6638707 implement the removal of auditsvc(2) as noted in PSARC/2002/665

18 files changed, 78 insertions, 534 deletions

diff --git a/usr/src/cmd/abi/appcert/etc/etc.warn.in b/usr/src/cmd/abi/appcert/etc/etc.warn.in
index ae0435799a..8fff87bca0 100644
--- a/usr/src/cmd/abi/appcert/etc/etc.warn.in
+++ b/usr/src/cmd/abi/appcert/etc/etc.warn.in
@@ -1,15 +1,14 @@
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
 #
-# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License").  You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
@@ -80,8 +79,6 @@ WARNING:libldap.so.3:gettext("calls obsolete LDAP library libldap.so.3"):libldap
 ###############################################################################
 WARNING:libxfn:gettext("calls obsolete federated naming library libxfn.so"):libxfn.so.1|*|*DIRECT*,libxfn.so.2|*|*DIRECT*:
 ###############################################################################
-WARNING:auditsvc:gettext("calls libbsm interface auditsvc(2)"):libbsm.so.1|auditsvc|*DIRECT*:
-###############################################################################
 WARNING:libXinput:gettext("calls obsolete input library libXinput.so.0"):libXinput.so.0|*|*DIRECT*:
 ###############################################################################
 WARNING:libkcs:gettext("calls KCMS library libkcs.so.1"):libkcs.so.1|*|*DIRECT*:
diff --git a/usr/src/cmd/bsmrecord/audit_record_attr.txt b/usr/src/cmd/bsmrecord/audit_record_attr.txt
index 755f2601da..38584df71f 100644
--- a/usr/src/cmd/bsmrecord/audit_record_attr.txt
+++ b/usr/src/cmd/bsmrecord/audit_record_attr.txt
@@ -2,7 +2,7 @@
 # Two "#" are comments that are copied to audit_record_attr
 # other comments are removed.
 ##
-## Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+## Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 ## Use is subject to license terms.
 ##
 ## CDDL HEADER START
@@ -424,33 +424,7 @@ label=AUE_AUDITSTAT
   skip=Not used.
 
 label=AUE_AUDITSVC
-# audit_event.c mismatch with old BSM manual
-# audit_event.c code is used
-  # As documented:
-  # case=With a valid file descriptor
-  #   format=[path]:[attr]
-  # case=With an invalid file descriptor
-  #   format=arg1
-  #     comment=1, fd, "no path fd"
-  # As implemented:
-  case=With a valid file descriptor
-    format=[path]:[attr]:[arg]1
-      comment=3, limit, "limit"
-  case=With an invalid file descriptor
-    format=[arg]1:[arg]2
-      comment=1, fd, "no path fd":
-      comment=3, limit, "limit"
-#	header,168,2,auditsvc(2),,Mon May 15 09:19:49 2000, + 9999915 msec
-#	path,/export/home/CC_final/icenine/arv/auditsvc/obj_succ
-#	attribute,100644,root,other,8388608,31279,0
-#	argument,3,0xa,limit
-#	subject,tuser10,root,other,root,other,4132,367,255 197121 tmach1
-#	return,failure: Device busy,-1
-#	trailer,168
-#	header,68,2,auditsvc(2),,Mon May 15 09:20:01 2000, + 409999984 msec
-#	subject,tuser10,tuser10,other,tuser10,other,4261,367,255 197121 tmach1
-#	return,failure: Not owner,-1
-#	trailer,68
+  skip=Not used.
 
 label=AUE_AUDITSYS
   skip=Not used. (Place holder for various auditing events.)
diff --git a/usr/src/cmd/truss/print.c b/usr/src/cmd/truss/print.c
index 1fbab85f04..8e9225493d 100644
--- a/usr/src/cmd/truss/print.c
+++ b/usr/src/cmd/truss/print.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -1216,7 +1216,6 @@ prt_aud(private_t *pri, int raw, long val)	/* print auditsys() code */
 		case BSM_GETUSERAUDIT:	s = "BSM_GETUSERAUDIT";	break;
 		case BSM_SETUSERAUDIT:	s = "BSM_SETUSERAUDIT";	break;
 		case BSM_AUDIT:		s = "BSM_AUDIT";	break;
-		case BSM_AUDITSVC:	s = "BSM_AUDITSVC";	break;
 		case BSM_AUDITON:	s = "BSM_AUDITON";	break;
 		case BSM_AUDITCTL:	s = "BSM_AUDITCTL";	break;
 		case BSM_GETKERNSTATE:	s = "BSM_GETKERNSTATE";	break;
diff --git a/usr/src/lib/libbsm/audit_event.txt b/usr/src/lib/libbsm/audit_event.txt
index 6614459b90..eeb88dde79 100644
--- a/usr/src/lib/libbsm/audit_event.txt
+++ b/usr/src/lib/libbsm/audit_event.txt
@@ -191,7 +191,8 @@
 133:AUE_SETAUDIT:setaudit(2):aa
 134:AUE_GETUSERAUDIT:getuseraudit(2):no
 135:AUE_SETUSERAUDIT:setuseraudit(2):no
-136:AUE_AUDITSVC:auditsvc(2):as
+# AUE_AUDITSVC is a placeholder and will not be generated
+136:AUE_AUDITSVC:auditsvc(2) - place holder:no
 # AUE_AUDITON is a placeholder and will not be generated
 138:AUE_AUDITON:auditon(2) - place holder:no
 139:AUE_AUDITON_GTERMID:auditon(2) - GETTERMID command:no
diff --git a/usr/src/lib/libbsm/common/bsm.c b/usr/src/lib/libbsm/common/bsm.c
index 056eff49ef..c97d9ea344 100644
--- a/usr/src/lib/libbsm/common/bsm.c
+++ b/usr/src/lib/libbsm/common/bsm.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -34,12 +34,6 @@
 const char *bsm_dom = TEXT_DOMAIN;
 
