/*-
* Copyright (c) 2005-2009 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $FreeBSD$
*/
#ifndef _BSM_AUDIT_H
#define _BSM_AUDIT_H
/*
* Minimum noumber of free blocks on the filesystem containing the audit
* log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0
* as the kernel does an unsigned compare, plus we want to leave a few blocks
* free so userspace can terminate the log, etc.
*/
/*
* Triggers for the audit daemon.
*/
/*
* The special device filename (FreeBSD).
*/
/*
* Pre-defined audit IDs
*/
#define AU_DEFAUDITSID 0
/*
* IPC types.
*/
/*
* Audit conditions.
*/
#define AUC_UNSET 0
/*
* auditon(2) commands.
*/
/*
* Audit policy controls.
*/
/*
* Default audit queue control parameters.
*/
/*
* Default minimum percentage free space on file system.
*/
/*
* Type definitions used indicating the length of variable length addresses
* in tokens containing addresses, such as header fields.
*/
struct au_tid {
};
struct au_tid_addr {
};
struct au_mask {
};
struct auditinfo {
};
struct auditinfo_addr {
};
struct auditpinfo {
};
struct auditpinfo_addr {
};
struct au_session {
};
/*
* Contents of token_t are opaque outside of libbsm.
*/
/*
* Kernel audit queue control parameters:
* Default: Maximum:
* aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000)
* aq_lowater: AQ_LOWATER (10) <aq_hiwater
* aq_bufsz: AQ_BUFSZ (32767) AQ_MAXBUFSZ (1048576)
* aq_delay: 20 20000 (not used)
*/
struct au_qctrl {
/* threads with new ARs get blocked. */
/* blocked threads get unblocked. */
};
/*
* Structure for the audit statistics.
*/
struct audit_stat {
unsigned int as_version;
unsigned int as_numevent;
int as_generated;
int as_nonattrib;
int as_kernel;
int as_audit;
int as_auditctl;
int as_enqueue;
int as_written;
int as_wblocked;
int as_rblocked;
int as_dropped;
int as_totalsize;
unsigned int as_memused;
};
/*
* Structure for the audit file statistics.
*/
struct audit_fstat {
};
/*
* Audit to event class mapping.
*/
struct au_evclass_map {
};
/*
* Audit system calls.
*/
int audit(const void *, int);
int auditon(int, void *, int);
int auditctl(const char *);
int getaudit_addr(struct auditinfo_addr *, int);
int setaudit_addr(const struct auditinfo_addr *, int);
#ifdef __APPLE_API_PRIVATE
#endif /* __APPLE_API_PRIVATE */
#endif /* defined(_KERNEL) || defined(KERNEL) */
#endif /* !_BSM_AUDIT_H */