1 <?xml version="1.0" encoding="UTF-8" ?>
   2 
   3 <!--
   4  Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
   5  Use is subject to license terms.
   6 
   7  CDDL HEADER START
   8 
   9  The contents of this file are subject to the terms of the
  10  Common Development and Distribution License (the "License").
  11  You may not use this file except in compliance with the License.
  12 
  13  You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  14  or http://www.opensolaris.org/os/licensing.
  15  See the License for the specific language governing permissions
  16  and limitations under the License.
  17 
  18  When distributing Covered Code, include this CDDL HEADER in each
  19  file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  20  If applicable, add the following below this CDDL HEADER, with the
  21  fields enclosed by brackets "[]" replaced with your own identifying
  22  information: Portions Copyright [yyyy] [name of copyright owner]
  23 
  24  CDDL HEADER END
  25 -->
  26 
  27 
  28 <!--Entity Definitions-->
  29 
  30 <!-- timeattr or iso8601
  31 
  32 timeattr:
  33         the time/date to the second in strftime(3C) default format,
  34         followed by milliseconds offset.
  35 
  36         Example:        time="Mon May 06 12:10:18 2002" msec="750"
  37 
  38 iso8601:
  39         ISO 8601 standard format date time and timezone;
  40         YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with
  41         milliseconds + or - offset from Universal Time (UTC, aka GMT)
  42         
  43         Example:        iso8601="2003-09-17 16:47:41.831 -07:00"
  44 
  45 -->
  46 <!ENTITY % timeattr  "time           CDATA #IMPLIED
  47                         msec            CDATA #IMPLIED">
  48 
  49 <!ENTITY % iso8601   "iso8601        CDATA #IMPLIED">
  50 
  51 <!-- xinfo   Generic info for X related tokens.  -->
  52 <!ENTITY % xinfo     "xid            CDATA #REQUIRED
  53                         xcreator-uid    CDATA #REQUIRED">
  54 
  55 <!-- reserved_toks 
  56 
  57 This represents the set of "reserved" tokens whose placement is
  58 fixed.
  59 
  60 -->
  61 <!ENTITY % reserved_toks     "(
  62                         file                    |
  63                         record                  |
  64                         host                    |
  65                         sequence
  66                         )
  67 ">
  68 
  69 <!-- normaltoks 
  70 
  71 This represents the set of all tokens other than the "reserved"
  72 tokens.
  73 
  74 -->
  75 <!ENTITY % normaltoks        "(
  76                         acl                     |
  77                         arbitrary               |
  78                         argument                |
  79                         attribute               |
  80                         cmd                     |
  81                         exit                    |
  82                         exec_args               |
  83                         exec_env                |
  84                         fmri                    |
  85                         group                   |
  86                         ip                      |
  87                         ip_address              |
  88                         IPC                     |
  89                         IPC_perm                |
  90                         ip_port                 |
  91                         liaison                 |
  92                         opaque                  |
  93                         path                    |
  94                         path_attr               |
  95                         privilege               |
  96                         process                 |
  97                         return                  |
  98                         sensitivity_label       |
  99                         old_socket              |
 100                         socket                  |
 101                         subject                 |
 102                         text                    |
 103                         user                    |
 104                         use_of_authorization    |
 105                         use_of_privilege        |
 106                         X_atom                  |
 107                         X_client                |
 108                         X_color_map             |
 109                         X_cursor                |
 110                         X_font                  |
 111                         X_graphic_context       |
 112                         X_pixmap                |
 113                         X_property              |
 114                         X_selection             |
 115                         X_window                |
 116                         zone
 117                         )
 118 ">
 119 
 120 <!--Element Definitions-->
 121 
 122 <!--
 123 
 124 The main element, "audit", consists of a sequence of file & record tokens.
 125 
 126 -->
 127 <!ELEMENT audit (file | record)*>
 128 
 129 <!-- file token -->
 130 <!ELEMENT file               (#PCDATA)>
 131 <!ATTLIST file               %iso8601;>
 132 
 133 
 134 <!-- record token
 135 
 136 Audit records will have this general layout of tokens after the
 137 first token (which is the record token):
 138         (tokens),subject,group,(tokens),return,sequence,host
 139 
 140 (all tokens after the record token are optional; the host token is unused.)
