262 	struct kaudit_record *ar;  in audit_record_ctor()  local
267 	KASSERT(sizeof(*ar) == size, ("audit_record_ctor: wrong size"));  in audit_record_ctor()
270 	ar = mem;  in audit_record_ctor()
271 	bzero(ar, sizeof(*ar));  in audit_record_ctor()
272 	ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC;  in audit_record_ctor()
273 	nanotime(&ar->k_ar.ar_starttime);  in audit_record_ctor()
279 	cru2x(cred, &ar->k_ar.ar_subj_cred);  in audit_record_ctor()
280 	ar->k_ar.ar_subj_ruid = cred->cr_ruid;  in audit_record_ctor()
281 	ar->k_ar.ar_subj_rgid = cred->cr_rgid;  in audit_record_ctor()
282 	ar->k_ar.ar_subj_egid = cred->cr_groups[0];  in audit_record_ctor()
283 	ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid;  in audit_record_ctor()
284 	ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid;  in audit_record_ctor()
285 	ar->k_ar.ar_subj_pid = td->td_proc->p_pid;  in audit_record_ctor()
286 	ar->k_ar.ar_subj_amask = cred->cr_audit.ai_mask;  in audit_record_ctor()
287 	ar->k_ar.ar_subj_term_addr = cred->cr_audit.ai_termid;  in audit_record_ctor()
295 		(void) strlcpy(ar->k_ar.ar_jailname, pr->pr_name,  in audit_record_ctor()
296 		    sizeof(ar->k_ar.ar_jailname));  in audit_record_ctor()
298 		ar->k_ar.ar_jailname[0] = '\0';  in audit_record_ctor()
305 	struct kaudit_record *ar;  in audit_record_dtor()  local
307 	KASSERT(sizeof(*ar) == size, ("audit_record_dtor: wrong size"));  in audit_record_dtor()
309 	ar = mem;  in audit_record_dtor()
310 	if (ar->k_ar.ar_arg_upath1 != NULL)  in audit_record_dtor()
311 		free(ar->k_ar.ar_arg_upath1, M_AUDITPATH);  in audit_record_dtor()
312 	if (ar->k_ar.ar_arg_upath2 != NULL)  in audit_record_dtor()
313 		free(ar->k_ar.ar_arg_upath2, M_AUDITPATH);  in audit_record_dtor()
314 	if (ar->k_ar.ar_arg_text != NULL)  in audit_record_dtor()
315 		free(ar->k_ar.ar_arg_text, M_AUDITTEXT);  in audit_record_dtor()
316 	if (ar->k_udata != NULL)  in audit_record_dtor()
317 		free(ar->k_udata, M_AUDITDATA);  in audit_record_dtor()
318 	if (ar->k_ar.ar_arg_argv != NULL)  in audit_record_dtor()
319 		free(ar->k_ar.ar_arg_argv, M_AUDITTEXT);  in audit_record_dtor()
320 	if (ar->k_ar.ar_arg_envv != NULL)  in audit_record_dtor()
321 		free(ar->k_ar.ar_arg_envv, M_AUDITTEXT);  in audit_record_dtor()
322 	if (ar->k_ar.ar_arg_groups.gidset != NULL)  in audit_record_dtor()
323 		free(ar->k_ar.ar_arg_groups.gidset, M_AUDITGIDSET);  in audit_record_dtor()
420 	struct kaudit_record *ar;  in audit_new()  local
427 	ar = uma_zalloc_arg(audit_record_zone, td, M_WAITOK);  in audit_new()
428 	ar->k_ar.ar_event = event;  in audit_new()
434 	return (ar);  in audit_new()
438 audit_free(struct kaudit_record *ar)  in audit_free()  argument
441 	uma_zfree(audit_record_zone, ar);  in audit_free()
445 audit_commit(struct kaudit_record *ar, int error, int retval)  in audit_commit()  argument
453 	if (ar == NULL)  in audit_commit()
456 	ar->k_ar.ar_errno = error;  in audit_commit()
457 	ar->k_ar.ar_retval = retval;  in audit_commit()
458 	nanotime(&ar->k_ar.ar_endtime);  in audit_commit()
464 	if (ar->k_ar.ar_subj_auid == AU_DEFAUDITID)  in audit_commit()
467 		aumask = &ar->k_ar.ar_subj_amask;  in audit_commit()
479 	switch(ar->k_ar.ar_event) {  in audit_commit()
481 		ar->k_ar.ar_event = audit_flags_and_error_to_openevent(  in audit_commit()
482 		    ar->k_ar.ar_arg_fflags, error);  in audit_commit()
486 		ar->k_ar.ar_event = audit_flags_and_error_to_openatevent(  in audit_commit()
487 		    ar->k_ar.ar_arg_fflags, error);  in audit_commit()
491 		ar->k_ar.ar_event = audit_ctlname_to_sysctlevent(  in audit_commit()
492 		    ar->k_ar.ar_arg_ctlname, ar->k_ar.ar_valid_arg);  in audit_commit()
497 		ar->k_ar.ar_event = auditon_command_event(ar->k_ar.ar_arg_cmd);  in audit_commit()
501 		if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH))  in audit_commit()
502 			ar->k_ar.ar_event =  in audit_commit()
503 			    audit_msgsys_to_event(ar->k_ar.ar_arg_svipc_which);  in audit_commit()
507 		if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH))  in audit_commit()
508 			ar->k_ar.ar_event =  in audit_commit()
509 			    audit_semsys_to_event(ar->k_ar.ar_arg_svipc_which);  in audit_commit()
513 		if (ARG_IS_VALID(ar, ARG_SVIPC_WHICH))  in audit_commit()
514 			ar->k_ar.ar_event =  in audit_commit()
515 			    audit_shmsys_to_event(ar->k_ar.ar_arg_svipc_which);  in audit_commit()
519 	auid = ar->k_ar.ar_subj_auid;  in audit_commit()
520 	event = ar->k_ar.ar_event;  in audit_commit()
523 	ar->k_ar_commit |= AR_COMMIT_KERNEL;  in audit_commit()
525 		ar->k_ar_commit |= AR_PRESELECT_TRAIL;  in audit_commit()
527 	    ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0)  in audit_commit()
528 		ar->k_ar_commit |= AR_PRESELECT_PIPE;  in audit_commit()
536 		if (dtaudit_hook_commit(ar, auid, event, class, sorf) != 0)  in audit_commit()
537 			ar->k_ar_commit |= AR_PRESELECT_DTRACE;  in audit_commit()
541 	if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE |  in audit_commit()
547 		audit_free(ar);  in audit_commit()
563 		audit_free(ar);  in audit_commit()
574 	TAILQ_INSERT_TAIL(&audit_q, ar, k_q);  in audit_commit()
790 	struct kaudit_record *ar;  in audit_proc_coredump()  local
827 	ar = audit_new(AUE_CORE, td);  in audit_proc_coredump()
828 	if (ar == NULL)  in audit_proc_coredump()
831 		pathp = &ar->k_ar.ar_arg_upath1;  in audit_proc_coredump()
834 		ARG_SET_VALID(ar, ARG_UPATH1);  in audit_proc_coredump()
836 	ar->k_ar.ar_arg_signum = td->td_proc->p_sig;  in audit_proc_coredump()
837 	ARG_SET_VALID(ar, ARG_SIGNUM);  in audit_proc_coredump()
840 	audit_commit(ar, errcode, ret);  in audit_proc_coredump()