aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/audit/lib
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/audit/lib')
-rw-r--r--framework/src/audit/lib/Makefile.am265
-rw-r--r--framework/src/audit/lib/aarch64_table.h288
-rw-r--r--framework/src/audit/lib/actiontab.h25
-rw-r--r--framework/src/audit/lib/alpha_table.h453
-rw-r--r--framework/src/audit/lib/arm_table.h373
-rw-r--r--framework/src/audit/lib/audit.pc.in10
-rw-r--r--framework/src/audit/lib/audit_logging.c746
-rw-r--r--framework/src/audit/lib/deprecated.c77
-rw-r--r--framework/src/audit/lib/dso.h45
-rw-r--r--framework/src/audit/lib/errormsg.h66
-rw-r--r--framework/src/audit/lib/errtab.h154
-rw-r--r--framework/src/audit/lib/fieldtab.h68
-rw-r--r--framework/src/audit/lib/flagtab.h26
-rw-r--r--framework/src/audit/lib/ftypetab.h30
-rw-r--r--framework/src/audit/lib/gen_tables.c418
-rw-r--r--framework/src/audit/lib/gen_tables.h102
-rw-r--r--framework/src/audit/lib/i386_table.h379
-rw-r--r--framework/src/audit/lib/ia64_table.h335
-rw-r--r--framework/src/audit/lib/libaudit.c1606
-rw-r--r--framework/src/audit/lib/libaudit.h584
-rw-r--r--framework/src/audit/lib/lookup_table.c359
-rw-r--r--framework/src/audit/lib/machinetab.h47
-rw-r--r--framework/src/audit/lib/message.c59
-rw-r--r--framework/src/audit/lib/msg_typetab.h214
-rw-r--r--framework/src/audit/lib/netlink.c299
-rw-r--r--framework/src/audit/lib/optab.h31
-rw-r--r--framework/src/audit/lib/ppc_table.h379
-rw-r--r--framework/src/audit/lib/private.h175
-rw-r--r--framework/src/audit/lib/s390_table.h354
-rw-r--r--framework/src/audit/lib/s390x_table.h319
-rw-r--r--framework/src/audit/lib/strsplit.c91
-rw-r--r--framework/src/audit/lib/syscall-update.txt20
-rw-r--r--framework/src/audit/lib/test/Makefile.am25
-rw-r--r--framework/src/audit/lib/test/lookup_test.c430
-rw-r--r--framework/src/audit/lib/x86_64_table.h345
35 files changed, 0 insertions, 9197 deletions
diff --git a/framework/src/audit/lib/Makefile.am b/framework/src/audit/lib/Makefile.am
deleted file mode 100644
index e2ed1019..00000000
--- a/framework/src/audit/lib/Makefile.am
+++ /dev/null
@@ -1,265 +0,0 @@
-# Makefile.am --
-# Copyright 2004-2009,2013-15 Red Hat Inc., Durham, North Carolina.
-# All Rights Reserved.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# Authors:
-# Steve Grubb <sgrubb@redhat.com>
-#
-
-SUBDIRS = test
-CLEANFILES = $(BUILT_SOURCES)
-CONFIG_CLEAN_FILES = *.loT *.rej *.orig
-EXTRA_DIST = syscall-update.txt
-VERSION_INFO = 1:0
-AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE
-AM_CPPFLAGS = -I. -I${top_srcdir} -I${top_srcdir}/auparse
-
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = audit.pc
-DISTCLEANFILES = $(pkgconfig_DATA)
-
-lib_LTLIBRARIES = libaudit.la
-include_HEADERS = libaudit.h
-libaudit_la_SOURCES = libaudit.c message.c netlink.c \
- lookup_table.c audit_logging.c deprecated.c \
- strsplit.c dso.h private.h errormsg.h
-libaudit_la_LIBADD =
-libaudit_la_DEPENDENCIES = $(libaudit_la_SOURCES) ../config.h
-libaudit_la_LDFLAGS = -Wl,-z,relro -version-info $(VERSION_INFO)
-nodist_libaudit_la_SOURCES = $(BUILT_SOURCES)
-
-BUILT_SOURCES = actiontabs.h errtabs.h fieldtabs.h flagtabs.h \
- ftypetabs.h i386_tables.h ia64_tables.h machinetabs.h \
- msg_typetabs.h optabs.h ppc_tables.h s390_tables.h \
- s390x_tables.h x86_64_tables.h
-if USE_ALPHA
-BUILT_SOURCES += alpha_tables.h
-endif
-if USE_ARM
-BUILT_SOURCES += arm_tables.h
-endif
-if USE_AARCH64
-BUILT_SOURCES += aarch64_tables.h
-endif
-noinst_PROGRAMS = gen_actiontabs_h gen_errtabs_h gen_fieldtabs_h \
- gen_flagtabs_h gen_ftypetabs_h gen_i386_tables_h \
- gen_ia64_tables_h gen_machinetabs_h gen_msg_typetabs_h \
- gen_optabs_h gen_ppc_tables_h gen_s390_tables_h \
- gen_s390x_tables_h gen_x86_64_tables_h
-if USE_ALPHA
-noinst_PROGRAMS += gen_alpha_tables_h
-endif
-if USE_ARM
-noinst_PROGRAMS += gen_arm_tables_h
-endif
-if USE_AARCH64
-noinst_PROGRAMS += gen_aarch64_tables_h
-endif
-gen_actiontabs_h_SOURCES = gen_tables.c gen_tables.h actiontab.h
-gen_actiontabs_h_CFLAGS = '-DTABLE_H="actiontab.h"'
-$(gen_actiontabs_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_actiontabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_actiontabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_actiontabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_actiontabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_actiontabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-actiontabs.h: gen_actiontabs_h Makefile
- ./gen_actiontabs_h --lowercase --i2s --s2i action > $@
-
-if USE_ALPHA
-gen_alpha_tables_h_SOURCES = gen_tables.c gen_tables.h alpha_table.h
-gen_alpha_tables_h_CFLAGS = '-DTABLE_H="alpha_table.h"'
-$(gen_alpha_tables_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_alpha_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_alpha_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_alpha_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_alpha_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_alpha_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-alpha_tables.h: gen_alpha_tables_h Makefile
- ./gen_alpha_tables_h --lowercase --i2s --s2i alpha_syscall > $@
-endif
-
-if USE_ARM
-gen_arm_tables_h_SOURCES = gen_tables.c gen_tables.h arm_table.h
-gen_arm_tables_h_CFLAGS = '-DTABLE_H="arm_table.h"'
-$(gen_arm_tables_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_arm_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_arm_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_arm_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_arm_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_arm_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-arm_tables.h: gen_arm_tables_h Makefile
- ./gen_arm_tables_h --lowercase --i2s --s2i arm_syscall > $@
-endif
-
-if USE_AARCH64
-gen_aarch64_tables_h_SOURCES = gen_tables.c gen_tables.h aarch64_table.h
-gen_aarch64_tables_h_CFLAGS = '-DTABLE_H="aarch64_table.h"'
-$(gen_aarch64_tables_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_aarch64_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_aarch64_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_aarch64_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_aarch64_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_aarch64_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-aarch64_tables.h: gen_aarch64_tables_h Makefile
- ./gen_aarch64_tables_h --lowercase --i2s --s2i aarch64_syscall > $@
-endif
-
-gen_errtabs_h_SOURCES = gen_tables.c gen_tables.h errtab.h
-gen_errtabs_h_CFLAGS = '-DTABLE_H="errtab.h"'
-$(gen_errtabs_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_errtabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_errtabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_errtabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_errtabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_errtabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-errtabs.h: gen_errtabs_h Makefile
- ./gen_errtabs_h --duplicate-ints --uppercase --i2s --s2i err > $@
-
-gen_fieldtabs_h_SOURCES = gen_tables.c gen_tables.h fieldtab.h
-gen_fieldtabs_h_CFLAGS = '-DTABLE_H="fieldtab.h"'
-$(gen_fieldtabs_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_fieldtabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_fieldtabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_fieldtabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_fieldtabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_fieldtabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-fieldtabs.h: gen_fieldtabs_h Makefile
- ./gen_fieldtabs_h --duplicate-ints --lowercase --i2s --s2i field > $@
-
-gen_flagtabs_h_SOURCES = gen_tables.c gen_tables.h flagtab.h
-gen_flagtabs_h_CFLAGS = '-DTABLE_H="flagtab.h"'
-$(gen_flagtabs_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_flagtabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_flagtabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_flagtabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_flagtabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_flagtabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-flagtabs.h: gen_flagtabs_h Makefile
- ./gen_flagtabs_h --lowercase --i2s --s2i flag > $@
-
-gen_ftypetabs_h_SOURCES = gen_tables.c gen_tables.h ftypetab.h
-gen_ftypetabs_h_CFLAGS = '-DTABLE_H="ftypetab.h"'
-$(gen_ftypetabs_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_ftypetabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_ftypetabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_ftypetabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_ftypetabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_ftypetabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-ftypetabs.h: gen_ftypetabs_h Makefile
- ./gen_ftypetabs_h --lowercase --i2s --s2i ftype > $@
-
-gen_i386_tables_h_SOURCES = gen_tables.c gen_tables.h i386_table.h
-gen_i386_tables_h_CFLAGS = '-DTABLE_H="i386_table.h"'
-$(gen_i386_tables_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_i386_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_i386_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_i386_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_i386_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_i386_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-i386_tables.h: gen_i386_tables_h Makefile
- ./gen_i386_tables_h --duplicate-ints --lowercase --i2s --s2i \
- i386_syscall > $@
-
-gen_ia64_tables_h_SOURCES = gen_tables.c gen_tables.h ia64_table.h
-gen_ia64_tables_h_CFLAGS = '-DTABLE_H="ia64_table.h"'
-$(gen_ia64_tables_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_ia64_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_ia64_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_ia64_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_ia64_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_ia64_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-ia64_tables.h: gen_ia64_tables_h Makefile
- ./gen_ia64_tables_h --lowercase --i2s --s2i ia64_syscall > $@
-
-gen_machinetabs_h_SOURCES = gen_tables.c gen_tables.h machinetab.h
-gen_machinetabs_h_CFLAGS = '-DTABLE_H="machinetab.h"'
