Print this page
NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/c2/audit.h
+++ new/usr/src/uts/common/c2/audit.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23 + * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
23 24 */
24 25
25 26 /*
26 27 * This file contains the declarations of the various data structures
27 28 * used by the auditing module(s).
28 29 */
29 30
30 31 #ifndef _BSM_AUDIT_H
31 32 #define _BSM_AUDIT_H
32 33
33 34 #ifdef __cplusplus
34 35 extern "C" {
35 36 #endif
36 37
37 38
38 39 #include <sys/shm.h> /* for shmid_ds structure */
39 40 #include <sys/sem.h> /* for semid_ds structure */
40 41 #include <sys/msg.h> /* for msqid_ds structure */
41 42 #include <sys/atomic.h> /* using atomics */
42 43 #include <sys/secflags.h>
43 44
44 45 /*
45 46 * Audit conditions, statements reguarding what's to be done with
46 47 * audit records. None of the "global state" is returned by an
47 48 * auditconfig -getcond call. AUC_NOSPACE no longer seems used.
48 49 */
49 50 /* global state */
50 51 #define AUC_UNSET 0 /* on/off hasn't been decided */
51 52 #define AUC_ENABLED 1 /* loaded and enabled */
52 53 /* pseudo state used in libbsm */
53 54 #define AUC_DISABLED 0x100 /* c2audit module is excluded */
54 55 /* local zone state */
55 56 #define AUC_AUDITING 0x1 /* audit daemon is active */
56 57 #define AUC_NOAUDIT 0x2 /* audit daemon is not active */
57 58 #define AUC_INIT_AUDIT 0x4 /* audit ready but auditd has not run */
58 59 #define AUC_NOSPACE 0x8 /* audit enabled, no space for audit records */
59 60
60 61 /*
61 62 * The user id -2 is never audited - in fact, a setauid(AU_NOAUDITID)
62 63 * will turn off auditing.
63 64 */
64 65 #define AU_NOAUDITID ((au_id_t)-2)
65 66
66 67 /*
67 68 * success/failure bits for asynchronous events
68 69 */
69 70
70 71 #define AUM_SUCC 1 /* use the system success preselection mask */
71 72 #define AUM_FAIL 2 /* use the system failure preselection mask */
72 73
73 74
74 75 /*
75 76 * Defines for event modifier field
76 77 */
77 78 #define PAD_READ 0x0001 /* object read */
78 79 #define PAD_WRITE 0x0002 /* object write */
79 80 #define PAD_NONATTR 0x4000 /* non-attributable event */
80 81 #define PAD_FAILURE 0x8000 /* fail audit event */
81 82 #define PAD_SPRIVUSE 0x0080 /* successfully used privileged */
82 83 #define PAD_FPRIVUSE 0x0100 /* failed use of privileged */
83 84
84 85 /*
85 86 * Some typedefs for the fundamentals
86 87 */
87 88 typedef uint_t au_asid_t;
88 89 typedef uint_t au_class_t;
89 90 typedef ushort_t au_event_t;
90 91 typedef ushort_t au_emod_t;
91 92 typedef uid_t au_id_t;
92 93
93 94 /*
94 95 * An audit event mask.
95 96 */
96 97 #define AU_MASK_ALL 0xFFFFFFFF /* all bits on for unsigned int */
97 98 #define AU_MASK_NONE 0x0 /* all bits off = no:invalid class */
98 99
99 100 struct au_mask {
100 101 unsigned int am_success; /* success bits */
101 102 unsigned int am_failure; /* failure bits */
102 103 };
103 104 typedef struct au_mask au_mask_t;
104 105 #define as_success am_success
105 106 #define as_failure am_failure
106 107
107 108 /*
108 109 * The structure of the terminal ID (ipv4)
109 110 */
110 111 struct au_tid {
111 112 dev_t port;
112 113 uint_t machine;
113 114 };
114 115
115 116 #if defined(_SYSCALL32)
116 117 struct au_tid32 {
117 118 uint_t port;
118 119 uint_t machine;
119 120 };
120 121
121 122 typedef struct au_tid32 au_tid32_t;
122 123 #endif
123 124
124 125 typedef struct au_tid au_tid_t;
125 126
126 127 /*
127 128 * The structure of the terminal ID (ipv6)
128 129 */
129 130 struct au_tid_addr {
130 131 dev_t at_port;
131 132 uint_t at_type;
132 133 uint_t at_addr[4];
133 134 };
134 135
135 136 struct au_port_s {
136 137 uint32_t at_major; /* major # */
137 138 uint32_t at_minor; /* minor # */
138 139 };
139 140 typedef struct au_port_s au_port_t;
140 141
141 142 struct au_tid_addr64 {
142 143 au_port_t at_port;
143 144 uint_t at_type;
144 145 uint_t at_addr[4];
145 146 };
146 147 typedef struct au_tid_addr64 au_tid64_addr_t;
147 148
148 149 #if defined(_SYSCALL32)
149 150 struct au_tid_addr32 {
150 151 uint_t at_port;
151 152 uint_t at_type;
152 153 uint_t at_addr[4];
153 154 };
154 155
155 156 typedef struct au_tid_addr32 au_tid32_addr_t;
156 157 #endif
157 158
158 159 typedef struct au_tid_addr au_tid_addr_t;
159 160
160 161 struct au_ip {
161 162 uint16_t at_r_port; /* remote port */
162 163 uint16_t at_l_port; /* local port */
163 164 uint32_t at_type; /* AU_IPv4,... */
164 165 uint32_t at_addr[4]; /* remote IP */
165 166 };
166 167 typedef struct au_ip au_ip_t;
167 168
168 169 /*
169 170 * Generic network address structure
170 171 */
171 172 struct au_generic_tid {
172 173 uchar_t gt_type; /* AU_IPADR, AU_DEVICE,... */
173 174 union {
174 175 au_ip_t at_ip;
175 176 au_port_t at_dev;
176 177 } gt_adr;
177 178 };
178 179 typedef struct au_generic_tid au_generic_tid_t;
179 180
180 181 /*
181 182 * au_generic_tid_t gt_type values
182 183 * 0 is reserved for uninitialized data
183 184 */
184 185 #define AU_IPADR 1
185 186 #define AU_ETHER 2
186 187 #define AU_DEVICE 3
187 188
188 189 /*
189 190 * at_type values - address length used to identify address type
190 191 */
191 192 #define AU_IPv4 4 /* ipv4 type IP address */
192 193 #define AU_IPv6 16 /* ipv6 type IP address */
193 194
194 195 /*
195 196 * Compatability with SunOS 4.x BSM module
196 197 *
197 198 * New code should not contain audit_state_t,
198 199 * au_state_t, nor au_termid as these types
199 200 * may go away in future releases.
200 201 *
201 202 * typedef new-5.x-bsm-name old-4.x-bsm-name
202 203 */
203 204
204 205 typedef au_class_t au_state_t;
205 206 typedef au_mask_t audit_state_t;
206 207 typedef au_id_t auid_t;
207 208 #define ai_state ai_mask;
208 209
209 210 /*
210 211 * Opcodes for bsm system calls
211 212 */
212 213
213 214 #define BSM_GETAUID 19
214 215 #define BSM_SETAUID 20
215 216 #define BSM_GETAUDIT 21
216 217 #define BSM_SETAUDIT 22
217 218 /* 23 OBSOLETE */
218 219 /* 24 OBSOLETE */
219 220 #define BSM_AUDIT 25
220 221 /* 26 OBSOLETE */
221 222 /* 27 EOL announced for Sol 10 */
222 223 /* 28 OBSOLETE */
223 224 #define BSM_AUDITCTL 29
224 225 /* 30 OBSOLETE */
225 226 /* 31 OBSOLETE */
226 227 /* 32 OBSOLETE */
227 228 /* 33 OBSOLETE */
228 229 /* 34 OBSOLETE */
229 230 #define BSM_GETAUDIT_ADDR 35
230 231 #define BSM_SETAUDIT_ADDR 36
231 232 #define BSM_AUDITDOOR 37
232 233
233 234 /*
234 235 * auditon(2) commands
235 236 */
236 237 #define A_GETPOLICY 2 /* get audit policy */
237 238 #define A_SETPOLICY 3 /* set audit policy */
238 239 #define A_GETKMASK 4 /* get non-attributable event audit mask */
239 240 #define A_SETKMASK 5 /* set non-attributable event audit mask */
240 241 #define A_GETQCTRL 6 /* get kernel audit queue ctrl parameters */
241 242 #define A_SETQCTRL 7 /* set kernel audit queue ctrl parameters */
242 243 #define A_GETCWD 8 /* get process current working directory */
243 244 #define A_GETCAR 9 /* get process current active root */
244 245 #define A_GETSTAT 12 /* get audit statistics */
245 246 #define A_SETSTAT 13 /* (re)set audit statistics */
246 247 #define A_SETUMASK 14 /* set preselection mask for procs with auid */
247 248 #define A_SETSMASK 15 /* set preselection mask for procs with asid */
248 249 #define A_GETCOND 20 /* get audit system on/off condition */
249 250 #define A_SETCOND 21 /* set audit system on/off condition */
250 251 #define A_GETCLASS 22 /* get audit event to class mapping */
251 252 #define A_SETCLASS 23 /* set audit event to class mapping */
252 253 #define A_GETPINFO 24 /* get audit info for an arbitrary pid */
253 254 #define A_SETPMASK 25 /* set preselection mask for an given pid */
254 255 #define A_GETPINFO_ADDR 28 /* get audit info for an arbitrary pid */
255 256 #define A_GETKAUDIT 29 /* get kernel audit characteristics */
256 257 #define A_SETKAUDIT 30 /* set kernel audit characteristics */
257 258 #define A_GETAMASK 31 /* set user default audit event mask */
258 259 #define A_SETAMASK 32 /* get user default audit event mask */
259 260
260 261 /*
261 262 * Audit Policy parameters (32 bits)
262 263 */
263 264 #define AUDIT_CNT 0x0001 /* do NOT sleep undelivered synch events */
264 265 #define AUDIT_AHLT 0x0002 /* HALT machine on undelivered async event */
265 266 #define AUDIT_ARGV 0x0004 /* include argv with execv system call events */
266 267 #define AUDIT_ARGE 0x0008 /* include arge with execv system call events */
267 268 #define AUDIT_SEQ 0x0010 /* include sequence attribute */
268 269 #define AUDIT_GROUP 0x0040 /* include group attribute with each record */
269 270 #define AUDIT_TRAIL 0x0080 /* include trailer token */
270 271 #define AUDIT_PATH 0x0100 /* allow multiple paths per event */
271 272 #define AUDIT_SCNT 0x0200 /* sleep user events but not kernel events */
272 273 #define AUDIT_PUBLIC 0x0400 /* audit even "public" files */
273 274 #define AUDIT_ZONENAME 0x0800 /* emit zonename token */
274 275 #define AUDIT_PERZONE 0x1000 /* auditd and audit queue for each zone */
275 276 #define AUDIT_WINDATA_DOWN 0x2000 /* include paste downgraded data */
276 277 #define AUDIT_WINDATA_UP 0x4000 /* include paste upgraded data */
277 278
278 279 /*
279 280 * If AUDIT_GLOBAL changes, corresponding changes are required in
280 281 * audit_syscalls.c's setpolicy().
281 282 */
282 283 #define AUDIT_GLOBAL (AUDIT_AHLT | AUDIT_PERZONE)
283 284 #define AUDIT_LOCAL (AUDIT_CNT | AUDIT_ARGV | AUDIT_ARGE |\
284 285 AUDIT_SEQ | AUDIT_GROUP | AUDIT_TRAIL | AUDIT_PATH |\
285 286 AUDIT_PUBLIC | AUDIT_SCNT | AUDIT_ZONENAME |\
286 287 AUDIT_WINDATA_DOWN | AUDIT_WINDATA_UP)
287 288
288 289 /*
289 290 * Kernel audit queue control parameters
290 291 *
291 292 * audit record recording blocks at hiwater # undelived records
292 293 * audit record recording resumes at lowwater # undelivered audit records
293 294 * bufsz determines how big the data xfers will be to the audit trail
294 295 */
295 296 struct au_qctrl {
296 297 size_t aq_hiwater; /* kernel audit queue, high water mark */
297 298 size_t aq_lowater; /* kernel audit queue, low water mark */
298 299 size_t aq_bufsz; /* kernel audit queue, write size to trail */
299 300 clock_t aq_delay; /* delay before flushing audit queue */
300 301 };
301 302
302 303 #if defined(_SYSCALL32)
303 304 struct au_qctrl32 {
304 305 size32_t aq_hiwater;
305 306 size32_t aq_lowater;
306 307 size32_t aq_bufsz;
307 308 clock32_t aq_delay;
308 309 };
309 310 #endif
310 311
311 312
312 313 /*
313 314 * default values of hiwater and lowater (note hi > lo)
314 315 */
315 316 #define AQ_HIWATER 100
316 317 #define AQ_MAXHIGH 100000
317 318 #define AQ_LOWATER 10
318 319 #define AQ_BUFSZ 8192
319 320 #define AQ_MAXBUFSZ 1048576
320 321 #define AQ_DELAY 20
321 322 #define AQ_MAXDELAY 20000
322 323
323 324 struct auditinfo {
324 325 au_id_t ai_auid;
325 326 au_mask_t ai_mask;
326 327 au_tid_t ai_termid;
327 328 au_asid_t ai_asid;
328 329 };
329 330
330 331 #if defined(_SYSCALL32)
331 332 struct auditinfo32 {
332 333 au_id_t ai_auid;
333 334 au_mask_t ai_mask;
334 335 au_tid32_t ai_termid;
335 336 au_asid_t ai_asid;
336 337 };
337 338
338 339 typedef struct auditinfo32 auditinfo32_t;
339 340 #endif
340 341
341 342 typedef struct auditinfo auditinfo_t;
342 343
343 344 struct k_auditinfo_addr {
344 345 au_id_t ai_auid;
345 346 au_mask_t ai_amask; /* user default preselection mask */
346 347 au_mask_t ai_namask; /* non-attributable mask */
347 348 au_tid_addr_t ai_termid;
348 349 au_asid_t ai_asid;
349 350 };
350 351 typedef struct k_auditinfo_addr k_auditinfo_addr_t;
351 352
352 353 struct auditinfo_addr {
353 354 au_id_t ai_auid;
354 355 au_mask_t ai_mask;
355 356 au_tid_addr_t ai_termid;
356 357 au_asid_t ai_asid;
357 358 };
358 359
359 360 struct auditinfo_addr64 {
360 361 au_id_t ai_auid;
361 362 au_mask_t ai_mask;
362 363 au_tid64_addr_t ai_termid;
363 364 au_asid_t ai_asid;
364 365 };
365 366 typedef struct auditinfo_addr64 auditinfo64_addr_t;
366 367
367 368 #if defined(_SYSCALL32)
368 369 struct auditinfo_addr32 {
369 370 au_id_t ai_auid;
370 371 au_mask_t ai_mask;
371 372 au_tid32_addr_t ai_termid;
372 373 au_asid_t ai_asid;
373 374 };
374 375
375 376 typedef struct auditinfo_addr32 auditinfo32_addr_t;
376 377 #endif
377 378
378 379 typedef struct auditinfo_addr auditinfo_addr_t;
379 380
380 381 struct auditpinfo {
381 382 pid_t ap_pid;
382 383 au_id_t ap_auid;
383 384 au_mask_t ap_mask;
384 385 au_tid_t ap_termid;
385 386 au_asid_t ap_asid;
386 387 };
387 388
388 389 #if defined(_SYSCALL32)
389 390 struct auditpinfo32 {
390 391 pid_t ap_pid;
391 392 au_id_t ap_auid;
392 393 au_mask_t ap_mask;
393 394 au_tid32_t ap_termid;
394 395 au_asid_t ap_asid;
395 396 };
396 397 #endif
397 398
398 399
399 400 struct auditpinfo_addr {
400 401 pid_t ap_pid;
401 402 au_id_t ap_auid;
402 403 au_mask_t ap_mask;
403 404 au_tid_addr_t ap_termid;
404 405 au_asid_t ap_asid;
405 406 };
406 407
407 408 #if defined(_SYSCALL32)
408 409 struct auditpinfo_addr32 {
409 410 pid_t ap_pid;
410 411 au_id_t ap_auid;
411 412 au_mask_t ap_mask;
412 413 au_tid32_addr_t ap_termid;
413 414 au_asid_t ap_asid;
414 415 };
415 416 #endif
416 417
417 418
418 419 struct au_evclass_map {
419 420 au_event_t ec_number;
420 421 au_class_t ec_class;
421 422 };
422 423 typedef struct au_evclass_map au_evclass_map_t;
423 424
424 425 /*
425 426 * Audit stat structures (used to be in audit_stat.h
426 427 */
427 428
428 429 struct audit_stat {
429 430 unsigned int as_version; /* version of kernel audit code */
430 431 unsigned int as_numevent; /* number of kernel audit events */
431 432 uint32_t as_generated; /* # records processed */
432 433 uint32_t as_nonattrib; /* # non-attributed records produced */
433 434 uint32_t as_kernel; /* # records produced by kernel */
434 435 uint32_t as_audit; /* # records processed by audit(2) */
435 436 uint32_t as_auditctl; /* # records processed by auditctl(2) */
436 437 uint32_t as_enqueue; /* # records put onto audit queue */
437 438 uint32_t as_written; /* # records written to audit trail */
438 439 uint32_t as_wblocked; /* # times write blked on audit queue */
439 440 uint32_t as_rblocked; /* # times read blked on audit queue */
440 441 uint32_t as_dropped; /* # of dropped audit records */
441 442 uint32_t as_totalsize; /* total number bytes of audit data */
442 443 uint32_t as_memused; /* no longer used */
443 444 };
444 445 typedef struct audit_stat au_stat_t;
445 446
446 447 /* get kernel audit context dependent on AUDIT_PERZONE policy */
447 448 #define GET_KCTX_PZ (audit_policy & AUDIT_PERZONE) ?\
448 449 curproc->p_zone->zone_audit_kctxt :\
449 450 global_zone->zone_audit_kctxt
450 451 /* get kernel audit context of global zone */
451 452 #define GET_KCTX_GZ global_zone->zone_audit_kctxt
452 453 /* get kernel audit context of non-global zone */
453 454 #define GET_KCTX_NGZ curproc->p_zone->zone_audit_kctxt
454 455
455 456 #define AS_INC(a, b, c) atomic_add_32(&(c->auk_statistics.a), (b))
456 457 #define AS_DEC(a, b, c) atomic_add_32(&(c->auk_statistics.a), -(b))
457 458
458 459 /*
459 460 * audit token IPC types (shm, sem, msg) [for ipc attribute]
460 461 */
461 462
462 463 #define AT_IPC_MSG ((char)1) /* message IPC id */
463 464 #define AT_IPC_SEM ((char)2) /* semaphore IPC id */
464 465 #define AT_IPC_SHM ((char)3) /* shared memory IPC id */
465 466
466 467 #if defined(_KERNEL)
467 468
468 469 #ifdef __cplusplus
469 470 }
470 471 #endif
471 472
472 473 #include <sys/types.h>
473 474 #include <sys/model.h>
474 475 #include <sys/proc.h>
475 476 #include <sys/stream.h>
476 477 #include <sys/stropts.h>
477 478 #include <sys/file.h>
478 479 #include <sys/pathname.h>
479 480 #include <sys/vnode.h>
480 481 #include <sys/systm.h>
481 482 #include <netinet/in.h>
482 483 #include <c2/audit_door_infc.h>
|
↓ open down ↓ |
450 lines elided |
↑ open up ↑ |
483 484 #include <sys/crypto/ioctladmin.h>
484 485 #include <sys/netstack.h>
485 486 #include <sys/zone.h>
486 487
487 488 #ifdef __cplusplus
488 489 extern "C" {
489 490 #endif
490 491
491 492 struct fcntla;
492 493 struct t_audit_data;
494 +struct t_audit_sacl;
493 495 struct audit_path;
494 496 struct priv_set;
495 497 struct devplcysys;
496 498
497 499 struct auditcalls {
498 500 long code;
499 501 long a1;
500 502 long a2;
501 503 long a3;
502 504 long a4;
503 505 long a5;
504 506 };
505 507
506 508 int audit(caddr_t, int);
507 509 int auditsys(struct auditcalls *, union rval *); /* fake stub */
508 510 void audit_cryptoadm(int, char *, crypto_mech_name_t *,
509 511 uint_t, uint_t, uint32_t, int);
510 512 void audit_init(void);
511 513 void audit_init_module(void);
512 514 void audit_newproc(struct proc *);
513 515 void audit_pfree(struct proc *);
514 516 void audit_thread_create(kthread_id_t);
515 517 void audit_thread_free(kthread_id_t);
516 518 int audit_savepath(struct pathname *, struct vnode *, struct vnode *,
517 519 int, cred_t *);
518 520 void audit_anchorpath(struct pathname *, int);
519 521 void audit_symlink(struct pathname *, struct pathname *);
520 522 void audit_symlink_create(struct vnode *, char *, char *, int);
521 523 int object_is_public(struct vattr *);
522 524 void audit_attributes(struct vnode *);
523 525 void audit_falloc(struct file *);
524 526 void audit_unfalloc(struct file *);
525 527 void audit_exit(int, int);
526 528 void audit_core_start(int);
527 529 void audit_core_finish(int);
528 530 void audit_strgetmsg(struct vnode *, struct strbuf *, struct strbuf *,
529 531 unsigned char *, int *, int);
530 532 void audit_strputmsg(struct vnode *, struct strbuf *, struct strbuf *,
531 533 unsigned char, int, int);
532 534 void audit_closef(struct file *);
533 535 void audit_setf(struct file *, int);
534 536 void audit_reboot(void);
535 537 void audit_vncreate_start(void);
536 538 void audit_setfsat_path(int argnum);
537 539 void audit_vncreate_finish(struct vnode *, int);
538 540 void audit_exec(const char *, const char *, ssize_t, ssize_t, cred_t *);
539 541 void audit_enterprom(int);
|
↓ open down ↓ |
37 lines elided |
↑ open up ↑ |
540 542 void audit_exitprom(int);
541 543 void audit_chdirec(struct vnode *, struct vnode **);
542 544 void audit_sock(int, struct queue *, struct msgb *, int);
543 545 int audit_start(unsigned int, unsigned int, uint32_t, int, klwp_t *);
544 546 void audit_finish(unsigned int, unsigned int, int, union rval *);
545 547 int audit_async_start(label_t *, au_event_t, int);
546 548 void audit_async_finish(caddr_t *, au_event_t, au_emod_t, timestruc_t *);
547 549 void audit_async_discard_backend(void *);
548 550 void audit_async_done(caddr_t *, int);
549 551 void audit_async_drop(caddr_t *, int);
552 +void audit_sacl(char *, cred_t *, uint32_t, boolean_t,
553 + struct t_audit_sacl *);
550 554
551 555 #ifndef AUK_CONTEXT_T
552 556 #define AUK_CONTEXT_T
553 557 typedef struct au_kcontext au_kcontext_t;
554 558 #endif
555 559
556 560 /* Zone audit context setup routine */
557 561 void au_zone_setup(void);
558 562
559 563 /*
560 564 * c2audit module states
561 565 */
562 566 #define C2AUDIT_DISABLED 0 /* c2audit module excluded in /etc/system */
563 567 #define C2AUDIT_UNLOADED 1 /* c2audit module not loaded */
564 568 #define C2AUDIT_LOADED 2 /* c2audit module loaded */
565 569
566 570 uint32_t audit_getstate(void);
567 571 int au_zone_getstate(const au_kcontext_t *);
568 572
569 573 /* The audit mask defining in which case is auditing enabled */
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
570 574 #define AU_AUDIT_MASK (AUC_AUDITING | AUC_NOSPACE)
571 575
572 576 /*
573 577 * Get the given zone audit status. zcontext != NULL serves
574 578 * as a protection when c2audit module is not loaded.
575 579 */
576 580 #define AU_ZONE_AUDITING(zcontext) \
577 581 (audit_active == C2AUDIT_LOADED && \
578 582 ((AU_AUDIT_MASK) & au_zone_getstate((zcontext))))
579 583
584 +#define AU_AUDIT_PERZONE() \
585 + ((audit_policy & AUDIT_PERZONE) != 0)
586 +
580 587 /*
581 588 * Get auditing status
582 589 */
583 590 #define AU_AUDITING() (audit_getstate())
584 591
585 592 int audit_success(au_kcontext_t *, struct t_audit_data *, int, cred_t *);
586 593 int auditme(au_kcontext_t *, struct t_audit_data *, au_state_t);
594 +int auditev(au_event_t, cred_t *);
587 595 void audit_fixpath(struct audit_path *, int);
588 596 void audit_ipc(int, int, void *);
589 597 void audit_ipcget(int, void *);
590 598 void audit_fdsend(int, struct file *, int);
591 599 void audit_fdrecv(int, struct file *);
592 600 void audit_priv(int, const struct priv_set *, int);
593 601 void audit_setppriv(int, int, const struct priv_set *, const cred_t *);
594 602 void audit_psecflags(proc_t *, psecflagwhich_t,
595 603 const secflagdelta_t *);
596 604 void audit_devpolicy(int, const struct devplcysys *);
597 605 void audit_update_context(proc_t *, cred_t *);
598 606 void audit_kssl(int, void *, int);
599 607 void audit_pf_policy(int, cred_t *, netstack_t *, char *, boolean_t, int,
600 608 pid_t);
601 609 void audit_sec_attributes(caddr_t *, struct vnode *);
602 610
603 611 #endif
604 612
605 613 #ifdef __cplusplus
606 614 }
607 615 #endif
608 616
609 617 #endif /* _BSM_AUDIT_H */
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX