Lines Matching defs:ar
67 static void audit_sys_auditon(struct audit_record *ar,
192 * XXXAUDIT: These macros assume that 'kar', 'ar', 'rec', and 'tok' in the
197 tok = au_to_arg32(argnum, "at fd 1", ar->ar_arg_atfd1); \
204 tok = au_to_arg32(argnum, "at fd 2", ar->ar_arg_atfd2); \
211 tok = au_to_path(ar->ar_arg_upath1); \
218 tok = au_to_path(ar->ar_arg_upath2); \
225 tok = au_to_arg32(1, "at fd", ar->ar_arg_atfd); \
229 tok = au_to_attr32(&ar->ar_arg_vnode1); \
237 tok = au_to_attr32(&ar->ar_arg_vnode1); \
244 tok = au_to_attr32(&ar->ar_arg_vnode2); \
252 tok = au_to_arg32(1, "fd", ar->ar_arg_fd); \
255 tok = au_to_attr32(&ar->ar_arg_vnode1); \
260 ar->ar_arg_fd); \
267 if ((ar->ar_arg_pid > 0) /* Reference a single process */ \
269 tok = au_to_process32_ex(ar->ar_arg_auid, \
270 ar->ar_arg_euid, ar->ar_arg_egid, \
271 ar->ar_arg_ruid, ar->ar_arg_rgid, \
272 ar->ar_arg_pid, ar->ar_arg_asid, \
273 &ar->ar_arg_termid_addr); \
276 tok = au_to_arg32(argn, "process", ar->ar_arg_pid); \
283 switch (ar->ar_arg_value) { \
292 "attrnamespace", ar->ar_arg_value); \
299 tok = au_to_text(ar->ar_arg_text); \
313 (uint32_t)(uintptr_t)ar->ar_arg_addr); \
316 (uint64_t)(uintptr_t)ar->ar_arg_addr); \
327 audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
331 tok = au_to_arg32(3, "length", ar->ar_arg_len);
333 switch (ar->ar_arg_cmd) {
335 if ((size_t)ar->ar_arg_len == sizeof(int64_t)) {
337 ar->ar_arg_auditon.au_policy64);
344 tok = au_to_arg32(2, "policy", ar->ar_arg_auditon.au_policy);
350 ar->ar_arg_auditon.au_mask.am_success);
353 ar->ar_arg_auditon.au_mask.am_failure);
358 if ((size_t)ar->ar_arg_len == sizeof(au_qctrl64_t)) {
360 ar->ar_arg_auditon.au_qctrl64.aq64_hiwater);
363 ar->ar_arg_auditon.au_qctrl64.aq64_lowater);
366 ar->ar_arg_auditon.au_qctrl64.aq64_bufsz);
369 ar->ar_arg_auditon.au_qctrl64.aq64_delay);
372 ar->ar_arg_auditon.au_qctrl64.aq64_minfree);
380 ar->ar_arg_auditon.au_qctrl.aq_hiwater);
383 ar->ar_arg_auditon.au_qctrl.aq_lowater);
386 ar->ar_arg_auditon.au_qctrl.aq_bufsz);
389 ar->ar_arg_auditon.au_qctrl.aq_delay);
392 ar->ar_arg_auditon.au_qctrl.aq_minfree);
398 ar->ar_arg_auditon.au_auinfo.ai_mask.am_success);
401 ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure);
407 ar->ar_arg_auditon.au_auinfo.ai_mask.am_success);
410 ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure);
415 if ((size_t)ar->ar_arg_len == sizeof(int64_t)) {
417 ar->ar_arg_auditon.au_cond64);
424 tok = au_to_arg32(2, "setcond", ar->ar_arg_auditon.au_cond);
430 ar->ar_arg_auditon.au_evclass.ec_number);
433 ar->ar_arg_auditon.au_evclass.ec_class);
439 ar->ar_arg_auditon.au_aupinfo.ap_mask.am_success);
442 ar->ar_arg_auditon.au_aupinfo.ap_mask.am_failure);
448 ar->ar_arg_auditon.au_fstat.af_filesz);
473 struct audit_record *ar;
479 ar = &kar->k_ar;
486 if (ar->ar_jailname[0] != '\0')
487 jail_tok = au_to_zonename(ar->ar_jailname);
490 switch (ar->ar_subj_term_addr.at_type) {
492 tid.port = ar->ar_subj_term_addr.at_port;
493 tid.machine = ar->ar_subj_term_addr.at_addr[0];
494 subj_tok = au_to_subject32(ar->ar_subj_auid, /* audit ID */
