Vendor import of OpenBSM 1.1 alpha4, which incorporates the following

changes since the last imported OpenBSM release:

OpenBSM 1.1 alpha 4

- With the addition of BSM error number mapping, we also need to map the
  local error number passed to audit_submit(3) to a BSM error number,
  rather than have the caller perform that conversion.
- Reallocate user audit events to avoid collisions with Solaris; adopt a
  more formal allocation scheme, and add some events allocated in Solaris
  that will be of immediate use on other platforms.
- Add an event for Calife.
- Add au_strerror(3), which allows generating strings for BSM errors
  directly, rather than requiring applications to map to the local error
  space, which might not be able to entirely represent the BSM error
  number space.
- Major auditd rewrite for launchd(8) support.  Add libauditd library
  that is shared between launchd and auditd.
- Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for
  (re)starting auditing under launchd(8) on Mac OS X.
- Add 'current' symlink to active audit trail.
- Add crash recovery of previous audit trail file when detected on audit
  startup that it has not been properly terminated.
- Add the event AUE_audit_recovery to indicated when an audit trail file
  has been recovered from not being properly terminated.  This event is
  stored in the new audit trail file and includes the path of recovered
  audit trail file.
- Mac OS X and FreeBSD dependent code in auditd.c is separated into
  auditd_darwin.c and auditd_fbsd.c files.
- Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system
  calls.
- For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
- Add support for NOTICE level logging.

OpenBSM 1.1 alpha 3

- Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map
  between BSM error numbers (largely the Solaris definitions) and local
  errno(2) values for 32-bit and 64-bit return tokens.  This is required
  as operating systems don't agree on some of the values of more recent
  error numbers.
- Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the
  total size for the token.  This bug resulted in "unknown" tokens being
  printed after the exec args/env tokens.
- Support for AUT_SOCKET_EX extended socket tokens, which describe a
  socket using a pair of IPv4/IPv6 and port tuples.
- OpenBSM BSM file header version bumped for 1.1 release.
- Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.

Obtained from:	TrustedBSD Project
Sponsored by:	Apple Inc.

1 files changed, 81 insertions, 4 deletions

diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h
index 34cf545..57351b5 100644
--- a/sys/bsm/audit_kevents.h
+++ b/sys/bsm/audit_kevents.h
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#3 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#4 $
  */
 
 #ifndef _BSM_AUDIT_KEVENTS_H_
@@ -58,7 +58,6 @@
 #define	AUE_UMOUNT		12
 #define	AUE_JUNK		13	/* Solaris-specific. */
 #define	AUE_ACCESS		14
-#define	AUE_CHECKUSERACCESS	AUE_ACCESS	/* Darwin-specific. */
 #define	AUE_KILL		15
 #define	AUE_STAT		16
 #define	AUE_LSTAT		17
@@ -560,7 +559,7 @@
 #define	AUE_ACCESS_EXTENDED	43162	/* Darwin. */
 #define	AUE_CHMOD_EXTENDED	43163	/* Darwin. */
 #define	AUE_FCHMOD_EXTENDED	43164	/* Darwin. */
-#define	AUE_FSTAT_EXTENDED	43165	/* Dariwn. */
+#define	AUE_FSTAT_EXTENDED	43165	/* Darwin. */
 #define	AUE_LSTAT_EXTENDED	43166	/* Darwin. */
 #define	AUE_MKDIR_EXTENDED	43167	/* Darwin. */
 #define	AUE_MKFIFO_EXTENDED	43168	/* Darwin. */
@@ -585,6 +584,8 @@
 #define	AUE_CAP_GETRIGHTS	43187	/* TrustedBSD. */
 #define	AUE_CAP_ENTER		43188	/* TrustedBSD. */
 #define	AUE_CAP_GETMODE		43189	/* TrustedBSD. */
+#define	AUE_POSIX_SPAWN		43190	/* Darwin. */
+#define	AUE_FSGETPATH		43191	/* Darwin. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -656,13 +657,42 @@
 /*
  * Possible desired future values based on review of BSD/Darwin system calls.
  */
+#define	AUE_ACCESSEXTENDED	AUE_NULL
+#define	AUE_ATGETMSG		AUE_NULL
+#define	AUE_ATPUTMSG		AUE_NULL
+#define	AUE_ATSOCKET		AUE_NULL
+#define	AUE_ATPGETREQ		AUE_NULL
+#define	AUE_ATPGETRSP		AUE_NULL
+#define	AUE_ATPSNDREQ		AUE_NULL
+#define	AUE_ATPSNDRSP		AUE_NULL
+#define	AUE_BSDTHREADCREATE	AUE_NULL
+#define	AUE_BSDTHREADTERMINATE	AUE_NULL
+#define	AUE_BSDTHREADREGISTER	AUE_NULL
+#define	AUE_CHMODEXTENDED	AUE_NULL
+#define	AUE_CHUD		AUE_NULL
+#define	AUE_CSOPS		AUE_NULL
 #define	AUE_DUP			AUE_NULL
+#define	AUE_FCHMODEXTENDED	AUE_NULL
+#define	AUE_FDATASYNC		AUE_NULL
+#define	AUE_FFSCTL		AUE_NULL
+#define	AUE_FGETATTRLIST	AUE_NULL
+#define	AUE_FGETXATTR		AUE_NULL
+#define	AUE_FLISTXATTR		AUE_NULL
+#define	AUE_FREMOVEXATTR	AUE_NULL
 #define	AUE_FSCTL		AUE_NULL
+#define	AUE_FSETATTRLIST	AUE_NULL
+#define	AUE_FSETXATTR		AUE_NULL
+#define	AUE_FSTATEXTENDED	AUE_NULL
+#define	AUE_FSTATFS64		AUE_NULL
 #define	AUE_FSTATV		AUE_NULL
+#define	AUE_FSTAT64		AUE_NULL
+#define	AUE_FSTAT64EXTENDED	AUE_NULL
 #define	AUE_GCCONTROL		AUE_NULL
+#define	AUE_GETDIRENTRIES64	AUE_NULL
 #define	AUE_GETDTABLESIZE	AUE_NULL
 #define	AUE_GETEGID		AUE_NULL
 #define	AUE_GETEUID		AUE_NULL
+#define	AUE_GETFSSTAT64		AUE_NULL
 #define	AUE_GETGID		AUE_NULL
 #define	AUE_GETGROUPS		AUE_NULL
 #define	AUE_GETITIMER		AUE_NULL
@@ -675,24 +705,53 @@
 #define	AUE_GETPRIORITY		AUE_NULL
 #define	AUE_GETRLIMIT		AUE_NULL
 #define	AUE_GETRUSAGE		AUE_NULL
+#define	AUE_GETSGROUPS		AUE_NULL
 #define	AUE_GETSID		AUE_NULL
 #define	AUE_GETSOCKNAME		AUE_NULL
 #define	AUE_GETTIMEOFDAY	AUE_NULL
+#define	AUE_GETTID		AUE_NULL
 #define	AUE_GETUID		AUE_NULL
 #define	AUE_GETSOCKOPT		AUE_NULL
