1 <?xml version="1.0" encoding="UTF-8" ?>
   2 
   3 <!--
   4  Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
   5  Use is subject to license terms.
   6 
   7  CDDL HEADER START
   8 
   9  The contents of this file are subject to the terms of the
  10  Common Development and Distribution License (the "License").
  11  You may not use this file except in compliance with the License.
  12 
  13  You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  14  or http://www.opensolaris.org/os/licensing.
  15  See the License for the specific language governing permissions
  16  and limitations under the License.
  17 
  18  When distributing Covered Code, include this CDDL HEADER in each
  19  file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  20  If applicable, add the following below this CDDL HEADER, with the
  21  fields enclosed by brackets "[]" replaced with your own identifying
  22  information: Portions Copyright [yyyy] [name of copyright owner]
  23 
  24  CDDL HEADER END
  25 -->
  26 
  27 
  28 <!--Entity Definitions-->
  29 
  30 <!-- timeattr or iso8601
  31 
  32 timeattr:
  33         the time/date to the second in strftime(3C) default format,
  34         followed by milliseconds offset.
  35 
  36         Example:        time="Mon May 06 12:10:18 2002" msec="750"
  37 
  38 iso8601:
  39         ISO 8601 standard format date time and timezone;
  40         YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with
  41         milliseconds + or - offset from Universal Time (UTC, aka GMT)
  42         
  43         Example:        iso8601="2003-09-17 16:47:41.831 -07:00"
  44 
  45 -->
  46 <!ENTITY % timeattr  "time           CDATA #IMPLIED
  47                         msec            CDATA #IMPLIED">
  48 
  49 <!ENTITY % iso8601   "iso8601        CDATA #IMPLIED">
  50 
  51 <!-- xinfo   Generic info for X related tokens.  -->
  52 <!ENTITY % xinfo     "xid            CDATA #REQUIRED
  53                         xcreator-uid    CDATA #REQUIRED">
  54 
  55 <!-- reserved_toks 
  56 
  57 This represents the set of "reserved" tokens whose placement is
  58 fixed.
  59 
  60 -->
  61 <!ENTITY % reserved_toks     "(
  62                         file                    |
  63                         record                  |
  64                         host                    |
  65                         sequence
  66                         )
  67 ">
  68 
  69 <!-- normaltoks 
  70 
  71 This represents the set of all tokens other than the "reserved"
  72 tokens.
  73 
  74 -->
  75 <!ENTITY % normaltoks        "(
  76                         acl                     |
  77                         arbitrary               |
  78                         argument                |
  79                         attribute               |
  80                         cmd                     |
  81                         exit                    |
  82                         exec_args               |
  83                         exec_env                |
  84                         fmri                    |
  85                         group                   |
  86                         ip                      |
  87                         ip_address              |
  88                         IPC                     |
  89                         IPC_perm                |
  90                         ip_port                 |
  91                         liaison                 |
  92                         opaque                  |
  93                         path                    |
  94                         path_attr               |
  95                         privilege               |
  96                         process                 |
  97                         return                  |
  98                         sensitivity_label       |
  99                         old_socket              |
 100                         socket                  |
 101                         subject                 |
 102                         text                    |
 103                         user                    |
 104                         use_of_authorization    |
 105                         use_of_privilege        |
 106                         X_atom                  |
 107                         X_client                |
 108                         X_color_map             |
 109                         X_cursor                |
 110                         X_font                  |
 111                         X_graphic_context       |
 112                         X_pixmap                |
 113                         X_property              |
 114                         X_selection             |
 115                         X_window                |
 116                         zone
 117                         )
 118 ">
 119 
 120 <!--Element Definitions-->
 121 
 122 <!--
 123 
 124 The main element, "audit", consists of a sequence of file & record tokens.
 125 
 126 -->
 127 <!ELEMENT audit (file | record)*>
 128 
 129 <!-- file token -->
 130 <!ELEMENT file               (#PCDATA)>
 131 <!ATTLIST file               %iso8601;>
 132 
 133 
 134 <!-- record token
 135 
 136 Audit records will have this general layout of tokens after the
 137 first token (which is the record token):
 138         (tokens),subject,group,(tokens),return,sequence,host
 139 
 140 (all tokens after the record token are optional; the host token is unused.)
