xref: /freebsd/sys/bsm/audit_internal.h (revision ffbcef5a426cd6fb07d317b9d2fdb4c57b38eac2) 
1a5081e07SRobert Watson /*
2f6d4a8a7SRobert Watson  * Copyright (c) 2005 Apple Inc.
3a5081e07SRobert Watson  * Copyright (c) 2005 SPARTA, Inc.
4a5081e07SRobert Watson  * All rights reserved.
5a5081e07SRobert Watson  *
6a5081e07SRobert Watson  * This code was developed in part by Robert N. M. Watson, Senior Principal
7a5081e07SRobert Watson  * Scientist, SPARTA, Inc.
8a5081e07SRobert Watson  *
9a5081e07SRobert Watson  * Redistribution and use in source and binary forms, with or without
10a5081e07SRobert Watson  * modification, are permitted provided that the following conditions
11a5081e07SRobert Watson  * are met:
12a5081e07SRobert Watson  *
13a5081e07SRobert Watson  * 1.  Redistributions of source code must retain the above copyright
14a5081e07SRobert Watson  *     notice, this list of conditions and the following disclaimer.
15a5081e07SRobert Watson  * 2.  Redistributions in binary form must reproduce the above copyright
16a5081e07SRobert Watson  *     notice, this list of conditions and the following disclaimer in the
17a5081e07SRobert Watson  *     documentation and/or other materials provided with the distribution.
18a5081e07SRobert Watson  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
19a5081e07SRobert Watson  *     its contributors may be used to endorse or promote products derived
20a5081e07SRobert Watson  *     from this software without specific prior written permission.
21a5081e07SRobert Watson  *
22a5081e07SRobert Watson  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
23a5081e07SRobert Watson  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
24a5081e07SRobert Watson  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25a5081e07SRobert Watson  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
26a5081e07SRobert Watson  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27a5081e07SRobert Watson  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28a5081e07SRobert Watson  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29a5081e07SRobert Watson  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30a5081e07SRobert Watson  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31a5081e07SRobert Watson  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32a5081e07SRobert Watson  *
333f3bb0d4SRobert Watson  * P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#18
34a5081e07SRobert Watson  * $FreeBSD$
35a5081e07SRobert Watson  */
36a5081e07SRobert Watson 
3770ea026aSRobert Watson #ifndef _AUDIT_INTERNAL_H
3870ea026aSRobert Watson #define	_AUDIT_INTERNAL_H
3970ea026aSRobert Watson 
4070ea026aSRobert Watson #if defined(__linux__) && !defined(__unused)
4170ea026aSRobert Watson #define	__unused
4270ea026aSRobert Watson #endif
43a5081e07SRobert Watson 
44a5081e07SRobert Watson /*
45a5081e07SRobert Watson  * audit_internal.h contains private interfaces that are shared by user space
46a5081e07SRobert Watson  * and the kernel for the purposes of assembling audit records.  Applications
47a5081e07SRobert Watson  * should not include this file or use the APIs found within, or it may be
48a5081e07SRobert Watson  * broken with future releases of OpenBSM, which may delete, modify, or
49a5081e07SRobert Watson  * otherwise break these interfaces or the assumptions they rely on.
