]> git.saurik.com Git - apple/xnu.git/blob - bsd/bsm/audit_kevents.h
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-792.13.8.tar.gz
[apple/xnu.git] / bsd / bsm / audit_kevents.h
1 /*
2 * @APPLE_LICENSE_OSREFERENCE_HEADER_START@
3 *
4 * This file contains Original Code and/or Modifications of Original Code
5 * as defined in and that are subject to the Apple Public Source License
6 * Version 2.0 (the 'License'). You may not use this file except in
7 * compliance with the License. The rights granted to you under the
8 * License may not be used to create, or enable the creation or
9 * redistribution of, unlawful or unlicensed copies of an Apple operating
10 * system, or to circumvent, violate, or enable the circumvention or
11 * violation of, any terms of an Apple operating system software license
12 * agreement.
13 *
14 * Please obtain a copy of the License at
15 * http://www.opensource.apple.com/apsl/ and read it before using this
16 * file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_LICENSE_OSREFERENCE_HEADER_END@
27 */
28
29 #ifndef _BSM_AUDIT_KEVENTS_H_
30 #define _BSM_AUDIT_KEVENTS_H_
31
32 /*
33 * Values marked as AUE_NULL are not required to be audited as per CAPP
34 *
35 * The second value within comments is the syscall number in Darwin
36 *
37 * Values in the third column are the values assigned by BSM for obsolete
38 * or old system calls
39 *
40 * Values marked as XXX in the third column do not have an
41 * event number assigned as yet, and have (temporarily) been assigned
42 * value of AUE_NULL
43 */
44
45 #define AUE_NULL 0
46 #define AUE_EXIT 1 /*1*/
47 #define AUE_FORK 2 /*2*/
48 #define AUE_OPEN 3 /*3*/
49 #define AUE_READ AUE_NULL /*4*/
50 #define AUE_WRITE AUE_NULL /*5*/
51 #define AUE_OPEN_R 72 /*5*/
52 #define AUE_OPEN_RC 73 /*5*/
53 #define AUE_OPEN_RTC 75 /*5*/
54 #define AUE_OPEN_RT 74 /*5*/
55 #define AUE_OPEN_RW 80 /*5*/
56 #define AUE_OPEN_RWC 81 /*5*/
57 #define AUE_OPEN_RWTC 83 /*5*/
58 #define AUE_OPEN_RWT 82 /*5*/
59 #define AUE_OPEN_W 76 /*5*/
60 #define AUE_OPEN_WC 77 /*5*/
61 #define AUE_OPEN_WTC 79 /*5*/
62 #define AUE_OPEN_WT 78 /*5*/
63 #define AUE_CLOSE 112 /*6*/
64 #define AU_WAIT4 AUE_NULL /*7*/
65 #define AUE_O_CREAT AUE_OPEN_RWTC /*8*/ /*4*/
66 #define AUE_LINK 5 /*9*/
67 #define AUE_UNLINK 6 /*10*/
68 #define AUE_O_EXECV AUE_NULL /*11*/
69 #define AUE_CHDIR 8 /*12*/
70 #define AUE_FCHDIR 68 /*13*/
71 #define AUE_MKNOD 9 /*14*/
72 #define AUE_CHMOD 10 /*15*/
73 #define AUE_CHOWN 11 /*16*/
74 #define AUE_O_SBREAK AUE_NULL /*17*/
75 #define AUE_GETFSSTAT 301 /*18*/
76 #define AUE_O_LSEEK AUE_NULL /*19*/
77 #define AUE_GETPID AUE_NULL /*20*/
78 #define AUE_O_MOUNT AUE_NULL /*21*/
79 #define AUE_O_UMOUNT AUE_NULL /*22*/
80 #define AUE_SETUID 200 /*23*/
81 #define AUE_GETUID AUE_NULL /*24*/
82 #define AUE_GETEUID AUE_NULL /*25*/
83 #define AUE_PTRACE 302 /*26*/
84 #define AUE_RECVMSG 190 /*27*/
85 #define AUE_SENDMSG 188 /*28*/
86 #define AUE_RECVFROM 191 /*29*/
87 #define AUE_ACCEPT 33 /*30*/
88 #define AUE_GETPEERNAME AUE_NULL /*31*/
89 #define AUE_GETSOCKNAME AUE_NULL /*32*/
90 #define AUE_ACCESS 14 /*33*/
91 #define AUE_CHFLAGS 303 /*34*/
92 #define AUE_FCHFLAGS 304 /*35*/
93 #define AUE_SYNC AUE_NULL /*36*/
94 #define AUE_KILL 15 /*37*/
95 #define AUE_O_STAT AUE_STAT /*38*/
96 #define AUE_GETPPID AUE_NULL /*39*/
97 #define AUE_O_LSTAT AUE_LSTAT /*40*/
98 #define AUE_DUP AUE_NULL /*41*/
99 #define AUE_PIPE 185 /*42*/
100 #define AUE_GETEGID AUE_NULL /*43*/
101 #define AUE_PROFILE 305 /*44*/
102 #define AUE_KTRACE 306 /*45*/
103 #define AUE_REBOOT 308
104 #define AUE_SIGACTION AUE_NULL /*46*/ /*XXX*/
105 #define AUE_GETGID AUE_NULL /*47*/
106 #define AUE_SIGPROCMASK AUE_NULL /*48*/ /*XXX*/
107 #define AUE_GETLOGIN AUE_NULL /*49*/
108 #define AUE_SETLOGIN 307 /*50*/
109 #define AUE_ACCT 18 /*51*/
110 #define AUE_SIGPENDING AUE_NULL /*52*/ /*XXX*/
111 #define AUE_SIGALTSTACK AUE_NULL /*53*/ /*XXX*/
112 #define AUE_IOCTL 158 /*54*/
113 #define AUE_SYSTEMBOOT 113 /*55*/
114 #define AUE_REVOKE 309 /*56*/
115 #define AUE_SYMLINK 21 /*57*/
116 #define AUE_READLINK 22 /*58*/
117 #define AUE_EXECVE 23 /*59*/
118 #define AUE_UMASK 310 /*60*/
119 #define AUE_CHROOT 24 /*61*/
120 #define AUE_O_FSTAT AUE_FSTAT /*62*/
121
122 #define AUE_O_GETPAGESIZE AUE_NULL /*64*/
123 #define AUE_MSYNC AUE_NULL /*65*/
124 #define AUE_VFORK 25 /*66*/
125 #define AUE_O_VREAD AUE_NULL /*67*/
126 #define AUE_O_VWRITE AUE_NULL /*68*/
127 #define AUE_SBRK AUE_NULL /*69*/ /*EOPNOTSUP*/
128 #define AUE_SSTK AUE_NULL /*70*/ /*EOPNOTSUP*/
129 #define AUE_O_MMAP AUE_MMAP /*71*/
130 #define AUE_O_VADVISE AUE_NULL /*72*/
131 #define AUE_MUNMAP 213 /*73*/
132 #define AUE_MPROTECT 311 /*74*/
133 #define AUE_MADVISE AUE_NULL /*75*/
134 #define AUE_O_VHANGUP AUE_NULL /*76*/
135 #define AUE_O_VLIMIT AUE_NULL /*77*/
136 #define AUE_MINCORE AUE_NULL /*78*/
137 #define AUE_GETGROUPS AUE_NULL /*79*/
138 #define AUE_SETGROUPS 26 /*80*/
139 #define AUE_GETPGRP AUE_NULL /*81*/
140 #define AUE_SETPGRP 27 /*82*/
141 #define AUE_SETITIMER AUE_NULL /*83*/ /*XXX*/
142 #define AUE_O_WAIT AUE_NULL /*84*/
143 #define AUE_SWAPON 28 /*85*/
144 #define AUE_GETITIMER AUE_NULL /*86*/
145 #define AUE_O_GETHOSTNAME AUE_NULL /*87*/
146 #define AUE_O_SETHOSTNAME AUE_SYSCTL /*88*/
147 #define AUE_GETDTABLESIZE AUE_NULL /*89*/
148 #define AUE_DUP2 AUE_NULL /*90*/
149 #define AUE_O_GETDOPT AUE_NULL /*91*/
150 #define AUE_FCNTL 30 /*92*/
151 #define AUE_SELECT AUE_NULL /*93*/
152 #define AUE_O_SETDOPT AUE_NULL /*94*/
153 #define AUE_FSYNC AUE_NULL /*95*/
154 #define AUE_SETPRIORITY 312 /*96*/
155 #define AUE_SOCKET 183 /*97*/
156 #define AUE_CONNECT 32 /*98*/
157 #define AUE_O_ACCEPT AUE_NULL /*99*/
158 #define AUE_GETPRIORITY AUE_NULL /*100*/
159 #define AUE_O_SEND AUE_SENDMSG /*101*/
160 #define AUE_O_RECV AUE_RECVMSG /*102*/
161 #define AUE_SIGRETURN AUE_NULL /*103*/ /*XXX*/
162 #define AUE_BIND 34 /*104*/
163 #define AUE_SETSOCKOPT 35 /*105*/
164 #define AUE_LISTEN AUE_NULL /*106*/
165 #define AUE_O_VTIMES AUE_NULL /*107*/
166 #define AUE_O_SIGVEC AUE_NULL /*108*/
167 #define AUE_O_SIGBLOCK AUE_NULL /*109*/
168 #define AUE_O_SIGSETMASK AUE_NULL /*110*/
169 #define AUE_SIGSUSPEND AUE_NULL /*111*/ /*XXX*/
170 #define AUE_O_SIGSTACK AUE_NULL /*112*/
171 #define AUE_O_RECVMSG AUE_RECVMSG /*113*/
172 #define AUE_O_SENDMSG AUE_SENDMSG /*114*/
173 #define AUE_O_VTRACE AUE_NULL /*115*/ /*36*/
174 #define AUE_GETTIMEOFDAY AUE_NULL /*116*/
175 #define AUE_GETRUSAGE AUE_NULL /*117*/
176 #define AUE_GTSOCKOPT AUE_NULL /*118*/
177 #define AUE_O_RESUBA AUE_NULL /*119*/
178 #define AUE_READV AUE_NULL /*120*/
179 #define AUE_WRITEV AUE_NULL /*121*/
180 #define AUE_SETTIMEOFDAY 313 /*122*/
181 #define AUE_FCHOWN 38 /*123*/
182 #define AUE_FCHMOD 39 /*124*/
183 #define AUE_O_RECVFROM AUE_RECVFROM /*125*/
184 #define AUE_O_SETREUID AUE_SETEUID /*126*/ /*40*/
185 #define AUE_O_SETREGID AUE_SETEGID /*127*/ /*41*/
186 #define AUE_RENAME 42 /*128*/
187 #define AUE_O_TRUNCATE AUE_TRUNCATE /*129*/
188 #define AUE_O_FTRUNCATE AUE_FTRUNCATE /*130*/
189 #define AUE_FLOCK 314 /*131*/
190 #define AUE_MKFIFO 315 /*132*/
191 #define AUE_SENDTO 184 /*133*/
192 #define AUE_SHUTDOWN 46 /*134*/
193 #define AUE_SOCKETPAIR 317 /*135*/
194 #define AUE_MKDIR 47 /*136*/
195 #define AUE_RMDIR 48 /*137*/
196 #define AUE_UTIMES 49 /*138*/
197 #define AUE_FUTIMES 318 /*139*/
198 #define AUE_ADJTIME 50 /*140*/
199 #define AUE_O_GETPEERNAME AUE_NULL /*141*/
200 #define AUE_O_GETHOSTID AUE_NULL /*142*/
201 #define AUE_O_SETHOSTID AUE_NULL /*143*/
202 #define AUE_O_GETRLIMIT AUE_NULL /*144*/
203 #define AUE_O_SETRLIMIT AUE_SETRLIMIT /*145*/
204 #define AUE_O_KILLPG AUE_KILL /*146*/
205 #define AUE_SETSID 319 /*147*/
206 #define AUE_O_SETQUOTA AUE_NULL /*148*/
207 #define AUE_O_QUOTA AUE_NULL /*149*/
208 #define AUE_O_GETSOCKNAME AUE_NULL /*150*/
209 #define AUE_GETPGID AUE_NULL /*151*/
210 #define AUE_SETPRIVEXEC 320 /*152*/
211 #define AUE_PREAD AUE_NULL /*153*/
212 #define AUE_PWRITE AUE_NULL /*154*/
213 #define AUE_NFSSVC 321 /*155*/
214 #define AUE_O_GETDIRENTRIES AUE_GETDIRENTRIES /*156*/
215 #define AUE_STATFS 54 /*157*/
216 #define AUE_FSTATFS 55 /*158*/
217 #define AUE_UNMOUNT 12 /*159*/
218 #define AUE_O_ASYNCDAEMON AUE_NULL /*160*/
219 #define AUE_GETFH 322 /*161*/
220 #define AUE_O_GETDOMAINNAME AUE_NULL /*162*/
221 #define AUE_O_SETDOMAINNAME AUE_SYSCTL /*163*/
222 #define AUE_O_PCFS_MOUNT AUE_NULL /*164*/
223 #define AUE_QUOTACTL 60 /*165*/
224 #define AUE_O_EXPORTFS AUE_NULL /*166*/
225 #define AUE_MOUNT 62 /*167*/
226 #define AUE_O_USTATE AUE_NULL /*168*/
227 #define AUE_TABLE AUE_NULL /*170*/ /*ENOSYS*/
228 #define AUE_O_WAIT3 AUE_NULL /*171*/
229 #define AUE_O_RPAUSE AUE_NULL /*172*/
230 #define AUE_O_GETDENTS AUE_NULL /*174*/
231 #define AUE_GCCONTROL AUE_NULL /*175*/ /*ENOSYS*/
232 #define AUE_ADDPROFILE 324 /*176*/
233
234 #define AUE_KDBUGTRACE 325 /*180*/
235 #define AUE_SETGID 205 /*181*/
236 #define AUE_SETEGID 214 /*182*/
237 #define AUE_SETEUID 215 /*183*/
238
239 #define AUE_STAT 16 /*188*/
240 #define AUE_FSTAT 326 /*189*/
241 #define AUE_LSTAT 17 /*190*/
242 #define AUE_PATHCONF 71 /*191*/
243 #define AUE_FPATHCONF 327 /*192*/
244 #define AUE_GETRLIMIT AUE_NULL /*194*/
245 #define AUE_SETRLIMIT 51 /*195*/
246 #define AUE_GETDIRENTRIES 328 /*196*/
247 #define AUE_MMAP 210 /*197*/
248 #define AUE_SYSCALL AUE_NULL /*198*/ /*ENOSYS*/
249 #define AUE_LSEEK AUE_NULL /*199*/
250 #define AUE_TRUNCATE 329 /*200*/
251 #define AUE_FTRUNCATE 330 /*201*/
252 #define AUE_SYSCTL 331 /*202*/
253 #define AUE_MLOCK 332 /*203*/
254 #define AUE_MUNLOCK 333 /*204*/
255 #define AUE_UNDELETE 334 /*205*/
256
257 #define AUE_MKCOMPLEX AUE_NULL /*216*/ /*XXX*/
258 #define AUE_STATV AUE_NULL /*217*/ /*EOPNOTSUPP*/
259 #define AUE_LSTATV AUE_NULL /*218*/ /*EOPNOTSUPP*/
260 #define AUE_FSTATV AUE_NULL /*219*/ /*EOPNOTSUPP*/
261 #define AUE_GETATTRLIST 335 /*220*/
262 #define AUE_SETATTRLIST 336 /*221*/
263 #define AUE_GETDIRENTRIESATTR 337 /*222*/
264 #define AUE_EXCHANGEDATA 338 /*223*/
265 #define AUE_CHECKUSERACCESS AUE_ACCESS /*224*/ /* To Be Removed */
266 #define AUE_SEARCHFS 339 /*225*/
267
268 #define AUE_DELETE AUE_UNLINK /*226*/ /* reserved */
269 #define AUE_COPYFILE 361 /*227*/ /* reserved */
270 #define AUE_WATCHEVENT AUE_NULL /*231*/ /* reserved */
271 #define AUE_WAITEVENT AUE_NULL /*232*/ /* reserved */
272 #define AUE_MODWATCH AUE_NULL /*233*/ /* reserved */
273 #define AUE_FSCTL AUE_NULL /*242*/ /* reserved */
274
275 #define AUE_MINHERIT 340 /*250*/
276 #define AUE_SEMSYS AUE_NULL /*251*/ /* To Be Removed */
277 #define AUE_MSGSYS AUE_NULL /*252*/ /* To Be Removed */
278 #define AUE_SHMSYS AUE_NULL /*253*/
279 #define AUE_SEMCTL 98 /*254*/
280 #define AUE_SEMCTL_GETALL 105 /*254*/
281 #define AUE_SEMCTL_GETNCNT 102 /*254*/
282 #define AUE_SEMCTL_GETPID 103 /*254*/
283 #define AUE_SEMCTL_GETVAL 104 /*254*/
284 #define AUE_SEMCTL_GETZCNT 106 /*254*/
285 #define AUE_SEMCTL_RMID 99 /*254*/
286 #define AUE_SEMCTL_SET 100 /*254*/
287 #define AUE_SEMCTL_SETALL 108 /*254*/
288 #define AUE_SEMCTL_SETVAL 107 /*254*/
289 #define AUE_SEMCTL_STAT 101 /*254*/
290 #define AUE_SEMGET 109 /*255*/
291 #define AUE_SEMOP 110 /*256*/
292 #define AUE_SEMCONFIG 341 /*257*/
293 #define AUE_MSGCL AUE_NULL /*258*/ /*EOPNOTSUPP*/
294 #define AUE_MSGGET 88 /*259*/ /*88-EOPNOTSUPP*/
295 #define AUE_MSGRCV 89 /*261*/ /*89-EOPNOTSUPP*/
296 #define AUE_MSGSND 90 /*260*/ /*90-EOPNOTSUPP*/
297 #define AUE_SHMAT 96 /*262*/
298 #define AUE_SHMCTL 91 /*263*/
299 #define AUE_SHMCTL_RMID 92 /*263*/
300 #define AUE_SHMCTL_SET 93 /*263*/
301 #define AUE_SHMCTL_STAT 94 /*263*/
302 #define AUE_SHMDT 97 /*264*/
303 #define AUE_SHMGET 95 /*265*/
304 #define AUE_SHMOPEN 345 /*266*/
305 #define AUE_SHMUNLINK 346 /*267*/
306 #define AUE_SEMOPEN 342 /*268*/
307 #define AUE_SEMCLOSE 343 /*269*/
308 #define AUE_SEMUNLINK 344 /*270*/
309 #define AUE_SEMWAIT AUE_NULL /*271*/
310 #define AUE_SEMTRYWAIT AUE_NULL /*272*/
311 #define AUE_SEMPOST AUE_NULL /*273*/
312 #define AUE_SEMGETVALUE AUE_NULL /*274*/ /*ENOSYS*/
313 #define AUE_SEMINIT AUE_NULL /*275*/ /*ENOSYS*/
314 #define AUE_SEMDESTROY AUE_NULL /*276*/ /*ENOSYS*/
315
316 #define AUE_LOADSHFILE 347 /*296*/
317 #define AUE_RESETSHFILE 348 /*297*/
318 #define AUE_NEWSYSTEMSHREG 349 /*298*/
319
320 #define AUE_GETSID AUE_NULL /*310*/
321
322 #define AUE_MLOCKALL AUE_NULL /*324*/ /*ENOSYS*/
323 #define AUE_MUNLOCKALL AUE_NULL /*325*/ /*ENOSYS*/
324
325 #define AUE_ISSETUGID AUE_NULL /*327*/
326 #define AUE_PTHREADKILL 350 /*328*/
327 #define AUE_PTHREADSIGMASK 351 /*329*/
328 #define AUE_SIGWAIT AUE_NULL /*330*/ /*XXX*/
329 #define AUE_SWAPOFF 355
330 #define AUE_INITPROCESS 356
331 #define AUE_MAPFD 357
332 #define AUE_TASKNAMEFORPID AUE_NULL
333 #define AUE_TASKFORPID 358
334 #define AUE_PIDFORTASK 359
335 #define AUE_SYSCTL_NONADMIN 360
336
337 // BSM events - Have to identify which ones are relevant to MacOSX
338 #define AUE_ACLSET 251
339 #define AUE_AUDIT 211
340 #define AUE_AUDITON 138
341 #define AUE_AUDITON_GETCAR 224
342 #define AUE_AUDITON_GETCLASS 231
343 #define AUE_AUDITON_GETCOND 229
344 #define AUE_AUDITON_GETCWD 223
345 #define AUE_AUDITON_GETKMASK 221
346 #define AUE_AUDITON_GETSTAT 225
347 #define AUE_AUDITON_GPOLICY 141
348 #define AUE_AUDITON_GQCTRL 145
349 #define AUE_AUDITON_SETCLASS 232
350 #define AUE_AUDITON_SETCOND 230
351 #define AUE_AUDITON_SETKMASK 222
352 #define AUE_AUDITON_SETSMASK 228
353 #define AUE_AUDITON_SETSTAT 226
354 #define AUE_AUDITON_SETUMASK 227
355 #define AUE_AUDITON_SPOLICY 142
356 #define AUE_AUDITON_SQCTRL 146
357 #define AUE_AUDITCTL 352
358 #define AUE_DOORFS_DOOR_BIND 260
359 #define AUE_DOORFS_DOOR_CALL 254
360 #define AUE_DOORFS_DOOR_CREATE 256
361 #define AUE_DOORFS_DOOR_CRED 259
362 #define AUE_DOORFS_DOOR_INFO 258
363 #define AUE_DOORFS_DOOR_RETURN 255
364 #define AUE_DOORFS_DOOR_REVOKE 257
365 #define AUE_DOORFS_DOOR_UNBIND 261
366 #define AUE_ENTERPROM 153
367 #define AUE_EXEC 7
368 #define AUE_EXITPROM 154
369 #define AUE_FACLSET 252
370 #define AUE_FCHROOT 69
371 #define AUE_FORK1 241
372 #define AUE_GETAUDIT 132
373 #define AUE_GETAUDIT_ADDR 267
374 #define AUE_GETAUID 130
375 #define AUE_GETMSG 217
376 #define AUE_SOCKACCEPT 247
377 #define AUE_SOCKRECEIVE 250
378 #define AUE_GETPMSG 219
379 #define AUE_GETPORTAUDIT 149
380 #define AUE_INST_SYNC 264
381 #define AUE_LCHOWN 237
382 #define AUE_LXSTAT 236
383 #define AUE_MEMCNTL 238
384 #define AUE_MODADDMAJ 246
385 #define AUE_MODCONFIG 245
386 #define AUE_MODLOAD 243
387 #define AUE_MODUNLOAD 244
388 #define AUE_MSGCTL 84
389 #define AUE_MSGCTL_RMID 85
390 #define AUE_MSGCTL_SET 86
391 #define AUE_MSGCTL_STAT 87
392 #define AUE_NICE 203
393 #define AUE_P_ONLINE 262
394 #define AUE_PRIOCNTLSYS 212
395 #define AUE_CORE 111
396 #define AUE_PROCESSOR_BIND 263
397 #define AUE_PUTMSG 216
398 #define AUE_SOCKCONNECT 248
399 #define AUE_SOCKSEND 249
400 #define AUE_PUTPMSG 218
401 #define AUE_SETAUDIT 133
402 #define AUE_SETAUDIT_ADDR 266
403 #define AUE_SETAUID 131
404 #define AUE_SOCKCONFIG 183
405 #define AUE_STATVFS 234
406 #define AUE_STIME 201
407 #define AUE_SYSINFO 39
408 #define AUE_UTIME 202
409 #define AUE_UTSYS 233
410 #define AUE_XMKNOD 240
411 #define AUE_XSTAT 235
412
413 #endif /* !_BSM_AUDIT_KEVENTS_H_ */
mirror of XNU