aboutsummaryrefslogtreecommitdiff
path: root/sys/bsm
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2009-04-19 15:18:16 +0000
committerRobert Watson <rwatson@FreeBSD.org>2009-04-19 15:18:16 +0000
commita751bb747008d2d65523ad2bb7693437b6a3d185 (patch)
tree22c3585be4b5eb8d78c909ee75f55b83ae7950f9 /sys/bsm
parent694dcf49ac5cf33f6cbf6e1a4687a1eb9a2dc0ce (diff)
downloadsrc-a751bb747008d2d65523ad2bb7693437b6a3d185.tar.gz
src-a751bb747008d2d65523ad2bb7693437b6a3d185.zip
Vendor import of OpenBSM 1.1, which incorporates the following changesvendor/openbsm/1.1
since the last imported OpenBSM release: OpenBSM 1.1 - Change auditon(2) parameters and data structures to be 32/64-bit architecture independent. Add more information to man page about auditon(2) parameters. - Add wrapper functions for auditon(2) to use legacy commands when the new commands are not supported. - Add default for 'expire-after' in audit_control to expire trail files when the audit directory is more than 10 megabytes ('10M'). - Interface to convert between local and BSM fcntl(2) command values has been added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with definitions of constants in audit_fcntl.h. - A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens generated by audit_submit(3) were improperly encoded has been fixed. - Fix example in audit_submit(3) man page. Also, make it clear that we want the audit ID as the argument. - A new audit event class 'aa', for post-login authentication and authorization events, has been added. Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.
Notes
Notes: svn path=/vendor/openbsm/dist/; revision=191271 svn path=/vendor/openbsm/1.1/; revision=191272; tag=vendor/openbsm/1.1
Diffstat (limited to 'sys/bsm')
-rw-r--r--sys/bsm/Makefile.am3
-rw-r--r--sys/bsm/Makefile.in25
-rw-r--r--sys/bsm/audit.h64
-rw-r--r--sys/bsm/audit_domain.h4
-rw-r--r--sys/bsm/audit_fcntl.h140
-rw-r--r--sys/bsm/audit_kevents.h14
-rw-r--r--sys/bsm/audit_record.h6
7 files changed, 210 insertions, 46 deletions
diff --git a/sys/bsm/Makefile.am b/sys/bsm/Makefile.am
index 12ad8e93ddca..3857e6627427 100644
--- a/sys/bsm/Makefile.am
+++ b/sys/bsm/Makefile.am
@@ -1,5 +1,5 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#3 $
+# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#4 $
#
@@ -10,6 +10,7 @@ openbsm_HEADERS = \
audit.h \
audit_domain.h \
audit_errno.h \
+ audit_fcntl.h \
audit_internal.h \
audit_kevents.h \
audit_record.h \
diff --git a/sys/bsm/Makefile.in b/sys/bsm/Makefile.in
index 0b602df029bd..d78ddf0bc5b0 100644
--- a/sys/bsm/Makefile.in
+++ b/sys/bsm/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -15,7 +15,7 @@
@SET_MAKE@
#
-# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#5 $
+# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#7 $
#
VPATH = @srcdir@
@@ -49,7 +49,7 @@ CONFIG_CLEAN_FILES =
SOURCES =
DIST_SOURCES =
am__openbsm_HEADERS_DIST = audit.h audit_domain.h audit_errno.h \
- audit_internal.h audit_kevents.h audit_record.h \
+ audit_fcntl.h audit_internal.h audit_kevents.h audit_record.h \
audit_socket_type.h
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
@@ -82,6 +82,7 @@ CXXFLAGS = @CXXFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
ECHO = @ECHO@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
@@ -106,6 +107,7 @@ MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MIG = @MIG@
MKDIR_P = @MKDIR_P@
+NMEDIT = @NMEDIT@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
@@ -169,6 +171,7 @@ sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
@USE_NATIVE_INCLUDES_FALSE@openbsmdir = $(includedir)/bsm
@@ -176,6 +179,7 @@ top_srcdir = @top_srcdir@
@USE_NATIVE_INCLUDES_FALSE@ audit.h \
@USE_NATIVE_INCLUDES_FALSE@ audit_domain.h \
@USE_NATIVE_INCLUDES_FALSE@ audit_errno.h \
+@USE_NATIVE_INCLUDES_FALSE@ audit_fcntl.h \
@USE_NATIVE_INCLUDES_FALSE@ audit_internal.h \
@USE_NATIVE_INCLUDES_FALSE@ audit_kevents.h \
@USE_NATIVE_INCLUDES_FALSE@ audit_record.h \
@@ -242,8 +246,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) ' { files[$$0] = 1; } \
- END { for (i in files) print i; }'`; \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
@@ -255,8 +259,8 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) ' { files[$$0] = 1; } \
- END { for (i in files) print i; }'`; \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
@@ -266,13 +270,12 @@ ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
- here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) ' { files[$$0] = 1; } \
- END { for (i in files) print i; }'`; \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$tags $$unique
diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h
index b39de0a6a6d4..2a1abe853b2d 100644
--- a/sys/bsm/audit.h
+++ b/sys/bsm/audit.h
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2005 Apple Inc.
+ * Copyright (c) 2005-2009 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -26,20 +26,14 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#5 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 $
*/
-#ifndef _BSM_AUDIT_H
+#ifndef _BSM_AUDIT_H
#define _BSM_AUDIT_H
-#ifdef __APPLE__
-/* Temporary until rdar://problem/6133383 is resolved. */
-#include <sys/types.h>
#include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/cdefs.h>
-#include <sys/queue.h>
-#endif /* __APPLE__ */
+#include <sys/types.h>
#define AUDIT_RECORD_MAGIC 0x828a0f1b
#define MAX_AUDIT_RECORDS 20
@@ -100,20 +94,20 @@
/*
* auditon(2) commands.
*/
-#define A_GETPOLICY 2
-#define A_SETPOLICY 3
+#define A_OLDGETPOLICY 2
+#define A_OLDSETPOLICY 3
#define A_GETKMASK 4
#define A_SETKMASK 5
-#define A_GETQCTRL 6
-#define A_SETQCTRL 7
+#define A_OLDGETQCTRL 6
+#define A_OLDSETQCTRL 7
#define A_GETCWD 8
#define A_GETCAR 9
#define A_GETSTAT 12
#define A_SETSTAT 13
#define A_SETUMASK 14
#define A_SETSMASK 15
-#define A_GETCOND 20
-#define A_SETCOND 21
+#define A_OLDGETCOND 20
+#define A_OLDSETCOND 21
#define A_GETCLASS 22
#define A_SETCLASS 23
#define A_GETPINFO 24
@@ -125,6 +119,12 @@
#define A_SETKAUDIT 30
#define A_SENDTRIGGER 31
#define A_GETSINFO_ADDR 32
+#define A_GETPOLICY 33
+#define A_SETPOLICY 34
+#define A_GETQCTRL 35
+#define A_SETQCTRL 36
+#define A_GETCOND 37
+#define A_SETCOND 38
/*
* Audit policy controls.
@@ -215,7 +215,6 @@ struct auditpinfo {
au_mask_t ap_mask; /* Audit masks. */
au_tid_t ap_termid; /* Terminal ID. */
au_asid_t ap_asid; /* Audit session ID. */
- u_int64_t ap_flags; /* Audit session flags. */
};
typedef struct auditpinfo auditpinfo_t;
@@ -225,15 +224,12 @@ struct auditpinfo_addr {
au_mask_t ap_mask; /* Audit masks. */
au_tid_addr_t ap_termid; /* Terminal ID. */
au_asid_t ap_asid; /* Audit session ID. */
+ u_int64_t ap_flags; /* Audit session flags. */
};
typedef struct auditpinfo_addr auditpinfo_addr_t;
struct au_session {
auditinfo_addr_t *as_aia_p; /* Ptr to full audit info. */
-#define as_asid as_aia_p->ai_asid
-#define as_auid as_aia_p->ai_auid
-#define as_termid as_aia_p->ai_termid
-
au_mask_t as_mask; /* Process Audit Masks. */
};
typedef struct au_session au_session_t;
@@ -244,13 +240,22 @@ typedef struct au_session au_session_t;
typedef struct au_token token_t;
/*
- * Kernel audit queue control parameters.
+ * Kernel audit queue control parameters:
+ * Default: Maximum:
+ * aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000)
+ * aq_lowater: AQ_LOWATER (10) <aq_hiwater
+ * aq_bufsz: AQ_BUFSZ (32767) AQ_MAXBUFSZ (1048576)
+ * aq_delay: 20 20000 (not used)
*/
struct au_qctrl {
- size_t aq_hiwater;
- size_t aq_lowater;
- size_t aq_bufsz;
- clock_t aq_delay;
+ int aq_hiwater; /* Max # of audit recs in queue when */
+ /* threads with new ARs get blocked. */
+
+ int aq_lowater; /* # of audit recs in queue when */
+ /* blocked threads get unblocked. */
+
+ int aq_bufsz; /* Max size of audit record for audit(2). */
+ int aq_delay; /* Queue delay (not used). */
int aq_minfree; /* Minimum filesystem percent free space. */
};
typedef struct au_qctrl au_qctrl_t;
@@ -307,6 +312,13 @@ int getaudit(struct auditinfo *);
int setaudit(const struct auditinfo *);
int getaudit_addr(struct auditinfo_addr *, int);
int setaudit_addr(const struct auditinfo_addr *, int);
+
+#ifdef __APPLE_API_PRIVATE
+#include <mach/port.h>
+mach_port_name_t audit_session_self(void);
+au_asid_t audit_session_join(mach_port_name_t port);
+#endif /* __APPLE_API_PRIVATE */
+
#endif /* defined(_KERNEL) || defined(KERNEL) */
__END_DECLS
diff --git a/sys/bsm/audit_domain.h b/sys/bsm/audit_domain.h
index 9edcb4fbcfe6..3969183292cb 100644
--- a/sys/bsm/audit_domain.h
+++ b/sys/bsm/audit_domain.h
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_domain.h#1 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_domain.h#2 $
*/
#ifndef _BSM_AUDIT_DOMAIN_H_
@@ -87,7 +87,7 @@
#define BSM_PF_SCLUSTER 514 /* FreeBSD-specific. */
#define BSM_PF_ARP 515 /* FreeBSD-specific. */
#define BSM_PF_BLUETOOTH 516 /* FreeBSD-specific. */
-#define BSM_PF_IEEE80211 517 /* FreeBSD-specific. */
+ /* 517: unallocated. */
#define BSM_PF_AX25 518 /* Linux-specific. */
#define BSM_PF_ROSE 519 /* Linux-specific. */
#define BSM_PF_NETBEUI 520 /* Linux-specific. */
diff --git a/sys/bsm/audit_fcntl.h b/sys/bsm/audit_fcntl.h
new file mode 100644
index 000000000000..1398b2f0ddde
--- /dev/null
+++ b/sys/bsm/audit_fcntl.h
@@ -0,0 +1,140 @@
+/*-
+ * Copyright (c) 2009 Apple Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Apple Inc. ("Apple") nor the names of
+ * its contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_fcntl.h#2 $
+ */
+
+#ifndef _BSM_AUDIT_FCNTL_H_
+#define _BSM_AUDIT_FCNTL_H_
+
+/*
+ * Shared and Solaris-specific: (0-99).
+ */
+#define BSM_F_DUPFD 0
+#define BSM_F_GETFD 1
+#define BSM_F_SETFD 2
+#define BSM_F_GETFL 3
+#define BSM_F_SETFL 4
+#define BSM_F_O_GETLK 5 /* Solaris-specific. */
+#define BSM_F_SETLK 6
+#define BSM_F_SETLKW 7
+#define BSM_F_CHKFL 8 /* Solaris-specific. */
+#define BSM_F_DUP2FD 9 /* FreeBSD/Solaris-specific. */
+#define BSM_F_ALLOCSP 10 /* Solaris-specific. */
+#define BSM_F_FREESP 11 /* Solaris-specific. */
+
+#define BSM_F_ISSTREAM 13 /* Solaris-specific. */
+#define BSM_F_GETLK 14
+#define BSM_F_PRIV 15 /* Solaris-specific. */
+#define BSM_F_NPRIV 16 /* Solaris-specific. */
+#define BSM_F_QUOTACTL 17 /* Solaris-specific. */
+#define BSM_F_BLOCKS 18 /* Solaris-specific. */
+#define BSM_F_BLKSIZE 19 /* Solaris-specific. */
+
+#define BSM_F_GETOWN 23
+#define BSM_F_SETOWN 24
+#define BSM_F_REVOKE 25 /* Solaris-specific. */
+#define BSM_F_HASREMOTELOCKS 26 /* Solaris-specific. */
+#define BSM_F_FREESP64 27 /* Solaris-specific. */
+#define BSM_F_ALLOCSP64 28 /* Solaris-specific. */
+
+#define BSM_F_GETLK64 33 /* Solaris-specific. */
+#define BSM_F_SETLK64 34 /* Solaris-specific. */
+#define BSM_F_SETLKW64 35 /* Solaris-specific. */
+
+#define BSM_F_SHARE 40 /* Solaris-specific. */
+#define BSM_F_UNSHARE 41 /* Solaris-specific. */
+#define BSM_F_SETLK_NBMAND 42 /* Solaris-specific. */
+#define BSM_F_SHARE_NBMAND 43 /* Solaris-specific. */
+#define BSM_F_SETLK64_NBMAND 44 /* Solaris-specific. */
+#define BSM_F_GETXFL 45 /* Solaris-specific. */
+#define BSM_F_BADFD 46 /* Solaris-specific. */
+
+/*
+ * FreeBSD-specific (100-199).
+ */
+#define BSM_F_OGETLK 107 /* FreeBSD-specific. */
+#define BSM_F_OSETLK 108 /* FreeBSD-specific. */
+#define BSM_F_OSETLKW 109 /* FreeBSD-specific. */
+
+#define BSM_F_SETLK_REMOTE 114 /* FreeBSD-specific. */
+
+/*
+ * Linux-specific (200-299).
+ */
+#define BSM_F_SETSIG 210 /* Linux-specific. */
+#define BSM_F_GETSIG 211 /* Linux-specific. */
+
+/*
+ * Darwin-specific (300-399).
+ */
+#define BSM_F_CHKCLEAN 341 /* Darwin-specific. */
+#define BSM_F_PREALLOCATE 342 /* Darwin-specific. */
+#define BSM_F_SETSIZE 343 /* Darwin-specific. */
+#define BSM_F_RDADVISE 344 /* Darwin-specific. */
+#define BSM_F_RDAHEAD 345 /* Darwin-specific. */
+#define BSM_F_READBOOTSTRAP 346 /* Darwin-specific. */
+#define BSM_F_WRITEBOOTSTRAP 347 /* Darwin-specific. */
+#define BSM_F_NOCACHE 348 /* Darwin-specific. */
+#define BSM_F_LOG2PHYS 349 /* Darwin-specific. */
+#define BSM_F_GETPATH 350 /* Darwin-specific. */
+#define BSM_F_FULLFSYNC 351 /* Darwin-specific. */
+#define BSM_F_PATHPKG_CHECK 352 /* Darwin-specific. */
+#define BSM_F_FREEZE_FS 353 /* Darwin-specific. */
+#define BSM_F_THAW_FS 354 /* Darwin-specific. */
+#define BSM_F_GLOBAL_NOCACHE 355 /* Darwin-specific. */
+#define BSM_F_OPENFROM 356 /* Darwin-specific. */
+#define BSM_F_UNLINKFROM 357 /* Darwin-specific. */
+#define BSM_F_CHECK_OPENEVT 358 /* Darwin-specific. */
+#define BSM_F_ADDSIGS 359 /* Darwin-specific. */
+#define BSM_F_MARKDEPENDENCY 360 /* Darwin-specific. */
+
+/*
+ * Darwin file system specific (400-499).
+ */
+#define BSM_F_FS_SPECIFIC_0 400 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_1 401 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_2 402 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_3 403 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_4 404 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_5 405 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_6 406 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_7 407 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_8 408 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_9 409 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_10 410 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_11 411 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_12 412 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_13 413 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_14 414 /* Darwin-fs-specific. */
+#define BSM_F_FS_SPECIFIC_15 415 /* Darwin-fs-specific. */
+
+
+#define BSM_F_UNKNOWN 0xFFFF
+
+#endif /* !_BSM_AUDIT_FCNTL_H_ */
diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h
index a86621cdb8ae..268c456c3b05 100644
--- a/sys/bsm/audit_kevents.h
+++ b/sys/bsm/audit_kevents.h
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2005 Apple Inc.
+ * Copyright (c) 2005-2009 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -26,13 +26,19 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#5 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#6 $
*/
#ifndef _BSM_AUDIT_KEVENTS_H_
#define _BSM_AUDIT_KEVENTS_H_
/*
+ * The reserved event numbers for kernel events are 1...2047 and 43001..44900.
+ */
+#define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \
+ ((e) > 43000 && (e) < 45000))
+
+/*
* Values marked as AUE_NULL are not required to be audited as per CAPP.
*
* Some conflicts exist in the assignment of name to event number mappings
@@ -588,6 +594,8 @@
#define AUE_FSGETPATH 43191 /* Darwin. */
#define AUE_PREAD 43192 /* Darwin/FreeBSD. */
#define AUE_PWRITE 43193 /* Darwin/FreeBSD. */
+#define AUE_FSCTL 43194 /* Darwin. */
+#define AUE_FFSCTL 43195 /* Darwin. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -673,12 +681,10 @@
#define AUE_CSOPS AUE_NULL
#define AUE_DUP AUE_NULL
#define AUE_FDATASYNC AUE_NULL
-#define AUE_FFSCTL AUE_NULL
#define AUE_FGETATTRLIST AUE_NULL
#define AUE_FGETXATTR AUE_NULL
#define AUE_FLISTXATTR AUE_NULL
#define AUE_FREMOVEXATTR AUE_NULL
-#define AUE_FSCTL AUE_NULL
#define AUE_FSETATTRLIST AUE_NULL
#define AUE_FSETXATTR AUE_NULL
#define AUE_FSTATFS64 AUE_NULL
diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h
index c8180323d477..f8dced869f4f 100644
--- a/sys/bsm/audit_record.h
+++ b/sys/bsm/audit_record.h
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2005-2008 Apple Inc.
+ * Copyright (c) 2005-2009 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#9 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#10 $
*/
#ifndef _BSM_AUDIT_RECORD_H_
@@ -285,10 +285,12 @@ token_t *au_to_zonename(const char *zonename);
*/
int au_bsm_to_domain(u_short bsm_domain, int *local_domainp);
int au_bsm_to_errno(u_char bsm_error, int *errorp);
+int au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp);
int au_bsm_to_socket_type(u_short bsm_socket_type,
int *local_socket_typep);
u_short au_domain_to_bsm(int local_domain);
u_char au_errno_to_bsm(int local_errno);
+u_short au_fcntl_cmd_to_bsm(int local_fcntl_command);
u_short au_socket_type_to_bsm(int local_socket_type);
__END_DECLS