 int
-auditsvc(int fd, int limit)
-{
-	return (syscall(SYS_auditsys, BSM_AUDITSVC, fd, limit));
-}
-
-int
 auditdoor(int fd)
 {
 	return (syscall(SYS_auditsys, BSM_AUDITDOOR, fd));
diff --git a/usr/src/lib/libbsm/common/libbsm.h b/usr/src/lib/libbsm/common/libbsm.h
index 0322ec4cbe..bf4a859c2e 100644
--- a/usr/src/lib/libbsm/common/libbsm.h
+++ b/usr/src/lib/libbsm/common/libbsm.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -231,7 +231,6 @@ extern int	getfauditflags(au_mask_t *, au_mask_t *, au_mask_t *);
 extern int	audit(char *, int);
 extern int	auditon(int, caddr_t, int);
 extern int	auditstat(au_stat_t *);
-extern int	auditsvc(int, int);
 extern int	auditdoor(int);
 extern int	getaudit(auditinfo_t *);
 extern int	getaudit_addr(auditinfo_addr_t *, int);
diff --git a/usr/src/lib/libbsm/common/mapfile-vers b/usr/src/lib/libbsm/common/mapfile-vers
index 6cff4e7554..2f7a8ddba3 100644
--- a/usr/src/lib/libbsm/common/mapfile-vers
+++ b/usr/src/lib/libbsm/common/mapfile-vers
@@ -63,7 +63,6 @@ SUNW_0.7 {
 	au_close;
 	audit;
 	auditon;
-	auditsvc;
 	au_open;
 	au_preselect;
 	au_to_arg;
diff --git a/usr/src/tools/abi/etc/ABI_i386.db b/usr/src/tools/abi/etc/ABI_i386.db
index 8923034d4a..a4892cb2e4 100644
--- a/usr/src/tools/abi/etc/ABI_i386.db
+++ b/usr/src/tools/abi/etc/ABI_i386.db
@@ -17960,9 +17960,6 @@ auditdoor lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivat
 auditon usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 0 0 0011111 0011110 0 0000001 0 0 0 0
 auditon lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 0000001 0000001 0 0 0 0 0 0
 auditon lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 0000001 0000001 0 0 0 0 0 0
-auditsvc usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 0 0 0011111 0011110 0 0000001 0 0 0 0
-auditsvc lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 0000001 0000001 0 0 0 0 0 0
-auditsvc lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 0000001 0000001 0 0 0 0 0 0
 aug_audit usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
 aug_audit lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
 aug_audit lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
diff --git a/usr/src/tools/abi/etc/ABI_sparc.db b/usr/src/tools/abi/etc/ABI_sparc.db
index 2050a5a070..673720ea90 100644
--- a/usr/src/tools/abi/etc/ABI_sparc.db
+++ b/usr/src/tools/abi/etc/ABI_sparc.db
@@ -19222,10 +19222,6 @@ auditon usr/lib/sparcv9/libbsm.so.1 0 0 SUNW_1.1 SUNW_0.7 SUNW_1.1 SUNW_0.7 SUNW
 auditon usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 0 0 0011111 0011110 0 0000001 0 0 0 0
 auditon lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 0000001 0000001 0 0 0 0 0 0
 auditon lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 0000001 0000001 0 0 0 0 0 0
-auditsvc usr/lib/sparcv9/libbsm.so.1 0 0 SUNW_1.1 SUNW_0.7 SUNW_1.1 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 0 0 1111111 1111110 0 0000001 0 0 0 0
-auditsvc usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 SUNW_1.2 SUNW_0.7 0 0 0011111 0011110 0 0000001 0 0 0 0
-auditsvc lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 0000001 0000001 0 0 0 0 0 0
-auditsvc lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNW_1.2 SUNW_0.7 0000001 0000001 0 0 0 0 0 0
 aug_audit usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
 aug_audit usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
 aug_audit lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
diff --git a/usr/src/uts/common/c2/audit.h b/usr/src/uts/common/c2/audit.h
index 765374d848..81893db8e7 100644
--- a/usr/src/uts/common/c2/audit.h
+++ b/usr/src/uts/common/c2/audit.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -219,7 +219,7 @@ typedef au_id_t auid_t;
 #define	BSM_SETUSERAUDIT	24
 #define	BSM_AUDIT		25
 /* 				26	OBSOLETE */
-#define	BSM_AUDITSVC		27	/* EOL announced for Sol 10 */
+/* 				27	EOL announced for Sol 10 */
 #define	BSM_AUDITON		28
 #define	BSM_AUDITCTL		29
 #define	BSM_GETKERNSTATE	30
diff --git a/usr/src/uts/common/c2/audit_event.c b/usr/src/uts/common/c2/audit_event.c
index 25340134c9..edd90343a1 100644
--- a/usr/src/uts/common/c2/audit_event.c
+++ b/usr/src/uts/common/c2/audit_event.c
@@ -20,7 +20,7 @@
  */
 