-#define	AUE_GTSOCKOPT		AUE_GETSOCKOPT	/* XXX: Typo in Darwin. */
+#define	AUE_GETWGROUPS		AUE_NULL
+#define	AUE_GETXATTR		AUE_NULL
+#define	AUE_IDENTITYSVC		AUE_NULL
+#define	AUE_INITGROUPS		AUE_NULL
+#define	AUE_IOPOLICYSYS		AUE_NULL
 #define	AUE_ISSETUGID		AUE_NULL
+#define	AUE_LIOLISTIO		AUE_NULL
+#define	AUE_LISTXATTR		AUE_NULL
+#define	AUE_LSTATEXTENDED	AUE_NULL
 #define	AUE_LSTATV		AUE_NULL
+#define	AUE_LSTAT64		AUE_NULL
+#define	AUE_LSTAT64EXTENDED	AUE_NULL
 #define	AUE_MADVISE		AUE_NULL
 #define	AUE_MINCORE		AUE_NULL
 #define	AUE_MKCOMPLEX		AUE_NULL
+#define	AUE_MKDIREXTENDED	AUE_NULL
+#define	AUE_MKFIFOEXTENDED	AUE_NULL
 #define	AUE_MODWATCH		AUE_NULL
 #define	AUE_MSGCL		AUE_NULL
 #define	AUE_MSYNC		AUE_NULL
+#define	AUE_OPENEXTENDED	AUE_NULL
 #define	AUE_PREAD		AUE_NULL
 #define	AUE_PWRITE		AUE_NULL
 #define	AUE_PREADV		AUE_NULL
+#define	AUE_PROCINFO		AUE_NULL
+#define	AUE_PTHREADCANCELED	AUE_NULL
+#define	AUE_PTHREADCHDIR	AUE_NULL
+#define	AUE_PTHREADCONDBROADCAST	AUE_NULL
+#define	AUE_PTHREADCONDDESTORY	AUE_NULL
+#define	AUE_PTHREADCONDINIT	AUE_NULL
+#define	AUE_PTHREADCONDSIGNAL	AUE_NULL
+#define	AUE_PTHREADCONDWAIT	AUE_NULL
+#define	AUE_PTHREADFCHDIR	AUE_NULL
+#define	AUE_PTHREADMARK		AUE_NULL
+#define	AUE_PTHREADMUTEXDESTROY	AUE_NULL
+#define	AUE_PTHREADMUTEXINIT	AUE_NULL
+#define	AUE_PTHREADMUTEXTRYLOCK	AUE_NULL
+#define	AUE_PTHREADMUTEXUNLOCK	AUE_NULL
 #define	AUE_PWRITEV		AUE_NULL
+#define	AUE_REMOVEXATTR		AUE_NULL
 #define	AUE_SBRK		AUE_NULL
 #define	AUE_SELECT		AUE_NULL
 #define	AUE_SEMDESTROY		AUE_NULL
@@ -701,7 +760,15 @@
 #define	AUE_SEMPOST		AUE_NULL
 #define	AUE_SEMTRYWAIT		AUE_NULL
 #define	AUE_SEMWAIT		AUE_NULL
+#define	AUE_SEMWAITSIGNAL	AUE_NULL
 #define	AUE_SETITIMER		AUE_NULL
+#define	AUE_SETSGROUPS		AUE_NULL
+#define	AUE_SETTID		AUE_NULL
+#define	AUE_SETTIDWITHPID	AUE_NULL
+#define	AUE_SETWGROUPS		AUE_NULL
+#define	AUE_SETXATTR		AUE_NULL
+#define	AUE_SHAREDREGIONCHECK	AUE_NULL
+#define	AUE_SHAREDREGIONMAP	AUE_NULL
 #define	AUE_SIGACTION		AUE_NULL
 #define	AUE_SIGALTSTACK		AUE_NULL
 #define	AUE_SIGPENDING		AUE_NULL
@@ -710,11 +777,21 @@
 #define	AUE_SIGSUSPEND		AUE_NULL
 #define	AUE_SIGWAIT		AUE_NULL
 #define	AUE_SSTK		AUE_NULL
+#define	AUE_STACKSNAPSHOT	AUE_NULL
+#define	AUE_STATEXTENDED	AUE_NULL
+#define	AUE_STATFS64		AUE_NULL
 #define	AUE_STATV		AUE_NULL
+#define	AUE_STAT64		AUE_NULL
+#define	AUE_STAT64EXTENDED	AUE_NULL
 #define	AUE_SYNC		AUE_NULL
 #define	AUE_SYSCALL		AUE_NULL
 #define	AUE_TABLE		AUE_NULL
+#define	AUE_UMASKEXTENDED	AUE_NULL
+#define	AUE_VMPRESSUREMONITOR	AUE_NULL
 #define	AUE_WAITEVENT		AUE_NULL
+#define	AUE_WAITID		AUE_NULL
 #define	AUE_WATCHEVENT		AUE_NULL
+#define	AUE_WORKQOPEN		AUE_NULL
+#define	AUE_WORKQOPS		AUE_NULL
 
 #endif /* !_BSM_AUDIT_KEVENTS_H_ */