big-one Udiff usr/src/uts/common/c2/audit

Print this page

NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>

@@ -19,10 +19,12 @@
  * CDDL HEADER END
  */
 /*
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  */
 
 #ifndef _BSM_AUDIT_RECORD_H
 #define _BSM_AUDIT_RECORD_H

@@ -32,10 +34,11 @@
 #else
 #include <priv.h>
 #endif
 #include <sys/socket.h>
 #include <sys/acl.h>
+#include <sys/sid.h>
 
 #include <sys/tsol/label.h>
 
 #ifdef __cplusplus
 extern "C" {

@@ -187,10 +190,16 @@
 #define AUT_SUBJECT64_EX        ((char)0x7c)
 #define AUT_PROCESS64_EX        ((char)0x7d)
 #define AUT_IN_ADDR_EX          ((char)0x7e)
 #define AUT_SOCKET_EX           ((char)0x7f)
 
+/*
+ * Can't do >= 0x80 because these are chars. 0x16/0x17 seem to be free here,
+ * but who knows if they have historical uses
+ */
+#define AUT_ACCESS_MASK         ((char)0x16)
+#define AUT_WSID                ((char)0x17)
 
 /*
  * Audit print suggestion types.
  */

@@ -264,10 +273,12 @@
 #define au_getclr()             ((token_t *)au_get_buff())
 #define au_toss_token(tok)      (au_free_rec((au_buff_t *)(tok)))
 
 token_t *au_to_acl();
 token_t *au_to_ace();
+token_t *au_to_access_mask(uint32_t);
+token_t *au_to_wsid(ksid_t *);
 token_t *au_to_attr(struct vattr *);
 token_t *au_to_data(char, char, char, char *);
 token_t *au_to_header(int, au_event_t, au_emod_t);
 token_t *au_to_header_ex(int, au_event_t, au_emod_t);
 token_t *au_to_ipc(char, int);

@@ -276,10 +287,11 @@
 token_t *au_to_in_addr(struct in_addr *);
 token_t *au_to_in_addr_ex(int32_t *);
 token_t *au_to_ip(struct ip *);
 token_t *au_to_groups(const gid_t *, uint_t);
 token_t *au_to_path(struct audit_path *);
+token_t *au_to_path_string(const char *);
 token_t *au_to_seq();
 token_t *au_to_process(uid_t, gid_t, uid_t, gid_t, pid_t,
                         au_id_t, au_asid_t, const au_tid_addr_t *);
 token_t *au_to_subject(uid_t, gid_t, uid_t, gid_t, pid_t,
                         au_id_t, au_asid_t, const au_tid_addr_t *);