 141 
 142 -->
 143 <!ELEMENT record (
 144                 (%normaltoks;)*,
 145                 sequence?,
 146                 host?
 147         )
 148 >
 149 <!ATTLIST record
 150                 version         CDATA #REQUIRED
 151                 event           CDATA #REQUIRED
 152                 modifier        CDATA #IMPLIED
 153                 host            CDATA #IMPLIED
 154                 %iso8601;
 155 >
 156 
 157 <!-- text token -->
 158 <!ELEMENT text               (#PCDATA)>
 159 
 160 <!-- user token -->
 161 <!ELEMENT user       EMPTY>
 162 <!ATTLIST user
 163                 uid             CDATA #REQUIRED
 164                 username        CDATA #REQUIRED
 165 >
 166 
 167 <!-- path token -->
 168 <!ELEMENT path               (#PCDATA)>
 169 
 170 <!-- path_attr token -->
 171 <!ELEMENT path_attr          (xattr*)>
 172 <!ELEMENT xattr                      (#PCDATA)>
 173 
 174 <!-- host token -->
 175 <!ELEMENT host               (#PCDATA)>
 176 
 177 <!-- subject token -->
 178 <!ELEMENT subject    EMPTY>
 179 <!ATTLIST subject
 180                 audit-uid       CDATA #REQUIRED
 181                 uid             CDATA #REQUIRED
 182                 gid             CDATA #REQUIRED
 183                 ruid            CDATA #REQUIRED
 184                 rgid            CDATA #REQUIRED
 185                 pid             CDATA #REQUIRED
 186                 sid             CDATA #REQUIRED
 187                 tid             CDATA #REQUIRED
 188 >
 189 
 190 <!-- process token -->
 191 <!ELEMENT process    EMPTY>
 192 <!ATTLIST process
 193                 audit-uid       CDATA #REQUIRED
 194                 uid             CDATA #REQUIRED
 195                 gid             CDATA #REQUIRED
 196                 ruid            CDATA #REQUIRED
 197                 rgid            CDATA #REQUIRED
 198                 pid             CDATA #REQUIRED
 199                 sid             CDATA #REQUIRED
 200                 tid             CDATA #REQUIRED
 201 >
 202 
 203 <!-- return token -->
 204 <!ELEMENT return             EMPTY>
 205 <!ATTLIST return
 206                 errval          CDATA #REQUIRED
 207                 retval          CDATA #REQUIRED
 208 >
 209 
 210 <!-- exit token -->
 211 <!ELEMENT exit                       EMPTY>
 212 <!ATTLIST exit
 213                 errval          CDATA #REQUIRED
 214                 retval          CDATA #REQUIRED
 215 >
 216 
 217 <!-- sequence token -->
 218 <!ELEMENT sequence           EMPTY>
 219 <!ATTLIST sequence
 220                 seq-num         CDATA #REQUIRED
 221 >
 222 
 223 <!-- fmri token -->
 224 <!ELEMENT fmri                       (#PCDATA)>
 225 
 226 <!-- group token -->
 227 <!ELEMENT group                      (gid)*>
 228 <!ELEMENT gid                        (#PCDATA)>
 229 
 230 <!-- opaque token -->
 231 <!ELEMENT opaque             (#PCDATA)>
 232 
 233 <!-- liaison token -->
 234 <!-- (NOTE: liaison is obsolete and is no longer generated -->
 235 <!ELEMENT liaison            (#PCDATA)>
 236 
 237 <!-- argument token -->
 238 <!ELEMENT argument           EMPTY>
 239 <!ATTLIST argument
 240                 arg-num         CDATA #REQUIRED
 241                 value           CDATA #REQUIRED
 242                 desc            CDATA #REQUIRED
 243 >
 244 
 245 <!-- attribute token -->
 246 <!ELEMENT attribute          EMPTY>
 247 <!ATTLIST attribute
 248                 mode            CDATA #REQUIRED
 249                 uid             CDATA #REQUIRED
 250                 gid             CDATA #REQUIRED
 251                 fsid            CDATA #REQUIRED
 252                 nodeid          CDATA #REQUIRED
 253                 device          CDATA #REQUIRED
 254 >
 255 
 256 <!-- cmd token -->
 257 <!ELEMENT cmd                        (argv*, arge*)>
 258 <!ELEMENT argv                       (#PCDATA)>
 259 <!ELEMENT arge                       (#PCDATA)>
 260 
 261 <!-- exec_args token -->
 262 <!ELEMENT exec_args          (arg*)>
 263 <!ELEMENT arg                        (#PCDATA)>
 264 
 265 <!-- exec_env token -->
 266 <!ELEMENT exec_env           (env*)>
 267 <!ELEMENT env                        (#PCDATA)>
 268 
 269 <!-- arbitrary token -->
 270 <!ELEMENT arbitrary          (#PCDATA)>
 271 <!ATTLIST arbitrary
 272                 print           CDATA #REQUIRED
 273                 type            CDATA #REQUIRED
 274                 count           CDATA #REQUIRED
 275 >
 276 
 277 <!-- privilege token -->
 278 <!ELEMENT privilege          (#PCDATA)>
 279 <!ATTLIST privilege
 280                 set-type        CDATA #REQUIRED
 281 >
 282 
 283 <!-- use_of_privilege token -->
 284 <!ELEMENT use_of_privilege   (#PCDATA)>
 285 <!ATTLIST use_of_privilege
 286                 result          CDATA #REQUIRED
 287 >
 288 
 289 <!-- sensitivity_label token -->
 290 <!ELEMENT sensitivity_label  (#PCDATA)>
 291 
 292 <!-- use_of_authorization token -->
 293 <!ELEMENT use_of_authorization       (#PCDATA)>
 294 
 295 <!-- IPC token -->
 296 <!ELEMENT IPC                        EMPTY>
 297 <!ATTLIST IPC
 298                 ipc-type        CDATA #REQUIRED
 299                 ipc-id          CDATA #REQUIRED
 300 >
 301 
 302 <!-- IPC_perm token -->
 303 <!ELEMENT IPC_perm           EMPTY>
 304 <!ATTLIST IPC_perm
 305                 uid             CDATA #REQUIRED
 306                 gid             CDATA #REQUIRED
 307                 creator-uid     CDATA #REQUIRED
 308                 creator-gid     CDATA #REQUIRED
 309                 mode            CDATA #REQUIRED
 310                 seq             CDATA #REQUIRED
 311                 key             CDATA #REQUIRED
 312 >
 313 
 314 <!-- ip_address token -->
 315 <!ELEMENT ip_address         (#PCDATA)>
 316 
 317 <!-- ip_port token -->
 318 <!-- (NOTE: ip_port is obsolete and is no longer generated -->
 319 <!ELEMENT ip_port            (#PCDATA)>
 320 
 321 <!-- ip token -->
 322 <!-- (NOTE: ip is obsolete and is no longer generated -->
 323 <!ELEMENT ip                 EMPTY>
 324 <!ATTLIST ip
 325                 version         CDATA #REQUIRED
 326                 service_type    CDATA #REQUIRED
 327                 len             CDATA #REQUIRED
 328                 id              CDATA #REQUIRED
 329                 offset          CDATA #REQUIRED
 330                 time_to_live    CDATA #REQUIRED
 331                 protocol        CDATA #REQUIRED
