7 files changed, 356 insertions, 32 deletions
diff --git a/sys/bsm/Makefile.am b/sys/bsm/Makefile.am
index b3c7805..2fd60bc 100644
--- a/sys/bsm/Makefile.am
+++ b/sys/bsm/Makefile.am
@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#1 $
+# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#2 $
 #
 
 
@@ -8,6 +8,7 @@ openbsmdir = $(includedir)/bsm
 
 openbsm_HEADERS =		\
 	audit.h			\
+	audit_errno.h		\
 	audit_internal.h	\
 	audit_kevents.h		\
 	audit_record.h
diff --git a/sys/bsm/Makefile.in b/sys/bsm/Makefile.in
index 34cb9e6..d0e5793 100644
--- a/sys/bsm/Makefile.in
+++ b/sys/bsm/Makefile.in
@@ -15,7 +15,7 @@
 @SET_MAKE@
 
 #
-# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#2 $
+# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#4 $
 #
 
 VPATH = @srcdir@
@@ -48,8 +48,8 @@ CONFIG_HEADER = $(top_builddir)/config/config.h
 CONFIG_CLEAN_FILES =
 SOURCES =
 DIST_SOURCES =
-am__openbsm_HEADERS_DIST = audit.h audit_internal.h audit_kevents.h \
-	audit_record.h
+am__openbsm_HEADERS_DIST = audit.h audit_errno.h audit_internal.h \
+	audit_kevents.h audit_record.h
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
 am__vpath_adj = case $$p in \
     $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -173,6 +173,7 @@ top_srcdir = @top_srcdir@
 @USE_NATIVE_INCLUDES_FALSE@openbsmdir = $(includedir)/bsm
 @USE_NATIVE_INCLUDES_FALSE@openbsm_HEADERS = \
 @USE_NATIVE_INCLUDES_FALSE@	audit.h			\
+@USE_NATIVE_INCLUDES_FALSE@	audit_errno.h		\
 @USE_NATIVE_INCLUDES_FALSE@	audit_internal.h	\
 @USE_NATIVE_INCLUDES_FALSE@	audit_kevents.h		\
 @USE_NATIVE_INCLUDES_FALSE@	audit_record.h
diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h
index ebb84da..c730cac 100644
--- a/sys/bsm/audit.h
+++ b/sys/bsm/audit.h
@@ -26,12 +26,21 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#1 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#2 $
  */
 
 #ifndef _BSM_AUDIT_H
 #define	_BSM_AUDIT_H
 
+#ifdef	__APPLE__
+/* Temporary until rdar://problem/6133383 is resolved. */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/cdefs.h>
+#include <sys/queue.h>
+#endif /* __APPLE__ */
+
 #define	AUDIT_RECORD_MAGIC	0x828a0f1b
 #define	MAX_AUDIT_RECORDS	20
 #define	MAXAUDITDATA		(0x8000 - 1)
@@ -39,6 +48,14 @@
 #define	MIN_AUDIT_FILE_SIZE	(512 * 1024)
 
 /*
+ * Minimum noumber of free blocks on the filesystem containing the audit
+ * log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0
+ * as the kernel does an unsigned compare, plus we want to leave a few blocks
+ * free so userspace can terminate the log, etc.
+ */
+#define	AUDIT_HARD_LIMIT_FREE_BLOCKS	4
+
+/*
  * Triggers for the audit daemon.
  */
 #define	AUDIT_TRIGGER_MIN		1
@@ -47,8 +64,9 @@
 #define	AUDIT_TRIGGER_READ_FILE		3	/* Re-read config file. */
 #define	AUDIT_TRIGGER_CLOSE_AND_DIE	4	/* Terminate audit. */
 #define	AUDIT_TRIGGER_NO_SPACE		5	/* Below min free space. */
-#define	AUDIT_TRIGGER_ROTATE_USER	6	/* User requests roate. */
-#define	AUDIT_TRIGGER_MAX		6
+#define	AUDIT_TRIGGER_ROTATE_USER	6	/* User requests rotate. */
+#define	AUDIT_TRIGGER_INITIALIZE	7	/* Initialize audit. */
+#define	AUDIT_TRIGGER_MAX		7
 