 141 
 142 -->
 143 <!ELEMENT record (
 144                 (%normaltoks;)*,
 145                 sequence?,
 146                 host?
 147         )
 148 >
 149 <!ATTLIST record
 150                 version         CDATA #REQUIRED
 151                 event           CDATA #REQUIRED
 152                 modifier        CDATA #IMPLIED
 153                 host            CDATA #IMPLIED
 154                 %iso8601;
 155 >
 156 
 157 <!-- text token -->
 158 <!ELEMENT text               (#PCDATA)>
 159 
 160 <!-- user token -->
 161 <!ELEMENT user       EMPTY>
 162 <!ATTLIST user
 163                 uid             CDATA #REQUIRED
 164                 username        CDATA #REQUIRED
 165 >
 166 
 167 <!-- path token -->
 168 <!ELEMENT path               (#PCDATA)>
 169 
 170 <!-- path_attr token -->
 171 <!ELEMENT path_attr          (xattr*)>
 172 <!ELEMENT xattr                      (#PCDATA)>
 173 
 174 <!-- host token -->
 175 <!ELEMENT host               (#PCDATA)>
 176 
 177 <!-- subject token -->
 178 <!ELEMENT subject    EMPTY>
 179 <!ATTLIST subject
 180                 audit-uid       CDATA #REQUIRED
 181                 uid             CDATA #REQUIRED
 182                 gid             CDATA #REQUIRED
 183                 ruid            CDATA #REQUIRED
 184                 rgid            CDATA #REQUIRED
 185                 pid             CDATA #REQUIRED
 186                 sid             CDATA #REQUIRED
 187                 tid             CDATA #REQUIRED
 188 >
 189 
 190 <!-- process token -->
 191 <!ELEMENT process    EMPTY>
 192 <!ATTLIST process
 193                 audit-uid       CDATA #REQUIRED
 194                 uid             CDATA #REQUIRED
 195                 gid             CDATA #REQUIRED
 196                 ruid            CDATA #REQUIRED
 197                 rgid            CDATA #REQUIRED
 198                 pid             CDATA #REQUIRED
 199                 sid             CDATA #REQUIRED
 200                 tid             CDATA #REQUIRED
 201 >
 202 
 203 <!-- return token -->
 204 <!ELEMENT return             EMPTY>
 205 <!ATTLIST return
 206                 errval          CDATA #REQUIRED
 207                 retval          CDATA #REQUIRED
 208 >
 209 
 210 <!-- exit token -->
 211 <!ELEMENT exit                       EMPTY>
 212 <!ATTLIST exit
 213                 errval          CDATA #REQUIRED
 214                 retval          CDATA #REQUIRED
 215 >
 216 
 217 <!-- sequence token -->
 218 <!ELEMENT sequence           EMPTY>
 219 <!ATTLIST sequence
 220                 seq-num         CDATA #REQUIRED
 221 >
 222 
 223 <!-- fmri token -->
 224 <!ELEMENT fmri                       (#PCDATA)>
 225 
 226 <!-- group token -->
 227 <!ELEMENT group                      (gid)*>
 228 <!ELEMENT gid                        (#PCDATA)>
 229 
 230 <!-- opaque token -->
 231 <!ELEMENT opaque             (#PCDATA)>
 232 
 233 <!-- liaison token -->
 234 <!-- (NOTE: liaison is obsolete and is no longer generated -->
 235 <!ELEMENT liaison            (#PCDATA)>
 236 
 237 <!-- argument token -->
 238 <!ELEMENT argument           EMPTY>
 239 <!ATTLIST argument
 240                 arg-num         CDATA #REQUIRED
 241                 value           CDATA #REQUIRED
 242                 desc            CDATA #REQUIRED
 243 >
 244 
 245 <!-- attribute token -->
 246 <!ELEMENT attribute          EMPTY>
 247 <!ATTLIST attribute
 248                 mode            CDATA #REQUIRED
 249                 uid             CDATA #REQUIRED
 250                 gid             CDATA #REQUIRED
 251                 fsid            CDATA #REQUIRED
 252                 nodeid          CDATA #REQUIRED
 253                 device          CDATA #REQUIRED
 254 >
 255 
 256 <!-- cmd token -->
 257 <!ELEMENT cmd                        (argv*, arge*)>
 258 <!ELEMENT argv                       (#PCDATA)>
 259 <!ELEMENT arge                       (#PCDATA)>
 260 
 261 <!-- exec_args token -->
 262 <!ELEMENT exec_args          (arg*)>
 263 <!ELEMENT arg                        (#PCDATA)>
 264 
 265 <!-- exec_env token -->
 266 <!ELEMENT exec_env           (env*)>
 267 <!ELEMENT env                        (#PCDATA)>
 268 
 269 <!-- arbitrary token -->
 270 <!ELEMENT arbitrary          (#PCDATA)>
 271 <!ATTLIST arbitrary
 272                 print           CDATA #REQUIRED
 273                 type            CDATA #REQUIRED
 274                 count           CDATA #REQUIRED
 275 >
 276 
 277 <!-- privilege token -->
 278 <!ELEMENT privilege          (#PCDATA)>
 279 <!ATTLIST privilege
 280                 set-type        CDATA #REQUIRED
 281 >
 282 
 283 <!-- secflags token -->
 284 <!ELEMENT secflags           (#PCDATA)>
 285 <!ATTLIST secflags
 286                 set-type        CDATA #REQUIRED
 287 >
 288 
 289 
 290 <!-- use_of_privilege token -->
 291 <!ELEMENT use_of_privilege   (#PCDATA)>
 292 <!ATTLIST use_of_privilege
 293                 result          CDATA #REQUIRED
 294 >
 295 
 296 <!-- sensitivity_label token -->
 297 <!ELEMENT sensitivity_label  (#PCDATA)>
 298 
 299 <!-- use_of_authorization token -->
 300 <!ELEMENT use_of_authorization       (#PCDATA)>
 301 
 302 <!-- IPC token -->
 303 <!ELEMENT IPC                        EMPTY>
 304 <!ATTLIST IPC
 305                 ipc-type        CDATA #REQUIRED
 306                 ipc-id          CDATA #REQUIRED
 307 >
 308 
 309 <!-- IPC_perm token -->
 310 <!ELEMENT IPC_perm           EMPTY>
 311 <!ATTLIST IPC_perm
 312                 uid             CDATA #REQUIRED
 313                 gid             CDATA #REQUIRED
 314                 creator-uid     CDATA #REQUIRED
 315                 creator-gid     CDATA #REQUIRED
 316                 mode            CDATA #REQUIRED
 317                 seq             CDATA #REQUIRED
 318                 key             CDATA #REQUIRED
 319 >
 320 
 321 <!-- ip_address token -->
 322 <!ELEMENT ip_address         (#PCDATA)>
 323 
 324 <!-- ip_port token -->
 325 <!-- (NOTE: ip_port is obsolete and is no longer generated -->
 326 <!ELEMENT ip_port            (#PCDATA)>
 327 
 328 <!-- ip token -->
 329 <!-- (NOTE: ip is obsolete and is no longer generated -->
 330 <!ELEMENT ip                 EMPTY>
 331 <!ATTLIST ip
 332                 version         CDATA #REQUIRED
 333                 service_type    CDATA #REQUIRED
 334                 len             CDATA #REQUIRED
 335                 id              CDATA #REQUIRED
 336                 offset          CDATA #REQUIRED
 337                 time_to_live    CDATA #REQUIRED
