[apple/xnu.git] / bsd / bsm / audit_record.h

/*
 * Copyright (c) 1999-2007 Apple Inc.  All Rights Reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 * 
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

#ifndef _BSM_AUDIT_RECORD_H_
#define _BSM_AUDIT_RECORD_H_

#include <sys/cdefs.h>
#include <sys/vnode.h>
#include <sys/types.h>
#include <sys/un.h>
#include <sys/event.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>

/* We could determined the header and trailer sizes by
 * defining appropriate structures. We hold off that approach
 * till we have a consistant way of using structures for all tokens.
 * This is not straightforward since these token structures may
 * contain pointers of whose contents we dont know the size
 * (e.g text tokens)
 */
#define HEADER_SIZE     18
#define TRAILER_SIZE    7
        
#define ADD_U_CHAR(loc, val) \
        do {\
		*loc = val;\
                loc += sizeof(u_char);\
        }while(0)
    

#define ADD_U_INT16(loc, val) \
        do { \
		memcpy(loc, (const u_char *)&val, sizeof(u_int16_t));\
                loc += sizeof(u_int16_t); \
        }while(0)

#define ADD_U_INT32(loc, val) \
        do { \
		memcpy(loc, (const u_char *)&val, sizeof(u_int32_t));\
                loc += sizeof(u_int32_t); \
        }while(0)

#define ADD_U_INT64(loc, val)\
        do {\
		memcpy(loc, (const u_char *)&val, sizeof(u_int64_t));\
                loc += sizeof(u_int64_t); \
        }while(0)

#define ADD_MEM(loc, data, size) \
        do { \
                memcpy(loc, data, size);\
                loc += size;\
        }while(0)

#define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size)


/* Various token id types */

/* 
 * Values inside the comments are not documented in the BSM pages and
 * have been picked up from the header files 
 */  

/*
 * Values marked as XXX do not have a value defined in the BSM header files 
 */   

/*
 * Control token types

#define AUT_OTHER_FILE              ((char)0x11)
#define AUT_OTHER_FILE32            AUT_OTHER_FILE
#define AUT_OHEADER                 ((char)0x12)

 */

#define AUT_INVALID                 0x00
#define AU_FILE_TOKEN               0x11
#define AU_TRAILER_TOKEN            0x13 
#define AU_HEADER_32_TOKEN          0x14	
#define AU_HEADER_EX_32_TOKEN       0x15

/*
 * Data token types
#define AUT_SERVER              ((char)0x25)
#define AUT_SERVER32            AUT_SERVER
 */

#define AU_DATA_TOKEN               0x21
#define AU_ARB_TOKEN                AU_DATA_TOKEN	
#define AU_IPC_TOKEN                0x22
#define AU_PATH_TOKEN               0x23
#define AU_SUBJECT_32_TOKEN         0x24
#define AU_PROCESS_32_TOKEN         0x26
#define AU_RETURN_32_TOKEN          0x27
#define AU_TEXT_TOKEN               0x28
#define AU_OPAQUE_TOKEN             0x29
#define AU_IN_ADDR_TOKEN            0x2A
#define AU_IP_TOKEN                 0x2B
#define AU_IPORT_TOKEN              0x2C
#define AU_ARG32_TOKEN              0x2D	
#define AU_SOCK_TOKEN               0x2E
#define AU_SEQ_TOKEN                0x2F

/*
 * Modifier token types

#define AUT_ACL                 ((char)0x30)
#define AUT_LABEL               ((char)0x33)
#define AUT_GROUPS              ((char)0x34)
#define AUT_ILABEL              ((char)0x35)
#define AUT_SLABEL              ((char)0x36)
#define AUT_CLEAR               ((char)0x37)
#define AUT_PRIV                ((char)0x38)
#define AUT_UPRIV               ((char)0x39)
#define AUT_LIAISON             ((char)0x3A)
 
 */

#define AU_ATTR_TOKEN               0x31
#define AU_IPCPERM_TOKEN            0x32
#define AU_NEWGROUPS_TOKEN          0x3B
#define AU_EXEC_ARG_TOKEN           0x3C
#define AU_EXEC_ENV_TOKEN           0x3D
#define AU_ATTR32_TOKEN             0x3E

/*
 * Command token types
 */
 
#define AU_CMD_TOKEN                0x51
#define AU_EXIT_TOKEN               0x52

/*
 * Miscellaneous token types

#define AUT_HOST                ((char)0x70)

 */

/*
 * 64bit token types

#define AUT_SERVER64            ((char)0x76)
#define AUT_OTHER_FILE64		((char)0x78)

 */

#define AU_ARG64_TOKEN              0x71
#define AU_RETURN_64_TOKEN          0x72
#define AU_ATTR64_TOKEN             0x73
#define AU_HEADER_64_TOKEN          0x74
#define AU_SUBJECT_64_TOKEN         0x75
#define AU_PROCESS_64_TOKEN         0x77

/*
 * Extended network address token types
 */
 
#define AU_HEADER_EX_64_TOKEN       0x79
#define AU_SUBJECT_32_EX_TOKEN      0x7a	
#define AU_PROCESS_32_EX_TOKEN      0x7b
#define AU_SUBJECT_64_EX_TOKEN      0x7c
#define AU_PROCESS_64_EX_TOKEN      0x7d
#define AU_IN_ADDR_EX_TOKEN	    0x7e
#define AU_SOCK_EX32_TOKEN          0x7f
#define AU_SOCK_EX128_TOKEN         AUT_INVALID         /*XXX*/
#define AU_IP_EX_TOKEN              AUT_INVALID         /*XXX*/

/*
 * The values for the following token ids are not
 * defined by BSM
 */
#define AU_SOCK_INET_32_TOKEN       0x80         /*XXX*/ 
#define AU_SOCK_INET_128_TOKEN      0x81         /*XXX*/
#define AU_SOCK_UNIX_TOKEN          0x82         /*XXX*/

/* print values for the arbitrary token */
#define AUP_BINARY      0
#define AUP_OCTAL       1
#define AUP_DECIMAL     2
#define AUP_HEX         3
#define AUP_STRING      4

/* data-types for the arbitrary token */
#define AUR_BYTE        0
#define AUR_SHORT       1
#define AUR_LONG        2

/* ... and their sizes */
#define AUR_BYTE_SIZE       sizeof(u_char)	
#define AUR_SHORT_SIZE      sizeof(u_int16_t)
#define AUR_LONG_SIZE       sizeof(u_int32_t)

/* Modifiers for the header token */
#define PAD_NOTATTR  0x4000   /* nonattributable event */
#define PAD_FAILURE  0x8000   /* fail audit event */


#define MAX_GROUPS          16
#define HEADER_VERSION      1
#define TRAILER_PAD_MAGIC   0xB105

/* BSM library calls */

__BEGIN_DECLS

int			au_open(void);
int			au_write(int d, token_t *m);
int			au_close(int d, int keep, short event);
token_t			*au_to_file(char *file);
token_t			*au_to_header(int rec_size, au_event_t e_type, 
					au_emod_t e_mod);
token_t			*au_to_header32(int rec_size, au_event_t e_type, 
					au_emod_t e_mod);
token_t			*au_to_header64(int rec_size, au_event_t e_type, 
					au_emod_t e_mod);
token_t			*au_to_me(void);
                               
token_t			*au_to_arg(char n, char *text, u_int32_t v);
token_t			*au_to_arg32(char n, const char *text, u_int32_t v);
token_t			*au_to_arg64(char n, const char *text, u_int64_t v);
token_t			*au_to_attr(struct vnode_attr *attr);
token_t			*au_to_attr32(struct vnode_attr *attr);
token_t			*au_to_attr64(struct vnode_attr *attr);
token_t			*au_to_data(char unit_print, char unit_type,
				char unit_count, unsigned char *p);
token_t			*au_to_exit(int retval, int err);
token_t			*au_to_groups(gid_t *groups);
token_t			*au_to_newgroups(u_int16_t n, gid_t *groups);
token_t			*au_to_in_addr(struct in_addr *internet_addr);
token_t			*au_to_in_addr_ex(struct in6_addr *internet_addr);
token_t			*au_to_ip(struct ip *ip);
token_t			*au_to_ipc(char type, int id);
token_t			*au_to_ipc_perm(struct ipc_perm *perm);
token_t			*au_to_iport(u_int16_t iport);
token_t			*au_to_opaque(char *data, u_int16_t bytes);
token_t			*au_to_path(char *path);
token_t			*au_to_process(au_id_t auid, uid_t euid, gid_t egid,
				uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_t *tid);
token_t			*au_to_process32(au_id_t auid, uid_t euid, gid_t egid,
				uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_t *tid);
token_t			*au_to_process64(au_id_t auid, uid_t euid, gid_t egid,
				uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_t *tid);
token_t			*au_to_process_ex(au_id_t auid, uid_t euid,
				gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_addr_t *tid);
token_t			*au_to_process32_ex(au_id_t auid, uid_t euid,
				gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_addr_t *tid);
token_t			*au_to_process64_ex(au_id_t auid, uid_t euid,
				gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_addr_t *tid);
token_t			*au_to_return(char status, u_int32_t ret);
token_t			*au_to_return32(char status, u_int32_t ret);
token_t			*au_to_return64(char status, u_int64_t ret);
token_t			*au_to_seq(u_int32_t audit_count);
token_t			*au_to_socket(struct socket *so);
token_t			*au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, 
				struct sockaddr *la, struct sockaddr *ta);
token_t			*au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, 
				struct sockaddr *la, struct sockaddr *ta);
token_t			*au_to_sock_inet(struct sockaddr_in *so);
token_t			*au_to_sock_inet32(struct sockaddr_in *so);
token_t			*au_to_sock_inet128(struct sockaddr_in6 *so);
token_t			*au_to_sock_unix(struct sockaddr_un *so);
token_t			*au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
				uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_t *tid);
token_t			*au_to_subject32(au_id_t auid, uid_t euid, gid_t egid,
				uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_t *tid);
token_t			*au_to_subject64(au_id_t auid, uid_t euid, gid_t egid,
				uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_t *tid);
token_t			*au_to_subject_ex(au_id_t auid, uid_t euid,
				gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_addr_t *tid);
token_t			*au_to_subject32_ex(au_id_t auid, uid_t euid,
				gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_addr_t *tid);
token_t			*au_to_subject64_ex(au_id_t auid, uid_t euid,
				gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
				au_asid_t sid, au_tid_addr_t *tid);
token_t			*au_to_exec_args(const char **);
token_t			*au_to_exec_env(const char **);
token_t			*au_to_text(const char *text);
token_t			*au_to_kevent(struct kevent *kev);
token_t			*au_to_trailer(int rec_size);

__END_DECLS

#endif /* ! _BSM_AUDIT_RECORD_H_ */
Commit	Line	Data
55e303ae	1	/*
2d21ac55 A	2	* Copyright (c) 1999-2007 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
37839358	5	*
89b3af67 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
2d21ac55 A	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
	14	*
	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
8f6c56a5	17	*
89b3af67 A	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
8f6c56a5	25	*
2d21ac55	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
55e303ae A	27	*/
55e303ae A	28
e5568f75 A	29	#ifndef _BSM_AUDIT_RECORD_H_
e5568f75 A	30	#define _BSM_AUDIT_RECORD_H_
55e303ae	31
e5568f75	32	#include <sys/cdefs.h>
55e303ae	33	#include <sys/vnode.h>
91447636	34	#include <sys/types.h>
55e303ae	35	#include <sys/un.h>
e5568f75	36	#include <sys/event.h>
55e303ae A	37	#include <netinet/in_systm.h>
	38	#include <netinet/in.h>
	39	#include <netinet/ip.h>
	40
	41	/* We could determined the header and trailer sizes by
	42	* defining appropriate structures. We hold off that approach
	43	* till we have a consistant way of using structures for all tokens.
	44	* This is not straightforward since these token structures may
	45	* contain pointers of whose contents we dont know the size
	46	* (e.g text tokens)
	47	*/
	48	#define HEADER_SIZE 18
	49	#define TRAILER_SIZE 7
	50
	51	#define ADD_U_CHAR(loc, val) \
	52	do {\
	53	*loc = val;\
	54	loc += sizeof(u_char);\
	55	}while(0)
	56
	57
	58	#define ADD_U_INT16(loc, val) \
	59	do { \
91447636	60	memcpy(loc, (const u_char *)&val, sizeof(u_int16_t));\
55e303ae A	61	loc += sizeof(u_int16_t); \
	62	}while(0)
	63
	64	#define ADD_U_INT32(loc, val) \
	65	do { \
91447636	66	memcpy(loc, (const u_char *)&val, sizeof(u_int32_t));\
55e303ae A	67	loc += sizeof(u_int32_t); \
	68	}while(0)
	69
	70	#define ADD_U_INT64(loc, val)\
	71	do {\
91447636	72	memcpy(loc, (const u_char *)&val, sizeof(u_int64_t));\
55e303ae A	73	loc += sizeof(u_int64_t); \
	74	}while(0)
	75
	76	#define ADD_MEM(loc, data, size) \
	77	do { \
	78	memcpy(loc, data, size);\
	79	loc += size;\
	80	}while(0)
	81
	82	#define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size)
	83
	84
	85	/* Various token id types */
	86
	87	/*
	88	* Values inside the comments are not documented in the BSM pages and
	89	* have been picked up from the header files
	90	*/
	91
	92	/*
	93	* Values marked as XXX do not have a value defined in the BSM header files
	94	*/
	95
	96	/*
	97	* Control token types
	98
	99	#define AUT_OTHER_FILE ((char)0x11)
	100	#define AUT_OTHER_FILE32 AUT_OTHER_FILE
	101	#define AUT_OHEADER ((char)0x12)
	102
	103	*/
	104
	105	#define AUT_INVALID 0x00
	106	#define AU_FILE_TOKEN 0x11
	107	#define AU_TRAILER_TOKEN 0x13
	108	#define AU_HEADER_32_TOKEN 0x14
	109	#define AU_HEADER_EX_32_TOKEN 0x15
	110
55e303ae A	111	/*
	112	* Data token types
	113	#define AUT_SERVER ((char)0x25)
	114	#define AUT_SERVER32 AUT_SERVER
	115	*/
	116
	117	#define AU_DATA_TOKEN 0x21
	118	#define AU_ARB_TOKEN AU_DATA_TOKEN
	119	#define AU_IPC_TOKEN 0x22
	120	#define AU_PATH_TOKEN 0x23
	121	#define AU_SUBJECT_32_TOKEN 0x24
	122	#define AU_PROCESS_32_TOKEN 0x26
	123	#define AU_RETURN_32_TOKEN 0x27
	124	#define AU_TEXT_TOKEN 0x28
	125	#define AU_OPAQUE_TOKEN 0x29
	126	#define AU_IN_ADDR_TOKEN 0x2A
	127	#define AU_IP_TOKEN 0x2B
	128	#define AU_IPORT_TOKEN 0x2C
	129	#define AU_ARG32_TOKEN 0x2D
	130	#define AU_SOCK_TOKEN 0x2E
	131	#define AU_SEQ_TOKEN 0x2F
	132
	133	/*
	134	* Modifier token types
	135
	136	#define AUT_ACL ((char)0x30)