-$(gen_machinetabs_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_machinetabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_machinetabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_machinetabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_machinetabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_machinetabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-machinetabs.h: gen_machinetabs_h Makefile
- ./gen_machinetabs_h --duplicate-ints --lowercase --i2s --s2i machine \
- > $@
-
-gen_msg_typetabs_h_SOURCES = gen_tables.c gen_tables.h msg_typetab.h
-gen_msg_typetabs_h_CFLAGS = '-DTABLE_H="msg_typetab.h"'
-$(gen_msg_typetabs_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_msg_typetabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_msg_typetabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_msg_typetabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_msg_typetabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_msg_typetabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-msg_typetabs.h: gen_msg_typetabs_h Makefile
- ./gen_msg_typetabs_h --uppercase --i2s --s2i msg_type > $@
-
-gen_optabs_h_SOURCES = gen_tables.c gen_tables.h optab.h
-gen_optabs_h_CFLAGS = '-DTABLE_H="optab.h"'
-$(gen_optabs_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_optabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_optabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_optabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_optabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_optabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-optabs.h: gen_optabs_h Makefile
- ./gen_optabs_h --i2s op > $@
-
-gen_ppc_tables_h_SOURCES = gen_tables.c gen_tables.h ppc_table.h
-gen_ppc_tables_h_CFLAGS = '-DTABLE_H="ppc_table.h"'
-$(gen_ppc_tables_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_ppc_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_ppc_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_ppc_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_ppc_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_ppc_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-ppc_tables.h: gen_ppc_tables_h Makefile
- ./gen_ppc_tables_h --lowercase --i2s --s2i ppc_syscall > $@
-
-gen_s390_tables_h_SOURCES = gen_tables.c gen_tables.h s390_table.h
-gen_s390_tables_h_CFLAGS = '-DTABLE_H="s390_table.h"'
-$(gen_s390_tables_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_s390_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_s390_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_s390_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_s390_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_s390_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-s390_tables.h: gen_s390_tables_h Makefile
- ./gen_s390_tables_h --lowercase --i2s --s2i s390_syscall > $@
-
-gen_s390x_tables_h_SOURCES = gen_tables.c gen_tables.h s390x_table.h
-gen_s390x_tables_h_CFLAGS = '-DTABLE_H="s390x_table.h"'
-$(gen_s390x_tables_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_s390x_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_s390x_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_s390x_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_s390x_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_s390x_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-s390x_tables.h: gen_s390x_tables_h Makefile
- ./gen_s390x_tables_h --lowercase --i2s --s2i s390x_syscall > $@
-
-gen_x86_64_tables_h_SOURCES = gen_tables.c gen_tables.h x86_64_table.h
-gen_x86_64_tables_h_CFLAGS = '-DTABLE_H="x86_64_table.h"'
-$(gen_x86_64_tables_h_OBJECTS): CC=$(CC_FOR_BUILD)
-$(gen_x86_64_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-$(gen_x86_64_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-gen_x86_64_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD)
-gen_x86_64_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD)
-gen_x86_64_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
-x86_64_tables.h: gen_x86_64_tables_h Makefile
- ./gen_x86_64_tables_h --lowercase --i2s --s2i x86_64_syscall > $@
diff --git a/framework/src/audit/lib/aarch64_table.h b/framework/src/audit/lib/aarch64_table.h
deleted file mode 100644
index bf64b98a..00000000
--- a/framework/src/audit/lib/aarch64_table.h
+++ /dev/null
@@ -1,288 +0,0 @@
-/* aarch64_table.h --
- * Copyright 2013-15 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(0, "io_setup")
-_S(1, "io_destroy")
-_S(2, "io_submit")
-_S(3, "io_cancel")
-_S(4, "io_getevents")
-_S(5, "setxattr")
-_S(6, "lsetxattr")
-_S(7, "fsetxattr")
-_S(8, "getxattr")
-_S(9, "lgetxattr")
-_S(10, "fgetxattr")
-_S(11, "listxattr")
-_S(12, "llistxattr")
-_S(13, "flistxattr")
-_S(14, "removexattr")
-_S(15, "lremovexattr")
-_S(16, "fremovexattr")
-_S(17, "getcwd")
-_S(18, "lookup_dcookie")
-_S(19, "eventfd2")
-_S(20, "epoll_create1")
-_S(21, "epoll_ctl")
-_S(22, "epoll_pwait")
-_S(23, "dup")
-_S(24, "dup3")
-_S(25, "fcntl")
-_S(26, "inotify_init1")
-_S(27, "inotify_add_watch")
-_S(28, "inotify_rm_watch")
-_S(29, "ioctl")
-_S(30, "ioprio_set")
-_S(31, "ioprio_get")
-_S(32, "flock")
-_S(33, "mknodat")
-_S(34, "mkdirat")
-_S(35, "unlinkat")
-_S(36, "symlinkat")
-_S(37, "linkat")
-_S(38, "renameat")
-_S(39, "umount2")
-_S(40, "mount")
-_S(41, "pivot_root")
-_S(42, "nfsservctl")
-_S(43, "statfs")
-_S(44, "fstatfs")
-_S(45, "truncate")
-_S(46, "ftruncate")
-_S(47, "fallocate")
-_S(48, "faccessat")
-_S(49, "chdir")
-_S(50, "fchdir")
-_S(51, "chroot")
-_S(52, "fchmod")
-_S(53, "fchmodat")
-_S(54, "fchownat")
-_S(55, "fchown")
-_S(56, "openat")
-_S(57, "close")
-_S(58, "vhangup")
-_S(59, "pipe2")
-_S(60, "quotactl")
-_S(61, "getdents")
-_S(62, "lseek")
-_S(63, "read")
-_S(64, "write")
-_S(65, "readv")
-_S(66, "writev")
-_S(67, "pread")
-_S(68, "pwrite")
-_S(69, "preadv")
-_S(70, "pwritev")
-_S(71, "sendfile")
-_S(72, "pselect6")
-_S(73, "ppoll")
-_S(74, "signalfd4")
-_S(75, "vmsplice")
-_S(76, "splice")
-_S(77, "tee")
-_S(78, "readlinkat")
-_S(79, "newfstatat")
-_S(80, "newfstat")
-_S(81, "sync")
-_S(82, "fsync")
-_S(83, "fdatasync")
-_S(84, "sync_file_range")
-_S(85, "timerfd_create")
-_S(86, "timerfd_settime")
-_S(87, "timerfd_gettime")
-_S(88, "utimensat")
-_S(89, "acct")
-_S(90, "capget")
-_S(91, "capset")
-_S(92, "personality")
-_S(93, "exit")
-_S(94, "exit_group")
-_S(95, "waitid")
-_S(96, "set_tid_address")
-_S(97, "unshare")
-_S(98, "futex")
-_S(99, "set_robust_list")
-_S(100, "get_robust_list")
-_S(101, "nanosleep")
-_S(102, "getitimer")
-_S(103, "setitimer")
-_S(104, "kexec_load")
-_S(105, "init_module")
-_S(106, "delete_module")
-_S(107, "timer_create")
-_S(108, "timer_gettime")
-_S(109, "timer_getoverrun")
-_S(110, "timer_settime")
-_S(111, "timer_delete")
-_S(112, "clock_settime")
-_S(113, "clock_gettime")
-_S(114, "clock_getres")
-_S(115, "clock_nanosleep")
-_S(116, "syslog")
-_S(117, "ptrace")
-_S(118, "sched_setparam")
-_S(119, "sched_setscheduler")
-_S(120, "sched_getscheduler")
-_S(121, "sched_getparam")
-_S(122, "sched_setaffinity")
-_S(123, "sched_getaffinity")
-_S(124, "sched_yield")
-_S(125, "sched_get_priority_max")
-_S(126, "sched_get_priority_min")
-_S(127, "sched_rr_get_interval")
-_S(128, "restart_syscall")
-_S(129, "kill")
-_S(130, "tkill")
-_S(131, "tgkill")
-_S(132, "sigaltstack")
-_S(133, "rt_sigsuspend")
-_S(134, "rt_sigaction")
-_S(135, "rt_sigprocmask")
-_S(136, "rt_sigpending")
-_S(137, "rt_sigtimedwait")
-_S(138, "rt_sigqueueinfo")
-_S(139, "rt_sigreturn")
-_S(140, "setpriority")
-_S(141, "getpriority")
-_S(142, "reboot")
-_S(143, "setregid")
-_S(144, "setgid")
-_S(145, "setreuid")
-_S(146, "setuid")
-_S(147, "setresuid")
-_S(148, "getresuid")
-_S(149, "setresgid")
-_S(150, "getresgid")
-_S(151, "setfsuid")
-_S(152, "setfsgid")
-_S(153, "times")
-_S(154, "setpgid")
-_S(155, "getpgid")
-_S(156, "getsid")
-_S(157, "setsid")
-_S(158, "getgroups")
-_S(159, "setgroups")
-_S(160, "uname")
-_S(161, "sethostname")
-_S(162, "setdomainname")
-_S(163, "getrlimit")
-_S(164, "setrlimit")
-_S(165, "getrusage")
-_S(166, "umask")
-_S(167, "prctl")
-_S(168, "getcpu")
-_S(169, "gettimeofday")
-_S(170, "settimeofday")
-_S(171, "adjtimex")
-_S(172, "getpid")
-_S(173, "getppid")
-_S(174, "getuid")
-_S(175, "geteuid")
-_S(176, "getgid")
-_S(177, "getegid")
-_S(178, "gettid")
-_S(179, "sysinfo")
-_S(180, "mq_open")
-_S(181, "mq_unlink")
-_S(182, "mq_timedsend")
-_S(183, "mq_timedreceive")
-_S(184, "mq_notify")
-_S(185, "mq_getsetattr")
-_S(186, "msgget")
-_S(187, "msgctl")
-_S(188, "msgrcv")
-_S(189, "msgsnd")
-_S(190, "semget")
-_S(191, "semctl")
-_S(192, "semtimedop")
-_S(193, "semop")
-_S(194, "shmget")
-_S(195, "shmctl")
-_S(196, "shmat")
-_S(197, "shmdt")
-_S(198, "socket")
-_S(199, "socketpair")
-_S(200, "bind")
-_S(201, "listen")
-_S(202, "accept")
-_S(203, "connect")
-_S(204, "getsockname")
-_S(205, "getpeername")
-_S(206, "sendto")
-_S(207, "recvfrom")
-_S(208, "setsockopt")
-_S(209, "getsockopt")
-_S(210, "shutdown")
-_S(211, "sendmsg")
-_S(212, "recvmsg")
-_S(213, "readahead")
-_S(214, "brk")
-_S(215, "munmap")
-_S(216, "mremap")
-_S(217, "add_key")
-_S(218, "request_key")
-_S(219, "keyctl")
-_S(220, "clone")
-_S(221, "execve")
-_S(222, "mmap")
-_S(223, "fadvise64")
-_S(224, "swapon")
-_S(225, "swapoff")
-_S(226, "mprotect")
-_S(227, "msync")
-_S(228, "mlock")
-_S(229, "munlock")
-_S(230, "mlockall")
-_S(231, "munlockall")
-_S(232, "mincore")
-_S(233, "madvise")
-_S(234, "remap_file_pages")
-_S(235, "mbind")
-_S(236, "get_mempolicy")
-_S(237, "set_mempolicy")
-_S(238, "migrate_pages")
-_S(239, "move_pages")
-_S(240, "rt_tgsigqueueinfo")
-_S(241, "perf_event_open")
-_S(242, "accept4")
-_S(243, "recvmmsg")
-_S(260, "wait4")
-_S(261, "prlimit64")
-_S(262, "fanotify_init")
-_S(263, "fanotify_mark")
-_S(264, "name_to_handle_at")
-_S(265, "open_by_handle_at")
-_S(266, "clock_adjtime")
-_S(267, "syncfs")
-_S(268, "setns")
-_S(269, "sendmmsg")
-_S(270, "process_vm_readv")
-_S(271, "process_vm_writev")
-_S(272, "kcmp")
-_S(273, "finit_module")
-_S(274, "sched_setattr")
-_S(275, "sched_getattr")
-_S(276, "renameat2")
-_S(277, "seccomp")
-_S(278, "getrandom")
-_S(279, "memfd_create")
-_S(280, "bpf")
-_S(281, "execveat")
diff --git a/framework/src/audit/lib/actiontab.h b/framework/src/audit/lib/actiontab.h
deleted file mode 100644
index 12744229..00000000
--- a/framework/src/audit/lib/actiontab.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/* actiontab.h --
- * Copyright 2005,2006 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(AUDIT_NEVER, "never" )
-_S(AUDIT_POSSIBLE, "possible" )
-_S(AUDIT_ALWAYS, "always" )
diff --git a/framework/src/audit/lib/alpha_table.h b/framework/src/audit/lib/alpha_table.h
deleted file mode 100644
index c798f834..00000000
--- a/framework/src/audit/lib/alpha_table.h
+++ /dev/null
@@ -1,453 +0,0 @@
-/* alpha_table.h --
- * Copyright 2005-07,2010-12,2014 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(0, "osf_syscall")
-_S(1, "exit")
-_S(2, "fork")
-_S(3, "read")
-_S(4, "write")
-_S(5, "osf_old_open")
-_S(6, "close")
-_S(7, "osf_wait4")
-_S(8, "osf_old_creat")
-_S(9, "link")
-_S(10, "unlink")
-_S(11, "osf_execve")
-_S(12, "chdir")
-_S(13, "fchdir")
-_S(14, "mknod")
-_S(15, "chmod")
-_S(16, "chown")
-_S(17, "brk")
-_S(18, "osf_getfsstat")
-_S(19, "lseek")
-_S(20, "getxpid")
-_S(21, "osf_mount")
-_S(22, "umount")
-_S(23, "setuid")
-_S(24, "getxuid")
-_S(25, "exec_with_loader")
-_S(26, "ptrace")
-_S(27, "osf_nrecvmsg")
-_S(28, "osf_nsendmsg")
-_S(29, "osf_nrecvfrom")
-_S(30, "osf_naccept")
-_S(31, "osf_ngetpeername")
-_S(32, "osf_ngetsockname")
-_S(33, "access")
-_S(34, "osf_chflags")
-_S(35, "osf_fchflags")
-_S(36, "sync")
-_S(37, "kill")
-_S(38, "osf_old_stat")
-_S(39, "setpgid")
-_S(40, "osf_old_lstat")
-_S(41, "dup")
-_S(42, "pipe")
-_S(43, "osf_set_program_attributes")
-_S(44, "osf_profil")
-_S(45, "open")
-_S(46, "osf_old_sigaction")
-_S(47, "getxgid")
-_S(48, "osf_sigprocmask")
-_S(49, "osf_getlogin")
-_S(50, "osf_setlogin")
-_S(51, "acct")
-_S(52, "sigpending")
-
-_S(54, "ioctl")
-_S(55, "osf_reboot")
-_S(56, "osf_revoke")
-_S(57, "symlink")
-_S(58, "readlink")
-_S(59, "execve")
-_S(60, "umask")
-_S(61, "chroot")
-_S(62, "osf_old_fstat")
-_S(63, "getpgrp")
-_S(64, "getpagesize")
-_S(65, "osf_mremap")
-_S(66, "vfork")
-_S(67, "stat")
-_S(68, "lstat")
-_S(69, "osf_sbrk")
-_S(70, "osf_sstk")
-_S(71, "mmap")
-_S(72, "osf_old_vadvise")
-_S(73, "munmap")
-_S(74, "mprotect")
-_S(75, "madvise")
-_S(76, "vhangup")
-_S(77, "osf_kmodcall")
-_S(78, "osf_mincore")
-_S(79, "getgroups")
-_S(80, "setgroups")
-_S(81, "osf_old_getpgrp")
-_S(82, "setpgrp")
-_S(83, "osf_setitimer")
-_S(84, "osf_old_wait")
-_S(85, "osf_table")
-_S(86, "osf_getitimer")
-_S(87, "gethostname")
-_S(88, "sethostname")
-_S(89, "getdtablesize")
-_S(90, "dup2")
-_S(91, "fstat")
-_S(92, "fcntl")
-_S(93, "osf_select")
-_S(94, "poll")
-_S(95, "fsync")
-_S(96, "setpriority")
-_S(97, "socket")
-_S(98, "connect")
-_S(99, "accept")
-_S(100, "getpriority")
-_S(101, "send")
-_S(102, "recv")
-_S(103, "sigreturn")
-_S(104, "bind")
-_S(105, "setsockopt")
-_S(106, "listen")
-_S(107, "osf_plock")
-_S(108, "osf_old_sigvec")
-_S(109, "osf_old_sigblock")
-_S(110, "osf_old_sigsetmask")
-_S(111, "sigsuspend")
-_S(112, "osf_sigstack")
-_S(113, "recvmsg")
-_S(114, "sendmsg")
-_S(115, "osf_old_vtrace")
-_S(116, "osf_gettimeofday")
-_S(117, "osf_getrusage")
-_S(118, "getsockopt")
-
-_S(120, "readv")
-_S(121, "writev")
-_S(122, "osf_settimeofday")
-_S(123, "fchown")
-_S(124, "fchmod")
-_S(125, "recvfrom")
-_S(126, "setreuid")
-_S(127, "setregid")
-_S(128, "rename")
-_S(129, "truncate")
-_S(130, "ftruncate")
-_S(131, "flock")
-_S(132, "setgid")
-_S(133, "sendto")
-_S(134, "shutdown")
-_S(135, "socketpair")
-_S(136, "mkdir")
-_S(137, "rmdir")
-_S(138, "osf_utimes")
-_S(139, "osf_old_sigreturn")
-_S(140, "osf_adjtime")
-_S(141, "getpeername")
-_S(142, "osf_gethostid")
-_S(143, "osf_sethostid")
-_S(144, "getrlimit")
-_S(145, "setrlimit")
-_S(146, "osf_old_killpg")
-_S(147, "setsid")
-_S(148, "quotactl")
-_S(149, "osf_oldquota")
-_S(150, "getsockname")
-
-_S(153, "osf_pid_block")
-_S(154, "osf_pid_unblock")
-
-_S(156, "sigaction")
-_S(157, "osf_sigwaitprim")
-_S(158, "osf_nfssvc")
-_S(159, "osf_getdirentries")
-_S(160, "osf_statfs")
-_S(161, "osf_fstatfs")
-
-_S(163, "osf_asynch_daemon")
-_S(164, "osf_getfh")
-_S(165, "osf_getdomainname")
-_S(166, "setdomainname")
-
-_S(169, "osf_exportfs")
-
-_S(181, "osf_alt_plock")
-
-_S(184, "osf_getmnt")
-
-_S(187, "osf_alt_sigpending")
-_S(188, "osf_alt_setsid")
-
-_S(199, "osf_swapon")
-_S(200, "msgctl")
-_S(201, "msgget")
-_S(202, "msgrcv")
-_S(203, "msgsnd")
-_S(204, "semctl")
-_S(205, "semget")
-_S(206, "semop")
-_S(207, "osf_utsname")
-_S(208, "lchown")
-_S(209, "osf_shmat")
-_S(210, "shmctl")
-_S(211, "shmdt")
-_S(212, "shmget")
-_S(213, "osf_mvalid")
-_S(214, "osf_getaddressconf")
-_S(215, "osf_msleep")
-_S(216, "osf_mwakeup")
-_S(217, "msync")
-_S(218, "osf_signal")
-_S(219, "osf_utc_gettime")
-_S(220, "osf_utc_adjtime")
-
-_S(222, "osf_security")
-_S(223, "osf_kloadcall")
-
-_S(233, "getpgid")
-_S(234, "getsid")
-_S(235, "sigaltstack")
-_S(236, "osf_waitid")
-_S(237, "osf_priocntlset")
-_S(238, "osf_sigsendset")
-_S(239, "osf_set_speculative")
-_S(240, "osf_msfs_syscall")
-_S(241, "osf_sysinfo")
-_S(242, "osf_uadmin")
-_S(243, "osf_fuser")
-_S(244, "osf_proplist_syscall")
-_S(245, "osf_ntp_adjtime")
-_S(246, "osf_ntp_gettime")
-_S(247, "osf_pathconf")
-_S(248, "osf_fpathconf")
-
-_S(250, "osf_uswitch")
-_S(251, "osf_usleep_thread")
-_S(252, "osf_audcntl")
-_S(253, "osf_audgen")
-_S(254, "sysfs")
-_S(255, "osf_subsys_info")
-_S(256, "osf_getsysinfo")
-_S(257, "osf_setsysinfo")
-_S(258, "osf_afs_syscall")
-_S(259, "osf_swapctl")
-_S(260, "osf_memcntl")
-_S(261, "osf_fdatasync")
-
-_S(300, "bdflush")
-_S(301, "sethae")
-_S(302, "mount")
-_S(303, "old_adjtimex")
-_S(304, "swapoff")
-_S(305, "getdents")
-_S(306, "create_module")
-_S(307, "init_module")
-_S(308, "delete_module")
-_S(309, "get_kernel_syms")
-_S(310, "syslog")
-_S(311, "reboot")
-_S(312, "clone")
-_S(313, "uselib")
-_S(314, "mlock")
-_S(315, "munlock")
-_S(316, "mlockall")
-_S(317, "munlockall")
-_S(318, "sysinfo")
-_S(319, "_sysctl")
-/* 320 was sys_idle. */
-_S(321, "oldumount")
-_S(322, "swapon")
-_S(323, "times")
-_S(324, "personality")
-_S(325, "setfsuid")
-_S(326, "setfsgid")
-_S(327, "ustat")
-_S(328, "statfs")
-_S(329, "fstatfs")
-_S(330, "sched_setparam")
-_S(331, "sched_getparam")
-_S(332, "sched_setscheduler")
-_S(333, "sched_getscheduler")
-_S(334, "sched_yield")
-_S(335, "sched_get_priority_max")
-_S(336, "sched_get_priority_min")
-_S(337, "sched_rr_get_interval")
-_S(338, "afs_syscall")
-_S(339, "uname")
-_S(340, "nanosleep")
-_S(341, "mremap")
-_S(342, "nfsservctl")
-_S(343, "setresuid")
-_S(344, "getresuid")
-_S(345, "pciconfig_read")
-_S(346, "pciconfig_write")
-_S(347, "query_module")
-_S(348, "prctl")
-_S(349, "pread")
-_S(350, "pwrite")
-_S(351, "rt_sigreturn")
-_S(352, "rt_sigaction")
-_S(353, "rt_sigprocmask")
-_S(354, "rt_sigpending")
-_S(355, "rt_sigtimedwait")
-_S(356, "rt_sigqueueinfo")
-_S(357, "rt_sigsuspend")
-_S(358, "select")
-_S(359, "gettimeofday")
-_S(360, "settimeofday")
-_S(361, "getitimer")
-_S(362, "setitimer")
-_S(363, "utimes")
-_S(364, "getrusage")
-_S(365, "wait4")
-_S(366, "adjtimex")
-_S(367, "getcwd")
-_S(368, "capget")
-_S(369, "capset")
-_S(370, "sendfile")
-_S(371, "setresgid")
-_S(372, "getresgid")
-_S(373, "dipc")
-_S(374, "pivot_root")
-_S(375, "mincore")
-_S(376, "pciconfig_iobase")
-_S(377, "getdents64")
-_S(378, "gettid")
-_S(379, "readahead")
-/* 380 is unused */
-_S(381, "tkill")
-_S(382, "setxattr")
-_S(383, "lsetxattr")
-_S(384, "fsetxattr")
-_S(385, "getxattr")
-_S(386, "lgetxattr")
-_S(387, "fgetxattr")
-_S(388, "listxattr")
-_S(389, "llistxattr")
-_S(390, "flistxattr")
-_S(391, "removexattr")
-_S(392, "lremovexattr")
-_S(393, "fremovexattr")
-_S(394, "futex")
-_S(395, "sched_setaffinity")
-_S(396, "sched_getaffinity")
-_S(397, "tuxcall")
-_S(398, "io_setup")
-_S(399, "io_destroy")
-_S(400, "io_getevents")
-_S(401, "io_submit")
-_S(402, "io_cancel")
-_S(405, "exit_group")
-_S(406, "lookup_dcookie")
-_S(407, "epoll_create")
-_S(408, "epoll_ctl")
-_S(409, "epoll_wait")
-_S(410, "remap_file_pages")
-_S(411, "set_tid_address")
-_S(412, "restart_syscall")
-_S(413, "fadvise64")
-_S(424, "tgkill")
-_S(425, "stat64")
-_S(426, "lstat64")
-_S(427, "fstat64")
-_S(428, "vserver")
-_S(429, "mbind")
-_S(430, "get_mempolicy")
-_S(431, "set_mempolicy")
-_S(432, "mq_open")
-_S(433, "mq_unlink")
-_S(434, "mq_timedsend")
-_S(435, "mq_timedreceive")
-_S(436, "mq_notify")
-_S(437, "mq_getsetattr")
-_S(438, "waitid")
-_S(439, "add_key")
-_S(440, "request_key")
-_S(441, "keyctl")
-_S(442, "ioprio_set")
-_S(443, "ioprio_get")
-_S(444, "inotify_init")
-_S(445, "inotify_add_watch")
-_S(446, "inotify_rm_watch")
-_S(447, "fdatasync")
-_S(448, "kexec_load")
-_S(449, "migrate_pages")
-_S(450, "openat")
-_S(451, "mkdirat")
-_S(452, "mknodat")
-_S(453, "fchownat")
-_S(454, "futimesat")
-_S(455, "fstatat64")
-_S(456, "unlinkat")
-_S(457, "renameat")
-_S(458, "linkat")
-_S(459, "symlinkat")
-_S(460, "readlinkat")
-_S(461, "fchmodat")
-_S(462, "faccessat")
-_S(463, "pselect6")
-_S(464, "ppoll")
-_S(465, "unshare")
-_S(466, "set_robust_list")
-_S(467, "get_robust_list")
-_S(468, "splice")
-_S(469, "sync_file_range")
-_S(470, "tee")
-_S(471, "vmsplice")
-_S(472, "move_pages")
-_S(473, "getcpu")
-_S(474, "epoll_pwait")
-_S(475, "utimensat")
-_S(476, "signalfd")
-_S(477, "timerfd")
-_S(478, "eventfd")
-_S(479, "recvmmsg")
-_S(480, "fallocate")
-_S(481, "timerfd_create")
-_S(482, "timerfd_settime")
-_S(483, "timerfd_gettime")
-_S(484, "signalfd4")
-_S(485, "eventfd2")
-_S(486, "epoll_create1")
-_S(487, "dup3")
-_S(488, "pipe2")
-_S(489, "inotify_init1")
-_S(490, "preadv")
-_S(491, "pwritev")
-_S(492, "rt_tgsigqueueinfo")
-_S(493, "perf_event_open")
-_S(494, "fanotify_init")
-_S(495, "fanotify_mark")
-_S(496, "prlimit64")
-_S(497, "name_to_handle_at")
-_S(498, "open_by_handle_at")
-_S(499, "clock_adjtime")
-_S(500, "syncfs")
-_S(501, "setns")
-_S(502, "accept4")
-_S(503, "sendmmsg")
-_S(504, "process_vm_readv")
-_S(505, "process_vm_writev")
-_S(506, "kcmp")
-_S(507, "finit_module")
-_S(508, "sched_setattr")
-_S(509, "sched_getattr")
-_S(510, "renameat2")
diff --git a/framework/src/audit/lib/arm_table.h b/framework/src/audit/lib/arm_table.h
deleted file mode 100644
index 56a1c9fc..00000000
--- a/framework/src/audit/lib/arm_table.h
+++ /dev/null
@@ -1,373 +0,0 @@
-/* arm_table.h --
- * Copyright 2009-10,2013-15 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-_S(0, "restart_syscall")
-_S(1, "exit")
-_S(2, "fork")
-_S(3, "read")
-_S(4, "write")
-_S(5, "open")
-_S(6, "close")
-_S(8, "creat")
-_S(9, "link")
-_S(10, "unlink")
-_S(11, "execve")
-_S(12, "chdir")
-_S(13, "time")
-_S(14, "mknod")
-_S(15, "chmod")
-_S(16, "lchown")
-_S(19, "lseek")
-_S(20, "getpid")
-_S(21, "mount")
-_S(22, "umount")
-_S(23, "setuid")
-_S(24, "getuid")
-_S(25, "stime")
-_S(26, "ptrace")
-_S(27, "alarm")
-_S(29, "pause")
-_S(30, "utime")
-_S(33, "access")
-_S(34, "nice")
-_S(36, "sync")
-_S(37, "kill")
-_S(38, "rename")
-_S(39, "mkdir")
-_S(40, "rmdir")
-_S(41, "dup")
-_S(42, "pipe")
-_S(43, "times")
-_S(45, "brk")
-_S(46, "setgid")
-_S(47, "getgid")
-_S(49, "geteuid")
-_S(50, "getegid")
-_S(51, "acct")
-_S(52, "umount2")
-_S(54, "ioctl")
-_S(55, "fcntl")
-_S(57, "setpgid")
-_S(60, "umask")
-_S(61, "chroot")
-_S(62, "ustat")
-_S(63, "dup2")
-_S(64, "getppid")
-_S(65, "getpgrp")
-_S(66, "setsid")
-_S(67, "sigaction")
-_S(70, "setreuid")
-_S(71, "setregid")
-_S(72, "sigsuspend")
-_S(73, "sigpending")
-_S(74, "sethostname")
-_S(75, "setrlimit")
-_S(76, "getrlimit")
-_S(77, "getrusage")
-_S(78, "gettimeofday")
-_S(79, "settimeofday")
-_S(80, "getgroups")
-_S(81, "setgroups")
-_S(82, "select")
-_S(83, "symlink")
-_S(85, "readlink")
-_S(86, "uselib")
-_S(87, "swapon")
-_S(88, "reboot")
-_S(89, "readdir")
-_S(90, "mmap")
-_S(91, "munmap")
-_S(92, "truncate")
-_S(93, "ftruncate")
-_S(94, "fchmod")
-_S(95, "fchown")
-_S(96, "getpriority")
-_S(97, "setpriority")
-_S(99, "statfs")
-_S(100, "fstatfs")
-_S(102, "socketcall")
-_S(103, "syslog")
-_S(104, "setitimer")
-_S(105, "getitimer")
-_S(106, "stat")
-_S(107, "lstat")
-_S(108, "fstat")
-_S(111, "vhangup")
-_S(113, "syscall")
-_S(114, "wait4")
-_S(115, "swapoff")
-_S(116, "sysinfo")
-_S(117, "ipc")
-_S(118, "fsync")
-_S(119, "sigreturn")
-_S(120, "clone")
-_S(121, "setdomainname")
-_S(122, "uname")
-_S(124, "adjtimex")
-_S(125, "mprotect")
-_S(126, "sigprocmask")
-_S(128, "init_module")
-_S(129, "delete_module")
-_S(131, "quotactl")
-_S(132, "getpgid")
-_S(133, "fchdir")
-_S(134, "bdflush")
-_S(135, "sysfs")
-_S(136, "personality")
-_S(138, "setfsuid")
-_S(139, "setfsgid")
-_S(140, "llseek")
-_S(141, "getdents")
-_S(142, "newselect")
-_S(143, "flock")
-_S(144, "msync")
-_S(145, "readv")
-_S(146, "writev")
-_S(147, "getsid")
-_S(148, "fdatasync")
-_S(149, "sysctl")
-_S(150, "mlock")
-_S(151, "munlock")
-_S(152, "mlockall")
-_S(153, "munlockall")
-_S(154, "sched_setparam")
-_S(155, "sched_getparam")
-_S(156, "sched_setscheduler")
-_S(157, "sched_getscheduler")
-_S(158, "sched_yield")
-_S(159, "sched_get_priority_max")
-_S(160, "sched_get_priority_min")
-_S(161, "sched_rr_get_interval")
-_S(162, "nanosleep")
-_S(163, "mremap")
-_S(164, "setresuid")
-_S(165, "getresuid")
-_S(168, "poll")
-_S(169, "nfsservctl")
-_S(170, "setresgid")
-_S(171, "getresgid")
-_S(172, "prctl")
-_S(173, "rt_sigreturn")
-_S(174, "rt_sigaction")
-_S(175, "rt_sigprocmask")
-_S(176, "rt_sigpending")
-_S(177, "rt_sigtimedwait")
-_S(178, "rt_sigqueueinfo")
-_S(179, "rt_sigsuspend")
-_S(180, "pread64")
-_S(181, "pwrite64")
-_S(182, "chown")
-_S(183, "getcwd")
-_S(184, "capget")
-_S(185, "capset")
-_S(186, "sigaltstack")
-_S(187, "sendfile")
-_S(190, "vfork")
-_S(191, "ugetrlimit")
-_S(192, "mmap2")
-_S(193, "truncate64")
-_S(194, "ftruncate64")
-_S(195, "stat64")
-_S(196, "lstat64")
-_S(197, "fstat64")
-_S(198, "lchown32")
-_S(199, "getuid32")
-_S(200, "getgid32")
-_S(201, "geteuid32")
-_S(202, "getegid32")
-_S(203, "setreuid32")
-_S(204, "setregid32")
-_S(205, "getgroups32")
-_S(206, "setgroups32")
-_S(207, "fchown32")
-_S(208, "setresuid32")
-_S(209, "getresuid32")
-_S(210, "setresgid32")
-_S(211, "getresgid32")
-_S(212, "chown32")
-_S(213, "setuid32")
-_S(214, "setgid32")
-_S(215, "setfsuid32")
-_S(216, "setfsgid32")
-_S(217, "getdents64")
-_S(218, "pivot_root")
-_S(219, "mincore")
-_S(220, "madvise")
-_S(221, "fcntl64")
-_S(224, "gettid")
-_S(225, "readahead")
-_S(226, "setxattr")
-_S(227, "lsetxattr")
-_S(228, "fsetxattr")
-_S(229, "getxattr")
-_S(230, "lgetxattr")
-_S(231, "fgetxattr")
-_S(232, "listxattr")
-_S(233, "llistxattr")
-_S(234, "flistxattr")
-_S(235, "removexattr")
-_S(236, "lremovexattr")
-_S(237, "fremovexattr")
-_S(238, "tkill")
-_S(239, "sendfile64")
-_S(240, "futex")
-_S(241, "sched_setaffinity")
-_S(242, "sched_getaffinity")
-_S(243, "io_setup")
-_S(244, "io_destroy")
-_S(245, "io_getevents")
-_S(246, "io_submit")
-_S(247, "io_cancel")
-_S(248, "exit_group")
-_S(249, "lookup_dcookie")
-_S(250, "epoll_create")
-_S(251, "epoll_ctl")
-_S(252, "epoll_wait")
-_S(253, "remap_file_pages")
-_S(256, "set_tid_address")
-_S(257, "timer_create")
-_S(258, "timer_settime")
-_S(259, "timer_gettime")
-_S(260, "timer_getoverrun")
-_S(261, "timer_delete")
-_S(262, "clock_settime")
-_S(263, "clock_gettime")
-_S(264, "clock_getres")
-_S(265, "clock_nanosleep")
-_S(266, "statfs64")
-_S(267, "fstatfs64")
-_S(268, "tgkill")
-_S(269, "utimes")
-_S(270, "fadvise64_64")
-_S(271, "pciconfig_iobase")
-_S(272, "pciconfig_read")
-_S(273, "pciconfig_write")
-_S(274, "mq_open")
-_S(275, "mq_unlink")
-_S(276, "mq_timedsend")
-_S(277, "mq_timedreceive")
-_S(278, "mq_notify")
-_S(279, "mq_getsetattr")
-_S(280, "waitid")
-_S(281, "socket")
-_S(282, "bind")
-_S(283, "connect")
-_S(284, "listen")
-_S(285, "accept")
-_S(286, "getsockname")
-_S(287, "getpeername")
-_S(288, "socketpair")
-_S(289, "send")
-_S(290, "sendto")
-_S(291, "recv")
-_S(292, "recvfrom")
-_S(293, "shutdown")
-_S(294, "setsockopt")
-_S(295, "getsockopt")
-_S(296, "sendmsg")
-_S(297, "recvmsg")
-_S(298, "semop")
-_S(299, "semget")
-_S(300, "semctl")
-_S(301, "msgsnd")
-_S(302, "msgrcv")
-_S(303, "msgget")
-_S(304, "msgctl")
-_S(305, "shmat")
-_S(306, "shmdt")
-_S(307, "shmget")
-_S(308, "shmctl")
-_S(309, "add_key")
-_S(310, "request_key")
-_S(311, "keyctl")
-_S(312, "semtimedop")
-_S(313, "vserver")
-_S(314, "ioprio_set")
-_S(315, "ioprio_get")
-_S(316, "inotify_init")
-_S(317, "inotify_add_watch")
-_S(318, "inotify_rm_watch")
-_S(319, "mbind")
-_S(320, "get_mempolicy")
-_S(321, "set_mempolicy")
-_S(322, "openat")
-_S(323, "mkdirat")
-_S(324, "mknodat")
-_S(325, "fchownat")
-_S(326, "futimesat")
-_S(327, "fstatat64")
-_S(328, "unlinkat")
-_S(329, "renameat")
-_S(330, "linkat")
-_S(331, "symlinkat")
-_S(332, "readlinkat")
-_S(333, "fchmodat")
-_S(334, "faccessat")
-_S(337, "unshare")
-_S(338, "set_robust_list")
-_S(339, "get_robust_list")
-_S(340, "splice")
-_S(341, "sync_file_range")
-_S(342, "tee")
-_S(343, "vmsplice")
-_S(344, "move_pages")
-_S(345, "getcpu")
-_S(347, "kexec_load")
-_S(348, "utimensat")
-_S(349, "signalfd")
-_S(350, "timerfd_create")
-_S(351, "eventfd")
-_S(352, "fallocate")
-_S(353, "timerfd_settime")
-_S(354, "timerfd_gettime")
-_S(355, "signalfd4")
-_S(356, "eventfd2")
-_S(357, "epoll_create1")
-_S(358, "dup3")
-_S(359, "pipe2")
-_S(360, "inotify_init1")
-_S(361, "preadv")
-_S(362, "pwritev")
-_S(363, "rt_tgsigqueueinfo")
-_S(364, "perf_event_open")
-_S(365, "recvmmsg")
-_S(366, "accept4")
-_S(367, "fanotify_init")
-_S(368, "fanotify_mark")
-_S(369, "prlimit64")
-_S(370, "name_to_handle_at")
-_S(371, "open_by_handle_at")
-_S(372, "clock_adjtime")
-_S(373, "syncfs")
-_S(374, "sendmmsg")
-_S(375, "setns")
-_S(376, "process_vm_readv")
-_S(377, "process_vm_writev")
-_S(378, "kcmp")
-_S(379, "finit_module")
-_S(380, "sched_setattr")
-_S(381, "sched_getattr")
-_S(382, "renameat2")
-_S(383, "seccomp")
-_S(384, "getrandom")
-_S(385, "memfd_create")
-_S(386, "bpf")
-_S(387, "execveat")
diff --git a/framework/src/audit/lib/audit.pc.in b/framework/src/audit/lib/audit.pc.in
deleted file mode 100644
index 140c919c..00000000
--- a/framework/src/audit/lib/audit.pc.in
+++ /dev/null
@@ -1,10 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: libaudit
-Description: Libraries needed for apps that use the kernel audit framework
-Version: @VERSION@
-Libs: -L${libdir} -laudit
-Cflags: -I${includedir}
diff --git a/framework/src/audit/lib/audit_logging.c b/framework/src/audit/lib/audit_logging.c
deleted file mode 100644
index c9461061..00000000
--- a/framework/src/audit/lib/audit_logging.c
+++ /dev/null
@@ -1,746 +0,0 @@
-/* audit_logging.c --
- * Copyright 2005-2008,2010,2011,2013 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-#include "config.h"
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <errno.h>
-#include <netinet/in.h> // inet6 addrlen
-#include <netdb.h> // gethostbyname
-#include <arpa/inet.h> // inet_ntop
-#include <utmp.h>
-#include <limits.h> // PATH_MAX
-
-#include "libaudit.h"
-#include "private.h"
-
-#define TTY_PATH 32
-#define MAX_USER (UT_NAMESIZE * 2) + 8
-
-// NOTE: The kernel fills in pid, uid, and loginuid of sender. Therefore,
-// these routines do not need to send them.
-
-/*
- * resolve's the hostname - caller must pass a INET6_ADDRSTRLEN byte buffer
- * Returns string w/ numerical address, or "?" on failure
- */
-static void _resolve_addr(char buf[], const char *host)
-{
- struct addrinfo *ai;
- struct addrinfo hints;
- int e;
-
- buf[0] = '?';
- buf[1] = 0;
- /* Short circuit this lookup if NULL, or empty */
- if (host == NULL || *host == 0)
- return;
-
- memset(&hints, 0, sizeof(hints));
- hints.ai_flags = AI_ADDRCONFIG;
- hints.ai_socktype = SOCK_STREAM;
-
- e = getaddrinfo(host, NULL, &hints, &ai);
- if (e != 0) {
- audit_msg(LOG_ERR,
- "resolve_addr: cannot resolve hostname %s (%s)",
- host, gai_strerror(e));
- return;
- }
- // What to do if more than 1 addr?
- inet_ntop(ai->ai_family, ai->ai_family == AF_INET ?
- (void *) &((struct sockaddr_in *)ai->ai_addr)->sin_addr :
- (void *) &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr,
- buf, INET6_ADDRSTRLEN);
- freeaddrinfo(ai);
-}
-
-/*
- * This function checks a string to see if it needs encoding. It
- * return 1 if needed and 0 if not
- */
-int audit_value_needs_encoding(const char *str, unsigned int size)
-{
- unsigned int i;
-
- if (str == NULL)
- return 0;
-
- for (i=0; i<size; i++) {
- // we don't test for > 0x7f because str[] is signed.
- if (str[i] == '"' || str[i] < 0x21 || str[i] == 0x7F)
- return 1;
- }
- return 0;
-}
-
-/*
- * This function does encoding of "untrusted" names just like the kernel
- */
-char *audit_encode_value(char *final, const char *buf, unsigned int size)
-{
- unsigned int i;
- char *ptr = final;
- const char *hex = "0123456789ABCDEF";
-
- if (final == NULL)
- return NULL;
-
- if (buf == NULL) {
- *final = 0;
- return final;
- }
-
- for (i=0; i<size; i++) {
- *ptr++ = hex[(buf[i] & 0xF0)>>4]; /* Upper nibble */
- *ptr++ = hex[buf[i] & 0x0F]; /* Lower nibble */
- }
- *ptr = 0;
- return final;
-}
-
-char *audit_encode_nv_string(const char *name, const char *value,
- unsigned int vlen)
-{
- char *str;
-
- if (vlen == 0 && value)
- vlen = strlen(value);
-
- if (value && audit_value_needs_encoding(value, vlen)) {
- char *tmp = malloc(2*vlen + 1);
- if (tmp) {
- audit_encode_value(tmp, value, vlen);
- if (asprintf(&str, "%s=%s", name, tmp) < 0)
- str = NULL;
- free(tmp);
- } else
- str = NULL;
- } else
- if (asprintf(&str, "%s=\"%s\"", name, value ? value : "?") < 0)
- str = NULL;
- return str;
-}
-
-/*
- * Get the executable's name
- */
-static char *_get_exename(char *exename, int size)
-{
- int res;
- char tmp[PATH_MAX+1];
-
- /* get the name of the current executable */
- if ((res = readlink("/proc/self/exe", tmp, PATH_MAX)) == -1) {
- strcpy(exename, "\"?\"");
- audit_msg(LOG_ERR, "get_exename: cannot determine executable");
- } else {
- tmp[res] = '\0';
- if (audit_value_needs_encoding(tmp, res))
- return audit_encode_value(exename, tmp, res);
- snprintf(exename, size, "\"%s\"", tmp);
- }
- return exename;
-}
-
-/*
- * Get the command line name
- * NOTE: at the moment, this only escapes what the user sent
- */
-static char *_get_commname(const char *comm, char *commname, unsigned int size)
-{
- unsigned int len;
-
- if (comm == NULL) {
- strcpy(commname, "\"?\"");
- return commname;
- }
-
- len = strlen(comm);
- if (audit_value_needs_encoding(comm, len))
- audit_encode_value(commname, comm, len);
- else
- snprintf(commname, size, "\"%s\"", comm);
-
- return commname;
-}
-
-static int check_ttyname(const char *ttyn)
-{
- struct stat statbuf;
-
- if (lstat(ttyn, &statbuf)
- || !S_ISCHR(statbuf.st_mode)
- || (statbuf.st_nlink > 1 && strncmp(ttyn, "/dev/", 5))) {
- audit_msg(LOG_ERR, "FATAL: bad tty %s", ttyn);
- return 1;
- }
- return 0;
-}
-
-static const char *_get_tty(char *tname, int size)
-{
- int rc, i, found = 0;
-
- for (i=0; i<3 && !found; i++) {
- rc = ttyname_r(i, tname, size);
- if (rc == 0 && tname[0] != '\0')
- found = 1;
- }
-
- if (!found)
- return NULL;
-
- if (check_ttyname(tname))
- return NULL;
-
- if (strncmp(tname, "/dev/", 5) == 0)
- return &tname[5];
-
- return tname;
-}
-
-/*
- * This function will log a message to the audit system using a predefined
- * message format. This function should be used by all console apps that do
- * not manipulate accounts or groups.
- *
- * audit_fd - The fd returned by audit_open
- * type - type of message, ex: AUDIT_USER, AUDIT_USYS_CONFIG, AUDIT_USER_LOGIN
- * message - the message being sent
- * hostname - the hostname if known
- * addr - The network address of the user
- * tty - The tty of the user
- * result - 1 is "success" and 0 is "failed"
- *
- * It returns the sequence number which is > 0 on success or <= 0 on error.
- */
-int audit_log_user_message(int audit_fd, int type, const char *message,
- const char *hostname, const char *addr, const char *tty, int result)
-{
- char buf[MAX_AUDIT_MESSAGE_LENGTH];
- char addrbuf[INET6_ADDRSTRLEN];
- static char exename[PATH_MAX*2]="";
- char ttyname[TTY_PATH];
- const char *success;
- int ret;
-
- if (audit_fd < 0)
- return 0;
-
- if (result)
- success = "success";
- else
- success = "failed";
-
- /* If hostname is empty string, make it NULL ptr */
- if (hostname && *hostname == 0)
- hostname = NULL;
- addrbuf[0] = 0;
- if (addr == NULL || strlen(addr) == 0)
- _resolve_addr(addrbuf, hostname);
- else
- strncat(addrbuf, addr, sizeof(addrbuf)-1);
-
- if (exename[0] == 0)
- _get_exename(exename, sizeof(exename));
- if (tty == NULL)
- tty = _get_tty(ttyname, TTY_PATH);
- else if (*tty == 0)
- tty = NULL;
-
- snprintf(buf, sizeof(buf),
- "%s exe=%s hostname=%s addr=%s terminal=%s res=%s",
- message, exename,
- hostname ? hostname : "?",
- addrbuf,
- tty ? tty : "?",
- success
- );
-
- errno = 0;
- ret = audit_send_user_message( audit_fd, type, HIDE_IT, buf );
- if ((ret < 1) && errno == 0)
- errno = ret;
- return ret;
-}
-
-/*
- * This function will log a message to the audit system using a predefined
- * message format. This function should be used by all console apps that do
- * not manipulate accounts or groups and are executing a script. An example
- * would be python or crond wanting to say what they are executing.
- *
- * audit_fd - The fd returned by audit_open
- * type - type of message, ex: AUDIT_USER, AUDIT_USYS_CONFIG, AUDIT_USER_LOGIN
- * message - the message being sent
- * comm - the program command line name
- * hostname - the hostname if known
- * addr - The network address of the user
- * tty - The tty of the user
- * result - 1 is "success" and 0 is "failed"
- *
- * It returns the sequence number which is > 0 on success or <= 0 on error.
- */
-int audit_log_user_comm_message(int audit_fd, int type, const char *message,
- const char *comm, const char *hostname, const char *addr,
- const char *tty, int result)
-{
- char buf[MAX_AUDIT_MESSAGE_LENGTH];
- char addrbuf[INET6_ADDRSTRLEN];
- static char exename[PATH_MAX*2]="";
- char commname[PATH_MAX*2];
- char ttyname[TTY_PATH];
- const char *success;
- int ret;
-
- if (audit_fd < 0)
- return 0;
-
- if (result)
- success = "success";
- else
- success = "failed";
-
- /* If hostname is empty string, make it NULL ptr */
- if (hostname && *hostname == 0)
- hostname = NULL;
- addrbuf[0] = 0;
- if (addr == NULL || strlen(addr) == 0)
- _resolve_addr(addrbuf, hostname);
- else
- strncat(addrbuf, addr, sizeof(addrbuf)-1);
- if (exename[0] == 0)
- _get_exename(exename, sizeof(exename));
- if (tty == NULL)
- tty = _get_tty(ttyname, TTY_PATH);
- else if (*tty == 0)
- tty = NULL;
-
- _get_commname(comm, commname, sizeof(commname));
-
- snprintf(buf, sizeof(buf),
- "%s comm=%s exe=%s hostname=%s addr=%s terminal=%s res=%s",
- message, commname, exename,
- hostname ? hostname : "?",
- addrbuf,
- tty ? tty : "?",
- success
- );
-
- errno = 0;
- ret = audit_send_user_message( audit_fd, type, HIDE_IT, buf );
- if ((ret < 1) && errno == 0)
- errno = ret;
- return ret;
-}
-
-
-/*
- * This function will log a message to the audit system using a predefined
- * message format. It should be used for all account manipulation operations.
- * Parameter usage is as follows:
- *
- * audit_fd - The fd returned by audit_open
- * type - type of message: AUDIT_USER_CHAUTHTOK for changing any account
- * attributes.
- * pgname - program's name
- * op - operation. "adding user", "changing finger info", "deleting group"
- * name - user's account or group name. If not available use NULL.
- * id - uid or gid that the operation is being performed on. This is used
- * only when user is NULL.
- * host - The hostname if known
- * addr - The network address of the user
- * tty - The tty of the user
- * result - 1 is "success" and 0 is "failed"
- *
- * It returns the sequence number which is > 0 on success or <= 0 on error.
- */
-int audit_log_acct_message(int audit_fd, int type, const char *pgname,
- const char *op, const char *name, unsigned int id,
- const char *host, const char *addr, const char *tty, int result)
-{
- const char *success;
- char buf[MAX_AUDIT_MESSAGE_LENGTH];
- char addrbuf[INET6_ADDRSTRLEN];
- static char exename[PATH_MAX*2] = "";
- char ttyname[TTY_PATH];
- int ret;
-
- if (audit_fd < 0)
- return 0;
-
- if (result)
- success = "success";
- else
- success = "failed";
-
- /* If hostname is empty string, make it NULL ptr */
- if (host && *host == 0)
- host = NULL;
- addrbuf[0] = 0;
- if (addr == NULL || strlen(addr) == 0)
- _resolve_addr(addrbuf, host);
- else
- strncat(addrbuf, addr, sizeof(addrbuf)-1);
-
- if (pgname == NULL) {
- if (exename[0] == 0)
- _get_exename(exename, sizeof(exename));
- } else if (pgname[0] != '"')
- snprintf(exename, sizeof(exename), "\"%s\"", pgname);
- else
- snprintf(exename, sizeof(exename), "%s", pgname);
-
- if (tty == NULL)
- tty = _get_tty(ttyname, TTY_PATH);
- else if (*tty == 0)
- tty = NULL;
-
- if (name && id == -1) {
- char user[MAX_USER];
- const char *format;
- size_t len;
-
- user[0] = 0;
- strncat(user, name, MAX_USER-1);
- len = strnlen(user, UT_NAMESIZE);
- user[len] = 0;
- if (audit_value_needs_encoding(name, len)) {
- audit_encode_value(user, name, len);
- format =
- "op=%s acct=%s exe=%s hostname=%s addr=%s terminal=%s res=%s";
- } else
- format =
- "op=%s acct=\"%s\" exe=%s hostname=%s addr=%s terminal=%s res=%s";
-
- snprintf(buf, sizeof(buf), format,
- op, user, exename,
- host ? host : "?",
- addrbuf,
- tty ? tty : "?",
- success
- );
- } else
- snprintf(buf, sizeof(buf),
- "op=%s id=%u exe=%s hostname=%s addr=%s terminal=%s res=%s",
- op, id, exename,
- host ? host : "?",
- addrbuf,
- tty ? tty : "?",
- success
- );
-
- errno = 0;
- ret = audit_send_user_message(audit_fd, type, REAL_ERR, buf);
- if ((ret < 1) && errno == 0)
- errno = ret;
- return ret;
-}
-
-/*
- * This function will log a message to the audit system using a predefined
- * message format. This function should be used by all apps that are SE Linux
- * object managers.
- *
- * audit_fd - The fd returned by audit_open
- * type - type of message, ex: AUDIT_USER, AUDIT_USYS_CONFIG, AUDIT_USER_LOGIN
- * message - the message being sent
- * hostname - the hostname if known
- * addr - The network address of the user
- * tty - The tty of the user
- * uid - The auid of the person related to the avc message
- *
- * It returns the sequence number which is > 0 on success or <= 0 on error.
- */
-int audit_log_user_avc_message(int audit_fd, int type, const char *message,
- const char *hostname, const char *addr, const char *tty, uid_t uid)
-{
- char buf[MAX_AUDIT_MESSAGE_LENGTH];
- char addrbuf[INET6_ADDRSTRLEN];
- static char exename[PATH_MAX*2] = "";
- char ttyname[TTY_PATH];
- int retval;
-
- if (audit_fd < 0)
- return 0;
-
- /* If hostname is empty string, make it NULL ptr */
- if (hostname && *hostname == 0)
- hostname = NULL;
- addrbuf[0] = 0;
- if (addr == NULL || strlen(addr) == 0)
- _resolve_addr(addrbuf, hostname);
- else
- strncat(addrbuf, addr, sizeof(addrbuf)-1);
- if (exename[0] == 0)
- _get_exename(exename, sizeof(exename));
- if (tty == NULL)
- tty = _get_tty(ttyname, TTY_PATH);
- else if (*tty == 0)
- tty = NULL;
-
- snprintf(buf, sizeof(buf),
- "%s exe=%s sauid=%d hostname=%s addr=%s terminal=%s",
- message, exename, uid,
- hostname ? hostname : "?",
- addrbuf,
- tty ? tty : "?"
- );
-
- errno = 0;
- retval = audit_send_user_message( audit_fd, type, REAL_ERR, buf );
- if (retval == -EPERM && getuid() != 0) {
- syslog(LOG_ERR, "Can't send to audit system: %s %s",
- audit_msg_type_to_name(type), buf);
- return 0;
- }
- if ((retval < 1) && errno == 0)
- errno = retval;
- return retval;
-}
-
-/*
- * This function will log a message to the audit system using a predefined
- * message format. It should be used for all SE linux user and role
- * manipulation operations.