50a5081e07SRobert Watson  */
5170ea026aSRobert Watson struct au_token {
5270ea026aSRobert Watson 	u_char			*t_data;
5370ea026aSRobert Watson 	size_t			 len;
5470ea026aSRobert Watson 	TAILQ_ENTRY(au_token)	 tokens;
5570ea026aSRobert Watson };
5670ea026aSRobert Watson 
5770ea026aSRobert Watson struct au_record {
5870ea026aSRobert Watson 	char			 used;		/* Record currently in use? */
5970ea026aSRobert Watson 	int			 desc;		/* Descriptor for record. */
6070ea026aSRobert Watson 	TAILQ_HEAD(, au_token)	 token_q;	/* Queue of BSM tokens. */
6170ea026aSRobert Watson 	u_char			*data;
6270ea026aSRobert Watson 	size_t			 len;
6370ea026aSRobert Watson 	LIST_ENTRY(au_record)	 au_rec_q;
6470ea026aSRobert Watson };
6570ea026aSRobert Watson typedef	struct au_record	au_record_t;
6670ea026aSRobert Watson 
67a5081e07SRobert Watson 
681c4d2797SRobert Watson /*
691c4d2797SRobert Watson  * We could determined the header and trailer sizes by defining appropriate
7023b7e55fSRobert Watson  * structures.  We hold off that approach until we have a consistent way of
711c4d2797SRobert Watson  * using structures for all tokens.  This is not straightforward since these
7223b7e55fSRobert Watson  * token structures may contain pointers of whose contents we do not know the
731c4d2797SRobert Watson  * size (e.g text tokens).
74a5081e07SRobert Watson  */
75ffbcef5aSChristian S.J. Peron #define	AUDIT_HEADER_EX_SIZE(a)	((a)->ai_termid.at_type+18+sizeof(u_int32_t))
761c4d2797SRobert Watson #define	AUDIT_HEADER_SIZE	18
77ffbcef5aSChristian S.J. Peron #define	MAX_AUDIT_HEADER_SIZE	(5*sizeof(u_int32_t)+18)
781c4d2797SRobert Watson #define	AUDIT_TRAILER_SIZE	7
79a5081e07SRobert Watson 
80a5081e07SRobert Watson /*
81a5081e07SRobert Watson  * BSM token streams store fields in big endian byte order, so as to be
82a5081e07SRobert Watson  * portable; when encoding and decoding, we must convert byte orders for
83a5081e07SRobert Watson  * typed values.
84a5081e07SRobert Watson  */
85a5081e07SRobert Watson #define	ADD_U_CHAR(loc, val)						\
86a5081e07SRobert Watson 	do {								\
87a5081e07SRobert Watson 		*(loc) = (val);						\
88a5081e07SRobert Watson 		(loc) += sizeof(u_char);				\
89a5081e07SRobert Watson 	} while(0)
90a5081e07SRobert Watson 
91a5081e07SRobert Watson 
92a5081e07SRobert Watson #define	ADD_U_INT16(loc, val)						\
93a5081e07SRobert Watson 	do {								\
94a5081e07SRobert Watson 		be16enc((loc), (val));					\
95a5081e07SRobert Watson 		(loc) += sizeof(u_int16_t);				\
96a5081e07SRobert Watson 	} while(0)
97a5081e07SRobert Watson 
98a5081e07SRobert Watson #define	ADD_U_INT32(loc, val)						\
99a5081e07SRobert Watson 	do {								\
100a5081e07SRobert Watson 		be32enc((loc), (val));					\
101a5081e07SRobert Watson 		(loc) += sizeof(u_int32_t);				\
102a5081e07SRobert Watson 	} while(0)
103a5081e07SRobert Watson 
104a5081e07SRobert Watson #define	ADD_U_INT64(loc, val)						\
105a5081e07SRobert Watson 	do {								\
106a5081e07SRobert Watson 		be64enc((loc), (val));					\
107a5081e07SRobert Watson 		(loc) += sizeof(u_int64_t); 				\
108a5081e07SRobert Watson 	} while(0)
109a5081e07SRobert Watson 
110a5081e07SRobert Watson #define	ADD_MEM(loc, data, size)					\
111a5081e07SRobert Watson 	do {								\
112a5081e07SRobert Watson 		memcpy((loc), (data), (size));				\
113a5081e07SRobert Watson 		(loc) += size;						\
114a5081e07SRobert Watson 	} while(0)
115a5081e07SRobert Watson 
116a5081e07SRobert Watson #define	ADD_STRING(loc, data, size)	ADD_MEM(loc, data, size)
117a5081e07SRobert Watson 
11870ea026aSRobert Watson #endif /* !_AUDIT_INTERNAL_H_ */
119