1 0 stevel /* 2 0 stevel * CDDL HEADER START 3 0 stevel * 4 0 stevel * The contents of this file are subject to the terms of the 5 1676 jpk * Common Development and Distribution License (the "License"). 6 1676 jpk * You may not use this file except in compliance with the License. 7 0 stevel * 8 0 stevel * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 0 stevel * or http://www.opensolaris.org/os/licensing. 10 0 stevel * See the License for the specific language governing permissions 11 0 stevel * and limitations under the License. 12 0 stevel * 13 0 stevel * When distributing Covered Code, include this CDDL HEADER in each 14 0 stevel * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 0 stevel * If applicable, add the following below this CDDL HEADER, with the 16 0 stevel * fields enclosed by brackets "[]" replaced with your own identifying 17 0 stevel * information: Portions Copyright [yyyy] [name of copyright owner] 18 0 stevel * 19 0 stevel * CDDL HEADER END 20 0 stevel */ 21 0 stevel /* 22 9083 Jan * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 0 stevel * Use is subject to license terms. 24 0 stevel */ 25 0 stevel 26 0 stevel /* 27 0 stevel * This file contains the declarations of the various data structures 28 0 stevel * used by the auditing module(s). 29 0 stevel */ 30 0 stevel 31 0 stevel #ifndef _BSM_AUDIT_H 32 0 stevel #define _BSM_AUDIT_H 33 0 stevel 34 0 stevel #ifdef __cplusplus 35 0 stevel extern "C" { 36 0 stevel #endif 37 0 stevel 38 0 stevel 39 0 stevel #include <sys/shm.h> /* for shmid_ds structure */ 40 0 stevel #include <sys/sem.h> /* for semid_ds structure */ 41 0 stevel #include <sys/msg.h> /* for msqid_ds structure */ 42 0 stevel #include <sys/atomic.h> /* using atomics */ 43 0 stevel 44 0 stevel /* 45 0 stevel * Audit conditions, statements reguarding what's to be done with 46 0 stevel * audit records. Neither AUC_ENABLED, AUC_DISABLED, nor AUC_UNSET 47 0 stevel * are returned on an auditconfig -getcond call. 48 0 stevel */ 49 0 stevel /* global state */ 50 0 stevel #define AUC_DISABLED -1 /* audit module loaded but not enabled */ 51 0 stevel #define AUC_UNSET 0 /* on/off hasn't been decided */ 52 0 stevel #define AUC_ENABLED 1 /* loaded and enabled */ 53 0 stevel /* local zone state */ 54 0 stevel #define AUC_INIT_AUDIT 4 /* c2audit is ready but auditd has not run */ 55 0 stevel #define AUC_AUDITING 1 /* auditing is being done */ 56 0 stevel #define AUC_NOAUDIT 2 /* auditing is not being done */ 57 0 stevel #define AUC_NOSPACE 3 /* audit enabled, no space for audit records */ 58 0 stevel 59 0 stevel /* 60 0 stevel * The user id -2 is never audited - in fact, a setauid(AU_NOAUDITID) 61 0 stevel * will turn off auditing. 62 0 stevel */ 63 4321 casper #define AU_NOAUDITID ((au_id_t)-2) 64 0 stevel 65 0 stevel /* 66 0 stevel * success/failure bits for asynchronous events 67 0 stevel */ 68 0 stevel 69 0 stevel #define AUM_SUCC 1 /* use the system success preselection mask */ 70 0 stevel #define AUM_FAIL 2 /* use the system failure preselection mask */ 71 0 stevel 72 0 stevel 73 0 stevel /* 74 0 stevel * Defines for event modifier field 75 0 stevel */ 76 0 stevel #define PAD_READ 0x0001 /* object read */ 77 0 stevel #define PAD_WRITE 0x0002 /* object write */ 78 0 stevel #define PAD_NONATTR 0x4000 /* non-attributable event */ 79 0 stevel #define PAD_FAILURE 0x8000 /* fail audit event */ 80 0 stevel #define PAD_SPRIVUSE 0x0080 /* successfully used privileged */ 81 0 stevel #define PAD_FPRIVUSE 0x0100 /* failed use of privileged */ 82 0 stevel 83 0 stevel /* 84 0 stevel * Some typedefs for the fundamentals 85 0 stevel */ 86 7753 Ton typedef uint_t au_asid_t; 87 0 stevel typedef uint_t au_class_t; 88 7753 Ton typedef ushort_t au_event_t; 89 7753 Ton typedef ushort_t au_emod_t; 90 0 stevel typedef uid_t au_id_t; 91 0 stevel 92 0 stevel /* 93 0 stevel * An audit event mask. 94 0 stevel */ 95 0 stevel #define AU_MASK_ALL 0xFFFFFFFF /* all bits on for unsigned int */ 96 0 stevel #define AU_MASK_NONE 0x0 /* all bits off = no:invalid class */ 97 0 stevel 98 0 stevel struct au_mask { 99 0 stevel unsigned int am_success; /* success bits */ 100 0 stevel unsigned int am_failure; /* failure bits */ 101 0 stevel }; 102 0 stevel typedef struct au_mask au_mask_t; 103 0 stevel #define as_success am_success 104 0 stevel #define as_failure am_failure 105 0 stevel 106 0 stevel /* 107 0 stevel * The structure of the terminal ID (ipv4) 108 0 stevel */ 109 0 stevel struct au_tid { 110 0 stevel dev_t port; 111 0 stevel uint_t machine; 112 0 stevel }; 113 0 stevel 114 0 stevel #if defined(_SYSCALL32) 115 0 stevel struct au_tid32 { 116 0 stevel uint_t port; 117 0 stevel uint_t machine; 118 0 stevel }; 119 0 stevel 120 0 stevel typedef struct au_tid32 au_tid32_t; 121 0 stevel #endif 122 0 stevel 123 0 stevel typedef struct au_tid au_tid_t; 124 0 stevel 125 0 stevel /* 126 0 stevel * The structure of the terminal ID (ipv6) 127 0 stevel */ 128 0 stevel struct au_tid_addr { 129 0 stevel dev_t at_port; 130 0 stevel uint_t at_type; 131 0 stevel uint_t at_addr[4]; 132 0 stevel }; 133 0 stevel 134 0 stevel struct au_port_s { 135 0 stevel uint32_t at_major; /* major # */ 136 0 stevel uint32_t at_minor; /* minor # */ 137 0 stevel }; 138 0 stevel typedef struct au_port_s au_port_t; 139 0 stevel 140 0 stevel struct au_tid_addr64 { 141 0 stevel au_port_t at_port; 142 0 stevel uint_t at_type; 143 0 stevel uint_t at_addr[4]; 144 0 stevel }; 145 0 stevel typedef struct au_tid_addr64 au_tid64_addr_t; 146 0 stevel 147 0 stevel #if defined(_SYSCALL32) 148 0 stevel struct au_tid_addr32 { 149 0 stevel uint_t at_port; 150 0 stevel uint_t at_type; 151 0 stevel uint_t at_addr[4]; 152 0 stevel }; 153 0 stevel 154 0 stevel typedef struct au_tid_addr32 au_tid32_addr_t; 155 0 stevel #endif 156 0 stevel 157 0 stevel typedef struct au_tid_addr au_tid_addr_t; 158 0 stevel 159 0 stevel struct au_ip { 160 0 stevel uint16_t at_r_port; /* remote port */ 161 0 stevel uint16_t at_l_port; /* local port */ 162 0 stevel uint32_t at_type; /* AU_IPv4,... */ 163 0 stevel uint32_t at_addr[4]; /* remote IP */ 164 0 stevel }; 165 0 stevel typedef struct au_ip au_ip_t; 166 0 stevel 167 0 stevel /* 168 0 stevel * Generic network address structure 169 0 stevel */ 170 0 stevel struct au_generic_tid { 171 0 stevel uchar_t gt_type; /* AU_IPADR, AU_DEVICE,... */ 172 0 stevel union { 173 0 stevel au_ip_t at_ip; 174 0 stevel au_port_t at_dev; 175 0 stevel } gt_adr; 176 0 stevel }; 177 0 stevel typedef struct au_generic_tid au_generic_tid_t; 178 0 stevel 179 0 stevel /* 180 0 stevel * au_generic_tid_t gt_type values 181 0 stevel * 0 is reserved for uninitialized data 182 0 stevel */ 183 0 stevel #define AU_IPADR 1 184 0 stevel #define AU_ETHER 2 185 0 stevel #define AU_DEVICE 3 186 0 stevel 187 0 stevel /* 188 0 stevel * at_type values - address length used to identify address type 189 0 stevel */ 190 0 stevel #define AU_IPv4 4 /* ipv4 type IP address */ 191 0 stevel #define AU_IPv6 16 /* ipv6 type IP address */ 192 0 stevel 193 0 stevel /* 194 0 stevel * Compatability with SunOS 4.x BSM module 195 0 stevel * 196 0 stevel * New code should not contain audit_state_t, 197 0 stevel * au_state_t, nor au_termid as these types 198 0 stevel * may go away in future releases. 199 0 stevel * 200 0 stevel * typedef new-5.x-bsm-name old-4.x-bsm-name 201 0 stevel */ 202 0 stevel 203 0 stevel typedef au_class_t au_state_t; 204 0 stevel typedef au_mask_t audit_state_t; 205 0 stevel typedef au_id_t auid_t; 206 0 stevel #define ai_state ai_mask; 207 0 stevel 208 0 stevel /* 209 0 stevel * Opcodes for bsm system calls 210 0 stevel */ 211 0 stevel 212 0 stevel #define BSM_GETAUID 19 213 0 stevel #define BSM_SETAUID 20 214 0 stevel #define BSM_GETAUDIT 21 215 0 stevel #define BSM_SETAUDIT 22 216 9083 Jan /* 23 OBSOLETE */ 217 9083 Jan /* 24 OBSOLETE */ 218 0 stevel #define BSM_AUDIT 25 219 2827 tz204579 /* 26 OBSOLETE */ 220 5992 gww /* 27 EOL announced for Sol 10 */ 221 0 stevel #define BSM_AUDITON 28 222 0 stevel #define BSM_AUDITCTL 29 223 9083 Jan /* 30 OBSOLETE */ 224 9083 Jan /* 31 OBSOLETE */ 225 9083 Jan /* 32 OBSOLETE */ 226 9083 Jan /* 33 OBSOLETE */ 227 9083 Jan /* 34 OBSOLETE */ 228 0 stevel #define BSM_GETAUDIT_ADDR 35 229 0 stevel #define BSM_SETAUDIT_ADDR 36 230 0 stevel #define BSM_AUDITDOOR 37 231 0 stevel 232 0 stevel /* 233 0 stevel * Auditctl(2) commands 234 0 stevel */ 235 0 stevel #define A_GETPOLICY 2 /* get audit policy */ 236 0 stevel #define A_SETPOLICY 3 /* set audit policy */ 237 0 stevel #define A_GETKMASK 4 /* get kernel event preselection mask */ 238 0 stevel #define A_SETKMASK 5 /* set kernel event preselection mask */ 239 0 stevel #define A_GETQCTRL 6 /* get kernel audit queue ctrl parameters */ 240 0 stevel #define A_SETQCTRL 7 /* set kernel audit queue ctrl parameters */ 241 0 stevel #define A_GETCWD 8 /* get process current working directory */ 242 0 stevel #define A_GETCAR 9 /* get process current active root */ 243 0 stevel #define A_GETSTAT 12 /* get audit statistics */ 244 0 stevel #define A_SETSTAT 13 /* (re)set audit statistics */ 245 0 stevel #define A_SETUMASK 14 /* set preselection mask for procs with auid */ 246 0 stevel #define A_SETSMASK 15 /* set preselection mask for procs with asid */ 247 0 stevel #define A_GETCOND 20 /* get audit system on/off condition */ 248 0 stevel #define A_SETCOND 21 /* set audit system on/off condition */ 249 0 stevel #define A_GETCLASS 22 /* get audit event to class mapping */ 250 0 stevel #define A_SETCLASS 23 /* set audit event to class mapping */ 251 0 stevel #define A_GETPINFO 24 /* get audit info for an arbitrary pid */ 252 0 stevel #define A_SETPMASK 25 /* set preselection mask for an given pid */ 253 0 stevel #define A_GETPINFO_ADDR 28 /* get audit info for an arbitrary pid */ 254 0 stevel #define A_GETKAUDIT 29 /* get kernel audit characteristics */ 255 0 stevel #define A_SETKAUDIT 30 /* set kernel audit characteristics */ 256 0 stevel 257 0 stevel /* 258 0 stevel * Audit Policy parameters (32 bits) 259 0 stevel */ 260 0 stevel #define AUDIT_CNT 0x0001 /* do NOT sleep undelivered synch events */ 261 0 stevel #define AUDIT_AHLT 0x0002 /* HALT machine on undelivered async event */ 262 0 stevel #define AUDIT_ARGV 0x0004 /* include argv with execv system call events */ 263 0 stevel #define AUDIT_ARGE 0x0008 /* include arge with execv system call events */ 264 2231 gww #define AUDIT_SEQ 0x0010 /* include sequence attribute */ 265 2231 gww #define AUDIT_WINDATA 0x0020 /* include interwindow moved data */ 266 2827 tz204579 #define AUDIT_GROUP 0x0040 /* include group attribute with each record */ 267 2827 tz204579 #define AUDIT_TRAIL 0x0080 /* include trailer token */ 268 2827 tz204579 #define AUDIT_PATH 0x0100 /* allow multiple paths per event */ 269 2827 tz204579 #define AUDIT_SCNT 0x0200 /* sleep user events but not kernel events */ 270 2827 tz204579 #define AUDIT_PUBLIC 0x0400 /* audit even "public" files */ 271 2827 tz204579 #define AUDIT_ZONENAME 0x0800 /* emit zonename token */ 272 2827 tz204579 #define AUDIT_PERZONE 0x1000 /* auditd and audit queue for each zone */ 273 2827 tz204579 #define AUDIT_WINDATA_DOWN 0x2000 /* include paste downgraded data */ 274 2827 tz204579 #define AUDIT_WINDATA_UP 0x4000 /* include paste upgraded data */ 275 1676 jpk 276 0 stevel /* 277 0 stevel * If AUDIT_GLOBAL changes, corresponding changes are required in 278 0 stevel * audit_syscalls.c's setpolicy(). 279 0 stevel */ 280 0 stevel #define AUDIT_GLOBAL (AUDIT_AHLT | AUDIT_PERZONE) 281 0 stevel #define AUDIT_LOCAL (AUDIT_CNT | AUDIT_ARGV | AUDIT_ARGE |\ 282 2827 tz204579 AUDIT_SEQ | AUDIT_WINDATA |\ 283 2231 gww AUDIT_GROUP | AUDIT_TRAIL | AUDIT_PATH |\ 284 1676 jpk AUDIT_PUBLIC | AUDIT_SCNT | AUDIT_ZONENAME |\ 285 1676 jpk AUDIT_WINDATA_DOWN | AUDIT_WINDATA_UP) 286 0 stevel 287 0 stevel /* 288 0 stevel * Kernel audit queue control parameters 289 0 stevel * 290 0 stevel * audit record recording blocks at hiwater # undelived records 291 0 stevel * audit record recording resumes at lowwater # undelivered audit records 292 0 stevel * bufsz determines how big the data xfers will be to the audit trail 293 0 stevel */ 294 0 stevel struct au_qctrl { 295 0 stevel size_t aq_hiwater; /* kernel audit queue, high water mark */ 296 0 stevel size_t aq_lowater; /* kernel audit queue, low water mark */ 297 0 stevel size_t aq_bufsz; /* kernel audit queue, write size to trail */ 298 0 stevel clock_t aq_delay; /* delay before flushing audit queue */ 299 0 stevel }; 300 0 stevel 301 0 stevel #if defined(_SYSCALL32) 302 0 stevel struct au_qctrl32 { 303 0 stevel size32_t aq_hiwater; 304 0 stevel size32_t aq_lowater; 305 0 stevel size32_t aq_bufsz; 306 0 stevel clock32_t aq_delay; 307 0 stevel }; 308 0 stevel #endif 309 0 stevel 310 0 stevel 311 0 stevel /* 312 0 stevel * default values of hiwater and lowater (note hi > lo) 313 0 stevel */ 314 0 stevel #define AQ_HIWATER 100 315 0 stevel #define AQ_MAXHIGH 100000 316 0 stevel #define AQ_LOWATER 10 317 0 stevel #define AQ_BUFSZ 8192 318 0 stevel #define AQ_MAXBUFSZ 1048576 319 0 stevel #define AQ_DELAY 20 320 0 stevel #define AQ_MAXDELAY 20000 321 0 stevel 322 0 stevel struct auditinfo { 323 0 stevel au_id_t ai_auid; 324 0 stevel au_mask_t ai_mask; 325 0 stevel au_tid_t ai_termid; 326 0 stevel au_asid_t ai_asid; 327 0 stevel }; 328 0 stevel 329 0 stevel #if defined(_SYSCALL32) 330 0 stevel struct auditinfo32 { 331 0 stevel au_id_t ai_auid; 332 0 stevel au_mask_t ai_mask; 333 0 stevel au_tid32_t ai_termid; 334 0 stevel au_asid_t ai_asid; 335 0 stevel }; 336 0 stevel 337 0 stevel typedef struct auditinfo32 auditinfo32_t; 338 0 stevel #endif 339 0 stevel 340 0 stevel typedef struct auditinfo auditinfo_t; 341 0 stevel 342 0 stevel struct auditinfo_addr { 343 0 stevel au_id_t ai_auid; 344 0 stevel au_mask_t ai_mask; 345 0 stevel au_tid_addr_t ai_termid; 346 0 stevel au_asid_t ai_asid; 347 0 stevel }; 348 0 stevel 349 0 stevel struct auditinfo_addr64 { 350 0 stevel au_id_t ai_auid; 351 0 stevel au_mask_t ai_mask; 352 0 stevel au_tid64_addr_t ai_termid; 353 0 stevel au_asid_t ai_asid; 354 0 stevel }; 355 0 stevel typedef struct auditinfo_addr64 auditinfo64_addr_t; 356 0 stevel 357 0 stevel #if defined(_SYSCALL32) 358 0 stevel struct auditinfo_addr32 { 359 0 stevel au_id_t ai_auid; 360 0 stevel au_mask_t ai_mask; 361 0 stevel au_tid32_addr_t ai_termid; 362 0 stevel au_asid_t ai_asid; 363 0 stevel }; 364 0 stevel 365 0 stevel typedef struct auditinfo_addr32 auditinfo32_addr_t; 366 0 stevel #endif 367 0 stevel 368 0 stevel typedef struct auditinfo_addr auditinfo_addr_t; 369 0 stevel 370 0 stevel struct auditpinfo { 371 0 stevel pid_t ap_pid; 372 0 stevel au_id_t ap_auid; 373 0 stevel au_mask_t ap_mask; 374 0 stevel au_tid_t ap_termid; 375 0 stevel au_asid_t ap_asid; 376 0 stevel }; 377 0 stevel 378 0 stevel #if defined(_SYSCALL32) 379 0 stevel struct auditpinfo32 { 380 0 stevel pid_t ap_pid; 381 0 stevel au_id_t ap_auid; 382 0 stevel au_mask_t ap_mask; 383 0 stevel au_tid32_t ap_termid; 384 0 stevel au_asid_t ap_asid; 385 0 stevel }; 386 0 stevel #endif 387 0 stevel 388 0 stevel 389 0 stevel struct auditpinfo_addr { 390 0 stevel pid_t ap_pid; 391 0 stevel au_id_t ap_auid; 392 0 stevel au_mask_t ap_mask; 393 0 stevel au_tid_addr_t ap_termid; 394 0 stevel au_asid_t ap_asid; 395 0 stevel }; 396 0 stevel 397 0 stevel #if defined(_SYSCALL32) 398 0 stevel struct auditpinfo_addr32 { 399 0 stevel pid_t ap_pid; 400 0 stevel au_id_t ap_auid; 401 0 stevel au_mask_t ap_mask; 402 0 stevel au_tid32_addr_t ap_termid; 403 0 stevel au_asid_t ap_asid; 404 0 stevel }; 405 0 stevel #endif 406 0 stevel 407 0 stevel 408 0 stevel struct au_evclass_map { 409 0 stevel au_event_t ec_number; 410 0 stevel au_class_t ec_class; 411 0 stevel }; 412 0 stevel typedef struct au_evclass_map au_evclass_map_t; 413 0 stevel 414 0 stevel /* 415 0 stevel * Audit stat structures (used to be in audit_stat.h 416 0 stevel */ 417 0 stevel 418 0 stevel struct audit_stat { 419 0 stevel unsigned int as_version; /* version of kernel audit code */ 420 0 stevel unsigned int as_numevent; /* number of kernel audit events */ 421 0 stevel uint32_t as_generated; /* # records processed */ 422 0 stevel uint32_t as_nonattrib; /* # non-attributed records produced */ 423 0 stevel uint32_t as_kernel; /* # records produced by kernel */ 424 0 stevel uint32_t as_audit; /* # records processed by audit(2) */ 425 0 stevel uint32_t as_auditctl; /* # records processed by auditctl(2) */ 426 0 stevel uint32_t as_enqueue; /* # records put onto audit queue */ 427 0 stevel uint32_t as_written; /* # records written to audit trail */ 428 0 stevel uint32_t as_wblocked; /* # times write blked on audit queue */ 429 0 stevel uint32_t as_rblocked; /* # times read blked on audit queue */ 430 0 stevel uint32_t as_dropped; /* # of dropped audit records */ 431 0 stevel uint32_t as_totalsize; /* total number bytes of audit data */ 432 0 stevel uint32_t as_memused; /* no longer used */ 433 0 stevel }; 434 0 stevel typedef struct audit_stat au_stat_t; 435 0 stevel 436 4197 paulson /* get kernel audit context dependent on AUDIT_PERZONE policy */ 437 4197 paulson #define GET_KCTX_PZ (audit_policy & AUDIT_PERZONE) ?\ 438 4197 paulson curproc->p_zone->zone_audit_kctxt :\ 439 4197 paulson global_zone->zone_audit_kctxt 440 4197 paulson /* get kernel audit context of global zone */ 441 4197 paulson #define GET_KCTX_GZ global_zone->zone_audit_kctxt 442 4197 paulson /* get kernel audit context of non-global zone */ 443 4197 paulson #define GET_KCTX_NGZ curproc->p_zone->zone_audit_kctxt 444 0 stevel 445 0 stevel #define AS_INC(a, b, c) atomic_add_32(&(c->auk_statistics.a), (b)) 446 0 stevel #define AS_DEC(a, b, c) atomic_add_32(&(c->auk_statistics.a), -(b)) 447 0 stevel 448 0 stevel /* 449 0 stevel * audit token IPC types (shm, sem, msg) [for ipc attribute] 450 0 stevel */ 451 0 stevel 452 0 stevel #define AT_IPC_MSG ((char)1) /* message IPC id */ 453 0 stevel #define AT_IPC_SEM ((char)2) /* semaphore IPC id */ 454 0 stevel #define AT_IPC_SHM ((char)3) /* shared memory IPC id */ 455 0 stevel 456 0 stevel #if defined(_KERNEL) 457 0 stevel 458 0 stevel #ifdef __cplusplus 459 0 stevel } 460 0 stevel #endif 461 0 stevel 462 0 stevel #include <sys/types.h> 463 0 stevel #include <sys/model.h> 464 0 stevel #include <sys/proc.h> 465 0 stevel #include <sys/stream.h> 466 0 stevel #include <sys/stropts.h> 467 0 stevel #include <sys/file.h> 468 0 stevel #include <sys/pathname.h> 469 0 stevel #include <sys/vnode.h> 470 0 stevel #include <sys/systm.h> 471 0 stevel #include <netinet/in.h> 472 0 stevel #include <c2/audit_door_infc.h> 473 0 stevel #include <sys/crypto/ioctladmin.h> 474 4307 pwernau #include <sys/netstack.h> 475 0 stevel 476 0 stevel #ifdef __cplusplus 477 0 stevel extern "C" { 478 0 stevel #endif 479 0 stevel 480 0 stevel struct fcntla; 481 0 stevel struct t_audit_data; 482 0 stevel struct audit_path; 483 0 stevel struct priv_set; 484 0 stevel struct devplcysys; 485 0 stevel 486 0 stevel struct auditcalls { 487 0 stevel long code; 488 0 stevel long a1; 489 0 stevel long a2; 490 0 stevel long a3; 491 0 stevel long a4; 492 0 stevel long a5; 493 0 stevel }; 494 0 stevel 495 0 stevel int audit(caddr_t, int); 496 0 stevel int _audit(caddr_t, int); 497 0 stevel int auditsys(struct auditcalls *, union rval *); /* fake stub */ 498 0 stevel int _auditsys(struct auditcalls *, union rval *); /* real deal */ 499 0 stevel void audit_cryptoadm(int, char *, crypto_mech_name_t *, 500 0 stevel uint_t, uint_t, uint32_t, int); 501 0 stevel void audit_init(void); 502 0 stevel void audit_newproc(struct proc *); 503 0 stevel void audit_pfree(struct proc *); 504 0 stevel void audit_thread_create(kthread_id_t); 505 0 stevel void audit_thread_free(kthread_id_t); 506 0 stevel int audit_savepath(struct pathname *, struct vnode *, int, cred_t *); 507 0 stevel void audit_addcomponent(struct pathname *); 508 0 stevel void audit_anchorpath(struct pathname *, int); 509 0 stevel void audit_symlink(struct pathname *, struct pathname *); 510 0 stevel void audit_symlink_create(struct vnode *, char *, char *, int); 511 0 stevel int file_is_public(struct vattr *); 512 0 stevel void audit_attributes(struct vnode *); 513 0 stevel void audit_falloc(struct file *); 514 0 stevel void audit_unfalloc(struct file *); 515 0 stevel void audit_exit(int, int); 516 0 stevel void audit_core_start(int); 517 0 stevel void audit_core_finish(int); 518 0 stevel void audit_stropen(struct vnode *, dev_t *, int, struct cred *); 519 0 stevel void audit_strclose(struct vnode *, int, struct cred *); 520 0 stevel void audit_strioctl(struct vnode *, int, intptr_t, int, int, struct cred *, 521 0 stevel int *); 522 0 stevel void audit_strgetmsg(struct vnode *, struct strbuf *, struct strbuf *, 523 0 stevel unsigned char *, int *, int); 524 0 stevel void audit_strputmsg(struct vnode *, struct strbuf *, struct strbuf *, 525 0 stevel unsigned char, int, int); 526 0 stevel void audit_closef(struct file *); 527 0 stevel int audit_getf(int); 528 0 stevel void audit_setf(struct file *, int); 529 0 stevel void audit_copen(int, struct file *, struct vnode *); 530 0 stevel void audit_reboot(void); 531 0 stevel void audit_vncreate_start(void); 532 0 stevel void audit_setfsat_path(int argnum); 533 0 stevel void audit_vncreate_finish(struct vnode *, int); 534 0 stevel void audit_exec(const char *, const char *, ssize_t, ssize_t); 535 0 stevel void audit_enterprom(int); 536 0 stevel void audit_exitprom(int); 537 0 stevel void audit_chdirec(struct vnode *, struct vnode **); 538 0 stevel void audit_sock(int, struct queue *, struct msgb *, int); 539 0 stevel void audit_free(void); 540 0 stevel int audit_start(unsigned int, unsigned int, int, klwp_t *); 541 0 stevel void audit_finish(unsigned int, unsigned int, int, union rval *); 542 7753 Ton int audit_async_start(label_t *, au_event_t, int); 543 7753 Ton void audit_async_finish(caddr_t *, au_event_t, au_emod_t); 544 0 stevel void audit_async_discard_backend(void *); 545 0 stevel void audit_async_done(caddr_t *, int); 546 0 stevel void audit_async_drop(caddr_t *, int); 547 0 stevel 548 0 stevel #ifndef AUK_CONTEXT_T 549 0 stevel #define AUK_CONTEXT_T 550 0 stevel typedef struct au_kcontext au_kcontext_t; 551 0 stevel #endif 552 0 stevel 553 4307 pwernau int audit_success(au_kcontext_t *, struct t_audit_data *, int, cred_t *); 554 0 stevel int auditme(au_kcontext_t *, struct t_audit_data *, au_state_t); 555 0 stevel void audit_fixpath(struct audit_path *, int); 556 0 stevel void audit_ipc(int, int, void *); 557 0 stevel void audit_ipcget(int, void *); 558 0 stevel void audit_lookupname(); 559 0 stevel int audit_pathcomp(struct pathname *, vnode_t *, cred_t *); 560 0 stevel void audit_fdsend(int, struct file *, int); 561 0 stevel void audit_fdrecv(int, struct file *); 562 0 stevel int audit_c2_revoke(struct fcntla *, rval_t *); 563 0 stevel void audit_priv(int, const struct priv_set *, int); 564 0 stevel void audit_setppriv(int, int, const struct priv_set *, const cred_t *); 565 0 stevel void audit_devpolicy(int, const struct devplcysys *); 566 0 stevel void audit_update_context(proc_t *, cred_t *); 567 898 kais void audit_kssl(int, void *, int); 568 4307 pwernau void audit_pf_policy(int, cred_t *, netstack_t *, char *, boolean_t, int, 569 4307 pwernau pid_t); 570 1676 jpk void audit_sec_attributes(caddr_t *, struct vnode *); 571 0 stevel 572 0 stevel #endif 573 0 stevel 574 0 stevel #ifdef __cplusplus 575 0 stevel } 576 0 stevel #endif 577 0 stevel 578 0 stevel #endif /* _BSM_AUDIT_H */ 579
Indexes created Mon Nov 23 14:58:09 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.