 /*
  * The special device filename (FreeBSD).
@@ -59,7 +77,9 @@
 /*
  * Pre-defined audit IDs
  */
-#define	AU_DEFAUDITID	-1
+#define	AU_DEFAUDITID	(uid_t)(-1)
+#define	AU_DEFAUDITSID	 0
+#define	AU_ASSIGN_ASID	-1
 
 /*
  * IPC types.
@@ -103,6 +123,7 @@
 #define	A_GETKAUDIT	29
 #define	A_SETKAUDIT	30
 #define	A_SENDTRIGGER	31
+#define	A_GETSINFO_ADDR	32
 
 /*
  * Audit policy controls.
@@ -183,6 +204,7 @@ struct auditinfo_addr {
 	au_mask_t	ai_mask;	/* Audit masks. */
 	au_tid_addr_t	ai_termid;	/* Terminal ID. */
 	au_asid_t	ai_asid;	/* Audit session ID. */
+	u_int64_t	ai_flags;	/* Audit session flags. */
 };
 typedef	struct auditinfo_addr	auditinfo_addr_t;
 
@@ -192,6 +214,7 @@ struct auditpinfo {
 	au_mask_t	ap_mask;	/* Audit masks. */
 	au_tid_t	ap_termid;	/* Terminal ID. */
 	au_asid_t	ap_asid;	/* Audit session ID. */
+	u_int64_t	ap_flags;	/* Audit session flags. */
 };
 typedef	struct auditpinfo	auditpinfo_t;
 
@@ -204,6 +227,16 @@ struct auditpinfo_addr {
 };
 typedef	struct auditpinfo_addr	auditpinfo_addr_t;
 