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -2639,9 +2639,6 @@ aui_auditsys(au_event_t e)
 	case BSM_AUDIT:
 		e = AUE_AUDIT;
 		break;
-	case BSM_AUDITSVC:
-		e = AUE_AUDITSVC;
-		break;
 	case BSM_GETPORTAUDIT:
 		e = AUE_GETPORTAUDIT;
 		break;
@@ -2726,9 +2723,6 @@ aus_auditsys(struct t_audit_data *tad)
 {
 	klwp_t *clwp = ttolwp(curthread);
 	uintptr_t a1, a2;
-	struct file *fp;
-	struct f_audit_data *fad;
-	struct vnode *vp;
 	STRUCT_DECL(auditinfo, ainfo);
 	STRUCT_DECL(auditinfo_addr, ainfo_addr);
 	au_evclass_map_t event;
@@ -2815,28 +2809,6 @@ aus_auditsys(struct t_audit_data *tad)
 		au_uwrite(au_to_arg32((char)1, "asid",
 		    (uint32_t)STRUCT_FGET(ainfo_addr, ai_asid)));
 		break;
-	case AUE_AUDITSVC:
-		/*
-		 * convert file pointer to file descriptor
-		 * Note: fd ref count incremented here
-		 */
-		if ((fp = getf((uint_t)a1)) == NULL)
-			return;
-		fad = F2A(fp);
-		if (fad->fad_aupath != NULL) {
-			au_uwrite(au_to_path(fad->fad_aupath));
-		} else {
-			au_uwrite(au_to_arg32(2, "no path: fd", (uint32_t)a1));
-		}
-
-		vp = fp->f_vnode;	/* include vnode attributes */
-		audit_attributes(vp);
-
-		/* decrement file descriptor ref count */
-		releasef((uint_t)a1);
-
-		au_uwrite(au_to_arg32(3, "limit", (uint32_t)a2));
-		break;
 	case AUE_AUDITON_SETKMASK:
 		if (copyin((caddr_t)a2, &mask, sizeof (au_mask_t)))
 				return;
diff --git a/usr/src/uts/common/c2/audit_io.c b/usr/src/uts/common/c2/audit_io.c
index 828c007622..e498dcdd58 100644
--- a/usr/src/uts/common/c2/audit_io.c
+++ b/usr/src/uts/common/c2/audit_io.c
@@ -21,7 +21,7 @@
 /*
  * Routines for writing audit records.
  *
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -96,245 +96,6 @@ au_write(caddr_t *d, token_t *m)
 	else
 		(void) au_append_rec((au_buff_t *)*d, m, AU_PACK);
 }
-#define	AU_INTERVAL 120
-
-/*
- * Write audit information to the disk.
- * Called from auditsvc(); EOL'd as of Sol 10.
- * Local zones are not allowed; the caller (auditsvc()) enforces the
- * restriction.
- */
-int
-au_doio(vp, limit)
-
-	struct vnode *vp;
-	int limit;
-
-{	/* AU_DOIO */
-
-	off_t		off;	/* space used in buffer */
-	size_t		used;	/* space used in au_membuf */
-	token_t		*cAR;	/* current AR being processed */
-	token_t		*cMB;	/* current au_membuf being processed */
-	token_t		*sp;	/* last AR processed */
-	char		*bp;	/* start of free space in staging buffer */
-	unsigned char	*cp;	/* ptr to data to be moved */
-	au_kcontext_t	*kctx;
-	/*
-	 * size (data left in au_membuf - space in buffer)
-	 */
-	ssize_t		sz;
-	ssize_t		len;	/* len of data to move, size of AR */
-	int		error;	/* error return */
-	ssize_t		left;	/* data not xfered by write to disk */
-	statvfs64_t	sb;	/* buffer for statfs */
-	size_t		curr_sz = 0;	/* amount of data written during now */
-	int		part    = 0;	/* partial audit record written */
-	int		partial = 0;	/* flag to force partial AR to file */
-					/* 0 - idle, ignore */
-					/* 1 - force write of audit record */
-					/* 2 - finished writing AR, commit */
-
-	kctx = GET_KCTX_GZ;
-
-	/*
-	 * Check to ensure enough free space on audit device.
-	 */
-	bzero(&sb, sizeof (statvfs64_t));
-	(void) VFS_STATVFS(vp->v_vfsp, &sb);
-	/*
-	 * Large Files: We do not convert any of this part of kernel
-	 * to be large file aware. Original behaviour should be
-	 * maintained. This function is called from audit_svc and
-	 * it already checks for negative values of limit.
-	 */
-
-	if (sb.f_blocks && (fsblkcnt64_t)limit > sb.f_bavail)
-		return (ENOSPC);
-
-	if (kctx->auk_file_stat.af_filesz &&
-		(kctx->auk_file_stat.af_currsz >=
-		kctx->auk_file_stat.af_filesz))
-		return (EFBIG);
-
-	/*
-	 * has the write buffer changed length due to a auditctl(2)?
-	 * (remember that auk_buffer is an element of auk_dbuffer)
-	 */
-	if (kctx->auk_queue.bufsz != kctx->auk_queue.buflen) {
-
-		kmem_free(kctx->auk_buffer, kctx->auk_queue.buflen);
-
-		/* bad, should not sleep here. Testing only */
-		kctx->auk_buffer = kmem_alloc(kctx->auk_queue.bufsz, KM_SLEEP);
-
-		kctx->auk_queue.buflen = kctx->auk_queue.bufsz;
-	}
-
