Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/praudit/toktable.h
+++ new/usr/src/cmd/praudit/toktable.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 26 #ifndef _TOKTABLE_H
27 27 #define _TOKTABLE_H
28 28
29 29 #ifdef __cplusplus
30 30 extern "C" {
31 31 #endif
32 32
33 33 /*
34 34 * Solaris Audit Token Table.
35 35 */
36 36
37 37 typedef struct token_desc {
38 38 char *t_name; /* name of the token */
39 39 char *t_tagname; /* tag name */
40 40 int (*func)(); /* token processing function */
41 41 short t_type; /* token or tag type */
42 42 } token_desc_t;
43 43
44 44
45 45 #define NOFUNC (int (*)())0
46 46
47 47 #define MAXTOKEN 0xff
48 48
49 49 extern token_desc_t tokentable[];
50 50
51 51 /*
52 52 * Tag types -
53 53 *
54 54 * attribute: an attribute:
55 55 * xxx="..."
56 56 *
57 57 * element: a simple element:
58 58 * <xxx> ... </xxx>
59 59 *
60 60 * enclosed: a self contained element, optionally with attributes:
61 61 * <xxx a="" b="" ... />
62 62 *
63 63 * extended: an element with attributes:
64 64 * <xxx a="" b="" ...> ... </xxx>
65 65 */
66 66 #define T_ATTRIBUTE 1 /* attribute */
67 67 #define T_ELEMENT 2 /* element */
68 68 #define T_ENCLOSED 3 /* enclosed element */
69 69 #define T_EXTENDED 4 /* extended element */
70 70 #define T_UNKNOWN 99 /* huh... */
71 71
72 72 /*
73 73 * Define the kinds of tags
74 74 */
75 75 enum tagnum_t { TAG_INVALID = MAXTOKEN,
76 76 TAG_UID,
77 77 TAG_GID,
78 78 TAG_RUID,
79 79 TAG_RGID,
80 80 TAG_AUID,
81 81 TAG_PID,
82 82 TAG_SID,
83 83 TAG_TID32,
84 84 TAG_TID64,
85 85 TAG_TID32_EX,
86 86 TAG_TID64_EX,
87 87 TAG_EVMOD,
88 88 TAG_TOKVERS,
89 89 TAG_EVTYPE,
90 90 TAG_ISO,
91 91 TAG_ERRVAL,
92 92 TAG_RETVAL,
93 93 TAG_SETTYPE,
94 94 TAG_GROUPID,
95 95 TAG_XID,
96 96 TAG_XCUID,
97 97 TAG_XSELTEXT,
98 98 TAG_XSELTYPE,
99 99 TAG_XSELDATA,
100 100 TAG_ARGNUM,
101 101 TAG_ARGVAL32,
102 102 TAG_ARGVAL64,
103 103 TAG_ARGDESC,
104 104 TAG_MODE,
105 105 TAG_FSID,
106 106 TAG_NODEID32,
107 107 TAG_NODEID64,
108 108 TAG_DEVICE32,
109 109 TAG_DEVICE64,
110 110 TAG_SEQNUM, /* with sequence token */
111 111 TAG_ARGV, /* with cmd token */
112 112 TAG_ARGE, /* with cmd token */
113 113 TAG_ARG, /* with exec_args token */
114 114 TAG_ENV, /* with exec_env token */
115 115 TAG_XAT, /* with attr_path token */
116 116 TAG_RESULT, /* with use_of_privilege token */
117 117 TAG_CUID, /* with IPC_perm token */
118 118 TAG_CGID, /* with IPC_perm token */
119 119 TAG_SEQ, /* with IPC_perm token */
120 120 TAG_KEY, /* with IPC_perm token */
121 121 TAG_IPVERS, /* with ip token */
122 122 TAG_IPSERV, /* with ip token */
123 123 TAG_IPLEN, /* with ip token */
124 124 TAG_IPID, /* with ip token */
125 125 TAG_IPOFFS, /* with ip token */
126 126 TAG_IPTTL, /* with ip token */
127 127 TAG_IPPROTO, /* with ip token */
128 128 TAG_IPCKSUM, /* with ip token */
129 129 TAG_IPSRC, /* with ip token */
130 130 TAG_IPDEST, /* with ip token */
131 131 TAG_ACLTYPE, /* with acl token */
132 132 TAG_ACLVAL, /* with acl token */
133 133 TAG_SOCKTYPE, /* with socket token */
134 134 TAG_SOCKPORT, /* with socket token */
135 135 TAG_SOCKADDR, /* with socket token */
136 136 TAG_SOCKEXDOM, /* with socket_ex token */
137 137 TAG_SOCKEXTYPE, /* with socket_ex token */
138 138 TAG_SOCKEXLPORT, /* with socket_ex token */
139 139 TAG_SOCKEXLADDR, /* with socket_ex token */
140 140 TAG_SOCKEXFPORT, /* with socket_ex token */
141 141 TAG_SOCKEXFADDR, /* with socket_ex token */
142 142 TAG_IPCTYPE, /* with IPC token */
143 143 TAG_IPCID, /* with IPC token */
144 144 TAG_ARBPRINT, /* with arbitrary (data) token */
145 145 TAG_ARBTYPE, /* with arbitrary (data) token */
146 146 TAG_ARBCOUNT, /* with arbitrary (data) token */
147 147 TAG_HOSTID, /* with extended header token */