+struct au_session {
+	auditinfo_addr_t	*as_aia_p;	/* Ptr to full audit info. */
+#define	as_asid			as_aia_p->ai_asid
+#define	as_auid			as_aia_p->ai_auid
+#define	as_termid		as_aia_p->ai_termid
+
+	au_mask_t		 as_mask;	/* Process Audit Masks. */
+};
+typedef struct au_session       au_session_t;
+
 /*
  * Contents of token_t are opaque outside of libbsm.
  */
diff --git a/sys/bsm/audit_errno.h b/sys/bsm/audit_errno.h
new file mode 100644
index 0000000..667813c
--- /dev/null
+++ b/sys/bsm/audit_errno.h
@@ -0,0 +1,214 @@
+/*-
+ * Copyright (c) 2008 Apple Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE. 
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#4 $
+ */
+
+#ifndef _BSM_AUDIT_ERRNO_H_
+#define	_BSM_AUDIT_ERRNO_H_
+
+/*
+ * For the purposes of portable encoding, we convert between local error
+ * numbers and Solaris error numbers (as well as some extensions for error
+ * numbers that don't exist in Solaris).  Although the first 35 or so
+ * constants are the same across all OS's, we don't handle that in any
+ * special way.
+ *
+ * When adding constants here, also add them to bsm_errno.c.
+ */
+#define	BSM_ESUCCESS		0
+#define	BSM_EPERM		1
+#define	BSM_ENOENT		2
+#define	BSM_ESRCH		3
+#define	BSM_EINTR		4
+#define	BSM_EIO			5
+#define	BSM_ENXIO		6
+#define	BSM_E2BIG		7
+#define	BSM_ENOEXEC		8
+#define	BSM_EBADF		9
+#define	BSM_ECHILD		10
+#define	BSM_EAGAIN		11
+#define	BSM_ENOMEM		12
+#define	BSM_EACCES		13
+#define	BSM_EFAULT		14
+#define	BSM_ENOTBLK		15
+#define	BSM_EBUSY		16
+#define	BSM_EEXIST		17
+#define	BSM_EXDEV		18
+#define	BSM_ENODEV		19
+#define	BSM_ENOTDIR		20
+#define	BSM_EISDIR		21
+#define	BSM_EINVAL		22
+#define	BSM_ENFILE		23
+#define	BSM_EMFILE		24
+#define	BSM_ENOTTY		25
+#define	BSM_ETXTBSY		26
+#define	BSM_EFBIG		27
+#define	BSM_ENOSPC		28
+#define	BSM_ESPIPE		29
+#define	BSM_EROFS		30
+#define	BSM_EMLINK		31
+#define	BSM_EPIPE		32
+#define	BSM_EDOM		33
+#define	BSM_ERANGE		34
+#define	BSM_ENOMSG		35
+#define	BSM_EIDRM		36
+#define	BSM_ECHRNG		37	/* Solaris/Linux-specific. */
+#define	BSM_EL2NSYNC		38	/* Solaris/Linux-specific. */
+#define	BSM_EL3HLT		39	/* Solaris/Linux-specific. */
+#define	BSM_EL3RST		40	/* Solaris/Linux-specific. */
+#define	BSM_ELNRNG		41	/* Solaris/Linux-specific. */
+#define	BSM_EUNATCH		42	/* Solaris/Linux-specific. */
+#define	BSM_ENOCSI		43	/* Solaris/Linux-specific. */
+#define	BSM_EL2HLT		44	/* Solaris/Linux-specific. */
+#define	BSM_EDEADLK		45
+#define	BSM_ENOLCK		46
+#define	BSM_ECANCELED		47
+#define	BSM_ENOTSUP		48
+#define	BSM_EDQUOT		49
+#define	BSM_EBADE		50	/* Solaris/Linux-specific. */
+#define	BSM_EBADR		51	/* Solaris/Linux-specific. */
+#define	BSM_EXFULL		52	/* Solaris/Linux-specific. */
+#define	BSM_ENOANO		53	/* Solaris/Linux-specific. */
+#define	BSM_EBADRQC		54	/* Solaris/Linux-specific. */
+#define	BSM_EBADSLT		55	/* Solaris/Linux-specific. */
+#define	BSM_EDEADLOCK		56	/* Solaris-specific. */
+#define	BSM_EBFONT		57	/* Solaris/Linux-specific. */
+#define	BSM_EOWNERDEAD		58	/* Solaris/Linux-specific. */
+#define	BSM_ENOTRECOVERABLE	59	/* Solaris/Linux-specific. */
+#define	BSM_ENOSTR		60	/* Solaris/Darwin/Linux-specific. */
+#define	BSM_ENODATA		61	/* Solaris/Darwin/Linux-specific. */
+#define	BSM_ETIME		62	/* Solaris/Darwin/Linux-specific. */
+#define	BSM_ENOSR		63	/* Solaris/Darwin/Linux-specific. */
+#define	BSM_ENONET		64	/* Solaris/Linux-specific. */
+#define	BSM_ENOPKG		65	/* Solaris/Linux-specific. */
+#define	BSM_EREMOTE		66
+#define	BSM_ENOLINK		67
+#define	BSM_EADV		68	/* Solaris/Linux-specific. */
+#define	BSM_ESRMNT		69	/* Solaris/Linux-specific. */
+#define	BSM_ECOMM		70	/* Solaris/Linux-specific. */
+#define	BSM_EPROTO		71
+#define	BSM_ELOCKUNMAPPED	72	/* Solaris-specific. */
+#define	BSM_ENOTACTIVE		73	/* Solaris-specific. */
+#define	BSM_EMULTIHOP		74
+#define	BSM_EBADMSG		77
+#define	BSM_ENAMETOOLONG	78
+#define	BSM_EOVERFLOW		79
+#define	BSM_ENOTUNIQ		80	/* Solaris/Linux-specific. */
+#define	BSM_EBADFD		81	/* Solaris/Linux-specific. */
+#define	BSM_EREMCHG		82	/* Solaris/Linux-specific. */
+#define	BSM_ELIBACC		83	/* Solaris/Linux-specific. */
+#define	BSM_ELIBBAD		84	/* Solaris/Linux-specific. */
+#define	BSM_ELIBSCN		85	/* Solaris/Linux-specific. */
+#define	BSM_ELIBMAX		86	/* Solaris/Linux-specific. */
+#define	BSM_ELIBEXEC		87	/* Solaris/Linux-specific. */
+#define	BSM_EILSEQ		88
+#define	BSM_ENOSYS		89
+#define	BSM_ELOOP		90
+#define	BSM_ERESTART		91
+#define	BSM_ESTRPIPE		92	/* Solaris/Linux-specific. */
+#define	BSM_ENOTEMPTY		93
+#define	BSM_EUSERS		94
+#define	BSM_ENOTSOCK		95
+#define	BSM_EDESTADDRREQ	96
+#define	BSM_EMSGSIZE		97
+#define	BSM_EPROTOTYPE		98
+#define	BSM_ENOPROTOOPT		99
+#define	BSM_EPROTONOSUPPORT	120
+#define	BSM_ESOCKTNOSUPPORT	121
+#define	BSM_EOPNOTSUPP		122
+#define	BSM_EPFNOSUPPORT	123
+#define	BSM_EAFNOSUPPORT	124
+#define	BSM_EADDRINUSE		125
+#define	BSM_EADDRNOTAVAIL	126
+#define	BSM_ENETDOWN		127
+#define	BSM_ENETUNREACH		128
+#define	BSM_ENETRESET		129
+#define	BSM_ECONNABORTED	130
+#define	BSM_ECONNRESET		131
+#define	BSM_ENOBUFS		132
+#define	BSM_EISCONN		133
+#define	BSM_ENOTCONN		134
+#define	BSM_ESHUTDOWN		143
+#define	BSM_ETOOMANYREFS	144
+#define	BSM_ETIMEDOUT		145
+#define	BSM_ECONNREFUSED	146
+#define	BSM_EHOSTDOWN		147
+#define	BSM_EHOSTUNREACH	148
+#define	BSM_EALREADY		149
+#define	BSM_EINPROGRESS		150
+#define	BSM_ESTALE		151
+
+/*
+ * OpenBSM constants for error numbers not defined in Solaris.  In the event
+ * that these errors are added to Solaris, we will deprecate the OpenBSM
+ * numbers in the same way we do for audit event constants.
+ *
+ * ELAST doesn't get a constant in the BSM space.
+ */
+#define	BSM_EPROCLIM		190	/* FreeBSD/Darwin-specific. */
+#define	BSM_EBADRPC		191	/* FreeBSD/Darwin-specific. */
+#define	BSM_ERPCMISMATCH	192	/* FreeBSD/Darwin-specific. */
+#define	BSM_EPROGUNAVAIL	193	/* FreeBSD/Darwin-specific. */
+#define	BSM_EPROGMISMATCH	194	/* FreeBSD/Darwin-specific. */
+#define	BSM_EPROCUNAVAIL	195	/* FreeBSD/Darwin-specific. */
+#define	BSM_EFTYPE		196	/* FreeBSD/Darwin-specific. */
+#define	BSM_EAUTH		197	/* FreeBSD/Darwin-specific. */
+#define	BSM_ENEEDAUTH		198	/* FreeBSD/Darwin-specific. */
+#define	BSM_ENOATTR		199	/* FreeBSD/Darwin-specific. */
+#define	BSM_EDOOFUS		200	/* FreeBSD-specific. */
+#define	BSM_EJUSTRETURN		201	/* FreeBSD-specific. */
+#define	BSM_ENOIOCTL		202	/* FreeBSD-specific. */
+#define	BSM_EDIRIOCTL		203	/* FreeBSD-specific. */
+#define	BSM_EPWROFF		204	/* Darwin-specific. */
+#define	BSM_EDEVERR		205	/* Darwin-specific. */
+#define	BSM_EBADEXEC		206	/* Darwin-specific. */
+#define	BSM_EBADARCH		207	/* Darwin-specific. */
+#define	BSM_ESHLIBVERS		208	/* Darwin-specific. */
+#define	BSM_EBADMACHO		209	/* Darwin-specific. */
+#define	BSM_EPOLICY		210	/* Darwin-specific. */
+#define	BSM_EDOTDOT		211	/* Linux-specific. */
+#define	BSM_EUCLEAN		212	/* Linux-specific. */
+#define	BSM_ENOTNAM		213	/* Linux(Xenix?)-specific. */
+#define	BSM_ENAVAIL		214	/* Linux(Xenix?)-specific. */
+#define	BSM_EISNAM		215	/* Linux(Xenix?)-specific. */
+#define	BSM_EREMOTEIO		216	/* Linux-specific. */
+#define	BSM_ENOMEDIUM		217	/* Linux-specific. */
+#define	BSM_EMEDIUMTYPE		218	/* Linux-specific. */
+#define	BSM_ENOKEY		219	/* Linux-specific. */
+#define	BSM_EKEYEXPIRED		220	/* Linux-specific. */
+#define	BSM_EKEYREVOKED		221	/* Linux-specific. */
+#define	BSM_EKEYREJECTED	222	/* Linux-specific. */
+
+/*
+ * In the event that OpenBSM doesn't have a file representation of a local
+ * error number, use this.
+ */
+#define	BSM_UNKNOWNERR		250	/* OpenBSM-specific. */
+
+#endif /* !_BSM_AUDIT_ERRNO_H_ */
diff --git a/sys/bsm/audit_internal.h b/sys/bsm/audit_internal.h
index d3482b3..71a5130 100644
--- a/sys/bsm/audit_internal.h
+++ b/sys/bsm/audit_internal.h
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005 Apple Inc.
+ * Copyright (c) 2005-2008 Apple Inc.
  * Copyright (c) 2005 SPARTA, Inc.
  * All rights reserved.
  *
@@ -30,7 +30,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#2 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5 $
  */
 