	137	#define AUT_LABEL ((char)0x33)
	138	#define AUT_GROUPS ((char)0x34)
	139	#define AUT_ILABEL ((char)0x35)
	140	#define AUT_SLABEL ((char)0x36)
	141	#define AUT_CLEAR ((char)0x37)
	142	#define AUT_PRIV ((char)0x38)
	143	#define AUT_UPRIV ((char)0x39)
	144	#define AUT_LIAISON ((char)0x3A)
	145
	146	*/
	147
	148	#define AU_ATTR_TOKEN 0x31
	149	#define AU_IPCPERM_TOKEN 0x32
	150	#define AU_NEWGROUPS_TOKEN 0x3B
	151	#define AU_EXEC_ARG_TOKEN 0x3C
	152	#define AU_EXEC_ENV_TOKEN 0x3D
	153	#define AU_ATTR32_TOKEN 0x3E
	154
55e303ae A	155	/*
	156	* Command token types
	157	*/
	158
	159	#define AU_CMD_TOKEN 0x51
	160	#define AU_EXIT_TOKEN 0x52
	161
55e303ae A	162	/*
	163	* Miscellaneous token types
	164
	165	#define AUT_HOST ((char)0x70)
	166
	167	*/
	168
	169	/*
	170	* 64bit token types
	171
	172	#define AUT_SERVER64 ((char)0x76)
	173	#define AUT_OTHER_FILE64 ((char)0x78)
	174
	175	*/
	176
	177	#define AU_ARG64_TOKEN 0x71
	178	#define AU_RETURN_64_TOKEN 0x72
	179	#define AU_ATTR64_TOKEN 0x73
	180	#define AU_HEADER_64_TOKEN 0x74
	181	#define AU_SUBJECT_64_TOKEN 0x75
	182	#define AU_PROCESS_64_TOKEN 0x77
	183
55e303ae A	184	/*
	185	* Extended network address token types
	186	*/
	187
	188	#define AU_HEADER_EX_64_TOKEN 0x79
	189	#define AU_SUBJECT_32_EX_TOKEN 0x7a
	190	#define AU_PROCESS_32_EX_TOKEN 0x7b
	191	#define AU_SUBJECT_64_EX_TOKEN 0x7c
	192	#define AU_PROCESS_64_EX_TOKEN 0x7d
e5568f75	193	#define AU_IN_ADDR_EX_TOKEN 0x7e
55e303ae A	194	#define AU_SOCK_EX32_TOKEN 0x7f
	195	#define AU_SOCK_EX128_TOKEN AUT_INVALID /XXX/
	196	#define AU_IP_EX_TOKEN AUT_INVALID /XXX/
	197
55e303ae	198	/*
e5568f75	199	* The values for the following token ids are not
55e303ae A	200	* defined by BSM
	201	*/
	202	#define AU_SOCK_INET_32_TOKEN 0x80 /XXX/
	203	#define AU_SOCK_INET_128_TOKEN 0x81 /XXX/
	204	#define AU_SOCK_UNIX_TOKEN 0x82 /XXX/
	205
	206	/* print values for the arbitrary token */
	207	#define AUP_BINARY 0
	208	#define AUP_OCTAL 1
	209	#define AUP_DECIMAL 2
	210	#define AUP_HEX 3
	211	#define AUP_STRING 4
	212
55e303ae A	213	/* data-types for the arbitrary token */
	214	#define AUR_BYTE 0
	215	#define AUR_SHORT 1
	216	#define AUR_LONG 2
	217
	218	/* ... and their sizes */
	219	#define AUR_BYTE_SIZE sizeof(u_char)
	220	#define AUR_SHORT_SIZE sizeof(u_int16_t)
	221	#define AUR_LONG_SIZE sizeof(u_int32_t)
	222
	223	/* Modifiers for the header token */
	224	#define PAD_NOTATTR 0x4000 /* nonattributable event */
	225	#define PAD_FAILURE 0x8000 /* fail audit event */
	226
	227
	228	#define MAX_GROUPS 16
	229	#define HEADER_VERSION 1
	230	#define TRAILER_PAD_MAGIC 0xB105
	231
	232	/* BSM library calls */
	233
e5568f75 A	234	__BEGIN_DECLS
e5568f75 A	235
55e303ae A	236	int au_open(void);
	237	int au_write(int d, token_t *m);
	238	int au_close(int d, int keep, short event);
	239	token_t au_to_file(char file);
	240	token_t *au_to_header(int rec_size, au_event_t e_type,
	241	au_emod_t e_mod);
	242	token_t *au_to_header32(int rec_size, au_event_t e_type,
	243	au_emod_t e_mod);
	244	token_t *au_to_header64(int rec_size, au_event_t e_type,
	245	au_emod_t e_mod);
	246	token_t *au_to_me(void);
	247
	248	token_t au_to_arg(char n, char text, u_int32_t v);
2d21ac55 A	249	token_t au_to_arg32(char n, const char text, u_int32_t v);
2d21ac55 A	250	token_t au_to_arg64(char n, const char text, u_int64_t v);
91447636 A	251	token_t au_to_attr(struct vnode_attr attr);
	252	token_t au_to_attr32(struct vnode_attr attr);
	253	token_t au_to_attr64(struct vnode_attr attr);
55e303ae	254	token_t *au_to_data(char unit_print, char unit_type,
2d21ac55	255	char unit_count, unsigned char *p);
55e303ae	256	token_t *au_to_exit(int retval, int err);
2d21ac55	257	token_t au_to_groups(gid_t groups);
55e303ae A	258	token_t au_to_newgroups(u_int16_t n, gid_t groups);
	259	token_t au_to_in_addr(struct in_addr internet_addr);
	260	token_t au_to_in_addr_ex(struct in6_addr internet_addr);
	261	token_t au_to_ip(struct ip ip);
	262	token_t *au_to_ipc(char type, int id);
	263	token_t au_to_ipc_perm(struct ipc_perm perm);
	264	token_t *au_to_iport(u_int16_t iport);
	265	token_t au_to_opaque(char data, u_int16_t bytes);
	266	token_t au_to_path(char path);
	267	token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
	268	uid_t ruid, gid_t rgid, pid_t pid,
	269	au_asid_t sid, au_tid_t *tid);
	270	token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid,
	271	uid_t ruid, gid_t rgid, pid_t pid,
	272	au_asid_t sid, au_tid_t *tid);
	273	token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid,
	274	uid_t ruid, gid_t rgid, pid_t pid,
	275	au_asid_t sid, au_tid_t *tid);
	276	token_t *au_to_process_ex(au_id_t auid, uid_t euid,
	277	gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
	278	au_asid_t sid, au_tid_addr_t *tid);
	279	token_t *au_to_process32_ex(au_id_t auid, uid_t euid,
	280	gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
	281	au_asid_t sid, au_tid_addr_t *tid);
	282	token_t *au_to_process64_ex(au_id_t auid, uid_t euid,
	283	gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
	284	au_asid_t sid, au_tid_addr_t *tid);
	285	token_t *au_to_return(char status, u_int32_t ret);
	286	token_t *au_to_return32(char status, u_int32_t ret);
	287	token_t *au_to_return64(char status, u_int64_t ret);
2d21ac55	288	token_t *au_to_seq(u_int32_t audit_count);
55e303ae	289	token_t au_to_socket(struct socket so);
e5568f75 A	290	token_t *au_to_socket_ex_32(u_int16_t lp, u_int16_t rp,
	291	struct sockaddr la, struct sockaddr ta);
	292	token_t *au_to_socket_ex_128(u_int16_t lp, u_int16_t rp,
	293	struct sockaddr la, struct sockaddr ta);
55e303ae A	294	token_t au_to_sock_inet(struct sockaddr_in so);
	295	token_t au_to_sock_inet32(struct sockaddr_in so);
	296	token_t au_to_sock_inet128(struct sockaddr_in6 so);
	297	token_t au_to_sock_unix(struct sockaddr_un so);
	298	token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
	299	uid_t ruid, gid_t rgid, pid_t pid,
	300	au_asid_t sid, au_tid_t *tid);
	301	token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid,
	302	uid_t ruid, gid_t rgid, pid_t pid,
	303	au_asid_t sid, au_tid_t *tid);
	304	token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid,
	305	uid_t ruid, gid_t rgid, pid_t pid,
	306	au_asid_t sid, au_tid_t *tid);
	307	token_t *au_to_subject_ex(au_id_t auid, uid_t euid,
	308	gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
	309	au_asid_t sid, au_tid_addr_t *tid);
	310	token_t *au_to_subject32_ex(au_id_t auid, uid_t euid,
	311	gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
	312	au_asid_t sid, au_tid_addr_t *tid);
	313	token_t *au_to_subject64_ex(au_id_t auid, uid_t euid,
	314	gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
	315	au_asid_t sid, au_tid_addr_t *tid);
	316	token_t au_to_exec_args(const char *);
	317	token_t au_to_exec_env(const char *);
2d21ac55	318	token_t au_to_text(const char text);
e5568f75	319	token_t au_to_kevent(struct kevent kev);
55e303ae A	320	token_t *au_to_trailer(int rec_size);
55e303ae A	321
e5568f75 A	322	__END_DECLS
	323
	324	#endif /* ! _BSM_AUDIT_RECORD_H_ */