-/*
- * @APPLE_LICENSE_HEADER_START@
- *
- * Copyright (c) 1999-2004 Apple Computer, Inc. All Rights Reserved.
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
+/*-
+ * Copyright (c) 2005-2009 Apple Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Apple Inc. ("Apple") nor the names of
+ * its contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#10 $
*/
#ifndef _BSM_AUDIT_RECORD_H_
#define _BSM_AUDIT_RECORD_H_
-#include <sys/cdefs.h>
-#include <sys/vnode.h>
-#include <sys/types.h>
-#include <sys/un.h>
-#include <sys/event.h>
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-
-/* We could determined the header and trailer sizes by
- * defining appropriate structures. We hold off that approach
- * till we have a consistant way of using structures for all tokens.
- * This is not straightforward since these token structures may
- * contain pointers of whose contents we dont know the size
- * (e.g text tokens)
- */
-#define HEADER_SIZE 18
-#define TRAILER_SIZE 7
-
-#define ADD_U_CHAR(loc, val) \
- do {\
- *loc = val;\
- loc += sizeof(u_char);\
- }while(0)
-
-
-#define ADD_U_INT16(loc, val) \
- do { \
- memcpy(loc, (const u_char *)&val, sizeof(u_int16_t));\
- loc += sizeof(u_int16_t); \
- }while(0)
-
-#define ADD_U_INT32(loc, val) \
- do { \
- memcpy(loc, (const u_char *)&val, sizeof(u_int32_t));\
- loc += sizeof(u_int32_t); \
- }while(0)
-
-#define ADD_U_INT64(loc, val)\
- do {\
- memcpy(loc, (const u_char *)&val, sizeof(u_int64_t));\
- loc += sizeof(u_int64_t); \
- }while(0)
-
-#define ADD_MEM(loc, data, size) \
- do { \
- memcpy(loc, data, size);\
- loc += size;\
- }while(0)
-
-#define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size)
-
-
-/* Various token id types */
-
-/*
- * Values inside the comments are not documented in the BSM pages and
- * have been picked up from the header files
- */
-
-/*
- * Values marked as XXX do not have a value defined in the BSM header files
- */
-
-/*
- * Control token types
-
-#define AUT_OTHER_FILE ((char)0x11)
-#define AUT_OTHER_FILE32 AUT_OTHER_FILE
-#define AUT_OHEADER ((char)0x12)
-
- */
-
-#define AUT_INVALID 0x00
-#define AU_FILE_TOKEN 0x11
-#define AU_TRAILER_TOKEN 0x13
-#define AU_HEADER_32_TOKEN 0x14
-#define AU_HEADER_EX_32_TOKEN 0x15
-
-/*
- * Data token types
-#define AUT_SERVER ((char)0x25)
-#define AUT_SERVER32 AUT_SERVER
- */
-
-#define AU_DATA_TOKEN 0x21
-#define AU_ARB_TOKEN AU_DATA_TOKEN
-#define AU_IPC_TOKEN 0x22
-#define AU_PATH_TOKEN 0x23
-#define AU_SUBJECT_32_TOKEN 0x24
-#define AU_PROCESS_32_TOKEN 0x26
-#define AU_RETURN_32_TOKEN 0x27
-#define AU_TEXT_TOKEN 0x28
-#define AU_OPAQUE_TOKEN 0x29
-#define AU_IN_ADDR_TOKEN 0x2A
-#define AU_IP_TOKEN 0x2B
-#define AU_IPORT_TOKEN 0x2C
-#define AU_ARG32_TOKEN 0x2D
-#define AU_SOCK_TOKEN 0x2E
-#define AU_SEQ_TOKEN 0x2F
-
-/*
- * Modifier token types
-
-#define AUT_ACL ((char)0x30)
-#define AUT_LABEL ((char)0x33)
-#define AUT_GROUPS ((char)0x34)
-#define AUT_ILABEL ((char)0x35)
-#define AUT_SLABEL ((char)0x36)
-#define AUT_CLEAR ((char)0x37)
-#define AUT_PRIV ((char)0x38)
-#define AUT_UPRIV ((char)0x39)
-#define AUT_LIAISON ((char)0x3A)
-
- */
-
-#define AU_ATTR_TOKEN 0x31
-#define AU_IPCPERM_TOKEN 0x32
-#define AU_NEWGROUPS_TOKEN 0x3B
-#define AU_EXEC_ARG_TOKEN 0x3C
-#define AU_EXEC_ENV_TOKEN 0x3D
-#define AU_ATTR32_TOKEN 0x3E
+#include <bsm/audit.h> /* token_t */
+#include <sys/time.h> /* struct timeval */
/*
- * Command token types
- */
-
-#define AU_CMD_TOKEN 0x51
-#define AU_EXIT_TOKEN 0x52
-
-/*
- * Miscellaneous token types
-
-#define AUT_HOST ((char)0x70)
-
+ * Token type identifiers.
