xref: /freebsd/sys/bsm/audit_internal.h (revision 95ee2897e98f5d444f26ed2334cc7c439f9c16c6) 
1a5c6cfa0SRobert Watson /*-
2*51369649SPedro F. Giffuni  * SPDX-License-Identifier: BSD-3-Clause
3*51369649SPedro F. Giffuni  *
4980b6e45SRobert Watson  * Copyright (c) 2005-2008 Apple Inc.
5a5081e07SRobert Watson  * Copyright (c) 2005 SPARTA, Inc.
6a5081e07SRobert Watson  * All rights reserved.
7a5081e07SRobert Watson  *
8a5081e07SRobert Watson  * This code was developed in part by Robert N. M. Watson, Senior Principal
9a5081e07SRobert Watson  * Scientist, SPARTA, Inc.
10a5081e07SRobert Watson  *
11a5081e07SRobert Watson  * Redistribution and use in source and binary forms, with or without
12a5081e07SRobert Watson  * modification, are permitted provided that the following conditions
13a5081e07SRobert Watson  * are met:
14a5081e07SRobert Watson  *
15a5081e07SRobert Watson  * 1.  Redistributions of source code must retain the above copyright
16a5081e07SRobert Watson  *     notice, this list of conditions and the following disclaimer.
17a5081e07SRobert Watson  * 2.  Redistributions in binary form must reproduce the above copyright
18a5081e07SRobert Watson  *     notice, this list of conditions and the following disclaimer in the
19a5081e07SRobert Watson  *     documentation and/or other materials provided with the distribution.
20d0c2e5bdSRobert Watson  * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
21a5081e07SRobert Watson  *     its contributors may be used to endorse or promote products derived
22a5081e07SRobert Watson  *     from this software without specific prior written permission.
23a5081e07SRobert Watson  *
24a5081e07SRobert Watson  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
25a5081e07SRobert Watson  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
26a5081e07SRobert Watson  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27a5081e07SRobert Watson  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
28a5081e07SRobert Watson  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29a5081e07SRobert Watson  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30a5081e07SRobert Watson  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31a5081e07SRobert Watson  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32a5081e07SRobert Watson  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33a5081e07SRobert Watson  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34a5081e07SRobert Watson  */
35a5081e07SRobert Watson 
3670ea026aSRobert Watson #ifndef _AUDIT_INTERNAL_H
3770ea026aSRobert Watson #define	_AUDIT_INTERNAL_H
3870ea026aSRobert Watson 
3970ea026aSRobert Watson #if defined(__linux__) && !defined(__unused)
4070ea026aSRobert Watson #define	__unused
4170ea026aSRobert Watson #endif
42a5081e07SRobert Watson 
43a5081e07SRobert Watson /*
44a5081e07SRobert Watson  * audit_internal.h contains private interfaces that are shared by user space
45a5081e07SRobert Watson  * and the kernel for the purposes of assembling audit records.  Applications
46a5081e07SRobert Watson  * should not include this file or use the APIs found within, or it may be
47a5081e07SRobert Watson  * broken with future releases of OpenBSM, which may delete, modify, or
48a5081e07SRobert Watson  * otherwise break these interfaces or the assumptions they rely on.
49a5081e07SRobert Watson  */
5070ea026aSRobert Watson struct au_token {
5170ea026aSRobert Watson 	u_char			*t_data;
5270ea026aSRobert Watson 	size_t			 len;
5370ea026aSRobert Watson 	TAILQ_ENTRY(au_token)	 tokens;
5470ea026aSRobert Watson };
5570ea026aSRobert Watson 
5670ea026aSRobert Watson struct au_record {
5770ea026aSRobert Watson 	char			 used;		/* Record currently in use? */
5870ea026aSRobert Watson 	int			 desc;		/* Descriptor for record. */
5970ea026aSRobert Watson 	TAILQ_HEAD(, au_token)	 token_q;	/* Queue of BSM tokens. */
6070ea026aSRobert Watson 	u_char			*data;
6170ea026aSRobert Watson 	size_t			 len;
6270ea026aSRobert Watson 	LIST_ENTRY(au_record)	 au_rec_q;
6370ea026aSRobert Watson };
6470ea026aSRobert Watson typedef	struct au_record	au_record_t;
6570ea026aSRobert Watson 
66a5081e07SRobert Watson 
671c4d2797SRobert Watson /*
681c4d2797SRobert Watson  * We could determined the header and trailer sizes by defining appropriate
6923b7e55fSRobert Watson  * structures.  We hold off that approach until we have a consistent way of
701c4d2797SRobert Watson  * using structures for all tokens.  This is not straightforward since these
7123b7e55fSRobert Watson  * token structures may contain pointers of whose contents we do not know the
721c4d2797SRobert Watson  * size (e.g text tokens).
73a5081e07SRobert Watson  */
74ffbcef5aSChristian S.J. Peron #define	AUDIT_HEADER_EX_SIZE(a)	((a)->ai_termid.at_type+18+sizeof(u_int32_t))
751c4d2797SRobert Watson #define	AUDIT_HEADER_SIZE	18
76ffbcef5aSChristian S.J. Peron #define	MAX_AUDIT_HEADER_SIZE	(5*sizeof(u_int32_t)+18)
771c4d2797SRobert Watson #define	AUDIT_TRAILER_SIZE	7
78a5081e07SRobert Watson 
79a5081e07SRobert Watson /*
80a5081e07SRobert Watson  * BSM token streams store fields in big endian byte order, so as to be
81a5081e07SRobert Watson  * portable; when encoding and decoding, we must convert byte orders for
82a5081e07SRobert Watson  * typed values.
83a5081e07SRobert Watson  */
84a5081e07SRobert Watson #define	ADD_U_CHAR(loc, val)						\
85a5081e07SRobert Watson 	do {								\
86a5081e07SRobert Watson 		*(loc) = (val);						\
87a5081e07SRobert Watson 		(loc) += sizeof(u_char);				\
88a5081e07SRobert Watson 	} while(0)
89a5081e07SRobert Watson 
90a5081e07SRobert Watson 
91a5081e07SRobert Watson #define	ADD_U_INT16(loc, val)						\
92a5081e07SRobert Watson 	do {								\
93a5081e07SRobert Watson 		be16enc((loc), (val));					\
94a5081e07SRobert Watson 		(loc) += sizeof(u_int16_t);				\
95a5081e07SRobert Watson 	} while(0)
96a5081e07SRobert Watson 
97a5081e07SRobert Watson #define	ADD_U_INT32(loc, val)						\
98a5081e07SRobert Watson 	do {								\
99a5081e07SRobert Watson 		be32enc((loc), (val));					\
100a5081e07SRobert Watson 		(loc) += sizeof(u_int32_t);				\
101a5081e07SRobert Watson 	} while(0)
102a5081e07SRobert Watson 
103a5081e07SRobert Watson #define	ADD_U_INT64(loc, val)						\
104a5081e07SRobert Watson 	do {								\
105a5081e07SRobert Watson 		be64enc((loc), (val));					\
106a5081e07SRobert Watson 		(loc) += sizeof(u_int64_t); 				\
107a5081e07SRobert Watson 	} while(0)
108a5081e07SRobert Watson 
109a5081e07SRobert Watson #define	ADD_MEM(loc, data, size)					\
110a5081e07SRobert Watson 	do {								\
111a5081e07SRobert Watson 		memcpy((loc), (data), (size));				\
112a5081e07SRobert Watson 		(loc) += size;						\
113a5081e07SRobert Watson 	} while(0)
114a5081e07SRobert Watson 
115a5081e07SRobert Watson #define	ADD_STRING(loc, data, size)	ADD_MEM(loc, data, size)
116a5081e07SRobert Watson 
11770ea026aSRobert Watson #endif /* !_AUDIT_INTERNAL_H_ */
118