diff options
Diffstat (limited to 'contrib/openbsm/sys/bsm/audit.h')
-rw-r--r-- | contrib/openbsm/sys/bsm/audit.h | 64 |
1 files changed, 38 insertions, 26 deletions
diff --git a/contrib/openbsm/sys/bsm/audit.h b/contrib/openbsm/sys/bsm/audit.h index b39de0a..2a1abe8 100644 --- a/contrib/openbsm/sys/bsm/audit.h +++ b/contrib/openbsm/sys/bsm/audit.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Apple Inc. + * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,20 +26,14 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 $ */ -#ifndef _BSM_AUDIT_H +#ifndef _BSM_AUDIT_H #define _BSM_AUDIT_H -#ifdef __APPLE__ -/* Temporary until rdar://problem/6133383 is resolved. */ -#include <sys/types.h> #include <sys/param.h> -#include <sys/socket.h> -#include <sys/cdefs.h> -#include <sys/queue.h> -#endif /* __APPLE__ */ +#include <sys/types.h> #define AUDIT_RECORD_MAGIC 0x828a0f1b #define MAX_AUDIT_RECORDS 20 @@ -100,20 +94,20 @@ /* * auditon(2) commands. */ -#define A_GETPOLICY 2 -#define A_SETPOLICY 3 +#define A_OLDGETPOLICY 2 +#define A_OLDSETPOLICY 3 #define A_GETKMASK 4 #define A_SETKMASK 5 -#define A_GETQCTRL 6 -#define A_SETQCTRL 7 +#define A_OLDGETQCTRL 6 +#define A_OLDSETQCTRL 7 #define A_GETCWD 8 #define A_GETCAR 9 #define A_GETSTAT 12 #define A_SETSTAT 13 #define A_SETUMASK 14 #define A_SETSMASK 15 -#define A_GETCOND 20 -#define A_SETCOND 21 +#define A_OLDGETCOND 20 +#define A_OLDSETCOND 21 #define A_GETCLASS 22 #define A_SETCLASS 23 #define A_GETPINFO 24 @@ -125,6 +119,12 @@ #define A_SETKAUDIT 30 #define A_SENDTRIGGER 31 #define A_GETSINFO_ADDR 32 +#define A_GETPOLICY 33 +#define A_SETPOLICY 34 +#define A_GETQCTRL 35 +#define A_SETQCTRL 36 +#define A_GETCOND 37 +#define A_SETCOND 38 /* * Audit policy controls. @@ -215,7 +215,6 @@ struct auditpinfo { au_mask_t ap_mask; /* Audit masks. */ au_tid_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ - u_int64_t ap_flags; /* Audit session flags. */ }; typedef struct auditpinfo auditpinfo_t; @@ -225,15 +224,12 @@ struct auditpinfo_addr { au_mask_t ap_mask; /* Audit masks. */ au_tid_addr_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ + u_int64_t ap_flags; /* Audit session flags. */ }; typedef struct auditpinfo_addr auditpinfo_addr_t; struct au_session { auditinfo_addr_t *as_aia_p; /* Ptr to full audit info. */ -#define as_asid as_aia_p->ai_asid -#define as_auid as_aia_p->ai_auid -#define as_termid as_aia_p->ai_termid - au_mask_t as_mask; /* Process Audit Masks. */ }; typedef struct au_session au_session_t; @@ -244,13 +240,22 @@ typedef struct au_session au_session_t; typedef struct au_token token_t; /* - * Kernel audit queue control parameters. + * Kernel audit queue control parameters: + * Default: Maximum: + * aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000) + * aq_lowater: AQ_LOWATER (10) <aq_hiwater + * aq_bufsz: AQ_BUFSZ (32767) AQ_MAXBUFSZ (1048576) + * aq_delay: 20 20000 (not used) */ struct au_qctrl { - size_t aq_hiwater; - size_t aq_lowater; - size_t aq_bufsz; - clock_t aq_delay; + int aq_hiwater; /* Max # of audit recs in queue when */ + /* threads with new ARs get blocked. */ + + int aq_lowater; /* # of audit recs in queue when */ + /* blocked threads get unblocked. */ + + int aq_bufsz; /* Max size of audit record for audit(2). */ + int aq_delay; /* Queue delay (not used). */ int aq_minfree; /* Minimum filesystem percent free space. */ }; typedef struct au_qctrl au_qctrl_t; @@ -307,6 +312,13 @@ int getaudit(struct auditinfo *); int setaudit(const struct auditinfo *); int getaudit_addr(struct auditinfo_addr *, int); int setaudit_addr(const struct auditinfo_addr *, int); + +#ifdef __APPLE_API_PRIVATE +#include <mach/port.h> +mach_port_name_t audit_session_self(void); +au_asid_t audit_session_join(mach_port_name_t port); +#endif /* __APPLE_API_PRIVATE */ + #endif /* defined(_KERNEL) || defined(KERNEL) */ __END_DECLS |