495 ar->ar_subj_cred.cr_uid, /* eff uid */
496 ar->ar_subj_egid, /* eff group id */
497 ar->ar_subj_ruid, /* real uid */
498 ar->ar_subj_rgid, /* real group id */
499 ar->ar_subj_pid, /* process id */
500 ar->ar_subj_asid, /* session ID */
504 subj_tok = au_to_subject32_ex(ar->ar_subj_auid,
505 ar->ar_subj_cred.cr_uid,
506 ar->ar_subj_egid,
507 ar->ar_subj_ruid,
508 ar->ar_subj_rgid,
509 ar->ar_subj_pid,
510 ar->ar_subj_asid,
511 &ar->ar_subj_term_addr);
515 subj_tok = au_to_subject32(ar->ar_subj_auid,
516 ar->ar_subj_cred.cr_uid,
517 ar->ar_subj_egid,
518 ar->ar_subj_ruid,
519 ar->ar_subj_rgid,
520 ar->ar_subj_pid,
521 ar->ar_subj_asid,
531 switch(ar->ar_event) {
534 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
539 &ar->ar_arg_sockaddr);
544 &ar->ar_arg_sockaddr);
563 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
568 &ar->ar_arg_sockaddr);
573 &ar->ar_arg_sockaddr);
584 tok = au_to_arg32(2, "fd", ar->ar_arg_fd);
589 &ar->ar_arg_sockaddr);
599 &ar->ar_arg_sockaddr);
604 &ar->ar_arg_sockaddr);
615 ar->ar_arg_sockinfo.so_domain);
618 ar->ar_arg_sockinfo.so_type);
621 ar->ar_arg_sockinfo.so_protocol);
629 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
645 tok = au_to_arg32(2, "setauid", ar->ar_arg_auid);
656 ar->ar_arg_auid);
659 ar->ar_arg_termid.port);
662 ar->ar_arg_termid.machine);
665 ar->ar_arg_amask.am_success);
668 ar->ar_arg_amask.am_failure);
671 ar->ar_arg_asid);
682 ar->ar_arg_auid);
685 ar->ar_arg_amask.am_success);
688 ar->ar_arg_amask.am_failure);
691 ar->ar_arg_asid);
694 ar->ar_arg_termid_addr.at_type);
697 ar->ar_arg_termid_addr.at_port);
699 if (ar->ar_arg_termid_addr.at_type == AU_IPv6)
701 &ar->ar_arg_termid_addr.at_addr[0]);
702 if (ar->ar_arg_termid_addr.at_type == AU_IPv4)
704 &ar->ar_arg_termid_addr.at_addr[0]);
714 tok = au_to_arg32(1, "cmd", ar->ar_arg_cmd);
736 audit_sys_auditon(ar, rec);
745 tok = au_to_exit(ar->ar_arg_exitretval,
746 ar->ar_arg_exitstatus);
798 tok = au_to_arg32(1, "type", ar->ar_arg_value);
857 tok = au_to_arg32(2, "mode", ar->ar_arg_value);
872 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
882 ar->ar_arg_mode);
892 ar->ar_arg_mode);
901 tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid);
905 tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid);
914 tok = au_to_arg32(3, "new file uid", ar->ar_arg_uid);
918 tok = au_to_arg32(4, "new file gid", ar->ar_arg_gid);
931 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
939 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
946 tok = au_to_arg32(1, "lowfd", ar->ar_arg_fd);
950 tok = au_to_arg32(2, "highfd", ar->ar_arg_cmd);
954 tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
961 tok = au_to_arg32(1, "signal", ar->ar_arg_signum);
970 tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
996 tok = au_to_arg32(2, "fd", ar->ar_arg_fd);
1004 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
1012 tok = au_to_exec_args(ar->ar_arg_argv,
1013 ar->ar_arg_argc);
1017 tok = au_to_exec_env(ar->ar_arg_envv,
1018 ar->ar_arg_envc);
1027 ar->ar_arg_mode);
1059 tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid);
1063 tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid);
1072 au_fcntl_cmd_to_bsm(ar->ar_arg_cmd));
1080 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1088 tok = au_to_arg32(2, "operation", ar->ar_arg_cmd);
1096 tok = au_to_arg32(1, "flags", ar->ar_arg_fflags);
1104 tok = au_to_arg32(0, "child PID", ar->ar_arg_pid);
1111 tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
1118 tok = kau_to_socket(&ar->ar_arg_sockinfo);
1123 ar->ar_arg_fd);
1133 tok = au_to_arg32(2, "signal", ar->ar_arg_signum);
1141 tok = au_to_arg32(2, "ops", ar->ar_arg_cmd);
1145 tok = au_to_arg32(3, "trpoints", ar->ar_arg_value);
1173 tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
1183 tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
1187 tok = au_to_arg32(3, "dev", ar->ar_arg_dev);
1201 tok = au_to_arg32(2, "len", ar->ar_arg_len);
1204 if (ar->ar_event == AUE_MMAP)
1206 if (ar->ar_event == AUE_MPROTECT) {
1209 ar->ar_arg_value);
1213 if (ar->ar_event == AUE_MINHERIT) {
1216 ar->ar_arg_value);
1226 tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
1230 tok = au_to_text(ar->ar_arg_text);
1237 tok = au_to_arg32(1, "flags", ar->ar_arg_cmd);
1244 tok = au_to_arg32(2, "flags", ar->ar_arg_value);
1249 tok = au_to_text(ar->ar_arg_text);
1255 ar->ar_event = audit_msgctl_to_event(ar->ar_arg_svipc_cmd);
1260 tok = au_to_arg32(1, "msg ID", ar->ar_arg_svipc_id);
1262 if (ar->ar_errno != EINVAL) {
1263 tok = au_to_ipc(AT_IPC_MSG, ar->ar_arg_svipc_id);
1269 if (ar->ar_errno == 0) {
1272 ar->ar_arg_svipc_id);
1290 tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
1302 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1315 tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
1327 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1336 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
1340 tok = au_to_arg32(2, "signal", ar->ar_arg_signum);
1347 tok = au_to_arg32(0, "child PID", ar->ar_arg_pid);
1351 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1355 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
1361 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
1368 tok = au_to_arg32(1, "idtype", ar->ar_arg_value);
1372 tok = au_to_arg32(2, "com", ar->ar_arg_cmd);
1380 tok = au_to_arg32(1, "request", ar->ar_arg_cmd);
1384 tok = au_to_arg32(4, "data", ar->ar_arg_value);
1392 tok = au_to_arg32(2, "command", ar->ar_arg_cmd);
1396 tok = au_to_arg32(3, "uid", ar->ar_arg_uid);
1400 tok = au_to_arg32(3, "gid", ar->ar_arg_gid);
1408 tok = au_to_arg32(1, "howto", ar->ar_arg_cmd);
1414 ar->ar_event = audit_semctl_to_event(ar->ar_arg_svipc_cmd);
1419 tok = au_to_arg32(1, "sem ID", ar->ar_arg_svipc_id);
1421 if (ar->ar_errno != EINVAL) {
1423 ar->ar_arg_svipc_id);
1430 if (ar->ar_errno == 0) {
1433 ar->ar_arg_svipc_id);
1441 tok = au_to_arg32(1, "egid", ar->ar_arg_egid);
1448 tok = au_to_arg32(1, "euid", ar->ar_arg_euid);
1455 tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
1459 tok = au_to_arg32(2, "egid", ar->ar_arg_egid);
1466 tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
1470 tok = au_to_arg32(2, "euid", ar->ar_arg_euid);
1477 tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