-	if (!kctx->auk_queue.head) {
-		goto nodata;
-	}
-	sp   = (token_t *)0; /* no AR copied */
-	off  = 0;	/* no space used in buffer */
-	used = 0;	/* no data processed in au_membuf */
-	cAR  = kctx->auk_queue.head;	/* start at head of queue */
-	cMB  = cAR;	/* start with first au_membuf of record */
-	bp = &(kctx->auk_buffer[0]);	/* start at beginning of buffer */
-
-	while (cMB) {
-		ASSERT(kctx->auk_queue.head != NULL);
-
-		/* indicate audit record being processed */
-		part = 1;
-
-		/* pointer to buffer data */
-		cp  = memtod(cMB, unsigned char *);
-		/* data left in au_membuf */
-		sz  = (ssize_t)cMB->len - used;
-		/* len to move */
-		len = (ssize_t)MIN(sz, kctx->auk_queue.buflen - off);
-
-		/* move the data */
-		bcopy(cp + used, bp + off, len);
-		used += len; /* update used au_membuf */
-		off  += len; /* update offset into buffer */
-
-		if (used >= (ssize_t)cMB->len) {
-			/* advance to next au_membuf */
-			used = 0;
-			cMB  = cMB->next_buf;
-		}
-		if (cMB == (au_buff_t *)0) {
-			/* advance to next AR */
-			sp   = cAR;
-			cAR  = cAR->next_rec;
-			cMB  = cAR;
-			/* reached end of an audit record */
-			part = 0;
-			/* force abort at end of audit record? */
-			if (partial == 1)
-				partial = 2;
-		}
-		/*
-		 * If we've reached end of buffer, or have run out of
-		 * audit records on the queue or we've processed a
-		 * partial audit record to complete the audit file,
-		 * then its time to flush the holding buffer to the
-		 * audit trail.
-		 */
-		if ((kctx->auk_queue.buflen == off) ||
-		    (cAR == (au_buff_t *)0) ||
-		    (partial == 2)) {
-
-			left = 0;
-			/*
-			 * Largefiles: We purposely pass a value of
-			 * MAXOFF_T as we do not want any of the
-			 * auditing files to exceed 2GB. May be we will
-			 * support this in future.
-			 */
-			error = vn_rdwr(UIO_WRITE, vp, kctx->auk_buffer,
-				off, 0LL, UIO_SYSSPACE, FAPPEND,
-				(rlim64_t)MAXOFF_T, CRED(), &left);
-
-			/* error on write */
-			if (error != 0) {
-				if (error == EDQUOT)
-					error = ENOSPC;
-				return (error);
-			}
-
-			/* end of file system? */
-			if (left) {
-				au_buff_t *b = NULL;
-
-				sz = off - left; /* how much written */
-
-				/* update space counters */
-				kctx->auk_file_stat.af_currsz += sz;
-
-				/* which AR are done */
-				cAR = kctx->auk_queue.head;
-				while (sz) {
-					cp  = memtod(cAR, unsigned char *);
-					len = (ssize_t)((cp[1]<<24 | cp[2]<<16 |
-						cp[3]<<8 | cp[4]) &
-						0xffffffffU);
-
-					if (len > sz)
-						break;
-					b = cAR;
-					cAR = cAR->next_rec;
-					sz -= len;
-				}
-				if (b != NULL)
-					au_dequeue(kctx, b);
-
-				return (ENOSPC);
-
-			} else {	/* still space in file system */
-				/* if we've written an AR */
-				if (sp) {
-					/*
-					 * free records up to last one copied.
-					 */
-					au_dequeue(kctx, sp);
-				}
-				/* Update sizes */
-				curr_sz += off;
-				kctx->auk_file_stat.af_currsz += (uint_t)off;
-
-				/* reset auk_buffer pointers */
-				sp = (token_t *)0;
-				off  = 0;
-				bp   = &(kctx->auk_buffer[0]);
-
-				/* check exit conditions */
-				if (sb.f_blocks) {
-					ulong_t blks_used;
-					blks_used = (curr_sz / sb.f_bsize);
-					if ((fsblkcnt64_t)limit >
-				(sb.f_bavail - (fsblkcnt64_t)blks_used)) {
-						/*
-						 * if we haven't put out a
-						 * complete audit record,
-						 * continue to process the
-						 * audit queue until we reach
-						 * the end of the record.
-						 */
-						if (part && (partial == 0)) {
-							partial = 1;
-							continue;
-						}
-						/*
-						 * exit if complete record
-						 */
-						if (partial != 1)
-							return (ENOSPC);
-					}
-				}
-				if (kctx->auk_file_stat.af_filesz &&
-					(kctx->auk_file_stat.af_currsz
-					>= kctx->auk_file_stat.af_filesz)) {
-						/*
-						 * force a complete audit
-						 * record to the trail.
-						 */
-						if (partial == 0)
-							partial = 1;
-						/*
-						 * Written data to AR boundry.
-						 */
-						if (partial != 1)
-							return (EFBIG);
-				}
-			}
-		}
-	}	/* while(cMB) */
-
-nodata:
-	return (0);
-}
 
 /*
  * Close an audit descriptor.
@@ -505,7 +266,8 @@ au_close_time(au_kcontext_t *kctx, token_t *dchain, int flag, short e_type,
 	    sizeof (char) + 2 * sizeof (short) + sizeof (timestruc_t);
 
 	if (kctx->auk_hostaddr_valid)
-	    byte_count += sizeof (int32_t) + kctx->auk_info.ai_termid.at_type;
+		byte_count += sizeof (int32_t) +
+		    kctx->auk_info.ai_termid.at_type;
 
 	/*
 	 * add in size of zonename token (zero if !AUDIT_ZONENAME)
diff --git a/usr/src/uts/common/c2/audit_kernel.h b/usr/src/uts/common/c2/audit_kernel.h
index f214f0a040..27362de54d 100644
--- a/usr/src/uts/common/c2/audit_kernel.h
+++ b/usr/src/uts/common/c2/audit_kernel.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -309,7 +309,6 @@ struct au_kcontext {
 
 	struct audit_queue	auk_queue;
 
-	char			*auk_buffer;	/* auditsvc output */
 	au_dbuf_t		*auk_dbuffer;	/* auditdoor output */
 
 	au_stat_t		auk_statistics;
@@ -323,9 +322,9 @@ struct au_kcontext {
 	taskq_t			*auk_taskq;	/* output thread */
 
 	/* Only one audit svc per zone at a time */
+	/* With the elimination of auditsvc, can this also go? see 6648414 */
 	kmutex_t 		auk_svc_lock;
-	/* 1 during auditsvc, 2 during auditdoor */
-	int			auk_svc_busy;
+
 	au_state_t		auk_ets[MAX_KEVENTS + 1];
 };
 #ifndef AUK_CONTEXT_T
diff --git a/usr/src/uts/common/c2/audit_kevents.h b/usr/src/uts/common/c2/audit_kevents.h
index dbb7323185..48b858fe17 100644
--- a/usr/src/uts/common/c2/audit_kevents.h
+++ b/usr/src/uts/common/c2/audit_kevents.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -172,7 +172,7 @@ extern "C" {
 #define	AUE_SETAUDIT		133	/* =aa setaudit(2) */
 #define	AUE_GETUSERAUDIT	134	/* =no getuseraudit(2) */
 #define	AUE_SETUSERAUDIT	135	/* =no setuseraudit(2) */
-#define	AUE_AUDITSVC		136	/* =as auditsvc(2) */
+/* 				136	    OBSOLETE */
 /*				137	    OBSOLETE */
 #define	AUE_AUDITON		138	/* =no auditon(2) */
 #define	AUE_AUDITON_GTERMID	139	/* =no auditctl(2): GETTERMID */
diff --git a/usr/src/uts/common/c2/audit_record.h b/usr/src/uts/common/c2/audit_record.h
index 0e35036e2d..9ccc29a78d 100644
--- a/usr/src/uts/common/c2/audit_record.h
+++ b/usr/src/uts/common/c2/audit_record.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -314,7 +314,6 @@ void	au_zone_setup();
 void	au_enqueue(au_kcontext_t *, au_buff_t *, adr_t *, adr_t *, int, int);
 int	au_doorio(au_kcontext_t *);
 int	au_doormsg(au_kcontext_t *, uint32_t, void *);
-int	au_doio(struct vnode *, int);
 int	au_token_size(token_t *);
 int	au_append_rec(au_buff_t *, au_buff_t *, int);
 int	au_append_buf(const char *, int, au_buff_t *);
diff --git a/usr/src/uts/common/c2/audit_syscalls.c b/usr/src/uts/common/c2/audit_syscalls.c
index 296577fef4..1cc44b0bbf 100644
--- a/usr/src/uts/common/c2/audit_syscalls.c
+++ b/usr/src/uts/common/c2/audit_syscalls.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -85,7 +85,6 @@ static int	getaudit_addr(caddr_t, int);
 static int	setaudit(caddr_t);
 static int	setaudit_addr(caddr_t, int);
 static int	auditdoor(int);
-static int	auditsvc(int, int);
 static int	auditctl(int, caddr_t, int);
 static int	audit_modsysent(char *, int, int (*)());
 static void	au_output_thread();
@@ -131,9 +130,8 @@ _init()
 	 *  create an rw_lock.
 	 */
 
-	if ((audit_modsysent("c2audit",
-		SE_LOADABLE|SE_NOUNLOAD,
-		_auditsys)) == -1)
+	if ((audit_modsysent("c2audit", SE_LOADABLE|SE_NOUNLOAD,
+	    _auditsys)) == -1)
 		return (-1);
 
 	if ((retval = mod_install(&modlinkage)) != 0)
@@ -189,9 +187,6 @@ _auditsys(struct auditcalls *uap, rval_t *rvp)
 	case BSM_AUDIT:
 		result = audit((caddr_t)uap->a1, (int)uap->a2);
 		break;
-	case BSM_AUDITSVC:
-		result = auditsvc((int)uap->a1, (int)uap->a2);
-		break;
 	case BSM_AUDITDOOR:
 		result = auditdoor((int)uap->a1);
 		break;
@@ -412,7 +407,7 @@ setaudit(caddr_t info_p)
 	/* only convert to 64 bit if coming from a 32 bit binary */
 	if (model == DATAMODEL_ILP32)
 		ainfo->ai_termid.at_port =
-			DEVEXPL(STRUCT_FGET(info, ai_termid.port));
+		    DEVEXPL(STRUCT_FGET(info, ai_termid.port));
 	else
 		ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.port);
 #else
@@ -480,7 +475,7 @@ setaudit_addr(caddr_t info_p, int len)
 	/* only convert to 64 bit if coming from a 32 bit binary */
 	if (model == DATAMODEL_ILP32)
 		ainfo->ai_termid.at_port =
-			DEVEXPL(STRUCT_FGET(info, ai_termid.at_port));
+		    DEVEXPL(STRUCT_FGET(info, ai_termid.at_port));
 	else
 		ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
 #else
@@ -490,7 +485,7 @@ setaudit_addr(caddr_t info_p, int len)
 	bzero(&ainfo->ai_termid.at_addr[0], sizeof (ainfo->ai_termid.at_addr));
 	for (i = 0; i < (type/sizeof (int)); i++)
 		ainfo->ai_termid.at_addr[i] =
-			STRUCT_FGET(info, ai_termid.at_addr[i]);
+		    STRUCT_FGET(info, ai_termid.at_addr[i]);
 
 	if (ainfo->ai_termid.at_type == AU_IPv6 &&
 	    IN6_IS_ADDR_V4MAPPED(((in6_addr_t *)ainfo->ai_termid.at_addr))) {
@@ -574,11 +569,10 @@ audit(caddr_t record, int length)
 			n = m;
 		}
 		l = MIN(count, AU_BUFSIZE);
-		if (copyin(record, memtod(m, caddr_t),
-			(size_t)l)) {
-				/* copyin failed release au_membuf */
-				au_free_rec(s);
-				return (EFAULT);
+		if (copyin(record, memtod(m, caddr_t), (size_t)l)) {
+			/* copyin failed release au_membuf */
+			au_free_rec(s);
+			return (EFAULT);
 		}
 		record += l;
 		count -= l;
@@ -748,7 +742,6 @@ auditdoor(int fd)
 {
 	struct file	*fp;
 	struct vnode	*vp;
-	int		error = 0;
 	int		do_create = 0;
 	au_kcontext_t	*kctx;
 
@@ -761,35 +754,18 @@ auditdoor(int fd)
 	kctx = GET_KCTX_NGZ;
 
 	/*
-	 * Prevent a second audit daemon from running this code.
-	 * auk_svc_busy == 2 until the output thread terminates.
-	 * Multiple calls to auditdoor() are valid but a call
-	 * to auditsvc() while au_output_thread() is running
-	 * or a call to auditdoor() while auditsvc is running
-	 * is blocked.
-	 */
-	mutex_enter(&(kctx->auk_svc_lock));
-	if (kctx->auk_svc_busy == 1) {		/* active auditsvc? */
-		mutex_exit(&(kctx->auk_svc_lock));
-		return (EBUSY);
-	}
-	kctx->auk_svc_busy = 2;
-	mutex_exit(&(kctx->auk_svc_lock));
-	/*
 	 * convert file pointer to file descriptor
 	 *   Note: fd ref count incremented here.
 	 */
 	if ((fp = (struct file *)getf(fd)) == NULL) {
-		error = EBADF;
-		goto svc_exit;
+		return (EBADF);
 	}
 	vp = fp->f_vnode;
 	if (vp->v_type != VDOOR) {
 		cmn_err(CE_WARN,
 		    "auditdoor() did not get the expected door descriptor\n");
-		error = EINVAL;
 		releasef(fd);
-		goto svc_exit;
+		return (EINVAL);
 	}
 	/*
 	 * If the output thread is already running, then replace the
@@ -820,13 +796,7 @@ auditdoor(int fd)
 		    (task_func_t *)au_output_thread,
 		    kctx, TQ_SLEEP);
 	}
-svc_exit:
-	if (error) {
-		mutex_enter(&(kctx->auk_svc_lock));
-		kctx->auk_svc_busy = 2;
-		mutex_exit(&(kctx->auk_svc_lock));
-	}
-	return (error);
+	return (0);
 }
 
 /*
@@ -878,37 +848,42 @@ au_output_thread(au_kcontext_t *kctx)
 	 */
 
 	while (!error) {
-	    if (kctx->auk_auditstate == AUC_AUDITING) {
-		mutex_enter(&(kctx->auk_queue.lock));
-		while (kctx->auk_queue.head == NULL) {
-		    /* safety check. kick writer awake */
-		    if (kctx->auk_queue.wt_block)
-			cv_broadcast(&(kctx->auk_queue.write_cv));
-
-		    kctx->auk_queue.rd_block = 1;
-		    AS_INC(as_rblocked, 1, kctx);
-
-		    cv_wait(&(kctx->auk_queue.read_cv),
-			&(kctx->auk_queue.lock));
-
-		    kctx->auk_queue.rd_block = 0;
-
-		    if (kctx->auk_auditstate != AUC_AUDITING) {
+		if (kctx->auk_auditstate == AUC_AUDITING) {
+			mutex_enter(&(kctx->auk_queue.lock));
+			while (kctx->auk_queue.head == NULL) {
+				/* safety check. kick writer awake */
+				if (kctx->auk_queue.wt_block) {
+					cv_broadcast(&(kctx->
+					    auk_queue.write_cv));
+				}
+
+				kctx->auk_queue.rd_block = 1;
+				AS_INC(as_rblocked, 1, kctx);
+
+				cv_wait(&(kctx->auk_queue.read_cv),
+				    &(kctx->auk_queue.lock));
+				kctx->auk_queue.rd_block = 0;
+
+				if (kctx->auk_auditstate != AUC_AUDITING) {
+					mutex_exit(&(kctx->auk_queue.lock));
+					(void) timeout(audit_dont_stop, kctx,
+					    au_resid);
+					goto output_exit;
+				}
+				kctx->auk_queue.rd_block = 0;
+			}
 			mutex_exit(&(kctx->auk_queue.lock));
-			(void) timeout(audit_dont_stop, kctx, au_resid);
-			goto output_exit;
-		    }
-		    kctx->auk_queue.rd_block = 0;
-		}
-		mutex_exit(&(kctx->auk_queue.lock));
-		/*
-		 * au_doorio() calls au_door_upcall which holds auk_svc_lock;
-		 * au_doorio empties the queue before returning.
-		 */
+			/*
+			 * au_doorio() calls au_door_upcall which holds
+			 * auk_svc_lock; au_doorio empties the queue before
+			 * returning.
+			 */
 
-		error = au_doorio(kctx);
-	    } else	/* auditing turned off while we slept */
-		break;
+			error = au_doorio(kctx);
+		} else {
+			/* auditing turned off while we slept */
+			break;
+		}
 	}
 output_exit:
 	mutex_enter(&(kctx->auk_svc_lock));
@@ -917,7 +892,6 @@ output_exit:
 	kctx->auk_current_vp = NULL;
 
 	kctx->auk_output_active = 0;
-	kctx->auk_svc_busy = 0;
 
 	mutex_exit(&(kctx->auk_svc_lock));
 }
@@ -1067,12 +1041,13 @@ getkaudit(caddr_t info_p, int len)
 			return (EOVERFLOW);
 		}
 		STRUCT_FSET(info, ai_termid.at_port, dev);
-	} else
+	} else {
 		STRUCT_FSET(info, ai_termid.at_port,
-			kctx->auk_info.ai_termid.at_port);
+		    kctx->auk_info.ai_termid.at_port);
+	}
 #else
 	STRUCT_FSET(info, ai_termid.at_port,
-		kctx->auk_info.ai_termid.at_port);
+	    kctx->auk_info.ai_termid.at_port);
 #endif
 	STRUCT_FSET(info, ai_termid.at_type,
 	    kctx->auk_info.ai_termid.at_type);
@@ -1129,16 +1104,16 @@ setkaudit(caddr_t info_p, int len)
 	/* only convert to 64 bit if coming from a 32 bit binary */
 	if (model == DATAMODEL_ILP32)
 		kctx->auk_info.ai_termid.at_port =
-			DEVEXPL(STRUCT_FGET(info, ai_termid.at_port));
+		    DEVEXPL(STRUCT_FGET(info, ai_termid.at_port));
 	else
 		kctx->auk_info.ai_termid.at_port =
-			STRUCT_FGET(info, ai_termid.at_port);
+		    STRUCT_FGET(info, ai_termid.at_port);
 #else
 	kctx->auk_info.ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
 #endif
 	kctx->auk_info.ai_termid.at_type = STRUCT_FGET(info, ai_termid.at_type);
 	bzero(&kctx->auk_info.ai_termid.at_addr[0],
-		sizeof (kctx->auk_info.ai_termid.at_addr));
+	    sizeof (kctx->auk_info.ai_termid.at_addr));
 	kctx->auk_info.ai_termid.at_addr[0] =
 	    STRUCT_FGET(info, ai_termid.at_addr[0]);
 	kctx->auk_info.ai_termid.at_addr[1] =
@@ -1970,122 +1945,6 @@ auditctl(
 	return (result);
 }
 
-/*
- * auditsvc was EOL'd effective Sol 10
- */
-static int
-auditsvc(int fd, int limit)
-{
-	struct file *fp;
-	struct vnode *vp;
-	int error = 0;
-	au_kcontext_t	*kctx;
-
-	if (secpolicy_audit_config(CRED()) != 0)
-		return (EPERM);
-
-	if (!INGLOBALZONE(curproc))
-		return (EINVAL);
-
-	kctx = GET_KCTX_GZ;
-
-	if (limit < 0 ||
-	    (!(kctx->auk_auditstate == AUC_AUDITING ||
-	    kctx->auk_auditstate == AUC_NOSPACE)))
-		return (EINVAL);
-
-	/*
-	 * Prevent a second audit daemon from running this code
-	 */
-	mutex_enter(&(kctx->auk_svc_lock));
-	if (kctx->auk_svc_busy) {
-		mutex_exit(&(kctx->auk_svc_lock));
-		return (EBUSY);
-	}
-	kctx->auk_svc_busy = 1;
-	mutex_exit(&(kctx->auk_svc_lock));
-
-	/*
-	 * convert file pointer to file descriptor
-	 *   Note: fd ref count incremented here.
-	 */
-	if ((fp = (struct file *)getf(fd)) == NULL) {
-		mutex_enter(&(kctx->auk_svc_lock));
-		kctx->auk_svc_busy = 0;
-		mutex_exit(&(kctx->auk_svc_lock));
-		return (EBADF);
-	}
-
-	vp = fp->f_vnode;
-
-	kctx->auk_file_stat.af_currsz = 0;
-
-	/*
-	 * Wait for work, until a signal arrives,
-	 * or until auditing is disabled.
-	 */
-	while (!error) {
-	    if (kctx->auk_auditstate == AUC_AUDITING) {
-		mutex_enter(&(kctx->auk_queue.lock));
-		    /* nothing on the audit queue */
-		while (kctx->auk_queue.head == NULL) {
-			/* safety check. kick writer awake */
-		    if (kctx->auk_queue.wt_block)
-			cv_broadcast(&(kctx->auk_queue.write_cv));
-			/* sleep waiting for things to to */
-		    kctx->auk_queue.rd_block = 1;
-		    AS_INC(as_rblocked, 1, kctx);
-		    if (!cv_wait_sig(&(kctx->auk_queue.read_cv),
-			&(kctx->auk_queue.lock))) {
-				/* interrupted system call */
-			kctx->auk_queue.rd_block = 0;
-			mutex_exit(&(kctx->auk_queue.lock));
-			error = ((kctx->auk_auditstate == AUC_AUDITING) ||
-			    (kctx->auk_auditstate == AUC_NOSPACE)) ?
-			    EINTR : EINVAL;
-			mutex_enter(&(kctx->auk_svc_lock));
-			kctx->auk_svc_busy = 0;
-			mutex_exit(&(kctx->auk_svc_lock));
-
-		/* decrement file descriptor reference count */
-			releasef(fd);
-			(void) timeout(audit_dont_stop, kctx, au_resid);
-			return (error);
-		    }
-		    kctx->auk_queue.rd_block = 0;
-		}
-		mutex_exit(&(kctx->auk_queue.lock));
-
-			/* do as much as we can */
-		error = au_doio(vp, limit);
-
-		/* if we ran out of space, be sure to fire off timeout */
-		if (error == ENOSPC)
-			(void) timeout(audit_dont_stop, kctx, au_resid);
-
-	    } else	/* auditing turned off while we slept */
-		    break;
-	}
-
-	/*
-	 * decrement file descriptor reference count
-	 */
-	releasef(fd);
-
-	/*
-	 * If auditing has been disabled quit processing
-	 */
-	if (!(kctx->auk_auditstate == AUC_AUDITING ||
-	    kctx->auk_auditstate == AUC_NOSPACE))
-		error = EINVAL;
-
-	mutex_enter(&(kctx->auk_svc_lock));
-	kctx->auk_svc_busy = 0;
-	mutex_exit(&(kctx->auk_svc_lock));
-
-	return (error);
-}
-
 static int
 audit_modsysent(char *modname, int flags, int (*func)())
 {
diff --git a/usr/src/uts/common/c2/audit_zone.c b/usr/src/uts/common/c2/audit_zone.c
index c93fa90760..a0ba4385f8 100644
--- a/usr/src/uts/common/c2/audit_zone.c
+++ b/usr/src/uts/common/c2/audit_zone.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -80,8 +80,6 @@ au_zone_init(zoneid_t zone)
 	/* door IO buffer: */
 	kctx->auk_dbuffer =
 	    kmem_alloc(AU_DBUF_HEADER + kctx->auk_queue.bufsz, KM_SLEEP);
-	/* auditsvc buffer: */
-	kctx->auk_buffer = (char *)(kctx->auk_dbuffer + AU_DBUF_HEADER);
 
 	/* locks and cv's */
 
diff --git a/usr/src/uts/common/syscall/auditsys.c b/usr/src/uts/common/syscall/auditsys.c
index c74c775c7c..0adf54ed36 100644
--- a/usr/src/uts/common/syscall/auditsys.c
+++ b/usr/src/uts/common/syscall/auditsys.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -52,7 +52,6 @@ auditsys(struct auditcalls *uap, rval_t *rvp)
 	case BSM_GETAUDIT:
 	case BSM_SETAUDIT:
 	case BSM_AUDIT:
-	case BSM_AUDITSVC:
 		return (0);
 	case BSM_AUDITCTL:
 	case BSM_AUDITON: