xnu-4903.221.2.tar.gz

[apple/xnu.git] / bsd / bsm / audit.h

diff --git a/bsd/bsm/audit.h b/bsd/bsm/audit.h
index a24cc88d739184e048d5b0de50e68d0186db3e49..1f6b2476eb22eecb14ea80b215f8143c0ffe6658 100644 (file)
--- a/bsd/bsm/audit.h
+++ b/bsd/bsm/audit.h
@@ -79,9 +79,9 @@
 /*
  * IPC types.
  */
-#define        AT_IPC_MSG      ((u_char)1)     /* Message IPC id. */
-#define        AT_IPC_SEM      ((u_char)2)     /* Semaphore IPC id. */
-#define        AT_IPC_SHM      ((u_char)3)     /* Shared mem IPC id. */
+#define        AT_IPC_MSG      ((unsigned char)1)      /* Message IPC id. */
+#define        AT_IPC_SEM      ((unsigned char)2)      /* Semaphore IPC id. */
+#define        AT_IPC_SHM      ((unsigned char)3)      /* Shared mem IPC id. */
 
 /*
  * Audit conditions.
@@ -127,6 +127,10 @@
 #define        A_SETCOND       38
 #define        A_GETSFLAGS     39
 #define        A_SETSFLAGS     40
+#define        A_GETCTLMODE    41
+#define        A_SETCTLMODE    42
+#define        A_GETEXPAFTER   43
+#define        A_SETEXPAFTER   44
 
 /*
  * Audit policy controls.
@@ -167,6 +171,24 @@
 #define        AU_IPv4         4
 #define        AU_IPv6         16
 
+/*
+ * Reserved audit class mask indicating which classes are unable to have
+ * events added or removed by unentitled processes.
+ */
+#define AU_CLASS_MASK_RESERVED 0x10000000
+
+/*
+ * Audit control modes
+ */
+#define AUDIT_CTLMODE_NORMAL ((unsigned char)1)
+#define AUDIT_CTLMODE_EXTERNAL ((unsigned char)2)
+
+/*
+ * Audit file expire_after op modes
+ */
+#define AUDIT_EXPIRE_OP_AND ((unsigned char)0)
+#define AUDIT_EXPIRE_OP_OR ((unsigned char)1)
+
 __BEGIN_DECLS
 
 typedef        uid_t           au_id_t;
@@ -175,6 +197,7 @@ typedef     u_int16_t       au_event_t;
 typedef        u_int16_t       au_emod_t;
 typedef        u_int32_t       au_class_t;
 typedef        u_int64_t       au_asflgs_t __attribute__ ((aligned (8)));
+typedef        unsigned char   au_ctlmode_t;
 
 struct au_tid {
        dev_t           port;
@@ -237,6 +260,13 @@ struct au_session {
 };
 typedef struct au_session       au_session_t;
 
+struct au_expire_after {
+       time_t age;             /* Age after which trail files should be expired */
+       size_t size;    /* Aggregate trail size when files should be expired */
+       unsigned char op_type; /* Operator used with the above values to determine when files should be expired */
+};
+typedef struct au_expire_after au_expire_after_t;
+
 /*
  * Contents of token_t are opaque outside of libbsm.
  */
@@ -311,11 +341,29 @@ int       auditon(int, void *, int);
 int    auditctl(const char *);
 int    getauid(au_id_t *);
 int    setauid(const au_id_t *);
-int    getaudit(struct auditinfo *);
-int    setaudit(const struct auditinfo *);
 int    getaudit_addr(struct auditinfo_addr *, int);
 int    setaudit_addr(const struct auditinfo_addr *, int);
 
+#if defined(__APPLE__)
+#include <Availability.h>
+
+/*
+ * getaudit()/setaudit() are deprecated and have been replaced with
+ * wrappers to the getaudit_addr()/setaudit_addr() syscalls above.
+ */
+
+int    getaudit(struct auditinfo *)
+               __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0, __MAC_10_8,
+                   __IPHONE_2_0, __IPHONE_6_0);
+int    setaudit(const struct auditinfo *)
+               __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0, __MAC_10_8,
+                   __IPHONE_2_0, __IPHONE_6_0);
+#else
+
+int    getaudit(struct auditinfo *);
+int    setaudit(const struct auditinfo *);
+#endif /* !__APPLE__ */
+
 #ifdef __APPLE_API_PRIVATE
 #include <mach/port.h>
 mach_port_name_t audit_session_self(void);