1481 tok = au_to_arg32(2, "egid", ar->ar_arg_egid);
1485 tok = au_to_arg32(3, "sgid", ar->ar_arg_sgid);
1492 tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
1496 tok = au_to_arg32(2, "euid", ar->ar_arg_euid);
1500 tok = au_to_arg32(3, "suid", ar->ar_arg_suid);
1507 tok = au_to_arg32(1, "gid", ar->ar_arg_gid);
1514 tok = au_to_arg32(1, "uid", ar->ar_arg_uid);
1521 for(ctr = 0; ctr < ar->ar_arg_groups.gidset_size; ctr++)
1524 ar->ar_arg_groups.gidset[ctr]);
1532 tok = au_to_text(ar->ar_arg_login);
1542 tok = au_to_arg32(1, "which", ar->ar_arg_cmd);
1546 tok = au_to_arg32(2, "who", ar->ar_arg_uid);
1551 tok = au_to_arg32(3, "priority", ar->ar_arg_value);
1558 tok = au_to_arg32(1, "flag", ar->ar_arg_value);
1566 tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id);
1569 tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
1574 (int)(uintptr_t)ar->ar_arg_svipc_addr);
1578 tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
1585 tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id);
1588 tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
1591 switch (ar->ar_arg_svipc_cmd) {
1593 ar->ar_event = AUE_SHMCTL_STAT;
1596 ar->ar_event = AUE_SHMCTL_RMID;
1599 ar->ar_event = AUE_SHMCTL_SET;
1601 tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
1613 (int)(uintptr_t)ar->ar_arg_svipc_addr);
1621 tok = au_to_arg32(0, "shmid", ar->ar_arg_svipc_id);
1623 tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
1627 tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
1637 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1646 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1650 tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
1660 perm.uid = ar->ar_arg_pipc_perm.pipc_uid;
1661 perm.gid = ar->ar_arg_pipc_perm.pipc_gid;
1662 perm.cuid = ar->ar_arg_pipc_perm.pipc_uid;
1663 perm.cgid = ar->ar_arg_pipc_perm.pipc_gid;
1664 perm.mode = ar->ar_arg_pipc_perm.pipc_mode;
1674 tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
1678 tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
1682 tok = au_to_arg32(4, "value", ar->ar_arg_value);
1689 tok = au_to_text(ar->ar_arg_text);
1695 perm.uid = ar->ar_arg_pipc_perm.pipc_uid;
1696 perm.gid = ar->ar_arg_pipc_perm.pipc_gid;
1697 perm.cuid = ar->ar_arg_pipc_perm.pipc_uid;
1698 perm.cgid = ar->ar_arg_pipc_perm.pipc_gid;
1699 perm.mode = ar->ar_arg_pipc_perm.pipc_mode;
1709 tok = au_to_arg32(1, "sem", ar->ar_arg_fd);
1717 tok = au_to_text(ar->ar_arg_text);
1727 for (ctr = 0; ctr < ar->ar_arg_len; ctr++) {
1729 ar->ar_arg_ctlname[ctr]);
1734 tok = au_to_arg32(5, "newval", ar->ar_arg_value);
1738 tok = au_to_text(ar->ar_arg_text);
1745 tok = au_to_arg32(1, "new mask", ar->ar_arg_mask);
1748 tok = au_to_arg32(0, "prev mask", ar->ar_retval);
1756 tok = au_to_arg32(3, "options", ar->ar_arg_value);
1767 tok = au_to_rights(&ar->ar_arg_rights);
1777 tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
1786 ar->ar_arg_fcntl_rights);
1803 ar->ar_event);
1818 tok = au_to_return32(au_errno_to_bsm(ar->ar_errno), ar->ar_retval);
1821 kau_close(rec, &ar->ar_endtime, ar->ar_event);