 338                 protocol        CDATA #REQUIRED
 339                 cksum           CDATA #REQUIRED
 340                 src_addr        CDATA #REQUIRED
 341                 dest_addr       CDATA #REQUIRED
 342 >
 343 
 344 <!-- old_socket token -->
 345 <!ELEMENT old_socket         EMPTY>
 346 <!ATTLIST old_socket
 347                 type            CDATA #REQUIRED
 348                 port            CDATA #REQUIRED
 349                 addr            CDATA #REQUIRED
 350 >
 351 
 352 <!-- socket token -->
 353 <!ELEMENT socket             EMPTY>
 354 <!ATTLIST socket
 355                 sock_domain     CDATA #REQUIRED
 356                 sock_type       CDATA #REQUIRED
 357                 lport           CDATA #REQUIRED
 358                 laddr           CDATA #REQUIRED
 359                 fport           CDATA #REQUIRED
 360                 faddr           CDATA #REQUIRED
 361 >
 362 
 363 <!-- acl token -->
 364 <!ELEMENT acl                        EMPTY>
 365 <!ATTLIST acl
 366                 type            CDATA #IMPLIED
 367                 value           CDATA #IMPLIED
 368                 mode            CDATA #IMPLIED
 369                 flags           CDATA #IMPLIED
 370                 id              CDATA #IMPLIED
 371                 access_mask     CDATA #IMPLIED
 372 >
 373 
 374 <!-- tid token -->
 375 <!-- future intent: contain one of ipadr | MTUadr | device -->
 376 <!ELEMENT tid                        (ipadr*)>
 377 <!ATTLIST tid
 378                 type            CDATA #REQUIRED
 379 >
 380 
 381 <!-- ipadr content of tid token -->
 382 <!ELEMENT ipadr                      EMPTY>
 383 <!ATTLIST ipadr
 384                 local-port      CDATA #REQUIRED
 385                 remote-port     CDATA #REQUIRED
 386                 host            CDATA #REQUIRED
 387 >
 388 
 389 <!-- X_atom token -->
 390 <!ELEMENT X_atom             (#PCDATA)>
 391 
 392 <!-- X_color_map token -->
 393 <!ELEMENT X_color_map                EMPTY>
 394 <!ATTLIST X_color_map                %xinfo;>
 395 
 396 <!-- X_cursor token -->
 397 <!ELEMENT X_cursor           EMPTY>
 398 <!ATTLIST X_cursor           %xinfo;>
 399 
 400 <!-- X_font token -->
 401 <!ELEMENT X_font             EMPTY>
 402 <!ATTLIST X_font             %xinfo;>
 403 
 404 <!-- X_graphic_context token -->
 405 <!ELEMENT X_graphic_context  EMPTY>
 406 <!ATTLIST X_graphic_context  %xinfo;>
 407 
 408 <!-- X_pixmap token -->
 409 <!ELEMENT X_pixmap           EMPTY>
 410 <!ATTLIST X_pixmap           %xinfo;>
 411 
 412 <!-- X_window token -->
 413 <!ELEMENT X_window           EMPTY>
 414 <!ATTLIST X_window           %xinfo;>
 415 
 416 <!-- X_property token -->
 417 <!ELEMENT X_property         (#PCDATA)>
 418 <!ATTLIST X_property         %xinfo;>
 419 
 420 <!-- X_client token -->
 421 <!ELEMENT X_client           (#PCDATA)>
 422 
 423 <!-- X_selection token -->
 424 <!ELEMENT X_selection                (xsel_text, xsel_type, xsel_data)>
 425 <!ELEMENT x_sel_text         (#PCDATA)>
 426 <!ELEMENT x_sel_type         (#PCDATA)>
 427 <!ELEMENT x_sel_data         (#PCDATA)>
 428 
 429 <!-- zonename token -->
 430 <!ELEMENT zone                       EMPTY>
 431 <!ATTLIST zone
 432                 name            CDATA #REQUIRED
 433 >