123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 |
- /*-
- * SPDX-License-Identifier: BSD-3-Clause
- *
- * Copyright (c) 2005-2008 Apple Inc.
- * Copyright (c) 2005 SPARTA, Inc.
- * All rights reserved.
- *
- * This code was developed in part by Robert N. M. Watson, Senior Principal
- * Scientist, SPARTA, Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of Apple Inc. ("Apple") nor the names of
- * its contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
- #ifndef _AUDIT_INTERNAL_H
- #define _AUDIT_INTERNAL_H
- #if defined(__linux__) && !defined(__unused)
- #define __unused
- #endif
- /*
- * audit_internal.h contains private interfaces that are shared by user space
- * and the kernel for the purposes of assembling audit records. Applications
- * should not include this file or use the APIs found within, or it may be
- * broken with future releases of OpenBSM, which may delete, modify, or
- * otherwise break these interfaces or the assumptions they rely on.
- */
- struct au_token {
- u_char *t_data;
- size_t len;
- TAILQ_ENTRY(au_token) tokens;
- };
- struct au_record {
- char used; /* Record currently in use? */
- int desc; /* Descriptor for record. */
- TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */
- u_char *data;
- size_t len;
- LIST_ENTRY(au_record) au_rec_q;
- };
- typedef struct au_record au_record_t;
- /*
- * We could determined the header and trailer sizes by defining appropriate
- * structures. We hold off that approach until we have a consistent way of
- * using structures for all tokens. This is not straightforward since these
- * token structures may contain pointers of whose contents we do not know the
- * size (e.g text tokens).
- */
- #define AUDIT_HEADER_EX_SIZE(a) ((a)->ai_termid.at_type+18+sizeof(u_int32_t))
- #define AUDIT_HEADER_SIZE 18
- #define MAX_AUDIT_HEADER_SIZE (5*sizeof(u_int32_t)+18)
- #define AUDIT_TRAILER_SIZE 7
- /*
- * BSM token streams store fields in big endian byte order, so as to be
- * portable; when encoding and decoding, we must convert byte orders for
- * typed values.
- */
- #define ADD_U_CHAR(loc, val) \
- do { \
- *(loc) = (val); \
- (loc) += sizeof(u_char); \
- } while(0)
- #define ADD_U_INT16(loc, val) \
- do { \
- be16enc((loc), (val)); \
- (loc) += sizeof(u_int16_t); \
- } while(0)
- #define ADD_U_INT32(loc, val) \
- do { \
- be32enc((loc), (val)); \
- (loc) += sizeof(u_int32_t); \
- } while(0)
- #define ADD_U_INT64(loc, val) \
- do { \
- be64enc((loc), (val)); \
- (loc) += sizeof(u_int64_t); \
- } while(0)
- #define ADD_MEM(loc, data, size) \
- do { \
- memcpy((loc), (data), (size)); \
- (loc) += size; \
- } while(0)
- #define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size)
- #endif /* !_AUDIT_INTERNAL_H_ */
|