1/*
2 * Copyright (c) 2021 Apple Inc. All rights reserved.
3 *
4 * @Apple_LICENSE_HEADER_START@
5 *
6 * The contents of this file constitute Original Code as defined in and
7 * are subject to the Apple Public Source License Version 1.1 (the
8 * "License"). You may not use this file except in compliance with the
9 * License. Please obtain a copy of the License at
10 * http://www.apple.com/publicsource and read it before using this file.
11 *
12 * This Original Code and all software distributed under the License are
13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17 * License for the specific language governing rights and limitations
18 * under the License.
19 *
20 * @APPLE_LICENSE_HEADER_END@
21 */
22
23#include <os/system_event_log.h>
24#include <sys/systm.h>
25#include <sys/sysproto.h>
26#include <IOKit/IOBSD.h>
27
28int
29sys_record_system_event(__unused struct proc *p, struct record_system_event_args *uap, __unused int *retval)
30{
31 int error = 0;
32
33 boolean_t entitled = FALSE;
34 entitled = IOCurrentTaskHasEntitlement(SYSTEM_EVENT_ENTITLEMENT);
35 if (!entitled) {
36 error = EPERM;
37 goto done;
38 }
39
40 char event[SYSTEM_EVENT_EVENT_MAX] = {0};
41 char payload[SYSTEM_EVENT_PAYLOAD_MAX] = {0};
42 size_t bytes_copied;
43
44 error = copyinstr(uaddr: uap->event, kaddr: event, len: sizeof(event), done: &bytes_copied);
45 if (error) {
46 goto done;
47 }
48 error = copyinstr(uaddr: uap->payload, kaddr: payload, len: sizeof(payload), done: &bytes_copied);
49 if (error) {
50 goto done;
51 }
52
53 record_system_event_no_varargs(type: (uint8_t)(uap->type), subsystem: (uint8_t)(uap->subsystem), event, payload);
54
55done:
56 return error;
57}
58