Cross Reference: /illumos-gate/usr/src/uts/common/c2/audit.c

Lines Matching refs:audit
27  * This file contains the audit hook support code for auditing.
51 #include <c2/audit.h>		/* needs to be included before user.h */
101 	 * Noise elimination in audit trails - this event will be discarded if:
130 	 * TAD_PATHFND means path already included in this audit record. It
163 		/* add token to audit record for this name */
294 	 * TAD_PATHFND means path already included in this audit record. It
364 	 * TAD_PATHFND means path already included in this audit record. It
414  * returns: 	1 - if audit policy and object attributes indicate that
471 			 * Flag it in the tad to prevent this audit at the end.
504 		 * audit record generation (no return from system call).
520 	 * Generate an audit record for process exit if preselected.
565 	/* if auditing not enabled, then don't generate an audit record */
667 		 * this is so we will not add audit data onto
697 		 * this is so we will not add audit data onto
714  * release per file audit resources when file structure is being released.
716  * IMPORTANT NOTE: Since we generate an audit record here, we may sleep
717  *	on the audit queue if it becomes full. This means
721  *	asleep waiting on the audit queue. This would cause the
722  *	per file audit data to be corrupted when we finally do
750 	/* audit record already generated by system call envelope */
752 		/* so close audit event will have bits set */
757 	/* if auditing not enabled, then don't generate an audit record */
774 	 * can't use audit_attributes here since we use a private audit area
775 	 * to build the audit record instead of the one off the thread.
784 				 * considered public, then skip the audit.
865 	 * assign path information associated with file audit data
952  * have to complete the audit record generation and put it onto the queue.
1234 		/* Add the current working directory to the audit trail. */
1420 	queue_t *q,	/* contains the process and thread audit data */
1453 	 * service routine. In this case, the context for the audit
1470 	 * add an audit token.
1604 	f_audit_data_t *fad;	/* per file audit structure */
1674  * are put in the audit trail.
1740  * audit trail.
1784  * Dump the full device policy setting in the audit trail.
1817 	f_audit_data_t *fad;	/* per file audit structure */
2008  * audit trail.
2157 		 * For now, just audit that an event happened,
2172 		 * and audit it as a netstack instead.
2212 	 * audit information.