 #ifndef _AUDIT_INTERNAL_H
diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h
index 34cf545..57351b5 100644
--- a/sys/bsm/audit_kevents.h
+++ b/sys/bsm/audit_kevents.h
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#3 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#4 $
  */
 
 #ifndef _BSM_AUDIT_KEVENTS_H_
@@ -58,7 +58,6 @@
 #define	AUE_UMOUNT		12
 #define	AUE_JUNK		13	/* Solaris-specific. */
 #define	AUE_ACCESS		14
-#define	AUE_CHECKUSERACCESS	AUE_ACCESS	/* Darwin-specific. */
 #define	AUE_KILL		15
 #define	AUE_STAT		16
 #define	AUE_LSTAT		17
@@ -560,7 +559,7 @@
 #define	AUE_ACCESS_EXTENDED	43162	/* Darwin. */
 #define	AUE_CHMOD_EXTENDED	43163	/* Darwin. */
 #define	AUE_FCHMOD_EXTENDED	43164	/* Darwin. */
-#define	AUE_FSTAT_EXTENDED	43165	/* Dariwn. */
+#define	AUE_FSTAT_EXTENDED	43165	/* Darwin. */
 #define	AUE_LSTAT_EXTENDED	43166	/* Darwin. */
 #define	AUE_MKDIR_EXTENDED	43167	/* Darwin. */
 #define	AUE_MKFIFO_EXTENDED	43168	/* Darwin. */
@@ -585,6 +584,8 @@
 #define	AUE_CAP_GETRIGHTS	43187	/* TrustedBSD. */
 #define	AUE_CAP_ENTER		43188	/* TrustedBSD. */
 #define	AUE_CAP_GETMODE		43189	/* TrustedBSD. */
+#define	AUE_POSIX_SPAWN		43190	/* Darwin. */
+#define	AUE_FSGETPATH		43191	/* Darwin. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -656,13 +657,42 @@
 /*
  * Possible desired future values based on review of BSD/Darwin system calls.
  */
+#define	AUE_ACCESSEXTENDED	AUE_NULL
+#define	AUE_ATGETMSG		AUE_NULL
+#define	AUE_ATPUTMSG		AUE_NULL
+#define	AUE_ATSOCKET		AUE_NULL
+#define	AUE_ATPGETREQ		AUE_NULL
+#define	AUE_ATPGETRSP		AUE_NULL
+#define	AUE_ATPSNDREQ		AUE_NULL
+#define	AUE_ATPSNDRSP		AUE_NULL
+#define	AUE_BSDTHREADCREATE	AUE_NULL
+#define	AUE_BSDTHREADTERMINATE	AUE_NULL
+#define	AUE_BSDTHREADREGISTER	AUE_NULL
+#define	AUE_CHMODEXTENDED	AUE_NULL
+#define	AUE_CHUD		AUE_NULL
+#define	AUE_CSOPS		AUE_NULL
 #define	AUE_DUP			AUE_NULL
+#define	AUE_FCHMODEXTENDED	AUE_NULL
+#define	AUE_FDATASYNC		AUE_NULL
+#define	AUE_FFSCTL		AUE_NULL
+#define	AUE_FGETATTRLIST	AUE_NULL
+#define	AUE_FGETXATTR		AUE_NULL
+#define	AUE_FLISTXATTR		AUE_NULL
+#define	AUE_FREMOVEXATTR	AUE_NULL
 #define	AUE_FSCTL		AUE_NULL
+#define	AUE_FSETATTRLIST	AUE_NULL
+#define	AUE_FSETXATTR		AUE_NULL
+#define	AUE_FSTATEXTENDED	AUE_NULL
+#define	AUE_FSTATFS64		AUE_NULL
 #define	AUE_FSTATV		AUE_NULL
+#define	AUE_FSTAT64		AUE_NULL
+#define	AUE_FSTAT64EXTENDED	AUE_NULL
 #define	AUE_GCCONTROL		AUE_NULL
+#define	AUE_GETDIRENTRIES64	AUE_NULL
 #define	AUE_GETDTABLESIZE	AUE_NULL
 #define	AUE_GETEGID		AUE_NULL
 #define	AUE_GETEUID		AUE_NULL
+#define	AUE_GETFSSTAT64		AUE_NULL
 #define	AUE_GETGID		AUE_NULL
 #define	AUE_GETGROUPS		AUE_NULL
 #define	AUE_GETITIMER		AUE_NULL
@@ -675,24 +705,53 @@
 #define	AUE_GETPRIORITY		AUE_NULL
 #define	AUE_GETRLIMIT		AUE_NULL
 #define	AUE_GETRUSAGE		AUE_NULL
+#define	AUE_GETSGROUPS		AUE_NULL
 #define	AUE_GETSID		AUE_NULL
 #define	AUE_GETSOCKNAME		AUE_NULL
 #define	AUE_GETTIMEOFDAY	AUE_NULL
+#define	AUE_GETTID		AUE_NULL
 #define	AUE_GETUID		AUE_NULL
 #define	AUE_GETSOCKOPT		AUE_NULL
-#define	AUE_GTSOCKOPT		AUE_GETSOCKOPT	/* XXX: Typo in Darwin. */
+#define	AUE_GETWGROUPS		AUE_NULL
+#define	AUE_GETXATTR		AUE_NULL
+#define	AUE_IDENTITYSVC		AUE_NULL
+#define	AUE_INITGROUPS		AUE_NULL
+#define	AUE_IOPOLICYSYS		AUE_NULL
 #define	AUE_ISSETUGID		AUE_NULL
+#define	AUE_LIOLISTIO		AUE_NULL
+#define	AUE_LISTXATTR		AUE_NULL
+#define	AUE_LSTATEXTENDED	AUE_NULL
 #define	AUE_LSTATV		AUE_NULL
+#define	AUE_LSTAT64		AUE_NULL
+#define	AUE_LSTAT64EXTENDED	AUE_NULL
 #define	AUE_MADVISE		AUE_NULL
 #define	AUE_MINCORE		AUE_NULL
 #define	AUE_MKCOMPLEX		AUE_NULL
+#define	AUE_MKDIREXTENDED	AUE_NULL
+#define	AUE_MKFIFOEXTENDED	AUE_NULL
 #define	AUE_MODWATCH		AUE_NULL
 #define	AUE_MSGCL		AUE_NULL
 #define	AUE_MSYNC		AUE_NULL
+#define	AUE_OPENEXTENDED	AUE_NULL
 #define	AUE_PREAD		AUE_NULL
 #define	AUE_PWRITE		AUE_NULL
 #define	AUE_PREADV		AUE_NULL
+#define	AUE_PROCINFO		AUE_NULL
+#define	AUE_PTHREADCANCELED	AUE_NULL
+#define	AUE_PTHREADCHDIR	AUE_NULL
+#define	AUE_PTHREADCONDBROADCAST	AUE_NULL
+#define	AUE_PTHREADCONDDESTORY	AUE_NULL
+#define	AUE_PTHREADCONDINIT	AUE_NULL
+#define	AUE_PTHREADCONDSIGNAL	AUE_NULL
+#define	AUE_PTHREADCONDWAIT	AUE_NULL
+#define	AUE_PTHREADFCHDIR	AUE_NULL
+#define	AUE_PTHREADMARK		AUE_NULL
+#define	AUE_PTHREADMUTEXDESTROY	AUE_NULL
+#define	AUE_PTHREADMUTEXINIT	AUE_NULL
+#define	AUE_PTHREADMUTEXTRYLOCK	AUE_NULL
+#define	AUE_PTHREADMUTEXUNLOCK	AUE_NULL
 #define	AUE_PWRITEV		AUE_NULL
+#define	AUE_REMOVEXATTR		AUE_NULL
 #define	AUE_SBRK		AUE_NULL
 #define	AUE_SELECT		AUE_NULL
 #define	AUE_SEMDESTROY		AUE_NULL
@@ -701,7 +760,15 @@
 #define	AUE_SEMPOST		AUE_NULL
 #define	AUE_SEMTRYWAIT		AUE_NULL
 #define	AUE_SEMWAIT		AUE_NULL
+#define	AUE_SEMWAITSIGNAL	AUE_NULL
 #define	AUE_SETITIMER		AUE_NULL
+#define	AUE_SETSGROUPS		AUE_NULL
+#define	AUE_SETTID		AUE_NULL
+#define	AUE_SETTIDWITHPID	AUE_NULL
+#define	AUE_SETWGROUPS		AUE_NULL
+#define	AUE_SETXATTR		AUE_NULL
+#define	AUE_SHAREDREGIONCHECK	AUE_NULL
+#define	AUE_SHAREDREGIONMAP	AUE_NULL
 #define	AUE_SIGACTION		AUE_NULL
 #define	AUE_SIGALTSTACK		AUE_NULL
 #define	AUE_SIGPENDING		AUE_NULL
@@ -710,11 +777,21 @@
 #define	AUE_SIGSUSPEND		AUE_NULL
 #define	AUE_SIGWAIT		AUE_NULL
 #define	AUE_SSTK		AUE_NULL
+#define	AUE_STACKSNAPSHOT	AUE_NULL
+#define	AUE_STATEXTENDED	AUE_NULL
+#define	AUE_STATFS64		AUE_NULL
 #define	AUE_STATV		AUE_NULL
+#define	AUE_STAT64		AUE_NULL
+#define	AUE_STAT64EXTENDED	AUE_NULL
 #define	AUE_SYNC		AUE_NULL
 #define	AUE_SYSCALL		AUE_NULL
 #define	AUE_TABLE		AUE_NULL
+#define	AUE_UMASKEXTENDED	AUE_NULL
+#define	AUE_VMPRESSUREMONITOR	AUE_NULL
 #define	AUE_WAITEVENT		AUE_NULL
+#define	AUE_WAITID		AUE_NULL
 #define	AUE_WATCHEVENT		AUE_NULL
+#define	AUE_WORKQOPEN		AUE_NULL
+#define	AUE_WORKQOPS		AUE_NULL
 
 #endif /* !_BSM_AUDIT_KEVENTS_H_ */
diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h
index ccca15b..7295bc4 100644
--- a/sys/bsm/audit_record.h
+++ b/sys/bsm/audit_record.h
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#3 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#8 $
  */
 
 #ifndef _BSM_AUDIT_RECORD_H_
@@ -164,14 +164,11 @@
 #define	AUDIT_HEADER_VERSION_SOLARIS	2
 #define	AUDIT_HEADER_VERSION_TSOL25	3
 #define	AUDIT_HEADER_VERSION_TSOL	4
-#define	AUDIT_HEADER_VERSION_OPENBSM	10
+#define	AUDIT_HEADER_VERSION_OPENBSM10	10
+#define	AUDIT_HEADER_VERSION_OPENBSM11	11
+#define	AUDIT_HEADER_VERSION_OPENBSM	AUDIT_HEADER_VERSION_OPENBSM11
 
-/*
- * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we
- * split the difference, will remove the Apple define for the next release.
- */
 #define	AUT_TRAILER_MAGIC	0xb105
-#define	TRAILER_PAD_MAGIC	AUT_TRAILER_MAGIC
 
 /* BSM library calls */
 
@@ -182,6 +179,7 @@ struct in6_addr;
 struct ip;
 struct ipc_perm;
 struct kevent;
+struct sockaddr;
 struct sockaddr_in;
 struct sockaddr_in6;
 struct sockaddr_un;
@@ -208,6 +206,7 @@ token_t	*au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
 token_t	*au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod);
 token_t	*au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
 token_t	*au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t	*au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod);
 #endif
 
 token_t	*au_to_me(void);
@@ -251,15 +250,8 @@ token_t	*au_to_return(char status, uint32_t ret);
 token_t	*au_to_return32(char status, uint32_t ret);
 token_t	*au_to_return64(char status, uint64_t ret);
 token_t	*au_to_seq(long audit_count);
-
-#if defined(_KERNEL) || defined(KERNEL)
-token_t	*au_to_socket(struct socket *so);
-token_t	*au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la,
-	    struct sockaddr *ta);
-token_t	*au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la,
-	    struct sockaddr *ta);
-#endif
-
+token_t	*au_to_socket_ex(u_short so_domain, u_short so_type,
+	    struct sockaddr *sa_local, struct sockaddr *sa_remote);
 token_t	*au_to_sock_inet(struct sockaddr_in *so);
 token_t	*au_to_sock_inet32(struct sockaddr_in *so);
 token_t	*au_to_sock_inet128(struct sockaddr_in6 *so);
@@ -277,8 +269,8 @@ token_t	*au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
 token_t	*au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
 	    gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
 #if defined(_KERNEL) || defined(KERNEL)
-token_t	*au_to_exec_args(const char *args, int argc);
-token_t	*au_to_exec_env(const char *envs, int envc);
+token_t	*au_to_exec_args(char *args, int argc);
+token_t	*au_to_exec_env(char *envs, int envc);
 #else
 token_t	*au_to_exec_args(char **argv);
 token_t	*au_to_exec_env(char **envp);
@@ -288,6 +280,12 @@ token_t	*au_to_kevent(struct kevent *kev);
 token_t	*au_to_trailer(int rec_size);
 token_t	*au_to_zonename(const char *zonename);
 
+/*
+ * BSM library routines for manipulating errno values.
+ */
+int	 au_bsm_to_errno(u_char bsm_error, int *errorp);
+u_char	 au_errno_to_bsm(int error);
+
 __END_DECLS
 
 #endif /* ! _BSM_AUDIT_RECORD_H_ */