148 148 TAG_ZONENAME, /* with zonename token */
149 149 TAG_TID_TYPE, /* with tid token */
150 150 TAG_IP, /* with tid token, type=ip */
151 151 TAG_IP_LOCAL, /* with tid token, type=ip */
152 152 TAG_IP_REMOTE, /* with tid token, type=ip */
153 153 TAG_IP_ADR, /* with tid token, type=ip */
154 154 TAG_ACEMASK, /* with ace token */
155 155 TAG_ACEFLAGS, /* with ace token */
156 156 TAG_ACETYPE, /* with ace token */
157 157 TAG_ACEID, /* with ace token */
158 158 TAG_USERNAME, /* with user token */
159 159 MAXTAG
160 160 };
161 161
162 162
163 163 /*
164 164 * These tokens are the same for all versions of Solaris
165 165 */
166 166
167 167 /*
168 168 * Control tokens
169 169 */
170 170
171 171 extern int file_token();
172 172 extern int trailer_token();
173 173 extern int header_token();
174 174 extern int header32_ex_token();
175 175
176 176 /*
177 177 * Data tokens
178 178 */
179 179
180 180 extern int arbitrary_data_token();
181 181 extern int fmri_token();
182 182 extern int s5_IPC_token();
183 183 extern int path_token();
184 184 extern int path_attr_token();
185 185 extern int subject32_token();
186 186 extern int process32_token();
187 187 extern int return_value32_token();
188 188 extern int text_token();
189 189 extern int opaque_token();
190 190 extern int ip_addr_token();
191 191 extern int ip_token();
192 192 extern int iport_token();
193 193 extern int argument32_token();
194 194 extern int socket_token();
195 195 extern int sequence_token();
196 196
197 197 /*
198 198 * Modifier tokens
199 199 */
200 200
201 201 extern int acl_token();
202 202 extern int ace_token();
203 203 extern int attribute_token();
204 204 extern int s5_IPC_perm_token();
205 205 extern int group_token();
206 206 extern int label_token();
|
↓ open down ↓ |
206 lines elided |
↑ open up ↑ |
207 207 extern int privilege_token();
208 208 extern int useofpriv_token();
209 209 extern int liaison_token();
210 210 extern int newgroup_token();
211 211 extern int exec_args_token();
212 212 extern int exec_env_token();
213 213 extern int attribute32_token();
214 214 extern int useofauth_token();
215 215 extern int user_token();
216 216 extern int zonename_token();
217 +extern int secflags_token();
217 218
218 219 /*
219 220 * X windows tokens
220 221 */
221 222
222 223 extern int xatom_token();
223 224 extern int xselect_token();
224 225 extern int xcolormap_token();
225 226 extern int xcursor_token();
226 227 extern int xfont_token();
227 228 extern int xgc_token();
228 229 extern int xpixmap_token();
229 230 extern int xproperty_token();
230 231 extern int xwindow_token();
231 232 extern int xclient_token();
232 233
233 234 /*
234 235 * Command tokens
235 236 */
236 237
237 238 extern int cmd_token();
238 239 extern int exit_token();
239 240
240 241 /*
241 242 * Miscellaneous tokens
242 243 */
243 244
244 245 extern int host_token();
245 246
246 247 /*
247 248 * Solaris64 tokens
248 249 */
249 250
250 251 extern int argument64_token();
251 252 extern int return_value64_token();
252 253 extern int attribute64_token();
253 254 extern int header64_token();
254 255 extern int subject64_token();
255 256 extern int process64_token();
256 257 extern int file64_token();
257 258
258 259 /*
259 260 * Extended network address tokens
260 261 */
261 262
262 263 extern int header64_ex_token();
263 264 extern int subject32_ex_token();
264 265 extern int process32_ex_token();
265 266 extern int subject64_ex_token();
266 267 extern int process64_ex_token();
267 268 extern int ip_addr_ex_token();
268 269 extern int socket_ex_token();
269 270 extern int tid_token();
270 271
271 272 #ifdef __cplusplus
272 273 }
273 274 #endif
274 275
275 276 #endif /* _TOKTABLE_H */
|
↓ open down ↓ |
49 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX