git.saurik.com Git - apple/xnu.git/blame_incremental - bsd/security/audit/audit_bsm

... / ...

Commit	Line	Data
	1	/*-
	2	* Copyright (c) 2008-2019 Apple Inc. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	* 3. Neither the name of Apple Inc. ("Apple") nor the names of
	13	* its contributors may be used to endorse or promote products derived
	14	* from this software without specific prior written permission.
	15	*
	16	* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
	17	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	18	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	19	* ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
	20	* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	21	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	22	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	23	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	24	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
	25	* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	26	* POSSIBILITY OF SUCH DAMAGE.
	27	*
	28	*/
	29
	30	#include <sys/param.h>
	31	#include <sys/socket.h>
	32
	33	#include <security/audit/audit.h>
	34
	35	#include <bsm/audit_domain.h>
	36	#include <bsm/audit_record.h>
	37
	38	#if CONFIG_AUDIT
	39	struct bsm_domain {
	40	u_short bd_bsm_domain;
	41	int bd_local_domain;
	42	};
	43
	44	#define PF_NO_LOCAL_MAPPING -600
	45
	46	static const struct bsm_domain bsm_domains[] = {
	47	{ .bd_bsm_domain = BSM_PF_UNSPEC, .bd_local_domain = PF_UNSPEC },
	48	{ .bd_bsm_domain = BSM_PF_LOCAL, .bd_local_domain = PF_LOCAL },
	49	{ .bd_bsm_domain = BSM_PF_INET, .bd_local_domain = PF_INET },
	50	{ .bd_bsm_domain = BSM_PF_IMPLINK,
	51	#ifdef PF_IMPLINK
	52	.bd_local_domain = PF_IMPLINK
	53	#else
	54	.bd_local_domain = PF_NO_LOCAL_MAPPING
	55	#endif
	56	},
	57	{ .bd_bsm_domain = BSM_PF_PUP,
	58	#ifdef PF_PUP
	59	.bd_local_domain = PF_PUP
	60	#else
	61	.bd_local_domain = PF_NO_LOCAL_MAPPING
	62	#endif
	63	},
	64	{ .bd_bsm_domain = BSM_PF_CHAOS,
	65	#ifdef PF_CHAOS
	66	.bd_local_domain = PF_CHAOS
	67	#else
	68	.bd_local_domain = PF_NO_LOCAL_MAPPING
	69	#endif
	70	},
	71	{ .bd_bsm_domain = BSM_PF_NS,
	72	#ifdef PF_NS
	73	.bd_local_domain = PF_NS
	74	#else
	75	.bd_local_domain = PF_NO_LOCAL_MAPPING
	76	#endif
	77	},
	78	{ .bd_bsm_domain = BSM_PF_NBS,
	79	#ifdef PF_NBS
	80	.bd_local_domain = PF_NBS
	81	#else
	82	.bd_local_domain = PF_NO_LOCAL_MAPPING
	83	#endif
	84	},
	85	{ .bd_bsm_domain = BSM_PF_ECMA,
	86	#ifdef PF_ECMA
	87	.bd_local_domain = PF_ECMA
	88	#else
