xref: /freebsd/sys/bsm/audit_internal.h (revision 51369649b03ece2aed3eb61b0c8214b9aa5b2fa2) 
1a5c6cfa0SRobert Watson /*-
2*51369649SPedro F. Giffuni  * SPDX-License-Identifier: BSD-3-Clause
3*51369649SPedro F. Giffuni  *
4980b6e45SRobert Watson  * Copyright (c) 2005-2008 Apple Inc.
5a5081e07SRobert Watson  * Copyright (c) 2005 SPARTA, Inc.
6a5081e07SRobert Watson  * All rights reserved.
7a5081e07SRobert Watson  *
8a5081e07SRobert Watson  * This code was developed in part by Robert N. M. Watson, Senior Principal
9a5081e07SRobert Watson  * Scientist, SPARTA, Inc.
10a5081e07SRobert Watson  *
11a5081e07SRobert Watson  * Redistribution and use in source and binary forms, with or without
12a5081e07SRobert Watson  * modification, are permitted provided that the following conditions
13a5081e07SRobert Watson  * are met:
14a5081e07SRobert Watson  *
15a5081e07SRobert Watson  * 1.  Redistributions of source code must retain the above copyright
16a5081e07SRobert Watson  *     notice, this list of conditions and the following disclaimer.
17a5081e07SRobert Watson  * 2.  Redistributions in binary form must reproduce the above copyright
18a5081e07SRobert Watson  *     notice, this list of conditions and the following disclaimer in the
19a5081e07SRobert Watson  *     documentation and/or other materials provided with the distribution.
20d0c2e5bdSRobert Watson  * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
21a5081e07SRobert Watson  *     its contributors may be used to endorse or promote products derived
22a5081e07SRobert Watson  *     from this software without specific prior written permission.
23a5081e07SRobert Watson  *
24a5081e07SRobert Watson  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
25a5081e07SRobert Watson  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
26a5081e07SRobert Watson  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27a5081e07SRobert Watson  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
28a5081e07SRobert Watson  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29a5081e07SRobert Watson  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30a5081e07SRobert Watson  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31a5081e07SRobert Watson  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32a5081e07SRobert Watson  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33a5081e07SRobert Watson  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34a5081e07SRobert Watson  *
35a5081e07SRobert Watson  * $FreeBSD$
36a5081e07SRobert Watson  */
37a5081e07SRobert Watson 
3870ea026aSRobert Watson #ifndef _AUDIT_INTERNAL_H
3970ea026aSRobert Watson #define	_AUDIT_INTERNAL_H
4070ea026aSRobert Watson 
4170ea026aSRobert Watson #if defined(__linux__) && !defined(__unused)
4270ea026aSRobert Watson #define	__unused
4370ea026aSRobert Watson #endif
44a5081e07SRobert Watson 
45a5081e07SRobert Watson /*
46a5081e07SRobert Watson  * audit_internal.h contains private interfaces that are shared by user space
47a5081e07SRobert Watson  * and the kernel for the purposes of assembling audit records.  Applications
48a5081e07SRobert Watson  * should not include this file or use the APIs found within, or it may be
49a5081e07SRobert Watson  * broken with future releases of OpenBSM, which may delete, modify, or
50a5081e07SRobert Watson  * otherwise break these interfaces or the assumptions they rely on.
51a5081e07SRobert Watson  */
5270ea026aSRobert Watson struct au_token {
5370ea026aSRobert Watson 	u_char			*t_data;
5470ea026aSRobert Watson 	size_t			 len;
5570ea026aSRobert Watson 	TAILQ_ENTRY(au_token)	 tokens;
5670ea026aSRobert Watson };
5770ea026aSRobert Watson 
5870ea026aSRobert Watson struct au_record {
5970ea026aSRobert Watson 	char			 used;		/* Record currently in use? */
6070ea026aSRobert Watson 	int			 desc;		/* Descriptor for record. */
6170ea026aSRobert Watson 	TAILQ_HEAD(, au_token)	 token_q;	/* Queue of BSM tokens. */
6270ea026aSRobert Watson 	u_char			*data;
6370ea026aSRobert Watson 	size_t			 len;
6470ea026aSRobert Watson 	LIST_ENTRY(au_record)	 au_rec_q;
6570ea026aSRobert Watson };
6670ea026aSRobert Watson typedef	struct au_record	au_record_t;
6770ea026aSRobert Watson 
68a5081e07SRobert Watson 
691c4d2797SRobert Watson /*
701c4d2797SRobert Watson  * We could determined the header and trailer sizes by defining appropriate
7123b7e55fSRobert Watson  * structures.  We hold off that approach until we have a consistent way of
721c4d2797SRobert Watson  * using structures for all tokens.  This is not straightforward since these
7323b7e55fSRobert Watson  * token structures may contain pointers of whose contents we do not know the
741c4d2797SRobert Watson  * size (e.g text tokens).
75a5081e07SRobert Watson  */
76ffbcef5aSChristian S.J. Peron #define	AUDIT_HEADER_EX_SIZE(a)	((a)->ai_termid.at_type+18+sizeof(u_int32_t))
771c4d2797SRobert Watson #define	AUDIT_HEADER_SIZE	18
78ffbcef5aSChristian S.J. Peron #define	MAX_AUDIT_HEADER_SIZE	(5*sizeof(u_int32_t)+18)
791c4d2797SRobert Watson #define	AUDIT_TRAILER_SIZE	7
80a5081e07SRobert Watson 
81a5081e07SRobert Watson /*
82a5081e07SRobert Watson  * BSM token streams store fields in big endian byte order, so as to be
83a5081e07SRobert Watson  * portable; when encoding and decoding, we must convert byte orders for
84a5081e07SRobert Watson  * typed values.
85a5081e07SRobert Watson  */
86a5081e07SRobert Watson #define	ADD_U_CHAR(loc, val)						\
87a5081e07SRobert Watson 	do {								\
88a5081e07SRobert Watson 		*(loc) = (val);						\
89a5081e07SRobert Watson 		(loc) += sizeof(u_char);				\
90a5081e07SRobert Watson 	} while(0)
91a5081e07SRobert Watson 
92a5081e07SRobert Watson 
93a5081e07SRobert Watson #define	ADD_U_INT16(loc, val)						\
94a5081e07SRobert Watson 	do {								\
95a5081e07SRobert Watson 		be16enc((loc), (val));					\
96a5081e07SRobert Watson 		(loc) += sizeof(u_int16_t);				\
97a5081e07SRobert Watson 	} while(0)
98a5081e07SRobert Watson 
99a5081e07SRobert Watson #define	ADD_U_INT32(loc, val)						\
100a5081e07SRobert Watson 	do {								\
101a5081e07SRobert Watson 		be32enc((loc), (val));					\
102a5081e07SRobert Watson 		(loc) += sizeof(u_int32_t);				\
103a5081e07SRobert Watson 	} while(0)
104a5081e07SRobert Watson 
105a5081e07SRobert Watson #define	ADD_U_INT64(loc, val)						\
106a5081e07SRobert Watson 	do {								\
107a5081e07SRobert Watson 		be64enc((loc), (val));					\
108a5081e07SRobert Watson 		(loc) += sizeof(u_int64_t); 				\
109a5081e07SRobert Watson 	} while(0)
110a5081e07SRobert Watson 
111a5081e07SRobert Watson #define	ADD_MEM(loc, data, size)					\
112a5081e07SRobert Watson 	do {								\
113a5081e07SRobert Watson 		memcpy((loc), (data), (size));				\
114a5081e07SRobert Watson 		(loc) += size;						\
115a5081e07SRobert Watson 	} while(0)
116a5081e07SRobert Watson 
117a5081e07SRobert Watson #define	ADD_STRING(loc, data, size)	ADD_MEM(loc, data, size)
118a5081e07SRobert Watson 
11970ea026aSRobert Watson #endif /* !_AUDIT_INTERNAL_H_ */
120