 332                 cksum           CDATA #REQUIRED
 333                 src_addr        CDATA #REQUIRED
 334                 dest_addr       CDATA #REQUIRED
 335 >
 336 
 337 <!-- old_socket token -->
 338 <!ELEMENT old_socket         EMPTY>
 339 <!ATTLIST old_socket
 340                 type            CDATA #REQUIRED
 341                 port            CDATA #REQUIRED
 342                 addr            CDATA #REQUIRED
 343 >
 344 
 345 <!-- socket token -->
 346 <!ELEMENT socket             EMPTY>
 347 <!ATTLIST socket
 348                 sock_domain     CDATA #REQUIRED
 349                 sock_type       CDATA #REQUIRED
 350                 lport           CDATA #REQUIRED
 351                 laddr           CDATA #REQUIRED
 352                 fport           CDATA #REQUIRED
 353                 faddr           CDATA #REQUIRED
 354 >
 355 
 356 <!-- acl token -->
 357 <!ELEMENT acl                        EMPTY>
 358 <!ATTLIST acl
 359                 type            CDATA #IMPLIED
 360                 value           CDATA #IMPLIED
 361                 mode            CDATA #IMPLIED
 362                 flags           CDATA #IMPLIED
 363                 id              CDATA #IMPLIED
 364                 access_mask     CDATA #IMPLIED
 365 >
 366 
 367 <!-- tid token -->
 368 <!-- future intent: contain one of ipadr | MTUadr | device -->
 369 <!ELEMENT tid                        (ipadr*)>
 370 <!ATTLIST tid
 371                 type            CDATA #REQUIRED
 372 >
 373 
 374 <!-- ipadr content of tid token -->
 375 <!ELEMENT ipadr                      EMPTY>
 376 <!ATTLIST ipadr
 377                 local-port      CDATA #REQUIRED
 378                 remote-port     CDATA #REQUIRED
 379                 host            CDATA #REQUIRED
 380 >
 381 
 382 <!-- X_atom token -->
 383 <!ELEMENT X_atom             (#PCDATA)>
 384 
 385 <!-- X_color_map token -->
 386 <!ELEMENT X_color_map                EMPTY>
 387 <!ATTLIST X_color_map                %xinfo;>
 388 
 389 <!-- X_cursor token -->
 390 <!ELEMENT X_cursor           EMPTY>
 391 <!ATTLIST X_cursor           %xinfo;>
 392 
 393 <!-- X_font token -->
 394 <!ELEMENT X_font             EMPTY>
 395 <!ATTLIST X_font             %xinfo;>
 396 
 397 <!-- X_graphic_context token -->
 398 <!ELEMENT X_graphic_context  EMPTY>
 399 <!ATTLIST X_graphic_context  %xinfo;>
 400 
 401 <!-- X_pixmap token -->
 402 <!ELEMENT X_pixmap           EMPTY>
 403 <!ATTLIST X_pixmap           %xinfo;>
 404 
 405 <!-- X_window token -->
 406 <!ELEMENT X_window           EMPTY>
 407 <!ATTLIST X_window           %xinfo;>
 408 
 409 <!-- X_property token -->
 410 <!ELEMENT X_property         (#PCDATA)>
 411 <!ATTLIST X_property         %xinfo;>
 412 
 413 <!-- X_client token -->
 414 <!ELEMENT X_client           (#PCDATA)>
 415 
 416 <!-- X_selection token -->
 417 <!ELEMENT X_selection                (xsel_text, xsel_type, xsel_data)>
 418 <!ELEMENT x_sel_text         (#PCDATA)>
 419 <!ELEMENT x_sel_type         (#PCDATA)>
 420 <!ELEMENT x_sel_data         (#PCDATA)>
 421 
 422 <!-- zonename token -->
 423 <!ELEMENT zone                       EMPTY>
 424 <!ATTLIST zone
 425                 name            CDATA #REQUIRED
 426 >