audit_private.h (159261) | audit_private.h (159269) |
---|---|
1/* 2 * Copyright (c) 1999-2005 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 12 unchanged lines hidden (view full) --- 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 * | 1/* 2 * Copyright (c) 1999-2005 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 12 unchanged lines hidden (view full) --- 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 * |
29 * $FreeBSD: head/sys/security/audit/audit_private.h 159261 2006-06-05 13:43:57Z rwatson $ | 29 * $FreeBSD: head/sys/security/audit/audit_private.h 159269 2006-06-05 14:48:17Z rwatson $ |
30 */ 31 32/* 33 * This include file contains function prototypes and type definitions used 34 * within the audit implementation. 35 */ 36 37#ifndef _SECURITY_AUDIT_PRIVATE_H_ --- 41 unchanged lines hidden (view full) --- 79 * Success/failure conditions for the conversion of a kernel audit record to 80 * BSM format. 81 */ 82#define BSM_SUCCESS 0 83#define BSM_FAILURE 1 84#define BSM_NOAUDIT 2 85 86/* | 30 */ 31 32/* 33 * This include file contains function prototypes and type definitions used 34 * within the audit implementation. 35 */ 36 37#ifndef _SECURITY_AUDIT_PRIVATE_H_ --- 41 unchanged lines hidden (view full) --- 79 * Success/failure conditions for the conversion of a kernel audit record to 80 * BSM format. 81 */ 82#define BSM_SUCCESS 0 83#define BSM_FAILURE 1 84#define BSM_NOAUDIT 2 85 86/* |
87 * Defines for the kernel audit record k_ar_commit field. | 87 * Defines for the kernel audit record k_ar_commit field. Flags are set to 88 * indicate what sort of record it is, and which preselection mechanism 89 * selected it. |
88 */ 89#define AR_COMMIT_KERNEL 0x00000001U 90#define AR_COMMIT_USER 0x00000010U 91 | 90 */ 91#define AR_COMMIT_KERNEL 0x00000001U 92#define AR_COMMIT_USER 0x00000010U 93 |
94#define AR_PRESELECT_TRAIL 0x00001000U 95#define AR_PRESELECT_PIPE 0x00002000U 96 |
|
92/* 93 * Audit data is generated as a stream of struct audit_record structures, 94 * linked by struct kaudit_record, and contain storage for possible audit so 95 * that it will not need to be allocated during the processing of a system 96 * call, both improving efficiency and avoiding sleeping at untimely moments. 97 * This structure is converted to BSM format before being written to disk. 98 */ 99struct vnode_au_info { --- 191 unchanged lines hidden (view full) --- 291 * kernel implementations in order to save the copying of large kernel data 292 * structures. The prototypes of these functions are declared here. 293 */ 294token_t *kau_to_socket(struct socket_au_info *soi); 295 296/* 297 * audit_klib prototypes 298 */ | 97/* 98 * Audit data is generated as a stream of struct audit_record structures, 99 * linked by struct kaudit_record, and contain storage for possible audit so 100 * that it will not need to be allocated during the processing of a system 101 * call, both improving efficiency and avoiding sleeping at untimely moments. 102 * This structure is converted to BSM format before being written to disk. 103 */ 104struct vnode_au_info { --- 191 unchanged lines hidden (view full) --- 296 * kernel implementations in order to save the copying of large kernel data 297 * structures. The prototypes of these functions are declared here. 298 */ 299token_t *kau_to_socket(struct socket_au_info *soi); 300 301/* 302 * audit_klib prototypes 303 */ |
299int au_preselect(au_event_t event, au_mask_t *mask_p, int sorf); | 304int au_preselect(au_event_t event, au_class_t class, 305 au_mask_t *mask_p, int sorf); |
300au_event_t flags_and_error_to_openevent(int oflags, int error); 301void au_evclassmap_init(void); 302void au_evclassmap_insert(au_event_t event, au_class_t class); 303au_class_t au_event_class(au_event_t event); 304au_event_t ctlname_to_sysctlevent(int name[], uint64_t valid_arg); 305int auditon_command_event(int cmd); 306int msgctl_to_event(int cmd); 307int semctl_to_event(int cmr); --- 14 unchanged lines hidden (view full) --- 322void audit_shutdown(void *arg, int howto); 323void audit_rotate_vnode(struct ucred *cred, 324 struct vnode *vp); 325void audit_worker_init(void); 326 327/* 328 * Audit pipe functions. 329 */ | 306au_event_t flags_and_error_to_openevent(int oflags, int error); 307void au_evclassmap_init(void); 308void au_evclassmap_insert(au_event_t event, au_class_t class); 309au_class_t au_event_class(au_event_t event); 310au_event_t ctlname_to_sysctlevent(int name[], uint64_t valid_arg); 311int auditon_command_event(int cmd); 312int msgctl_to_event(int cmd); 313int semctl_to_event(int cmr); --- 14 unchanged lines hidden (view full) --- 328void audit_shutdown(void *arg, int howto); 329void audit_rotate_vnode(struct ucred *cred, 330 struct vnode *vp); 331void audit_worker_init(void); 332 333/* 334 * Audit pipe functions. 335 */ |
330void audit_pipe_submit(void *record, u_int record_len); | 336int audit_pipe_preselect(au_id_t auid, au_event_t event, 337 au_class_t class, int sorf, int trail_select); 338void audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, 339 int sorf, int trail_select, void *record, u_int record_len); 340void audit_pipe_submit_user(void *record, u_int record_len); |
331 332#endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */ | 341 342#endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */ |