1# 2# Copyright 2006 Sun Microsystems, Inc. All rights reserved. 3# Use is subject to license terms. 4# 5# CDDL HEADER START 6# 7# The contents of this file are subject to the terms of the 8# Common Development and Distribution License (the "License"). 9# You may not use this file except in compliance with the License. 10# 11# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 12# or http://www.opensolaris.org/os/licensing. 13# See the License for the specific language governing permissions 14# and limitations under the License. 15# 16# When distributing Covered Code, include this CDDL HEADER in each 17# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 18# If applicable, add the following below this CDDL HEADER, with the 19# fields enclosed by brackets "[]" replaced with your own identifying 20# information: Portions Copyright [yyyy] [name of copyright owner] 21# 22# CDDL HEADER END 23# 24# ident "%Z%%M% %I% %E% SMI" 25# 26# User Level Class Masks 27# 28# Developers: If you change this file you must also edit audit.h. 29# 30# "Meta-classes" can be created; these are supersets composed of multiple base 31# classes, and thus will have more than 1 bit in its mask. See "ad", "all", 32# "am", and "pc" below for examples. 33# 34# The "no" (invalid) class below is commonly (but not exclusively) used in 35# audit_event for obsolete events. 36# 37# 38# File Format: 39# 40# mask:name:description 41# 420x00000000:no:invalid class 430x00000001:fr:file read 440x00000002:fw:file write 450x00000004:fa:file attribute access 460x00000008:fm:file attribute modify 470x00000010:fc:file create 480x00000020:fd:file delete 490x00000040:cl:file close 500x00000100:nt:network 510x00000200:ip:ipc 520x00000400:na:non-attribute 530x00001000:lo:login or logout 540x00004000:ap:application 550x00010000:ss:change system state 560x00020000:as:system-wide administration 570x00040000:ua:user administration 580x00070000:am:administrative (meta-class) 590x00080000:aa:audit utilization 600x000f0000:ad:old administrative (meta-class) 610x00100000:ps:process start/stop 620x00200000:pm:process modify 630x00300000:pc:process (meta-class) 64# 65# The following four masks define X server related audit classes which 66# are applicable to Trusted Extensions. X server audit events are mapped 67# to these classes per the following criteria: 68# 69# xp : Protocols audited for use of privilege (successful or otherwise). 70# E.g., ChangeWindowAttributes is audited when issued by a client to 71# change attributes of another client's window. This class also includes 72# any administrative protocols (e.g. SetAccessControl). 73# xc : Server objects creation/destruction; e.g., CreateWindow. 74# xs : Protocols that do not return X error messages to clients on failure for 75# lack for security attributes. E.g., GetImage does not return BadWindow 76# error if it cannot read from a window for lack of privilege. It just 77# does not read from that window. 78# These events should be selected for audit on success only. Selecting 79# them for failure will cause a lot of noise in the audit trail. 80# xx : All above X classes. 81# 820x00400000:xp:X - privileged/administrative operations 830x00800000:xc:X - object create/destroy 840x01000000:xs:X - operations that always silently fail, if bad 850x01c00000:xx:X - all X events (meta-class) 86# 870x20000000:io:ioctl 880x40000000:ex:exec 890x80000000:ot:other 900xffffffff:all:all classes (meta-class) 91