	89	.bd_local_domain = PF_NO_LOCAL_MAPPING
	90	#endif
	91	},
	92	{ .bd_bsm_domain = BSM_PF_DATAKIT,
	93	#ifdef PF_DATAKIT
	94	.bd_local_domain = PF_DATAKIT
	95	#else
	96	.bd_local_domain = PF_NO_LOCAL_MAPPING
	97	#endif
	98	},
	99	{ .bd_bsm_domain = BSM_PF_CCITT,
	100	#ifdef PF_CCITT
	101	.bd_local_domain = PF_CCITT
	102	#else
	103	.bd_local_domain = PF_NO_LOCAL_MAPPING
	104	#endif
	105	},
	106	{ .bd_bsm_domain = BSM_PF_SNA, .bd_local_domain = PF_SNA },
	107	{ .bd_bsm_domain = BSM_PF_DECnet, .bd_local_domain = PF_DECnet },
	108	{ .bd_bsm_domain = BSM_PF_DLI,
	109	#ifdef PF_DLI
	110	.bd_local_domain = PF_DLI
	111	#else
	112	.bd_local_domain = PF_NO_LOCAL_MAPPING
	113	#endif
	114	},
	115	{ .bd_bsm_domain = BSM_PF_LAT,
	116	#ifdef PF_LAT
	117	.bd_local_domain = PF_LAT
	118	#else
	119	.bd_local_domain = PF_NO_LOCAL_MAPPING
	120	#endif
	121	},
	122	{ .bd_bsm_domain = BSM_PF_HYLINK,
	123	#ifdef PF_HYLINK
	124	.bd_local_domain = PF_HYLINK
	125	#else
	126	.bd_local_domain = PF_NO_LOCAL_MAPPING
	127	#endif
	128	},
	129	{ .bd_bsm_domain = BSM_PF_APPLETALK, .bd_local_domain = PF_APPLETALK },
	130	{ .bd_bsm_domain = BSM_PF_NIT,
	131	#ifdef PF_NIT
	132	.bd_local_domain = PF_NIT
	133	#else
	134	.bd_local_domain = PF_NO_LOCAL_MAPPING
	135	#endif
	136	},
	137	{ .bd_bsm_domain = BSM_PF_802,
	138	#ifdef PF_802
	139	.bd_local_domain = PF_802
	140	#else
	141	.bd_local_domain = PF_NO_LOCAL_MAPPING
	142	#endif
	143	},
	144	{ .bd_bsm_domain = BSM_PF_OSI,
	145	#ifdef PF_OSI
	146	.bd_local_domain = PF_OSI
	147	#else
	148	.bd_local_domain = PF_NO_LOCAL_MAPPING
	149	#endif
	150	},
	151	{ .bd_bsm_domain = BSM_PF_X25,
	152	#ifdef PF_X25
	153	.bd_local_domain = PF_X25
	154	#else
	155	.bd_local_domain = PF_NO_LOCAL_MAPPING
	156	#endif
	157	},
	158	{ .bd_bsm_domain = BSM_PF_OSINET,
	159	#ifdef PF_OSINET
	160	.bd_local_domain = PF_OSINET
	161	#else
	162	.bd_local_domain = PF_NO_LOCAL_MAPPING
	163	#endif
	164	},
	165	{ .bd_bsm_domain = BSM_PF_GOSIP,
	166	#ifdef PF_GOSIP
	167	.bd_local_domain = PF_GOSIP
	168	#else
	169	.bd_local_domain = PF_NO_LOCAL_MAPPING
	170	#endif
	171	},
	172	{ .bd_bsm_domain = BSM_PF_IPX, .bd_local_domain = PF_IPX },
	173	{ .bd_bsm_domain = BSM_PF_ROUTE, .bd_local_domain = PF_ROUTE },
	174	{ .bd_bsm_domain = BSM_PF_LINK,
	175	#ifdef PF_LINK
	176	.bd_local_domain = PF_LINK
	177	#else
	178	.bd_local_domain = PF_NO_LOCAL_MAPPING
	179	#endif
	180	},
	181	{ .bd_bsm_domain = BSM_PF_KEY, .bd_local_domain = PF_KEY },
	182	{ .bd_bsm_domain = BSM_PF_NCA,
	183	#ifdef PF_NCA
	184	.bd_local_domain = PF_NCA
	185	#else
	186	.bd_local_domain = PF_NO_LOCAL_MAPPING
	187	#endif
	188	},
	189	{ .bd_bsm_domain = BSM_PF_POLICY,
	190	#ifdef PF_POLICY
	191	.bd_local_domain = PF_POLICY
	192	#else
	193	.bd_local_domain = PF_NO_LOCAL_MAPPING
	194	#endif
	195	},
	196	{ .bd_bsm_domain = BSM_PF_INET_OFFLOAD,
	197	#ifdef PF_INET_OFFLOAD
	198	.bd_local_domain = PF_INET_OFFLOAD
	199	#else
	200	.bd_local_domain = PF_NO_LOCAL_MAPPING
	201	#endif
	202	},
	203	{ .bd_bsm_domain = BSM_PF_NETBIOS,
	204	#ifdef PF_NETBIOS
	205	.bd_local_domain = PF_NETBIOS
	206	#else
	207	.bd_local_domain = PF_NO_LOCAL_MAPPING
	208	#endif
	209	},
	210	{ .bd_bsm_domain = BSM_PF_ISO,
	211	#ifdef PF_ISO
	212	.bd_local_domain = PF_ISO
	213	#else
	214	.bd_local_domain = PF_NO_LOCAL_MAPPING
	215	#endif
	216	},
	217	{ .bd_bsm_domain = BSM_PF_XTP,
	218	#ifdef PF_XTP
	219	.bd_local_domain = PF_XTP
	220	#else
	221	.bd_local_domain = PF_NO_LOCAL_MAPPING
	222	#endif
	223	},
	224	{ .bd_bsm_domain = BSM_PF_COIP,
	225	#ifdef PF_COIP
	226	.bd_local_domain = PF_COIP
	227	#else
	228	.bd_local_domain = PF_NO_LOCAL_MAPPING
	229	#endif
	230	},
	231	{ .bd_bsm_domain = BSM_PF_CNT,
	232	#ifdef PF_CNT
	233	.bd_local_domain = PF_CNT
	234	#else
	235	.bd_local_domain = PF_NO_LOCAL_MAPPING
	236	#endif
	237	},
	238	{ .bd_bsm_domain = BSM_PF_RTIP,
	239	#ifdef PF_RTIP
	240	.bd_local_domain = PF_RTIP
	241	#else
	242	.bd_local_domain = PF_NO_LOCAL_MAPPING
	243	#endif
	244	},
	245	{ .bd_bsm_domain = BSM_PF_SIP,
	246	#ifdef PF_SIP
	247	.bd_local_domain = PF_SIP
	248	#else
	249	.bd_local_domain = PF_NO_LOCAL_MAPPING
	250	#endif
	251	},
	252	{ .bd_bsm_domain = BSM_PF_PIP,
	253	#ifdef PF_PIP
	254	.bd_local_domain = PF_PIP
	255	#else
	256	.bd_local_domain = PF_NO_LOCAL_MAPPING
	257	#endif
	258	},
	259	{ .bd_bsm_domain = BSM_PF_ISDN,
	260	#ifdef PF_ISDN
	261	.bd_local_domain = PF_ISDN
	262	#else
	263	.bd_local_domain = PF_NO_LOCAL_MAPPING
	264	#endif
	265	},
	266	{ .bd_bsm_domain = BSM_PF_E164,
	267	#ifdef PF_E164
	268	.bd_local_domain = PF_E164
	269	#else
	270	.bd_local_domain = PF_NO_LOCAL_MAPPING
	271	#endif
	272	},
	273	{ .bd_bsm_domain = BSM_PF_NATM,
	274	#ifdef PF_NATM
	275	.bd_local_domain = PF_NATM
	276	#else
	277	.bd_local_domain = PF_NO_LOCAL_MAPPING
	278	#endif
	279	},
	280	{ .bd_bsm_domain = BSM_PF_ATM,
	281	#ifdef PF_ATM
	282	.bd_local_domain = PF_ATM
	283	#else
	284	.bd_local_domain = PF_NO_LOCAL_MAPPING
	285	#endif
	286	},
	287	{ .bd_bsm_domain = BSM_PF_NETGRAPH,
	288	#ifdef PF_NETGRAPH
	289	.bd_local_domain = PF_NETGRAPH
	290	#else
	291	.bd_local_domain = PF_NO_LOCAL_MAPPING
	292	#endif
	293	},
	294	{ .bd_bsm_domain = BSM_PF_SLOW,
	295	#ifdef PF_SLOW
	296	.bd_local_domain = PF_SLOW
	297	#else
	298	.bd_local_domain = PF_NO_LOCAL_MAPPING
	299	#endif
	300	},
	301	{ .bd_bsm_domain = BSM_PF_SCLUSTER,
	302	#ifdef PF_SCLUSTER
	303	.bd_local_domain = PF_SCLUSTER
	304	#else
	305	.bd_local_domain = PF_NO_LOCAL_MAPPING
	306	#endif
	307	},
	308	{ .bd_bsm_domain = BSM_PF_ARP,
	309	#ifdef PF_ARP
	310	.bd_local_domain = PF_ARP
	311	#else
	312	.bd_local_domain = PF_NO_LOCAL_MAPPING
	313	#endif
	314	},
	315	{ .bd_bsm_domain = BSM_PF_BLUETOOTH,
	316	#ifdef PF_BLUETOOTH
	317	.bd_local_domain = PF_BLUETOOTH
	318	#else
	319	.bd_local_domain = PF_NO_LOCAL_MAPPING
	320	#endif
	321	},
	322	{ .bd_bsm_domain = BSM_PF_IEEE80211,
	323	#ifdef PF_IEEE80211
	324	.bd_local_domain = PF_IEEE80211
	325	#else
	326	.bd_local_domain = PF_NO_LOCAL_MAPPING
	327	#endif
	328	},
	329	{ .bd_bsm_domain = BSM_PF_AX25,
	330	#ifdef PF_AX25
	331	.bd_local_domain = PF_AX25
	332	#else
	333	.bd_local_domain = PF_NO_LOCAL_MAPPING
	334	#endif
	335	},
	336	{ .bd_bsm_domain = BSM_PF_ROSE,
	337	#ifdef PF_ROSE
	338	.bd_local_domain = PF_ROSE
	339	#else
	340	.bd_local_domain = PF_NO_LOCAL_MAPPING
	341	#endif
	342	},
	343	{ .bd_bsm_domain = BSM_PF_NETBEUI,
	344	#ifdef PF_NETBEUI
	345	.bd_local_domain = PF_NETBEUI
	346	#else
	347	.bd_local_domain = PF_NO_LOCAL_MAPPING
	348	#endif
	349	},
	350	{ .bd_bsm_domain = BSM_PF_SECURITY,
	351	#ifdef PF_SECURITY
	352	.bd_local_domain = PF_SECURITY
	353	#else
	354	.bd_local_domain = PF_NO_LOCAL_MAPPING
	355	#endif
	356	},
	357	{ .bd_bsm_domain = BSM_PF_PACKET,
	358	#ifdef PF_PACKET
	359	.bd_local_domain = PF_PACKET
	360	#else
	361	.bd_local_domain = PF_NO_LOCAL_MAPPING
	362	#endif
	363	},
	364	{ .bd_bsm_domain = BSM_PF_ASH,
	365	#ifdef PF_ASH
	366	.bd_local_domain = PF_ASH
	367	#else
	368	.bd_local_domain = PF_NO_LOCAL_MAPPING
	369	#endif
	370	},
	371	{ .bd_bsm_domain = BSM_PF_ECONET,
	372	#ifdef PF_ECONET
	373	.bd_local_domain = PF_ECONET
	374	#else
	375	.bd_local_domain = PF_NO_LOCAL_MAPPING
	376	#endif
	377	},
	378	{ .bd_bsm_domain = BSM_PF_ATMSVC,
	379	#ifdef PF_ATMSVC
	380	.bd_local_domain = PF_ATMSVC
	381	#else
	382	.bd_local_domain = PF_NO_LOCAL_MAPPING
	383	#endif
	384	},
	385	{ .bd_bsm_domain = BSM_PF_IRDA,
	386	#ifdef PF_IRDA
	387	.bd_local_domain = PF_IRDA
	388	#else
	389	.bd_local_domain = PF_NO_LOCAL_MAPPING
	390	#endif
	391	},
	392	{ .bd_bsm_domain = BSM_PF_PPPOX,
	393	#ifdef PF_PPPOX
	394	.bd_local_domain = PF_PPPOX
