]> git.saurik.com Git - apple/xnu.git/blob - bsd/security/audit/audit_ioctl.h
xnu-7195.101.1.tar.gz
[apple/xnu.git] / bsd / security / audit / audit_ioctl.h
1 /*-
2 * Copyright (c) 2006 Robert N. M. Watson
3 * Copyright (c) 2008 Apple, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
29
30 #ifndef _SECURITY_AUDIT_AUDIT_IOCTL_H_
31 #define _SECURITY_AUDIT_AUDIT_IOCTL_H_
32
33 #define AUDITPIPE_IOBASE 'A'
34 #define AUDITSDEV_IOBASE 'S'
35
36 /*
37 * Data structures used for complex ioctl arguments. Do not change existing
38 * structures, add new revised ones to be used by new ioctls, and keep the
39 * old structures and ioctls for backwards compatibility.
40 */
41 struct auditpipe_ioctl_preselect {
42 au_id_t aip_auid;
43 au_mask_t aip_mask;
44 };
45
46 /*
47 * Possible modes of operation for audit pipe preselection.
48 */
49 #define AUDITPIPE_PRESELECT_MODE_TRAIL 1 /* Global audit trail. */
50 #define AUDITPIPE_PRESELECT_MODE_LOCAL 2 /* Local audit trail. */
51
52 /*
53 * Ioctls to read and control the behavior of individual audit pipe devices.
54 */
55 #define AUDITPIPE_GET_QLEN _IOR(AUDITPIPE_IOBASE, 1, u_int)
56 #define AUDITPIPE_GET_QLIMIT _IOR(AUDITPIPE_IOBASE, 2, u_int)
57 #define AUDITPIPE_SET_QLIMIT _IOW(AUDITPIPE_IOBASE, 3, u_int)
58 #define AUDITPIPE_GET_QLIMIT_MIN _IOR(AUDITPIPE_IOBASE, 4, u_int)
59 #define AUDITPIPE_GET_QLIMIT_MAX _IOR(AUDITPIPE_IOBASE, 5, u_int)
60 #define AUDITPIPE_GET_PRESELECT_FLAGS _IOR(AUDITPIPE_IOBASE, 6, au_mask_t)
61 #define AUDITPIPE_SET_PRESELECT_FLAGS _IOW(AUDITPIPE_IOBASE, 7, au_mask_t)
62 #define AUDITPIPE_GET_PRESELECT_NAFLAGS _IOR(AUDITPIPE_IOBASE, 8, au_mask_t)
63 #define AUDITPIPE_SET_PRESELECT_NAFLAGS _IOW(AUDITPIPE_IOBASE, 9, au_mask_t)
64 #define AUDITPIPE_GET_PRESELECT_AUID _IOR(AUDITPIPE_IOBASE, 10, \
65 struct auditpipe_ioctl_preselect)
66 #define AUDITPIPE_SET_PRESELECT_AUID _IOW(AUDITPIPE_IOBASE, 11, \
67 struct auditpipe_ioctl_preselect)
68 #define AUDITPIPE_DELETE_PRESELECT_AUID _IOW(AUDITPIPE_IOBASE, 12, au_id_t)
69 #define AUDITPIPE_FLUSH_PRESELECT_AUID _IO(AUDITPIPE_IOBASE, 13)
70 #define AUDITPIPE_GET_PRESELECT_MODE _IOR(AUDITPIPE_IOBASE, 14, int)
71 #define AUDITPIPE_SET_PRESELECT_MODE _IOW(AUDITPIPE_IOBASE, 15, int)
72 #define AUDITPIPE_FLUSH _IO(AUDITPIPE_IOBASE, 16)
73 #define AUDITPIPE_GET_MAXAUDITDATA _IOR(AUDITPIPE_IOBASE, 17, u_int)
74
75 /*
76 * Ioctls to retrieve audit pipe statistics.
77 */
78 #define AUDITPIPE_GET_INSERTS _IOR(AUDITPIPE_IOBASE, 100, u_int64_t)
79 #define AUDITPIPE_GET_READS _IOR(AUDITPIPE_IOBASE, 101, u_int64_t)
80 #define AUDITPIPE_GET_DROPS _IOR(AUDITPIPE_IOBASE, 102, u_int64_t)
81 #define AUDITPIPE_GET_TRUNCATES _IOR(AUDITPIPE_IOBASE, 103, u_int64_t)
82
83 /*
84 * Ioctls for the audit session device.
85 */
86 #define AUDITSDEV_GET_QLEN _IOR(AUDITSDEV_IOBASE, 1, u_int)
87 #define AUDITSDEV_GET_QLIMIT _IOR(AUDITSDEV_IOBASE, 2, u_int)
88 #define AUDITSDEV_SET_QLIMIT _IOW(AUDITSDEV_IOBASE, 3, u_int)
89 #define AUDITSDEV_GET_QLIMIT_MIN _IOR(AUDITSDEV_IOBASE, 4, u_int)
90 #define AUDITSDEV_GET_QLIMIT_MAX _IOR(AUDITSDEV_IOBASE, 5, u_int)
91 #define AUDITSDEV_FLUSH _IO(AUDITSDEV_IOBASE, 6)
92 #define AUDITSDEV_GET_MAXDATA _IOR(AUDITSDEV_IOBASE, 7, u_int)
93
94 /*
95 * Ioctls to retrieve and set the ALLSESSIONS flag in the audit session device.
96 */
97 #define AUDITSDEV_GET_ALLSESSIONS _IOR(AUDITSDEV_IOBASE, 100, u_int)
98 #define AUDITSDEV_SET_ALLSESSIONS _IOW(AUDITSDEV_IOBASE, 101, u_int)
99
100 /*
101 * Ioctls to retrieve audit sessions device statistics.
102 */
103 #define AUDITSDEV_GET_INSERTS _IOR(AUDITSDEV_IOBASE, 200, u_int64_t)
104 #define AUDITSDEV_GET_READS _IOR(AUDITSDEV_IOBASE, 201, u_int64_t)
105 #define AUDITSDEV_GET_DROPS _IOR(AUDITSDEV_IOBASE, 202, u_int64_t)
106
107 #endif /* _SECURITY_AUDIT_AUDIT_IOCTL_H_ */