audit.h - OpenGrok cross reference for /external/kernel-headers/original/uapi/linux/audit.h

Lines Matching +full:security +full:- +full:events
1 /* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
2 /* audit.h -- Auditing support
4  * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina.
19  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
29 #include <linux/elf-em.h>
32  * 1000 - 1099 are for commanding the audit system
33  * 1100 - 1199 user space trusted application messages
34  * 1200 - 1299 messages internal to the audit daemon
35  * 1300 - 1399 audit event messages
36  * 1400 - 1499 SE Linux use
37  * 1500 - 1599 kernel LSPP events
38  * 1600 - 1699 kernel crypto events
39  * 1700 - 1799 kernel anomaly records
40  * 1800 - 1899 kernel integrity events
41  * 1900 - 1999 future kernel use
43  * 2001 - 2099 unused (kernel)
44  * 2100 - 2199 user space anomaly records
45  * 2200 - 2299 user space actions taken in response to anomalies
46  * 2300 - 2399 user space generated LSPP events
47  * 2400 - 2499 user space crypto events
48  * 2500 - 2999 future user space (maybe integrity labels and related events)
50  * Messages from 1000-1199 are bi-directional. 1200-1299 & 2100 - 2999 are
51  * exclusively user space. 1300-2099 is kernel --> user space
56 #define AUDIT_LIST		1002	/* List syscall rules -- deprecated */
57 #define AUDIT_ADD		1003	/* Add syscall rule -- deprecated */
58 #define AUDIT_DEL		1004	/* Delete syscall rule -- deprecated */
59 #define AUDIT_USER		1005	/* Message from userspace -- deprecated */
77 #define AUDIT_USER_TTY		1124	/* Non-ICANON TTY input meaning */
105 #define AUDIT_EOE		1320	/* End of multi-record event */
115 #define AUDIT_KERN_MODULE	1330	/* Kernel Module events */
124 #define AUDIT_DM_EVENT		1339	/* Device Mapper events */
159 #define AUDIT_INTEGRITY_EVM_XATTR   1806 /* New EVM-covered xattr */
165 #define AUDIT_FILTER_USER	0x00	/* Apply rule to user-generated messages */
184 /* Rule structure sizes -- if these change, different AUDIT_ADD and
190 #define AUDIT_BIT(nr)  (1U << ((nr) - AUDIT_WORD(nr)*32))
262 #define AUDIT_SUBJ_USER	13	/* security label user */
263 #define AUDIT_SUBJ_ROLE	14	/* security label role */
264 #define AUDIT_SUBJ_TYPE	15	/* security label type */
265 #define AUDIT_SUBJ_SEN	16	/* security label sensitivity label */
266 #define AUDIT_SUBJ_CLR	17	/* security label clearance label */
306  *	----------
372 				/* Failure-to-log actions */
462 #define AUDIT_NLGRP_MAX                (__AUDIT_NLGRP_MAX - 1)
467 	__u32		failure;	/* Failure-to-log action */
503 #define AUDIT_UID_UNSET (unsigned int)-1
504 #define AUDIT_SID_UNSET ((unsigned int)-1)