Lines Matching refs:ar
59 static void audit_sys_auditon(struct audit_record *ar,
183 * XXXAUDIT: These macros assume that 'kar', 'ar', 'rec', and 'tok' in the
188 tok = au_to_arg32(argnum, "at fd 1", ar->ar_arg_atfd1); \
195 tok = au_to_arg32(argnum, "at fd 2", ar->ar_arg_atfd2); \
202 tok = au_to_path(ar->ar_arg_upath1); \
209 tok = au_to_path(ar->ar_arg_upath2); \
216 tok = au_to_arg32(1, "at fd", ar->ar_arg_atfd); \
220 tok = au_to_attr32(&ar->ar_arg_vnode1); \
228 tok = au_to_attr32(&ar->ar_arg_vnode1); \
235 tok = au_to_attr32(&ar->ar_arg_vnode2); \
243 tok = au_to_arg32(1, "fd", ar->ar_arg_fd); \
246 tok = au_to_attr32(&ar->ar_arg_vnode1); \
251 ar->ar_arg_fd); \
258 if ((ar->ar_arg_pid > 0) /* Reference a single process */ \
260 tok = au_to_process32_ex(ar->ar_arg_auid, \
261 ar->ar_arg_euid, ar->ar_arg_egid, \
262 ar->ar_arg_ruid, ar->ar_arg_rgid, \
263 ar->ar_arg_pid, ar->ar_arg_asid, \
264 &ar->ar_arg_termid_addr); \
267 tok = au_to_arg32(argn, "process", ar->ar_arg_pid); \
274 switch (ar->ar_arg_value) { \
283 "attrnamespace", ar->ar_arg_value); \
290 tok = au_to_text(ar->ar_arg_text); \
304 (uint32_t)(uintptr_t)ar->ar_arg_addr); \
307 (uint64_t)(uintptr_t)ar->ar_arg_addr); \
319 audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
323 tok = au_to_arg32(3, "length", ar->ar_arg_len);
325 switch (ar->ar_arg_cmd) {
327 if ((size_t)ar->ar_arg_len == sizeof(int64_t)) {
329 ar->ar_arg_auditon.au_policy64);
336 tok = au_to_arg32(2, "policy", ar->ar_arg_auditon.au_policy);
342 ar->ar_arg_auditon.au_mask.am_success);
345 ar->ar_arg_auditon.au_mask.am_failure);
350 if ((size_t)ar->ar_arg_len == sizeof(au_qctrl64_t)) {
352 ar->ar_arg_auditon.au_qctrl64.aq64_hiwater);
355 ar->ar_arg_auditon.au_qctrl64.aq64_lowater);
358 ar->ar_arg_auditon.au_qctrl64.aq64_bufsz);
361 ar->ar_arg_auditon.au_qctrl64.aq64_delay);
364 ar->ar_arg_auditon.au_qctrl64.aq64_minfree);
372 ar->ar_arg_auditon.au_qctrl.aq_hiwater);
375 ar->ar_arg_auditon.au_qctrl.aq_lowater);
378 ar->ar_arg_auditon.au_qctrl.aq_bufsz);
381 ar->ar_arg_auditon.au_qctrl.aq_delay);
384 ar->ar_arg_auditon.au_qctrl.aq_minfree);
390 ar->ar_arg_auditon.au_auinfo.ai_mask.am_success);
393 ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure);
399 ar->ar_arg_auditon.au_auinfo.ai_mask.am_success);
402 ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure);
407 if ((size_t)ar->ar_arg_len == sizeof(int64_t)) {
409 ar->ar_arg_auditon.au_cond64);
416 tok = au_to_arg32(2, "setcond", ar->ar_arg_auditon.au_cond);
422 ar->ar_arg_auditon.au_evclass.ec_number);
425 ar->ar_arg_auditon.au_evclass.ec_class);
431 ar->ar_arg_auditon.au_aupinfo.ap_mask.am_success);
434 ar->ar_arg_auditon.au_aupinfo.ap_mask.am_failure);
440 ar->ar_arg_auditon.au_fstat.af_filesz);
465 struct audit_record *ar;
471 ar = &kar->k_ar;
478 if (ar->ar_jailname[0] != '\0')
479 jail_tok = au_to_zonename(ar->ar_jailname);
482 switch (ar->ar_subj_term_addr.at_type) {
484 tid.port = ar->ar_subj_term_addr.at_port;
485 tid.machine = ar->ar_subj_term_addr.at_addr[0];
486 subj_tok = au_to_subject32(ar->ar_subj_auid, /* audit ID */
487 ar->ar_subj_cred.cr_uid, /* eff uid */
488 ar->ar_subj_egid, /* eff group id */
489 ar->ar_subj_ruid, /* real uid */
490 ar->ar_subj_rgid, /* real group id */
491 ar->ar_subj_pid, /* process id */
492 ar->ar_subj_asid, /* session ID */
496 subj_tok = au_to_subject32_ex(ar->ar_subj_auid,
497 ar->ar_subj_cred.cr_uid,
498 ar->ar_subj_egid,
499 ar->ar_subj_ruid,
500 ar->ar_subj_rgid,
501 ar->ar_subj_pid,
502 ar->ar_subj_asid,
503 &ar->ar_subj_term_addr);
507 subj_tok = au_to_subject32(ar->ar_subj_auid,
508 ar->ar_subj_cred.cr_uid,
509 ar->ar_subj_egid,
510 ar->ar_subj_ruid,
511 ar->ar_subj_rgid,
512 ar->ar_subj_pid,
513 ar->ar_subj_asid,
523 switch(ar->ar_event) {
539 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
544 &ar->ar_arg_sockaddr);
549 &ar->ar_arg_sockaddr);
560 tok = au_to_arg32(2, "fd", ar->ar_arg_fd);
565 &ar->ar_arg_sockaddr);
575 ar->ar_arg_sockinfo.so_domain);
578 ar->ar_arg_sockinfo.so_type);
581 ar->ar_arg_sockinfo.so_protocol);
589 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
605 tok = au_to_arg32(2, "setauid", ar->ar_arg_auid);
616 ar->ar_arg_auid);
619 ar->ar_arg_termid.port);
622 ar->ar_arg_termid.machine);
625 ar->ar_arg_amask.am_success);
628 ar->ar_arg_amask.am_failure);
631 ar->ar_arg_asid);
642 ar->ar_arg_auid);
645 ar->ar_arg_amask.am_success);
648 ar->ar_arg_amask.am_failure);
651 ar->ar_arg_asid);
654 ar->ar_arg_termid_addr.at_type);
657 ar->ar_arg_termid_addr.at_port);
659 if (ar->ar_arg_termid_addr.at_type == AU_IPv6)
661 &ar->ar_arg_termid_addr.at_addr[0]);
662 if (ar->ar_arg_termid_addr.at_type == AU_IPv4)
664 &ar->ar_arg_termid_addr.at_addr[0]);
674 tok = au_to_arg32(1, "cmd", ar->ar_arg_cmd);
696 audit_sys_auditon(ar, rec);
705 tok = au_to_exit(ar->ar_arg_exitretval,
706 ar->ar_arg_exitstatus);
780 tok = au_to_arg32(2, "mode", ar->ar_arg_value);
794 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
804 ar->ar_arg_mode);
814 ar->ar_arg_mode);
823 tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid);
827 tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid);
836 tok = au_to_arg32(3, "new file uid", ar->ar_arg_uid);
840 tok = au_to_arg32(4, "new file gid", ar->ar_arg_gid);
853 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
861 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
868 tok = au_to_arg32(1, "signal", ar->ar_arg_signum);
877 tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
903 tok = au_to_arg32(2, "fd", ar->ar_arg_fd);
911 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
919 tok = au_to_exec_args(ar->ar_arg_argv,
920 ar->ar_arg_argc);
924 tok = au_to_exec_env(ar->ar_arg_envv,
925 ar->ar_arg_envc);
934 ar->ar_arg_mode);
965 tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid);
969 tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid);
978 au_fcntl_cmd_to_bsm(ar->ar_arg_cmd));
981 if (ar->ar_arg_cmd == F_GETLK || ar->ar_arg_cmd == F_SETLK ||
982 ar->ar_arg_cmd == F_SETLKW) {
989 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
997 tok = au_to_arg32(2, "operation", ar->ar_arg_cmd);
1005 tok = au_to_arg32(1, "flags", ar->ar_arg_fflags);
1013 tok = au_to_arg32(0, "child PID", ar->ar_arg_pid);
1020 tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
1027 tok = kau_to_socket(&ar->ar_arg_sockinfo);
1032 ar->ar_arg_fd);
1042 tok = au_to_arg32(2, "signal", ar->ar_arg_signum);
1050 tok = au_to_arg32(2, "ops", ar->ar_arg_cmd);
1054 tok = au_to_arg32(3, "trpoints", ar->ar_arg_value);
1082 tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
1092 tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
1096 tok = au_to_arg32(3, "dev", ar->ar_arg_dev);
1110 tok = au_to_arg32(2, "len", ar->ar_arg_len);
1113 if (ar->ar_event == AUE_MMAP)
1115 if (ar->ar_event == AUE_MPROTECT) {
1118 ar->ar_arg_value);
1122 if (ar->ar_event == AUE_MINHERIT) {
1125 ar->ar_arg_value);
1135 tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
1139 tok = au_to_text(ar->ar_arg_text);
1146 tok = au_to_arg32(1, "flags", ar->ar_arg_cmd);
1153 tok = au_to_arg32(2, "flags", ar->ar_arg_value);
1158 tok = au_to_text(ar->ar_arg_text);
1164 ar->ar_event = audit_msgctl_to_event(ar->ar_arg_svipc_cmd);
1169 tok = au_to_arg32(1, "msg ID", ar->ar_arg_svipc_id);
1171 if (ar->ar_errno != EINVAL) {
1172 tok = au_to_ipc(AT_IPC_MSG, ar->ar_arg_svipc_id);
1178 if (ar->ar_errno == 0) {
1181 ar->ar_arg_svipc_id);
1199 tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
1211 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1224 tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
1236 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1245 tok = au_to_arg32(1, "request", ar->ar_arg_cmd);
1249 tok = au_to_arg32(4, "data", ar->ar_arg_value);
1257 tok = au_to_arg32(2, "command", ar->ar_arg_cmd);
1261 tok = au_to_arg32(3, "uid", ar->ar_arg_uid);
1265 tok = au_to_arg32(3, "gid", ar->ar_arg_gid);
1273 tok = au_to_arg32(1, "howto", ar->ar_arg_cmd);
1279 ar->ar_event = audit_semctl_to_event(ar->ar_arg_svipc_cmd);
1284 tok = au_to_arg32(1, "sem ID", ar->ar_arg_svipc_id);
1286 if (ar->ar_errno != EINVAL) {
1288 ar->ar_arg_svipc_id);
1295 if (ar->ar_errno == 0) {
1298 ar->ar_arg_svipc_id);
1306 tok = au_to_arg32(1, "egid", ar->ar_arg_egid);
1313 tok = au_to_arg32(1, "euid", ar->ar_arg_euid);
1320 tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
1324 tok = au_to_arg32(2, "egid", ar->ar_arg_egid);
1331 tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
1335 tok = au_to_arg32(2, "euid", ar->ar_arg_euid);
1342 tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
1346 tok = au_to_arg32(2, "egid", ar->ar_arg_egid);
1350 tok = au_to_arg32(3, "sgid", ar->ar_arg_sgid);
1357 tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
1361 tok = au_to_arg32(2, "euid", ar->ar_arg_euid);
1365 tok = au_to_arg32(3, "suid", ar->ar_arg_suid);
1372 tok = au_to_arg32(1, "gid", ar->ar_arg_gid);
1379 tok = au_to_arg32(1, "uid", ar->ar_arg_uid);
1386 for(ctr = 0; ctr < ar->ar_arg_groups.gidset_size; ctr++)
1389 ar->ar_arg_groups.gidset[ctr]);
1397 tok = au_to_text(ar->ar_arg_text);
1404 tok = au_to_arg32(1, "which", ar->ar_arg_cmd);
1408 tok = au_to_arg32(2, "who", ar->ar_arg_uid);
1413 tok = au_to_arg32(3, "priority", ar->ar_arg_value);
1420 tok = au_to_arg32(1, "flag", ar->ar_arg_value);
1428 tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id);
1431 tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
1436 (int)(uintptr_t)ar->ar_arg_svipc_addr);
1440 tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
1447 tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id);
1450 tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
1453 switch (ar->ar_arg_svipc_cmd) {
1455 ar->ar_event = AUE_SHMCTL_STAT;
1458 ar->ar_event = AUE_SHMCTL_RMID;
1461 ar->ar_event = AUE_SHMCTL_SET;
1463 tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
1475 (int)(uintptr_t)ar->ar_arg_svipc_addr);
1483 tok = au_to_arg32(0, "shmid", ar->ar_arg_svipc_id);
1485 tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
1489 tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
1498 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1502 tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
1509 tok = au_to_text(ar->ar_arg_text);
1515 perm.uid = ar->ar_arg_pipc_perm.pipc_uid;
1516 perm.gid = ar->ar_arg_pipc_perm.pipc_gid;
1517 perm.cuid = ar->ar_arg_pipc_perm.pipc_uid;
1518 perm.cgid = ar->ar_arg_pipc_perm.pipc_gid;
1519 perm.mode = ar->ar_arg_pipc_perm.pipc_mode;
1529 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1533 tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
1537 tok = au_to_arg32(4, "value", ar->ar_arg_value);
1544 tok = au_to_text(ar->ar_arg_text);
1550 perm.uid = ar->ar_arg_pipc_perm.pipc_uid;
1551 perm.gid = ar->ar_arg_pipc_perm.pipc_gid;
1552 perm.cuid = ar->ar_arg_pipc_perm.pipc_uid;
1553 perm.cgid = ar->ar_arg_pipc_perm.pipc_gid;
1554 perm.mode = ar->ar_arg_pipc_perm.pipc_mode;
1564 tok = au_to_arg32(1, "sem", ar->ar_arg_fd);
1572 tok = au_to_text(ar->ar_arg_text);
1582 for (ctr = 0; ctr < ar->ar_arg_len; ctr++) {
1584 ar->ar_arg_ctlname[ctr]);
1589 tok = au_to_arg32(5, "newval", ar->ar_arg_value);
1593 tok = au_to_text(ar->ar_arg_text);
1600 tok = au_to_arg32(1, "new mask", ar->ar_arg_mask);
1603 tok = au_to_arg32(0, "prev mask", ar->ar_retval);
1610 tok = au_to_arg32(3, "options", ar->ar_arg_value);
1621 tok = au_to_rights(&ar->ar_arg_rights);
1631 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
1640 ar->ar_arg_fcntl_rights);
1652 ar->ar_event);
1667 tok = au_to_return32(au_errno_to_bsm(ar->ar_errno), ar->ar_retval);
1670 kau_close(rec, &ar->ar_endtime, ar->ar_event);