	395	#else
	396	.bd_local_domain = PF_NO_LOCAL_MAPPING
	397	#endif
	398	},
	399	{ .bd_bsm_domain = BSM_PF_WANPIPE,
	400	#ifdef PF_WANPIPE
	401	.bd_local_domain = PF_WANPIPE
	402	#else
	403	.bd_local_domain = PF_NO_LOCAL_MAPPING
	404	#endif
	405	},
	406	{ .bd_bsm_domain = BSM_PF_LLC,
	407	#ifdef PF_LLC
	408	.bd_local_domain = PF_LLC
	409	#else
	410	.bd_local_domain = PF_NO_LOCAL_MAPPING
	411	#endif
	412	},
	413	{ .bd_bsm_domain = BSM_PF_CAN,
	414	#ifdef PF_CAN
	415	.bd_local_domain = PF_CAN
	416	#else
	417	.bd_local_domain = PF_NO_LOCAL_MAPPING
	418	#endif
	419	},
	420	{ .bd_bsm_domain = BSM_PF_TIPC,
	421	#ifdef PF_TIPC
	422	.bd_local_domain = PF_TIPC
	423	#else
	424	.bd_local_domain = PF_NO_LOCAL_MAPPING
	425	#endif
	426	},
	427	{ .bd_bsm_domain = BSM_PF_IUCV,
	428	#ifdef PF_IUCV
	429	.bd_local_domain = PF_IUCV
	430	#else
	431	.bd_local_domain = PF_NO_LOCAL_MAPPING
	432	#endif
	433	},
	434	{ .bd_bsm_domain = BSM_PF_RXRPC,
	435	#ifdef PF_RXRPC
	436	.bd_local_domain = PF_RXRPC
	437	#else
	438	.bd_local_domain = PF_NO_LOCAL_MAPPING
	439	#endif
	440	},
	441	{ .bd_bsm_domain = BSM_PF_PHONET,
	442	#ifdef PF_PHONET
	443	.bd_local_domain = PF_PHONET
	444	#else
	445	.bd_local_domain = PF_NO_LOCAL_MAPPING
	446	#endif
	447	},
	448	};
	449	static const int bsm_domains_count = sizeof(bsm_domains) /
	450	sizeof(bsm_domains[0]);
	451
	452	static const struct bsm_domain *
	453	bsm_lookup_local_domain(int local_domain)
	454	{
	455	int i;
	456
	457	for (i = 0; i < bsm_domains_count; i++) {
	458	if (bsm_domains[i].bd_local_domain == local_domain) {
	459	return &bsm_domains[i];
	460	}
	461	}
	462	return NULL;
	463	}
	464
	465	u_short
	466	au_domain_to_bsm(int local_domain)
	467	{
	468	const struct bsm_domain *bstp;
	469
	470	bstp = bsm_lookup_local_domain(local_domain);
	471	if (bstp == NULL) {
	472	return BSM_PF_UNKNOWN;
	473	}
	474	return bstp->bd_bsm_domain;
	475	}
	476
	477	static const struct bsm_domain *
	478	bsm_lookup_bsm_domain(u_short bsm_domain)
	479	{
	480	int i;
	481
	482	for (i = 0; i < bsm_domains_count; i++) {
	483	if (bsm_domains[i].bd_bsm_domain == bsm_domain) {
	484	return &bsm_domains[i];
	485	}
	486	}
	487	return NULL;
	488	}
	489
	490	int
	491	au_bsm_to_domain(u_short bsm_domain, int *local_domainp)
	492	{
	493	const struct bsm_domain *bstp;
	494
	495	bstp = bsm_lookup_bsm_domain(bsm_domain);
	496	if (bstp == NULL \|\| bstp->bd_local_domain) {
	497	return -1;
	498	}
	499	*local_domainp = bstp->bd_local_domain;
	500	return 0;
	501	}
	502	#endif /* CONFIG_AUDIT */