourné peut être passé à audit_session_join() pour entrer dans la session.
Détection
Mieux observée via le hook MACF mac_proc_check_get_audit_session_port, ou via DTrace fbt::audit_session_port:entry. Les appels depuis des binaires non-système sont extrêmement rares et méritent inspection.
API associées
audit_session_selfaudit_session_joingetaudit_addr