*/
+#define AUT_INVALID 0x00
+#define AUT_OTHER_FILE32 0x11
+#define AUT_OHEADER 0x12
+#define AUT_TRAILER 0x13
+#define AUT_HEADER32 0x14
+#define AUT_HEADER32_EX 0x15
+#define AUT_DATA 0x21
+#define AUT_IPC 0x22
+#define AUT_PATH 0x23
+#define AUT_SUBJECT32 0x24
+#define AUT_XATPATH 0x25
+#define AUT_PROCESS32 0x26
+#define AUT_RETURN32 0x27
+#define AUT_TEXT 0x28
+#define AUT_OPAQUE 0x29
+#define AUT_IN_ADDR 0x2a
+#define AUT_IP 0x2b
+#define AUT_IPORT 0x2c
+#define AUT_ARG32 0x2d
+#define AUT_SOCKET 0x2e
+#define AUT_SEQ 0x2f
+#define AUT_ACL 0x30
+#define AUT_ATTR 0x31
+#define AUT_IPC_PERM 0x32
+#define AUT_LABEL 0x33
+#define AUT_GROUPS 0x34
+#define AUT_ACE 0x35
+#define AUT_PRIV 0x38
+#define AUT_UPRIV 0x39
+#define AUT_LIAISON 0x3a
+#define AUT_NEWGROUPS 0x3b
+#define AUT_EXEC_ARGS 0x3c
+#define AUT_EXEC_ENV 0x3d
+#define AUT_ATTR32 0x3e
+#define AUT_UNAUTH 0x3f
+#define AUT_XATOM 0x40
+#define AUT_XOBJ 0x41
+#define AUT_XPROTO 0x42
+#define AUT_XSELECT 0x43
+#define AUT_XCOLORMAP 0x44
+#define AUT_XCURSOR 0x45
+#define AUT_XFONT 0x46
+#define AUT_XGC 0x47
+#define AUT_XPIXMAP 0x48
+#define AUT_XPROPERTY 0x49
+#define AUT_XWINDOW 0x4a
+#define AUT_XCLIENT 0x4b
+#define AUT_CMD 0x51
+#define AUT_EXIT 0x52
+#define AUT_ZONENAME 0x60
+#define AUT_HOST 0x70
+#define AUT_ARG64 0x71
+#define AUT_RETURN64 0x72
+#define AUT_ATTR64 0x73
+#define AUT_HEADER64 0x74
+#define AUT_SUBJECT64 0x75
+#define AUT_PROCESS64 0x77
+#define AUT_OTHER_FILE64 0x78
+#define AUT_HEADER64_EX 0x79
+#define AUT_SUBJECT32_EX 0x7a
+#define AUT_PROCESS32_EX 0x7b
+#define AUT_SUBJECT64_EX 0x7c
+#define AUT_PROCESS64_EX 0x7d
+#define AUT_IN_ADDR_EX 0x7e
+#define AUT_SOCKET_EX 0x7f
/*
- * 64bit token types
-
-#define AUT_SERVER64 ((char)0x76)
-#define AUT_OTHER_FILE64 ((char)0x78)
-
+ * Pre-64-bit BSM, 32-bit tokens weren't explicitly named as '32'. We have
+ * compatibility defines.
*/
-
-#define AU_ARG64_TOKEN 0x71
-#define AU_RETURN_64_TOKEN 0x72
-#define AU_ATTR64_TOKEN 0x73
-#define AU_HEADER_64_TOKEN 0x74
-#define AU_SUBJECT_64_TOKEN 0x75
-#define AU_PROCESS_64_TOKEN 0x77
+#define AUT_HEADER AUT_HEADER32
+#define AUT_ARG AUT_ARG32
+#define AUT_RETURN AUT_RETURN32
+#define AUT_SUBJECT AUT_SUBJECT32
+#define AUT_PROCESS AUT_PROCESS32
+#define AUT_OTHER_FILE AUT_OTHER_FILE32
/*
- * Extended network address token types
+ * The values for the following token ids are not defined by BSM.
+ *
+ * XXXRW: Not sure how to handle these in OpenBSM yet, but I'll give them
+ * names more consistent with Sun's BSM. These originally came from Apple's
+ * BSM.
*/
-
-#define AU_HEADER_EX_64_TOKEN 0x79
-#define AU_SUBJECT_32_EX_TOKEN 0x7a
-#define AU_PROCESS_32_EX_TOKEN 0x7b
-#define AU_SUBJECT_64_EX_TOKEN 0x7c
-#define AU_PROCESS_64_EX_TOKEN 0x7d
-#define AU_IN_ADDR_EX_TOKEN 0x7e
-#define AU_SOCK_EX32_TOKEN 0x7f
-#define AU_SOCK_EX128_TOKEN AUT_INVALID /*XXX*/
-#define AU_IP_EX_TOKEN AUT_INVALID /*XXX*/
+#define AUT_SOCKINET32 0x80 /* XXX */
+#define AUT_SOCKINET128 0x81 /* XXX */
+#define AUT_SOCKUNIX 0x82 /* XXX */
-/*
- * The values for the following token ids are not
- * defined by BSM
- */
-#define AU_SOCK_INET_32_TOKEN 0x80 /*XXX*/
-#define AU_SOCK_INET_128_TOKEN 0x81 /*XXX*/
-#define AU_SOCK_UNIX_TOKEN 0x82 /*XXX*/
+/* Apple specific tokens*/
+#define AUT_IDENTITY 0xed
+#define AUT_KRB5_PRINCIPAL 0xee
+#define AUT_CERT_HASH 0xef
/* print values for the arbitrary token */
#define AUP_BINARY 0
/* data-types for the arbitrary token */
#define AUR_BYTE 0
+#define AUR_CHAR AUR_BYTE
#define AUR_SHORT 1
-#define AUR_LONG 2
+#define AUR_INT32 2
+#define AUR_INT AUR_INT32
+#define AUR_INT64 3
/* ... and their sizes */
-#define AUR_BYTE_SIZE sizeof(u_char)
-#define AUR_SHORT_SIZE sizeof(u_int16_t)
-#define AUR_LONG_SIZE sizeof(u_int32_t)
+#define AUR_BYTE_SIZE sizeof(u_char)
+#define AUR_CHAR_SIZE AUR_BYTE_SIZE
+#define AUR_SHORT_SIZE sizeof(uint16_t)
+#define AUR_INT32_SIZE sizeof(uint32_t)
+#define AUR_INT_SIZE AUR_INT32_SIZE
+#define AUR_INT64_SIZE sizeof(uint64_t)
/* Modifiers for the header token */
#define PAD_NOTATTR 0x4000 /* nonattributable event */
#define PAD_FAILURE 0x8000 /* fail audit event */
+#define AUDIT_MAX_GROUPS 16
-#define MAX_GROUPS 16
-#define HEADER_VERSION 1
-#define TRAILER_PAD_MAGIC 0xB105
+/*
+ * A number of BSM versions are floating around and defined. Here are
+ * constants for them. OpenBSM uses the same token types, etc, used in the
+ * Solaris BSM version, but has a separate version number in order to
+ * identify a potentially different event identifier name space.
+ */
+#define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */
+#define AUDIT_HEADER_VERSION_SOLARIS 2
+#define AUDIT_HEADER_VERSION_TSOL25 3
+#define AUDIT_HEADER_VERSION_TSOL 4
+#define AUDIT_HEADER_VERSION_OPENBSM10 10
+#define AUDIT_HEADER_VERSION_OPENBSM11 11
+#define AUDIT_HEADER_VERSION_OPENBSM AUDIT_HEADER_VERSION_OPENBSM11
+
+#define AUT_TRAILER_MAGIC 0xb105
/* BSM library calls */
__BEGIN_DECLS
-int au_open(void);
-int au_write(int d, token_t *m);
-int au_close(int d, int keep, short event);
-token_t *au_to_file(char *file);
-token_t *au_to_header(int rec_size, au_event_t e_type,
- au_emod_t e_mod);
-token_t *au_to_header32(int rec_size, au_event_t e_type,
- au_emod_t e_mod);
-token_t *au_to_header64(int rec_size, au_event_t e_type,
- au_emod_t e_mod);
-token_t *au_to_me(void);
-
-token_t *au_to_arg(char n, char *text, u_int32_t v);
-token_t *au_to_arg32(char n, char *text, u_int32_t v);
-token_t *au_to_arg64(char n, char *text, u_int64_t v);
-token_t *au_to_attr(struct vnode_attr *attr);
-token_t *au_to_attr32(struct vnode_attr *attr);
-token_t *au_to_attr64(struct vnode_attr *attr);
-token_t *au_to_data(char unit_print, char unit_type,
- char unit_count, char *p);
-token_t *au_to_exit(int retval, int err);
-token_t *au_to_groups(int *groups);
-token_t *au_to_newgroups(u_int16_t n, gid_t *groups);
-token_t *au_to_in_addr(struct in_addr *internet_addr);
-token_t *au_to_in_addr_ex(struct in6_addr *internet_addr);
-token_t *au_to_ip(struct ip *ip);
-token_t *au_to_ipc(char type, int id);
-token_t *au_to_ipc_perm(struct ipc_perm *perm);
-token_t *au_to_iport(u_int16_t iport);
-token_t *au_to_opaque(char *data, u_int16_t bytes);
-token_t *au_to_path(char *path);
-token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_process_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_process32_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_process64_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_return(char status, u_int32_t ret);
-token_t *au_to_return32(char status, u_int32_t ret);
-token_t *au_to_return64(char status, u_int64_t ret);
-token_t *au_to_seq(long audit_count);
-token_t *au_to_socket(struct socket *so);
-token_t *au_to_socket_ex_32(u_int16_t lp, u_int16_t rp,
- struct sockaddr *la, struct sockaddr *ta);
-token_t *au_to_socket_ex_128(u_int16_t lp, u_int16_t rp,
- struct sockaddr *la, struct sockaddr *ta);
-token_t *au_to_sock_inet(struct sockaddr_in *so);
-token_t *au_to_sock_inet32(struct sockaddr_in *so);
-token_t *au_to_sock_inet128(struct sockaddr_in6 *so);
-token_t *au_to_sock_unix(struct sockaddr_un *so);
-token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_subject_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_subject32_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_subject64_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_exec_args(const char **);
-token_t *au_to_exec_env(const char **);
-token_t *au_to_text(char *text);
-token_t *au_to_kevent(struct kevent *kev);
-token_t *au_to_trailer(int rec_size);
+struct in_addr;
+struct in6_addr;
+struct ip;
+struct ipc_perm;
+struct kevent;
+struct sockaddr;
+struct sockaddr_in;
+struct sockaddr_in6;
+struct sockaddr_un;
+#if defined(_KERNEL) || defined(KERNEL)
+struct vnode_au_info;
+#endif
+
+int au_open(void);
+int au_write(int d, token_t *m);
+int au_close(int d, int keep, short event);
+int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen);
+int au_close_token(token_t *tok, u_char *buffer, size_t *buflen);
+
+token_t *au_to_file(const char *file, struct timeval tm);
+
+token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+ struct timeval tm);
+token_t *au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+ struct timeval tm, struct auditinfo_addr *aia);
+token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+ struct timeval tm);
+#if !defined(KERNEL) && !defined(_KERNEL)
+token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t *au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t *au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod);
+#endif
+
+token_t *au_to_me(void);
+token_t *au_to_arg(char n, const char *text, uint32_t v);
+token_t *au_to_arg32(char n, const char *text, uint32_t v);
+token_t *au_to_arg64(char n, const char *text, uint64_t v);
+
+#if defined(_KERNEL) || defined(KERNEL)
+token_t *au_to_attr(struct vnode_au_info *vni);
+token_t *au_to_attr32(struct vnode_au_info *vni);
+token_t *au_to_attr64(struct vnode_au_info *vni);
+#endif
+
+token_t *au_to_data(char unit_print, char unit_type, char unit_count,
+ const char *p);
+token_t *au_to_exit(int retval, int err);
+token_t *au_to_groups(int *groups);
+token_t *au_to_newgroups(uint16_t n, gid_t *groups);
+token_t *au_to_in_addr(struct in_addr *internet_addr);
+token_t *au_to_in_addr_ex(struct in6_addr *internet_addr);
+token_t *au_to_ip(struct ip *ip);
+token_t *au_to_ipc(char type, int id);
+token_t *au_to_ipc_perm(struct ipc_perm *perm);
+token_t *au_to_iport(uint16_t iport);
+token_t *au_to_opaque(const char *data, uint16_t bytes);
+token_t *au_to_path(const char *path);
+token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
+token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid,
+ uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid,
+ au_tid_addr_t *tid);
+token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
+token_t *au_to_return(char status, uint32_t ret);
+token_t *au_to_return32(char status, uint32_t ret);
+token_t *au_to_return64(char status, uint64_t ret);
+token_t *au_to_seq(long audit_count);
+token_t *au_to_socket_ex(u_short so_domain, u_short so_type,
+ struct sockaddr *sa_local, struct sockaddr *sa_remote);
+token_t *au_to_sock_inet(struct sockaddr_in *so);
+token_t *au_to_sock_inet32(struct sockaddr_in *so);
+token_t *au_to_sock_inet128(struct sockaddr_in6 *so);
+token_t *au_to_sock_unix(struct sockaddr_un *so);
+token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
+token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
+token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
+#if defined(_KERNEL) || defined(KERNEL)
+token_t *au_to_exec_args(char *args, int argc);
+token_t *au_to_exec_env(char *envs, int envc);
+token_t *au_to_certificate_hash(char *hash, int hashc);
+token_t *au_to_krb5_principal(char *principal, int princ);
+#else
+token_t *au_to_exec_args(char **argv);
+token_t *au_to_exec_env(char **envp);
+token_t *au_to_certificate_hash(char **hash);
+token_t *au_to_krb5_principal(char **principal);
+#endif
+token_t *au_to_text(const char *text);
+token_t *au_to_kevent(struct kevent *kev);
+token_t *au_to_trailer(int rec_size);
+token_t *au_to_zonename(const char *zonename);
+token_t *au_to_identity(uint32_t signer_type, const char* signing_id,
+ u_char signing_id_trunc, const char* team_id, u_char team_id_trunc,
+ uint8_t* cdhash, uint16_t cdhash_len);
+
+/*
+ * BSM library routines for converting between local and BSM constant spaces.
+ */
+int au_bsm_to_domain(u_short bsm_domain, int *local_domainp);
+int au_bsm_to_errno(u_char bsm_error, int *errorp);
+int au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp);
+int au_bsm_to_socket_type(u_short bsm_socket_type,
+ int *local_socket_typep);
+u_short au_domain_to_bsm(int local_domain);
+u_char au_errno_to_bsm(int local_errno);
+u_short au_fcntl_cmd_to_bsm(int local_fcntl_command);
+u_short au_socket_type_to_bsm(int local_socket_type);
__END_DECLS
projects / apple / xnu.git / blobdiff