Changeset View
Changeset View
Standalone View
Standalone View
sys/security/audit/audit_private.h
| Show First 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | |||||
| /* | /* | ||||
| * Success/failure conditions for the conversion of a kernel audit record to | * Success/failure conditions for the conversion of a kernel audit record to | ||||
| * BSM format. | * BSM format. | ||||
| */ | */ | ||||
| #define BSM_SUCCESS 0 | #define BSM_SUCCESS 0 | ||||
| #define BSM_FAILURE 1 | #define BSM_FAILURE 1 | ||||
| #define BSM_NOAUDIT 2 | #define BSM_NOAUDIT 2 | ||||
| /* Audit record type to differentiate between syscall and NFS record. */ | |||||
| #define AUDIT_SYSCALL_RECORD 0 | |||||
| #define AUDIT_NFSRPC_RECORD 1 | |||||
| /* | /* | ||||
| * Defines for the kernel audit record k_ar_commit field. Flags are set to | * Defines for the kernel audit record k_ar_commit field. Flags are set to | ||||
| * indicate what sort of record it is, and which preselection mechanism | * indicate what sort of record it is, and which preselection mechanism | ||||
| * selected it. | * selected it. | ||||
| */ | */ | ||||
| #define AR_COMMIT_KERNEL 0x00000001U | #define AR_COMMIT_KERNEL 0x00000001U | ||||
| #define AR_COMMIT_USER 0x00000010U | #define AR_COMMIT_USER 0x00000010U | ||||
| ▲ Show 20 Lines • Show All 232 Lines • ▼ Show 20 Lines | |||||
| */ | */ | ||||
| struct kaudit_record { | struct kaudit_record { | ||||
| struct audit_record k_ar; | struct audit_record k_ar; | ||||
| u_int32_t k_ar_commit; | u_int32_t k_ar_commit; | ||||
| void *k_udata; /* User data. */ | void *k_udata; /* User data. */ | ||||
| u_int k_ulen; /* User data length. */ | u_int k_ulen; /* User data length. */ | ||||
| struct uthread *k_uthread; /* Audited thread. */ | struct uthread *k_uthread; /* Audited thread. */ | ||||
| void *k_dtaudit_state; | void *k_dtaudit_state; | ||||
| int kaudit_record_type; | |||||
| TAILQ_ENTRY(kaudit_record) k_q; | TAILQ_ENTRY(kaudit_record) k_q; | ||||
| }; | }; | ||||
| TAILQ_HEAD(kaudit_queue, kaudit_record); | TAILQ_HEAD(kaudit_queue, kaudit_record); | ||||
| /* | /* | ||||
| * Functions to manage the allocation, release, and commit of kernel audit | * Functions to manage the allocation, release, and commit of kernel audit | ||||
| * records. | * records. | ||||
| */ | */ | ||||
| void audit_abort(struct kaudit_record *ar); | void audit_abort(struct kaudit_record *ar); | ||||
| void audit_commit(struct kaudit_record *ar, int error, | void audit_commit(struct kaudit_record *ar, int error, | ||||
| int retval); | int retval); | ||||
| struct kaudit_record *audit_new(int event, struct thread *td); | struct kaudit_record *audit_new(int event, struct thread *td); | ||||
| struct kaudit_record *audit_nfs_new(int event, struct nfsrv_descript *nd); | |||||
| /* | /* | ||||
| * Function to update the audit_syscalls_enabled flag, whose value is affected | * Function to update the audit_syscalls_enabled flag, whose value is affected | ||||
| * by configuration of the audit trail/pipe mechanism and DTrace. Call this | * by configuration of the audit trail/pipe mechanism and DTrace. Call this | ||||
| * function when any of the inputs to that policy change. | * function when any of the inputs to that policy change. | ||||
| */ | */ | ||||
| void audit_syscalls_enabled_update(void); | void audit_syscalls_enabled_update(void); | ||||
| ▲ Show 20 Lines • Show All 159 Lines • Show Last 20 Lines | |||||