Home | History | Annotate | Download | only in libbsm
      1 <?xml version="1.0" encoding="UTF-8" ?>
      2 
      3 <!--
      4  Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
      5  Use is subject to license terms.
      6 
      7  CDDL HEADER START
      8 
      9  The contents of this file are subject to the terms of the
     10  Common Development and Distribution License (the "License").
     11  You may not use this file except in compliance with the License.
     12 
     13  You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     14  or http://www.opensolaris.org/os/licensing.
     15  See the License for the specific language governing permissions
     16  and limitations under the License.
     17 
     18  When distributing Covered Code, include this CDDL HEADER in each
     19  file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     20  If applicable, add the following below this CDDL HEADER, with the
     21  fields enclosed by brackets "[]" replaced with your own identifying
     22  information: Portions Copyright [yyyy] [name of copyright owner]
     23 
     24  CDDL HEADER END
     25 
     26     ident	"%Z%%M%	%I%	%E% SMI"
     27 -->
     28 
     29 
     30 <!--Entity Definitions-->
     31 
     32 <!-- timeattr or iso8601
     33 
     34 timeattr:
     35 	the time/date to the second in strftime(3C) default format,
     36 	followed by milliseconds offset.
     37 
     38 	Example:	time="Mon May 06 12:10:18 2002" msec="750"
     39 
     40 iso8601:
     41 	ISO 8601 standard format date time and timezone;
     42 	YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with
     43 	milliseconds + or - offset from Universal Time (UTC, aka GMT)
     44 	
     45 	Example:        iso8601="2003-09-17 16:47:41.831 -07:00"
     46 
     47 -->
     48 <!ENTITY % timeattr	"time		CDATA #IMPLIED
     49 			msec		CDATA #IMPLIED">
     50 
     51 <!ENTITY % iso8601	"iso8601	CDATA #IMPLIED">
     52 
     53 <!-- xinfo	Generic info for X related tokens.  -->
     54 <!ENTITY % xinfo	"xid		CDATA #REQUIRED
     55 			xcreator-uid	CDATA #REQUIRED">
     56 
     57 <!-- reserved_toks 
     58 
     59 This represents the set of "reserved" tokens whose placement is
     60 fixed.
     61 
     62 -->
     63 <!ENTITY % reserved_toks	"(
     64 			file			|
     65 			record			|
     66 			host			|
     67 			sequence
     68 			)
     69 ">
     70 
     71 <!-- normaltoks 
     72 
     73 This represents the set of all tokens other than the "reserved"
     74 tokens.
     75 
     76 -->
     77 <!ENTITY % normaltoks	"(
     78 			acl			|
     79 			arbitrary		|
     80 			argument		|
     81 			attribute		|
     82 			cmd			|
     83 			exit			|
     84 			exec_args		|
     85 			exec_env		|
     86 			fmri			|
     87 			group			|
     88 			ip			|
     89 			ip_address		|
     90 			IPC			|
     91 			IPC_perm		|
     92 			ip_port			|
     93 			liaison			|
     94 			opaque			|
     95 			path			|
     96 			path_attr		|
     97 			privilege		|
     98 			process			|
     99 			return			|
    100 			sensitivity_label	|
    101 			old_socket		|
    102 			socket			|
    103 			subject			|
    104 			text			|
    105 			use_of_authorization	|
    106 			use_of_privilege	|
    107 			X_atom			|
    108 			X_client		|
    109 			X_color_map		|
    110 			X_cursor		|
    111 			X_font			|
    112 			X_graphic_context	|
    113 			X_pixmap		|
    114 			X_property		|
    115 			X_selection		|
    116 			X_window		|
    117 			zone
    118 			)
    119 ">
    120 
    121 <!--Element Definitions-->
    122 
    123 <!--
    124 
    125 The main element, "audit", consists of a sequence of file & record tokens.
    126 
    127 -->
    128 <!ELEMENT audit (file | record)*>
    129 
    130 <!-- file token -->
    131 <!ELEMENT file		(#PCDATA)>
    132 <!ATTLIST file		%iso8601;>
    133 
    134 
    135 <!-- record token
    136 
    137 Audit records will have this general layout of tokens after the
    138 first token (which is the record token):
    139 	(tokens),subject,group,(tokens),return,sequence,host
    140 
    141 (all tokens after the record token are optional; the host token is unused.)
    142 
    143 -->
    144 <!ELEMENT record (
    145 		(%normaltoks;)*,
    146 		sequence?,
    147 		host?
    148 	)
    149 >
    150 <!ATTLIST record
    151 		version		CDATA #REQUIRED
    152 		event		CDATA #REQUIRED
    153 		modifier	CDATA #IMPLIED
    154 		host		CDATA #IMPLIED
    155 		%iso8601;
    156 >
    157 
    158 <!-- text token -->
    159 <!ELEMENT text		(#PCDATA)>
    160 
    161 <!-- path token -->
    162 <!ELEMENT path		(#PCDATA)>
    163 
    164 <!-- path_attr token -->
    165 <!ELEMENT path_attr		(xattr*)>
    166 <!ELEMENT xattr			(#PCDATA)>
    167 
    168 <!-- host token -->
    169 <!ELEMENT host		(#PCDATA)>
    170 
    171 <!-- subject token -->
    172 <!ELEMENT subject	EMPTY>
    173 <!ATTLIST subject
    174 		audit-uid	CDATA #REQUIRED
    175 		uid		CDATA #REQUIRED
    176 		gid		CDATA #REQUIRED
    177 		ruid		CDATA #REQUIRED
    178 		rgid		CDATA #REQUIRED
    179 		pid		CDATA #REQUIRED
    180 		sid		CDATA #REQUIRED
    181 		tid		CDATA #REQUIRED
    182 >
    183 
    184 <!-- process token -->
    185 <!ELEMENT process	EMPTY>
    186 <!ATTLIST process
    187 		audit-uid	CDATA #REQUIRED
    188 		uid		CDATA #REQUIRED
    189 		gid		CDATA #REQUIRED
    190 		ruid		CDATA #REQUIRED
    191 		rgid		CDATA #REQUIRED
    192 		pid		CDATA #REQUIRED
    193 		sid		CDATA #REQUIRED
    194 		tid		CDATA #REQUIRED
    195 >
    196 
    197 <!-- return token -->
    198 <!ELEMENT return		EMPTY>
    199 <!ATTLIST return
    200 		errval		CDATA #REQUIRED
    201 		retval		CDATA #REQUIRED
    202 >
    203 
    204 <!-- exit token -->
    205 <!ELEMENT exit			EMPTY>
    206 <!ATTLIST exit
    207 		errval		CDATA #REQUIRED
    208 		retval		CDATA #REQUIRED
    209 >
    210 
    211 <!-- sequence token -->
    212 <!ELEMENT sequence		EMPTY>
    213 <!ATTLIST sequence
    214 		seq-num		CDATA #REQUIRED
    215 >
    216 
    217 <!-- fmri token -->
    218 <!ELEMENT fmri			(#PCDATA)>
    219 
    220 <!-- group token -->
    221 <!ELEMENT group			(gid)*>
    222 <!ELEMENT gid			(#PCDATA)>
    223 
    224 <!-- opaque token -->
    225 <!ELEMENT opaque		(#PCDATA)>
    226 
    227 <!-- liaison token -->
    228 <!-- (NOTE: liaison is obsolete and is no longer generated -->
    229 <!ELEMENT liaison		(#PCDATA)>
    230 
    231 <!-- argument token -->
    232 <!ELEMENT argument		EMPTY>
    233 <!ATTLIST argument
    234 		arg-num		CDATA #REQUIRED
    235 		value		CDATA #REQUIRED
    236 		desc		CDATA #REQUIRED
    237 >
    238 
    239 <!-- attribute token -->
    240 <!ELEMENT attribute		EMPTY>
    241 <!ATTLIST attribute
    242 		mode		CDATA #REQUIRED
    243 		uid		CDATA #REQUIRED
    244 		gid		CDATA #REQUIRED
    245 		fsid		CDATA #REQUIRED
    246 		nodeid		CDATA #REQUIRED
    247 		device		CDATA #REQUIRED
    248 >
    249 
    250 <!-- cmd token -->
    251 <!ELEMENT cmd			(argv*, arge*)>
    252 <!ELEMENT argv			(#PCDATA)>
    253 <!ELEMENT arge			(#PCDATA)>
    254 
    255 <!-- exec_args token -->
    256 <!ELEMENT exec_args		(arg*)>
    257 <!ELEMENT arg			(#PCDATA)>
    258 
    259 <!-- exec_env token -->
    260 <!ELEMENT exec_env		(env*)>
    261 <!ELEMENT env			(#PCDATA)>
    262 
    263 <!-- arbitrary token -->
    264 <!ELEMENT arbitrary		(#PCDATA)>
    265 <!ATTLIST arbitrary
    266 		print		CDATA #REQUIRED
    267 		type		CDATA #REQUIRED
    268 		count		CDATA #REQUIRED
    269 >
    270 
    271 <!-- privilege token -->
    272 <!ELEMENT privilege		(#PCDATA)>
    273 <!ATTLIST privilege
    274 		set-type	CDATA #REQUIRED
    275 >
    276 
    277 <!-- use_of_privilege token -->
    278 <!ELEMENT use_of_privilege	(#PCDATA)>
    279 <!ATTLIST use_of_privilege
    280 		result		CDATA #REQUIRED
    281 >
    282 
    283 <!-- sensitivity_label token -->
    284 <!ELEMENT sensitivity_label	(#PCDATA)>
    285 
    286 <!-- use_of_authorization token -->
    287 <!ELEMENT use_of_authorization	(#PCDATA)>
    288 
    289 <!-- IPC token -->
    290 <!ELEMENT IPC			EMPTY>
    291 <!ATTLIST IPC
    292 		ipc-type	CDATA #REQUIRED
    293 		ipc-id		CDATA #REQUIRED
    294 >
    295 
    296 <!-- IPC_perm token -->
    297 <!ELEMENT IPC_perm		EMPTY>
    298 <!ATTLIST IPC_perm
    299 		uid		CDATA #REQUIRED
    300 		gid		CDATA #REQUIRED
    301 		creator-uid	CDATA #REQUIRED
    302 		creator-gid	CDATA #REQUIRED
    303 		mode		CDATA #REQUIRED
    304 		seq		CDATA #REQUIRED
    305 		key		CDATA #REQUIRED
    306 >
    307 
    308 <!-- ip_address token -->
    309 <!ELEMENT ip_address		(#PCDATA)>
    310 
    311 <!-- ip_port token -->
    312 <!-- (NOTE: ip_port is obsolete and is no longer generated -->
    313 <!ELEMENT ip_port		(#PCDATA)>
    314 
    315 <!-- ip token -->
    316 <!-- (NOTE: ip is obsolete and is no longer generated -->
    317 <!ELEMENT ip			EMPTY>
    318 <!ATTLIST ip
    319 		version		CDATA #REQUIRED
    320 		service_type	CDATA #REQUIRED
    321 		len		CDATA #REQUIRED
    322 		id		CDATA #REQUIRED
    323 		offset		CDATA #REQUIRED
    324 		time_to_live	CDATA #REQUIRED
    325 		protocol	CDATA #REQUIRED
    326 		cksum		CDATA #REQUIRED
    327 		src_addr	CDATA #REQUIRED
    328 		dest_addr	CDATA #REQUIRED
    329 >
    330 
    331 <!-- old_socket token -->
    332 <!ELEMENT old_socket		EMPTY>
    333 <!ATTLIST old_socket
    334 		type		CDATA #REQUIRED
    335 		port		CDATA #REQUIRED
    336 		addr		CDATA #REQUIRED
    337 >
    338 
    339 <!-- socket token -->
    340 <!ELEMENT socket		EMPTY>
    341 <!ATTLIST socket
    342 		sock_domain	CDATA #REQUIRED
    343 		sock_type	CDATA #REQUIRED
    344 		lport		CDATA #REQUIRED
    345 		laddr		CDATA #REQUIRED
    346 		fport		CDATA #REQUIRED
    347 		faddr		CDATA #REQUIRED
    348 >
    349 
    350 <!-- acl token -->
    351 <!ELEMENT acl			EMPTY>
    352 <!ATTLIST acl
    353 		type		CDATA #IMPLIED
    354 		value		CDATA #IMPLIED
    355 		mode		CDATA #IMPLIED
    356 		flags		CDATA #IMPLIED
    357 		id		CDATA #IMPLIED
    358 		access_mask	CDATA #IMPLIED
    359 >
    360 
    361 <!-- tid token -->
    362 <!-- future intent: contain one of ipadr | MTUadr | device -->
    363 <!ELEMENT tid			(ipadr*)>
    364 <!ATTLIST tid
    365 		type		CDATA #REQUIRED
    366 >
    367 
    368 <!-- ipadr content of tid token -->
    369 <!ELEMENT ipadr			EMPTY>
    370 <!ATTLIST ipadr
    371 		local-port	CDATA #REQUIRED
    372 		remote-port	CDATA #REQUIRED
    373 		host		CDATA #REQUIRED
    374 >
    375 
    376 <!-- X_atom token -->
    377 <!ELEMENT X_atom		(#PCDATA)>
    378 
    379 <!-- X_color_map token -->
    380 <!ELEMENT X_color_map		EMPTY>
    381 <!ATTLIST X_color_map		%xinfo;>
    382 
    383 <!-- X_cursor token -->
    384 <!ELEMENT X_cursor		EMPTY>
    385 <!ATTLIST X_cursor		%xinfo;>
    386 
    387 <!-- X_font token -->
    388 <!ELEMENT X_font		EMPTY>
    389 <!ATTLIST X_font		%xinfo;>
    390 
    391 <!-- X_graphic_context token -->
    392 <!ELEMENT X_graphic_context	EMPTY>
    393 <!ATTLIST X_graphic_context	%xinfo;>
    394 
    395 <!-- X_pixmap token -->
    396 <!ELEMENT X_pixmap		EMPTY>
    397 <!ATTLIST X_pixmap		%xinfo;>
    398 
    399 <!-- X_window token -->
    400 <!ELEMENT X_window		EMPTY>
    401 <!ATTLIST X_window		%xinfo;>
    402 
    403 <!-- X_property token -->
    404 <!ELEMENT X_property		(#PCDATA)>
    405 <!ATTLIST X_property		%xinfo;>
    406 
    407 <!-- X_client token -->
    408 <!ELEMENT X_client		(#PCDATA)>
    409 
    410 <!-- X_selection token -->
    411 <!ELEMENT X_selection		(xsel_text, xsel_type, xsel_data)>
    412 <!ELEMENT x_sel_text		(#PCDATA)>
    413 <!ELEMENT x_sel_type		(#PCDATA)>
    414 <!ELEMENT x_sel_data		(#PCDATA)>
    415 
    416 <!-- zonename token -->
    417 <!ELEMENT zone			EMPTY>
    418 <!ATTLIST zone
    419 		name		CDATA #REQUIRED
    420 >
    421