this repo has no description
Add some BSM headers to the SDK
+163
+162
Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/bsm/audit_session.h
+162
Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/bsm/audit_session.h
···
1
+
/*-
2
+
* Copyright (c) 2009 Apple Inc.
3
+
* All rights reserved.
4
+
*
5
+
* Redistribution and use in source and binary forms, with or without
6
+
* modification, are permitted provided that the following conditions
7
+
* are met:
8
+
* 1. Redistributions of source code must retain the above copyright
9
+
* notice, this list of conditions and the following disclaimer.
10
+
* 2. Redistributions in binary form must reproduce the above copyright
11
+
* notice, this list of conditions and the following disclaimer in the
12
+
* documentation and/or other materials provided with the distribution.
13
+
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
14
+
* its contributors may be used to endorse or promote products derived
15
+
* from this software without specific prior written permission.
16
+
*
17
+
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18
+
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19
+
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20
+
* ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21
+
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22
+
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23
+
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24
+
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25
+
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26
+
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
+
* POSSIBILITY OF SUCH DAMAGE.
28
+
*
29
+
* $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#4 $
30
+
*/
31
+
32
+
#ifndef _BSM_AUDIT_SESSION_H_
33
+
#define _BSM_AUDIT_SESSION_H_
34
+
35
+
#include <inttypes.h> /* Required for audit.h. */
36
+
#include <stdio.h> /* Required for FILE. */
37
+
38
+
#include <bsm/audit.h>
39
+
#include <bsm/audit_kevents.h> /* Required for AUE_SESSION_* event def's. */
40
+
41
+
#include <os/availability.h>
42
+
43
+
/* Defined audit session flags for the ai_flags member of auditinfo_addr.
44
+
* These are opaque to XNU itself, although some may be of interest to certain
45
+
* kernel extensions, notably AU_SESSION_FLAG_HAS_CONSOLE_ACCESS.
46
+
*/
47
+
enum audit_session_flags {
48
+
/* The initial session created by PID 1. */
49
+
AU_SESSION_FLAG_IS_INITIAL = 0x0001,
50
+
51
+
/* The graphics subsystem (CoreGraphics, etc.) is available. */
52
+
AU_SESSION_FLAG_HAS_GRAPHIC_ACCESS = 0x0010,
53
+
54
+
/* /dev/tty is available. */
55
+
AU_SESSION_FLAG_HAS_TTY = 0x0020,
56
+
57
+
/* The session was created for a remote connection. */
58
+
AU_SESSION_FLAG_IS_REMOTE = 0x1000,
59
+
60
+
/* The console and associated devices are available. */
61
+
AU_SESSION_FLAG_HAS_CONSOLE_ACCESS = 0x2000,
62
+
63
+
/* An active, authenticated user is associated with the session. */
64
+
AU_SESSION_FLAG_HAS_AUTHENTICATED = 0x4000,
65
+
};
66
+
67
+
/*
68
+
* Audit session device.
69
+
*/
70
+
71
+
#define AUDIT_SDEV_PATH "/dev/auditsessions"
72
+
73
+
/*
74
+
* au_sdev_open() flags
75
+
*/
76
+
enum au_sdev_open_flags {
77
+
/* Set audit session device to not to block on reads. */
78
+
AU_SDEVF_NONBLOCK = 0x00000001,
79
+
80
+
81
+
/* Allow process to monitor all session. (Requires privilege.) */
82
+
AU_SDEVF_ALLSESSIONS = 0x00010000,
83
+
};
84
+
85
+
__BEGIN_DECLS
86
+
/*
87
+
* Audit session device handle.
88
+
*/
89
+
typedef struct au_sdev_handle {
90
+
FILE *ash_fp;
91
+
u_char *ash_buf;
92
+
int ash_reclen;
93
+
int ash_bytesread;
94
+
} au_sdev_handle_t;
95
+
96
+
/*
97
+
* au_sdev_open()
98
+
*
99
+
* @summary - Open the audit session pseudo device.
100
+
*
101
+
* @param flags - Flags that change the behavior of the device. The flags
102
+
* specified are formed by or'ing the following flag: AU_SDEVF_NONBLOCK for
103
+
* non-blocking I/O and AU_SDEF_ALLSESSIONS for monitoring all the sessions
104
+
* and not just the session of the current process.
105
+
*
106
+
* @return Upon success returns the audit session device handle. Otherwise,
107
+
* NULL is returned and the errno is set to indicate the error.
108
+
*/
109
+
au_sdev_handle_t *au_sdev_open(int flags)
110
+
API_AVAILABLE(macos(10.8)) API_UNAVAILABLE(ios, watchos, tvos);
111
+
112
+
/*
113
+
* au_sdev_close()
114
+
*
115
+
* @summary - Close the audit session pseudo device.
116
+
*
117
+
* @param ash - Audit session device handle.
118
+
*
119
+
* @return Upon successful completion 0 is returned. Otherwise, errno is set
120
+
* to indicate the error.
121
+
*/
122
+
int au_sdev_close(au_sdev_handle_t *ash)
123
+
API_AVAILABLE(macos(10.8)) API_UNAVAILABLE(ios, watchos, tvos);
124
+
125
+
/*
126
+
* au_sdev_fd()
127
+
*
128
+
* @summary - Get the file descriptor for the audit session device.
129
+
*
130
+
* @param ash - Audit session device handle.
131
+
*
132
+
* @return File descriptor of the audit session device.
133
+
*/
134
+
int au_sdev_fd(au_sdev_handle_t *ash)
135
+
API_AVAILABLE(macos(10.8)) API_UNAVAILABLE(ios, watchos, tvos);
136
+
137
+
/*
138
+
* au_sdev_read_aia()
139
+
*
140
+
* @summary - Read a session event and an auditinfo_addr record from kernel.
141
+
*
142
+
* @param ash - Audit session device handle.
143
+
*
144
+
* @param event - A pointer to an integer that will contain the event type:
145
+
* AUE_SESSION_START (start of a new session), AUE_SESSION_UPDATE (the
146
+
* session information has been changed), AUE_SESSION_END (all the processes in
147
+
* the session have exited), and AUE_SESSION_CLOSE (the session record has been
148
+
* removed from the kernel).
149
+
*
150
+
* @param aia_p - A pointer to an auditinfo_addr structure that will contain the
151
+
* audit session information on a successful return. The audit masks fields
152
+
* (ai_mask), however, does not currently contain correct informaiton.
153
+
*
154
+
* @return Upon sucessful completetion 0 is returned and the event and aia_p
155
+
* parameters will be populated. Otherwise, errno is set to indicate the error.
156
+
*/
157
+
int au_sdev_read_aia(au_sdev_handle_t *ash, int *event, auditinfo_addr_t *aia_p)
158
+
API_AVAILABLE(macos(10.8)) API_UNAVAILABLE(ios, watchos, tvos);
159
+
160
+
__END_DECLS
161
+
162
+
#endif /* !_BSM_AUDIT_SESSION_H_ */
+1
Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/bsm/auditd_lib.h
+1
Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/bsm/auditd_lib.h
···
1
+
../../../../../../../../../src/external/bsm/openbsm/bsm/auditd_lib.h