- * Parameter usage is as follows:
- *
- * type - type of message: AUDIT_ROLE_ASSIGN/REMOVE for changing any SE Linux
- * user or role attributes.
- * pgname - program's name
- * op - operation. "adding-user", "adding-role", "deleting-user", "deleting-role"
- * name - user's account. If not available use NULL.
- * id - uid that the operation is being performed on. This is used
- * only when name is NULL.
- * new_seuser - the new seuser that the login user is getting
- * new_role - the new_role that the login user is getting
- * new_range - the new mls range that the login user is getting
- * old_seuser - the old seuser that the login usr had
- * old_role - the old role that the login user had
- * old_range - the old mls range that the login usr had
- * host - The hostname if known
- * addr - The network address of the user
- * tty - The tty of the user
- * result - 1 is "success" and 0 is "failed"
- *
- * It returns the sequence number which is > 0 on success or <= 0 on error.
- */
-int audit_log_semanage_message(int audit_fd, int type, const char *pgname,
- const char *op, const char *name, unsigned int id,
- const char *new_seuser, const char *new_role, const char *new_range,
- const char *old_seuser, const char *old_role, const char *old_range,
- const char *host, const char *addr,
- const char *tty, int result)
-{
- const char *success;
- char buf[MAX_AUDIT_MESSAGE_LENGTH];
- char addrbuf[INET6_ADDRSTRLEN];
- static char exename[PATH_MAX*2] = "";
- char ttyname[TTY_PATH];
- int ret;
-
- if (audit_fd < 0)
- return 0;
-
- if (result)
- success = "success";
- else
- success = "failed";
-
- /* If hostname is empty string, make it NULL ptr */
- if (host && *host == 0)
- host = NULL;
- addrbuf[0] = 0;
- if (addr == NULL || strlen(addr) == 0)
- _resolve_addr(addrbuf, host);
- else
- strncat(addrbuf, addr, sizeof(addrbuf)-1);
-
- if (pgname == NULL || strlen(pgname) == 0) {
- if (exename[0] == 0)
- _get_exename(exename, sizeof(exename));
- pgname = exename;
- }
- if (tty == NULL || strlen(tty) == 0)
- tty = _get_tty(ttyname, TTY_PATH);
- else if (*tty == 0)
- tty = NULL;
-
- if (name && strlen(name) > 0) {
- size_t len;
- const char *format;
- char user[MAX_USER];
-
- user[0] = 0;
- strncat(user, name, MAX_USER-1);
- len = strnlen(user, UT_NAMESIZE);
- user[len] = 0;
- if (audit_value_needs_encoding(name, len)) {
- audit_encode_value(user, name, len);
- format = "op=%s acct=%s old-seuser=%s old-role=%s old-range=%s new-seuser=%s new-role=%s new-range=%s exe=%s hostname=%s addr=%s terminal=%s res=%s";
- } else
- format = "op=%s acct=\"%s\" old-seuser=%s old-role=%s old-range=%s new-seuser=%s new-role=%s new-range=%s exe=%s hostname=%s addr=%s terminal=%s res=%s";
- snprintf(buf, sizeof(buf), format, op, user,
- old_seuser && strlen(old_seuser) ? old_seuser : "?",
- old_role && strlen(old_role) ? old_role : "?",
- old_range && strlen(old_range) ? old_range : "?",
- new_seuser && strlen(new_seuser) ? new_seuser : "?",
- new_role && strlen(new_role) ? new_role : "?",
- new_range && strlen(new_range) ? new_range : "?",
- pgname,
- host && strlen(host) ? host : "?",
- addrbuf,
- tty && strlen(tty) ? tty : "?",
- success
- );
- } else
- snprintf(buf, sizeof(buf),
- "op=%s id=%u old-seuser=%s old-role=%s old-range=%s new-seuser=%s new-role=%s new-range=%s exe=%s hostname=%s addr=%s terminal=%s res=%s",
- op, id,
- old_seuser && strlen(old_seuser) ? old_seuser : "?",
- old_role && strlen(old_role) ? old_role : "?",
- old_range && strlen(old_range) ? old_range : "?",
- new_seuser && strlen(new_seuser) ? new_seuser : "?",
- new_role && strlen(new_role) ? new_role : "?",
- new_range && strlen(new_range) ? new_range : "?",
- pgname,
- host && strlen(host) ? host : "?",
- addrbuf,
- tty && strlen(tty) ? tty : "?",
- success
- );
-
- errno = 0;
- ret = audit_send_user_message(audit_fd, type, REAL_ERR, buf);
- if ((ret < 1) && errno == 0)
- errno = ret;
- return ret;
-}
-
-/*
- * This function will log a message to the audit system using a predefined
- * message format. This function should be used by all console apps that do
- * not manipulate accounts or groups.
- *
- * audit_fd - The fd returned by audit_open
- * type - type of message, ex: AUDIT_USER_CMD
- * command - the command line being logged
- * tty - The tty of the user
- * result - 1 is "success" and 0 is "failed"
- *
- * It returns the sequence number which is > 0 on success or <= 0 on error.
- */
-int audit_log_user_command(int audit_fd, int type, const char *command,
- const char *tty, int result)
-{
- char *p;
- char buf[MAX_AUDIT_MESSAGE_LENGTH];
- char commname[PATH_MAX*2];
- char cwdname[PATH_MAX*2];
- char ttyname[TTY_PATH];
- char format[64];
- const char *success;
- char *cmd;
- int ret, cwdenc=0, cmdenc=0;
- unsigned int len;
-
- if (audit_fd < 0)
- return 0;
-
- if (result)
- success = "success";
- else
- success = "failed";
-
- if (tty == NULL)
- tty = _get_tty(ttyname, TTY_PATH);
- else if (*tty == 0)
- tty = NULL;
-
- /* Trim leading spaces */
- while (*command == ' ')
- command++;
-
- cmd = strdup(command);
- if (cmd == NULL)
- return -1;
-
- // We borrow the commname buffer
- if (getcwd(commname, PATH_MAX) == NULL)
- strcpy(commname, "?");
- len = strlen(commname);
- if (audit_value_needs_encoding(commname, len)) {
- audit_encode_value(cwdname, commname, len);
- cwdenc = 1;
- } else
- strcpy(cwdname, commname);
-
- len = strlen(cmd);
- // Trim the trailing carriage return and spaces
- while (len && (cmd[len-1] == 0x0A || cmd[len-1] == ' ')) {
- cmd[len-1] = 0;
- len--;
- }
-
- if (len >= PATH_MAX) {
- cmd[PATH_MAX] = 0;
- len = PATH_MAX-1;
- }
- if (audit_value_needs_encoding(cmd, len)) {
- audit_encode_value(commname, cmd, len);
- cmdenc = 1;
- }
- if (cmdenc == 0)
- strcpy(commname, cmd);
- free(cmd);
-
- // Make the format string
- if (cwdenc)
- p=stpcpy(format, "cwd=%s ");
- else
- p=stpcpy(format, "cwd=\"%s\" ");
-
- if (cmdenc)
- p = stpcpy(p, "cmd=%s ");
- else
- p = stpcpy(p, "cmd=\"%s\" ");
-
- strcpy(p, "terminal=%s res=%s");
-
- // now use the format string to make the event
- snprintf(buf, sizeof(buf), format,
- cwdname, commname,
- tty ? tty : "?",
- success
- );
-
- errno = 0;
- ret = audit_send_user_message( audit_fd, type, HIDE_IT, buf );
- if ((ret < 1) && errno == 0)
- errno = ret;
- return ret;
-}
-
diff --git a/framework/src/audit/lib/deprecated.c b/framework/src/audit/lib/deprecated.c
deleted file mode 100644
index 2238e791..00000000
--- a/framework/src/audit/lib/deprecated.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* deprecated.c -- This file is the trash heap of things about to leave
- * Copyright 2006-07,2009 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-#include "config.h"
-#include <errno.h>
-#include <string.h>
-#include <pwd.h>
-#include <grp.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "libaudit.h"
-#include "private.h"
-
-/*
- * This function will send a user space message to the kernel.
- * It returns the sequence number which is > 0 on success
- * or <= 0 on error. (pam uses this) This is the main audit sending
- * function now.
- */
-int audit_send_user_message(int fd, int type, hide_t hide_error,
- const char *message)
-{
- int retry_cnt = 0;
- int rc;
-retry:
- rc = audit_send(fd, type, message, strlen(message)+1);
- if (rc == -ECONNREFUSED) {
- /* This is here to let people that build their own kernel
- and disable the audit system get in. ECONNREFUSED is
- issued by the kernel when there is "no on listening". */
- return 0;
- } else if (rc == -EPERM && getuid() != 0 && hide_error == HIDE_IT) {
- /* If we get this, then the kernel supports auditing
- * but we don't have enough privilege to write to the
- * socket. Therefore, we have already been authenticated
- * and we are a common user. Just act as though auditing
- * is not enabled. Any other error we take seriously.
- * This is here basically to satisfy Xscreensaver. */
- return 0;
- } else if (rc == -EINVAL) {
- /* If we get this, the kernel doesn't understand the
- * netlink message type. This is most likely due to
- * being an old kernel. Use the old message type. */
- if (type >= AUDIT_FIRST_USER_MSG &&
- type <= AUDIT_LAST_USER_MSG && !retry_cnt) {
-
- /* do retry */
- type = AUDIT_USER;
- retry_cnt++;
- goto retry;
- }
- }
- return rc;
-}
-hidden_def(audit_send_user_message)
-
diff --git a/framework/src/audit/lib/dso.h b/framework/src/audit/lib/dso.h
deleted file mode 100644
index 662b521b..00000000
--- a/framework/src/audit/lib/dso.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* dso.h --
- * Copyright 2005,2006,2009 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-#ifndef _DSO_H_
-#define _DSO_H_
-
-#ifdef PIC
-# define hidden __attribute__ ((visibility ("hidden")))
-# define hidden_proto(fct) __hidden_proto (fct, fct##_internal)
-# define __hidden_proto(fct, internal) \
- extern __typeof (fct) internal; \
- extern __typeof (fct) fct __asm (#internal) hidden;
-# if defined(__alpha__) || defined(__mips__)
-# define hidden_def(fct) \
- asm (".globl " #fct "\n" #fct " = " #fct "_internal");
-# else
-# define hidden_def(fct) \
- asm (".globl " #fct "\n.set " #fct ", " #fct "_internal");
-#endif
-#else
-# define hidden
-# define hidden_proto(fct)
-# define hidden_def(fct)
-#endif
-
-#endif
-
diff --git a/framework/src/audit/lib/errormsg.h b/framework/src/audit/lib/errormsg.h
deleted file mode 100644
index a4fea664..00000000
--- a/framework/src/audit/lib/errormsg.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* errormsg.h --
- * Copyright 2008 FUJITSU Inc.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Zhang Xiliang <zhangxiliang@cn.fujitsu.com>
- */
-
-struct msg_tab {
- int key; /* error number */
- /*
- * the field string position in the error message
- * 0: don't output field string
- * 1: output field string before error message
- * 2: output field string after error message
- */
- int position;
- const char *cvalue;
-};
-
-#ifndef NO_TABLES
-static const struct msg_tab err_msgtab[] = {
- { -1, 2, "-F missing operation for" },
- { -2, 2, "-F unknown field:" },
- { -3, 1, "must be before -S" },
- { -4, 1, "machine type not found" },
- { -5, 1, "elf mapping not found" },
- { -6, 1, "requested bit level not supported by machine" },
- { -7, 1, "can only be used with exit filter list" },
- { -8, 2, "-F unknown message type -" },
- { -9, 0, "msgtype field can only be used with exclude filter list" },
- { -10, 0, "Failed upgrading rule" },
- { -11, 0, "String value too long" },
- { -12, 0, "Only msgtype field can be used with exclude filter" },
- { -13, 1, "only takes = or != operators" },
- { -14, 0, "Permission can only contain \'rwxa\'" },
- { -15, 2, "-F unknown errno -"},
- { -16, 2, "-F unknown file type - " },
- { -17, 1, "can only be used with exit and entry filter list" },
- { -18, 1, "" }, // Unused
- { -19, 0, "Key field needs a watch or syscall given prior to it" },
- { -20, 2, "-F missing value after operation for" },
- { -21, 2, "-F value should be number for" },
- { -22, 2, "-F missing field name before operator for" },
- { -23, 2, "" }, // Unused
- { -24, 2, "-C missing field name before operator for" },
- { -25, 2, "-C missing value after operation for "},
- { -26, 2, "-C unknown field:" },
- { -27, 2, "-C unknown right hand value for comparison with:" },
- { -28, 2, "Too many fields in rule" },
-};
-#endif
diff --git a/framework/src/audit/lib/errtab.h b/framework/src/audit/lib/errtab.h
deleted file mode 100644
index f777d79d..00000000
--- a/framework/src/audit/lib/errtab.h
+++ /dev/null
@@ -1,154 +0,0 @@
-/* errtab.h --
- * Copyright 2007 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(EPERM, "EPERM" )
-_S(ENOENT, "ENOENT" )
-_S(ESRCH, "ESRCH" )
-_S(EINTR, "EINTR" )
-_S(EIO, "EIO" )
-_S(ENXIO, "ENXIO" )
-_S(E2BIG, "E2BIG" )
-_S(ENOEXEC, "ENOEXEC" )
-_S(EBADF, "EBADF" )
-_S(ECHILD, "ECHILD" )
-_S(EAGAIN, "EAGAIN" )
-_S(ENOMEM, "ENOMEM" )
-_S(EACCES, "EACCES" )
-_S(EFAULT, "EFAULT" )
-_S(ENOTBLK, "ENOTBLK" )
-_S(EBUSY, "EBUSY" )
-_S(EEXIST, "EEXIST" )
-_S(EXDEV, "EXDEV" )
-_S(ENODEV, "ENODEV" )
-_S(ENOTDIR, "ENOTDIR" )
-_S(EISDIR, "EISDIR" )
-_S(EINVAL, "EINVAL" )
-_S(ENFILE, "ENFILE" )
-_S(EMFILE, "EMFILE" )
-_S(ENOTTY, "ENOTTY" )
-_S(ETXTBSY, "ETXTBSY" )
-_S(EFBIG, "EFBIG" )
-_S(ENOSPC, "ENOSPC" )
-_S(ESPIPE, "ESPIPE" )
-_S(EROFS, "EROFS" )
-_S(EMLINK, "EMLINK" )
-_S(EPIPE, "EPIPE" )
-_S(EDOM, "EDOM" )
-_S(ERANGE, "ERANGE" )
-_S(EDEADLK, "EDEADLK" )
-_S(ENAMETOOLONG, "ENAMETOOLONG" )
-_S(ENOLCK, "ENOLCK" )
-_S(ENOSYS, "ENOSYS" )
-_S(ENOTEMPTY, "ENOTEMPTY" )
-_S(ELOOP, "ELOOP" )
-_S(EWOULDBLOCK, "EWOULDBLOCK" )
-_S(ENOMSG, "ENOMSG" )
-_S(EIDRM, "EIDRM" )
-_S(ECHRNG, "ECHRNG" )
-_S(EL2NSYNC, "EL2NSYNC" )
-_S(EL3HLT, "EL3HLT" )
-_S(EL3RST, "EL3RST" )
-_S(ELNRNG, "ELNRNG" )
-_S(EUNATCH, "EUNATCH" )
-_S(ENOCSI, "ENOCSI" )
-_S(EL2HLT, "EL2HLT" )
-_S(EBADE, "EBADE" )
-_S(EBADR, "EBADR" )
-_S(EXFULL, "EXFULL" )
-_S(ENOANO, "ENOANO" )
-_S(EBADRQC, "EBADRQC" )
-_S(EBADSLT, "EBADSLT" )
-_S(EDEADLOCK, "EDEADLOCK" )
-_S(EBFONT, "EBFONT" )
-_S(ENOSTR, "ENOSTR" )
-_S(ENODATA, "ENODATA" )
-_S(ETIME, "ETIME" )
-_S(ENOSR, "ENOSR" )
-_S(ENONET, "ENONET" )
-_S(ENOPKG, "ENOPKG" )
-_S(EREMOTE, "EREMOTE" )
-_S(ENOLINK, "ENOLINK" )
-_S(EADV, "EADV" )
-_S(ESRMNT, "ESRMNT" )
-_S(ECOMM, "ECOMM" )
-_S(EPROTO, "EPROTO" )
-_S(EMULTIHOP, "EMULTIHOP" )
-_S(EDOTDOT, "EDOTDOT" )
-_S(EBADMSG, "EBADMSG" )
-_S(EOVERFLOW, "EOVERFLOW" )
-_S(ENOTUNIQ, "ENOTUNIQ" )
-_S(EBADFD, "EBADFD" )
-_S(EREMCHG, "EREMCHG" )
-_S(ELIBACC, "ELIBACC" )
-_S(ELIBBAD, "ELIBBAD" )
-_S(ELIBSCN, "ELIBSCN" )
-_S(ELIBMAX, "ELIBMAX" )
-_S(ELIBEXEC, "ELIBEXEC" )
-_S(EILSEQ, "EILSEQ" )
-_S(ERESTART, "ERESTART" )
-_S(ESTRPIPE, "ESTRPIPE" )
-_S(EUSERS, "EUSERS" )
-_S(ENOTSOCK, "ENOTSOCK" )
-_S(EDESTADDRREQ, "EDESTADDRREQ" )
-_S(EMSGSIZE, "EMSGSIZE" )
-_S(EPROTOTYPE, "EPROTOTYPE" )
-_S(ENOPROTOOPT, "ENOPROTOOPT" )
-_S(EPROTONOSUPPORT, "EPROTONOSUPPORT" )
-_S(ESOCKTNOSUPPORT, "ESOCKTNOSUPPORT" )
-_S(EOPNOTSUPP, "EOPNOTSUPP" )
-_S(EPFNOSUPPORT, "EPFNOSUPPORT" )
-_S(EAFNOSUPPORT, "EAFNOSUPPORT" )
-_S(EADDRINUSE, "EADDRINUSE" )
-_S(EADDRNOTAVAIL, "EADDRNOTAVAIL" )
-_S(ENETDOWN, "ENETDOWN" )
-_S(ENETUNREACH, "ENETUNREACH" )
-_S(ENETRESET, "ENETRESET" )
-_S(ECONNABORTED, "ECONNABORTED" )
-_S(ECONNRESET, "ECONNRESET" )
-_S(ENOBUFS, "ENOBUFS" )
-_S(EISCONN, "EISCONN" )
-_S(ENOTCONN, "ENOTCONN" )
-_S(ESHUTDOWN, "ESHUTDOWN" )
-_S(ETOOMANYREFS, "ETOOMANYREFS" )
-_S(ETIMEDOUT, "ETIMEDOUT" )
-_S(ECONNREFUSED, "ECONNREFUSED" )
-_S(EHOSTDOWN, "EHOSTDOWN" )
-_S(EHOSTUNREACH, "EHOSTUNREACH" )
-_S(EALREADY, "EALREADY" )
-_S(EINPROGRESS, "EINPROGRESS" )
-_S(ESTALE, "ESTALE" )
-_S(EUCLEAN, "EUCLEAN" )
-_S(ENOTNAM, "ENOTNAM" )
-_S(ENAVAIL, "ENAVAIL" )
-_S(EISNAM, "EISNAM" )
-_S(EREMOTEIO, "EREMOTEIO" )
-_S(EDQUOT, "EDQUOT" )
-_S(ENOMEDIUM, "ENOMEDIUM" )
-_S(EMEDIUMTYPE, "EMEDIUMTYPE" )
-_S(ECANCELED, "ECANCELED" )
-_S(ENOKEY, "ENOKEY" )
-_S(EKEYEXPIRED, "EKEYEXPIRED" )
-_S(EKEYREVOKED, "EKEYREVOKED" )
-_S(EKEYREJECTED, "EKEYREJECTED" )
-_S(EOWNERDEAD, "EOWNERDEAD" )
-_S(ENOTRECOVERABLE, "ENOTRECOVERABLE" )
-
diff --git a/framework/src/audit/lib/fieldtab.h b/framework/src/audit/lib/fieldtab.h
deleted file mode 100644
index dd7474c1..00000000
--- a/framework/src/audit/lib/fieldtab.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/* fieldtab.h --
- * Copyright 2005-07 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(AUDIT_PID, "pid" )
-_S(AUDIT_UID, "uid" )
-_S(AUDIT_EUID, "euid" )
-_S(AUDIT_SUID, "suid" )
-_S(AUDIT_FSUID, "fsuid" )
-_S(AUDIT_GID, "gid" )
-_S(AUDIT_EGID, "egid" )
-_S(AUDIT_SGID, "sgid" )
-_S(AUDIT_FSGID, "fsgid" )
-_S(AUDIT_LOGINUID, "auid" )
-_S(AUDIT_LOGINUID, "loginuid" )
-_S(AUDIT_PERS, "pers" )
-_S(AUDIT_ARCH, "arch" )
-_S(AUDIT_MSGTYPE, "msgtype" )
-_S(AUDIT_SUBJ_USER, "subj_user" )
-_S(AUDIT_SUBJ_ROLE, "subj_role" )
-_S(AUDIT_SUBJ_TYPE, "subj_type" )
-_S(AUDIT_SUBJ_SEN, "subj_sen" )
-_S(AUDIT_SUBJ_CLR, "subj_clr" )
-_S(AUDIT_PPID, "ppid" )
-_S(AUDIT_OBJ_USER, "obj_user" )
-_S(AUDIT_OBJ_ROLE, "obj_role" )
-_S(AUDIT_OBJ_TYPE, "obj_type" )
-_S(AUDIT_OBJ_LEV_LOW, "obj_lev_low" )
-_S(AUDIT_OBJ_LEV_HIGH, "obj_lev_high" )
-
-_S(AUDIT_DEVMAJOR, "devmajor" )
-_S(AUDIT_DEVMINOR, "devminor" )
-_S(AUDIT_INODE, "inode" )
-_S(AUDIT_EXIT, "exit" )
-_S(AUDIT_SUCCESS, "success" )
-_S(AUDIT_WATCH, "path" )
-_S(AUDIT_PERM, "perm" )
-_S(AUDIT_DIR, "dir" )
-_S(AUDIT_FILETYPE, "filetype" )
-_S(AUDIT_OBJ_UID, "obj_uid" )
-_S(AUDIT_OBJ_GID, "obj_gid" )
-_S(AUDIT_FIELD_COMPARE, "field_compare" )
-
-_S(AUDIT_ARG0, "a0" )
-_S(AUDIT_ARG1, "a1" )
-_S(AUDIT_ARG2, "a2" )
-_S(AUDIT_ARG3, "a3" )
-
-_S(AUDIT_FILTERKEY, "key" )
-
diff --git a/framework/src/audit/lib/flagtab.h b/framework/src/audit/lib/flagtab.h
deleted file mode 100644
index e08d9bca..00000000
--- a/framework/src/audit/lib/flagtab.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* flagtab.h --
- * Copyright 2005,2006 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-_S(AUDIT_FILTER_TASK, "task" )
-_S(AUDIT_FILTER_ENTRY, "entry" )
-_S(AUDIT_FILTER_EXIT, "exit" )
-_S(AUDIT_FILTER_USER, "user" )
-_S(AUDIT_FILTER_EXCLUDE, "exclude" )
diff --git a/framework/src/audit/lib/ftypetab.h b/framework/src/audit/lib/ftypetab.h
deleted file mode 100644
index e1dc2676..00000000
--- a/framework/src/audit/lib/ftypetab.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/* actiontab.h --
- * Copyright 2008 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(S_IFSOCK, "socket" )
-_S(S_IFLNK, "link" )
-_S(S_IFREG, "file" )
-_S(S_IFBLK, "block" )
-_S(S_IFDIR, "dir" )
-_S(S_IFCHR, "character" )
-_S(S_IFIFO, "fifo" )
-
diff --git a/framework/src/audit/lib/gen_tables.c b/framework/src/audit/lib/gen_tables.c
deleted file mode 100644
index 9f25b506..00000000
--- a/framework/src/audit/lib/gen_tables.c
+++ /dev/null
@@ -1,418 +0,0 @@
-/* gen_tables.c -- Generator of lookup tables.
- * Copyright 2008 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Miloslav Trmač <mitr@redhat.com>
- */
-
-#include "config.h"
-#include <assert.h>
-#include <ctype.h>
-#include <errno.h>
-#include <limits.h>
-#include <linux/net.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <sys/personality.h>
-#include <sys/mount.h>
-#ifndef MS_DIRSYNC
-#include <linux/fs.h>
-#endif
-#include "gen_tables.h"
-#include "libaudit.h"
-#include "interpret.h"
-
-/* This is from asm/ipc.h. Copying it for now as some platforms
- * * have broken headers. */
-#define SEMOP 1
-#define SEMGET 2
-#define SEMCTL 3
-#define SEMTIMEDOP 4
-#define MSGSND 11
-#define MSGRCV 12
-#define MSGGET 13
-#define MSGCTL 14
-#define SHMAT 21
-#define SHMDT 22
-#define SHMGET 23
-#define SHMCTL 24
-
-
-/* The ratio of table size to number of non-empty elements allowed for a
- "direct" s2i table; if the ratio would be bigger, bsearch tables are used
- instead.
-
- 2 looks like a lot at a first glance, but the bsearch tables need twice as
- much space per element, so with the ratio equal to 2 the direct table uses
- no more memory and is faster. */
-#define DIRECT_THRESHOLD 2
-
-/* Allow more than one string defined for a single integer value */
-static bool allow_duplicate_ints; /* = false; */
-
-struct value {
- int val;
- const char *s;
- size_t s_offset;
- size_t orig_index;
-};
-
-/* The mapping to store. */
-static struct value values[] = {
-#define _S(VAL, S) { (VAL), (S), 0, 0 },
-#include TABLE_H
-#undef _S
-};
-
-#define NUM_VALUES (sizeof(values) / sizeof(*values))
-
-/* Compare two "struct value" members by name. */
-static int
-cmp_value_strings(const void *xa, const void *xb)
-{
- const struct value *a, *b;
-
- a = xa;
- b = xb;
- return strcmp(a->s, b->s);
-}
-
-/* Compare two "struct value" members by value. */
-static int
-cmp_value_vals(const void *xa, const void *xb)
-{
- const struct value *a, *b;
-
- a = xa;
- b = xb;
- if (a->val > b->val)
- return 1;
- if (a->val < b->val)
- return -1;
- /* Preserve the original order if there is an ambiguity, to always use
- the first specified value. */
- if (a->orig_index > b->orig_index)
- return 1;
- if (a->orig_index < b->orig_index)
- return -1;
- return 0;
-}
-
-/* Compare two "struct value" members by orig_index. */
-static int
-cmp_value_orig_index(const void *xa, const void *xb)
-{
- const struct value *a, *b;
-
- a = xa;
- b = xb;
- if (a->orig_index > b->orig_index)
- return 1;
- if (a->orig_index < b->orig_index)
- return -1;
- return 0;
-}
-
-/* Output the string table, initialize values[*]->s_offset. */
-static void
-output_strings(const char *prefix)
-{
- size_t i, offset;
-
- offset = 0;
- for (i = 0; i < NUM_VALUES; i++) {
- values[i].s_offset = offset;
- offset += strlen(values[i].s) + 1;
- }
- printf("static const char %s_strings[] = \"", prefix);
- assert(NUM_VALUES > 0);
- for (i = 0; i < NUM_VALUES; i++) {
- const char *c;
-
- if (i != 0 && i % 10 == 0)
- fputs("\"\n"
- "\t\"", stdout);
- for (c = values[i].s; *c != '\0'; c++) {
- assert(*c != '"' && *c != '\\'
- && isprint((unsigned char)*c));
- putc(*c, stdout);
- }
- if (i != NUM_VALUES - 1)
- fputs("\\0", stdout);
- }
- fputs("\";\n", stdout);
-}
-
-/* Output the string to integer mapping code.
- Assume strings are all uppsercase or all lowercase if specified by
- parameters; in that case, make the search case-insensitive.
- values must be sorted by strings. */
-static void
-output_s2i(const char *prefix, bool uppercase, bool lowercase)
-{
- size_t i;
-
- for (i = 0; i < NUM_VALUES - 1; i++) {
- assert(strcmp(values[i].s, values[i + 1].s) <= 0);
- if (strcmp(values[i].s, values[i + 1].s) == 0) {
- fprintf(stderr, "Duplicate value `%s': %d, %d\n",
- values[i].s, values[i].val, values[i + 1].val);
- abort();
- }
- }
- printf("static const unsigned %s_s2i_s[] = {", prefix);
- for (i = 0; i < NUM_VALUES; i++) {
- if (i % 10 == 0)
- fputs("\n\t", stdout);
- assert(values[i].s_offset <= UINT_MAX);
- printf("%zu,", values[i].s_offset);
- }
- printf("\n"
- "};\n"
- "static const int %s_s2i_i[] = {", prefix);
- for (i = 0; i < NUM_VALUES; i++) {
- if (i % 10 == 0)
- fputs("\n\t", stdout);
- printf("%d,", values[i].val);
- }
- fputs("\n"
- "};\n", stdout);
- assert(!(uppercase && lowercase));
- if (uppercase) {
- for (i = 0; i < NUM_VALUES; i++) {
- const char *c;
-
- for (c = values[i].s; *c != '\0'; c++)
- assert(isascii((unsigned char)*c)
- && !GT_ISLOWER(*c));
- }
- } else if (lowercase) {
- for (i = 0; i < NUM_VALUES; i++) {
- const char *c;
-
- for (c = values[i].s; *c != '\0'; c++)
- assert(isascii((unsigned char)*c)
- && !GT_ISUPPER(*c));
- }
- }
- if (uppercase || lowercase) {
- printf("static int %s_s2i(const char *s, int *value) {\n"
- "\tsize_t len, i;\n"
- "\tlen = strlen(s);\n"
- "\t{ char copy[len + 1];\n"
- "\tfor (i = 0; i < len; i++) {\n"
- "\t\tchar c = s[i];\n", prefix);
- if (uppercase)
- fputs("\t\tcopy[i] = GT_ISLOWER(c) ? c - 'a' + 'A' "
- ": c;\n", stdout);
- else
- fputs("\t\tcopy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' "
- ": c;\n", stdout);
- printf("\t}\n"
- "\tcopy[i] = 0;\n"
- "\treturn s2i__(%s_strings, %s_s2i_s, %s_s2i_i, %zu, "
- "copy, value);\n"
- "\t}\n"
- "}\n", prefix, prefix, prefix, NUM_VALUES);
- } else
- printf("static int %s_s2i(const char *s, int *value) {\n"
- "\treturn s2i__(%s_strings, %s_s2i_s, %s_s2i_i, %zu, s, "
- "value);\n"
- "}\n", prefix, prefix, prefix, prefix, NUM_VALUES);
-}
-
-/* Output the string to integer mapping table.
- values must be sorted by strings. */
-static void
-output_i2s(const char *prefix)
-{
- struct value *unique_values;
- int min_val, max_val;
- size_t i, n;
-
- assert(NUM_VALUES > 0);
- for (i = 0; i < NUM_VALUES - 1; i++) {
- assert(values[i].val <= values[i + 1].val);
- if (!allow_duplicate_ints
- && values[i].val == values[i + 1].val) {
- fprintf(stderr, "Duplicate value %d: `%s', `%s'\n",
- values[i].val, values[i].s, values[i + 1].s);
- abort();
- }
- }
-
- unique_values = malloc(NUM_VALUES * sizeof(*unique_values));
- assert(unique_values != NULL);
- n = 0;
- for (i = 0; i < NUM_VALUES; i++) {
- if (n == 0 || unique_values[n - 1].val != values[i].val) {
- unique_values[n] = values[i];
- n++;
- }
- }
-
- min_val = unique_values[0].val;
- max_val = unique_values[n - 1].val;
- if (((double)max_val - (double)min_val) / n <= DIRECT_THRESHOLD) {
- int next_index;
-
- printf("static const unsigned %s_i2s_direct[] = {", prefix);
- next_index = min_val;
- i = 0;
- for (;;) {
- if ((next_index - min_val) % 10 == 0)
- fputs("\n\t", stdout);
- while (unique_values[i].val < next_index)
- /* This can happen if (allow_duplicate_ints) */
- i++;
- if (unique_values[i].val == next_index) {
- assert(unique_values[i].s_offset <= UINT_MAX);
- printf("%zu,", unique_values[i].s_offset);
- } else
- fputs("-1u,", stdout);
- if (next_index == max_val)
- /* Done like this to avoid integer overflow */
- break;
- next_index++;
- }
- printf("\n"
- "};\n"
- "static const char *%s_i2s(int v) {\n"
- "\treturn i2s_direct__(%s_strings, %s_i2s_direct, %d, "
- "%d, v);\n"
- "}\n", prefix, prefix, prefix, min_val, max_val);
- } else {
- printf("static const int %s_i2s_i[] = {", prefix);
- for (i = 0; i < n; i++) {
- if (i % 10 == 0)
- fputs("\n\t", stdout);
- printf("%d,", unique_values[i].val);
- }
- printf("\n"
- "};\n"
- "static const unsigned %s_i2s_s[] = {", prefix);
- for (i = 0; i < n; i++) {
- if (i % 10 == 0)
- fputs("\n\t", stdout);
- assert(unique_values[i].s_offset <= UINT_MAX);
- printf("%zu,", unique_values[i].s_offset);
- }
- printf("\n"
- "};\n"
- "static const char *%s_i2s(int v) {\n"
- "\treturn i2s_bsearch__(%s_strings, %s_i2s_i, %s_i2s_s, "
- "%zu, v);\n"
- "}\n", prefix, prefix, prefix, prefix, n);
- }
- free(unique_values);
-}
-
-/* Output the string to integer mapping table as a transtab[].
- values must be sorted in the desired order. */
-static void
-output_i2s_transtab(const char *prefix)
-{
- size_t i;
- char *uc_prefix;
-
- printf("static const struct transtab %s_table[] = {", prefix);
- for (i = 0; i < NUM_VALUES; i++) {
- if (i % 10 == 0)
- fputs("\n\t", stdout);
- printf("{%d,%zu},", values[i].val, values[i].s_offset);
- }
- uc_prefix = strdup(prefix);
- assert(uc_prefix != NULL);
- for (i = 0; uc_prefix[i] != '\0'; i++)
- uc_prefix[i] = toupper((unsigned char)uc_prefix[i]);
- printf("\n"
- "};\n"
- "#define %s_NUM_ENTRIES "
- "(sizeof(%s_table) / sizeof(*%s_table))\n", uc_prefix, prefix,
- prefix);
- free(uc_prefix);
-}
-
-int
-main(int argc, char **argv)
-{
- bool gen_i2s, gen_i2s_transtab, gen_s2i, uppercase, lowercase;
- char *prefix;
- size_t i;
-
- /* This is required by gen_tables.h */
- assert(NUM_VALUES <= (SSIZE_MAX / 2 + 1));
-
- /* To make sure GT_ISUPPER and GT_ISLOWER work. */
- assert('Z' == 'A' + 25 && 'z' == 'a' + 25);
- gen_i2s = false;
- gen_i2s_transtab = false;
- gen_s2i = false;
- uppercase = false;
- lowercase = false;
- prefix = NULL;
- assert (argc > 1);
- for (i = 1; i < (size_t)argc; i++) {
- if (strcmp(argv[i], "--i2s") == 0)
- gen_i2s = true;
- else if (strcmp(argv[i], "--i2s-transtab") == 0)
- gen_i2s_transtab = true;
- else if (strcmp(argv[i], "--s2i") == 0)
- gen_s2i = true;
- else if (strcmp(argv[i], "--uppercase") == 0)
- uppercase = true;
- else if (strcmp(argv[i], "--lowercase") == 0)
- lowercase = true;
- else if (strcmp(argv[i], "--duplicate-ints") == 0)
- allow_duplicate_ints = true;
- else {
- assert(*argv[i] != '-');
- assert(prefix == NULL);
- prefix = argv[i];
- }
- }
- assert(prefix != NULL);
- assert(!(uppercase && lowercase));
-
- printf("/* This is a generated file, see Makefile.am for its "
- "inputs. */\n");
- for (i = 0; i < NUM_VALUES; i++)
- values[i].orig_index = i;
- qsort(values, NUM_VALUES, sizeof(*values), cmp_value_strings);
- /* FIXME? if (gen_s2i), sort the strings in some other order
- (e.g. "first 4 nodes in BFS of the bsearch tree first") to use the
- cache better. */
- /* FIXME? If the only thing generated is a transtab, keep the strings
- in the original order to use the cache better. */
- output_strings(prefix);
- if (gen_s2i)
- output_s2i(prefix, uppercase, lowercase);
- if (gen_i2s) {
- qsort(values, NUM_VALUES, sizeof(*values), cmp_value_vals);
- output_i2s(prefix);
- }
- if (gen_i2s_transtab) {
- qsort(values, NUM_VALUES, sizeof(*values),
- cmp_value_orig_index);
- output_i2s_transtab(prefix);
- }
- return EXIT_SUCCESS;
-}
diff --git a/framework/src/audit/lib/gen_tables.h b/framework/src/audit/lib/gen_tables.h
deleted file mode 100644
index 84237a28..00000000
--- a/framework/src/audit/lib/gen_tables.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/* gen_tables.h -- Declarations used for lookup tables.
- * Copyright 2008 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Miloslav Trmač <mitr@redhat.com>
- */
-#ifndef GEN_TABLES_H__
-#define GEN_TABLES_H__
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* Assumes ASCII; verified in gen_tables.c. */
-#define GT_ISUPPER(X) ((X) >= 'A' && (X) <= 'Z')
-#define GT_ISLOWER(X) ((X) >= 'a' && (X) <= 'z')
-
-inline static int s2i__(const char *strings, const unsigned *s_table,
- const int *i_table, size_t n, const char *s, int *value)
-{
- ssize_t left, right;
-
- left = 0;
- right = n - 1;
- while (left <= right) { /* invariant: left <= x <= right */
- size_t mid;
- int r;
-
- mid = (left + right) / 2;
- /* FIXME? avoid recomparing a common prefix */
- r = strcmp(s, strings + s_table[mid]);
- if (r == 0) {
- *value = i_table[mid];
- return 1;
- }
- if (r < 0)
- right = mid - 1;
- else
- left = mid + 1;
- }
- return 0;
-}
-
-inline static const char *i2s_direct__(const char *strings,
- const unsigned *table, int min, int max,
- int v)
-{
- unsigned off;
-
- if (v < min || v > max)
- return NULL;
- off = table[v - min];
- if (off != -1u)
- return strings + off;
- return NULL;
-}
-
-inline static const char *i2s_bsearch__(const char *strings,
- const int *i_table,
- const unsigned *s_table, size_t n,
- int v)
-{
- ssize_t left, right;
-
- left = 0;
- right = n - 1;
- while (left <= right) { /* invariant: left <= x <= right */
- size_t mid;
- int mid_val;
-
- mid = (left + right) / 2;
- mid_val = i_table[mid];
- if (v == mid_val)
- return strings + s_table[mid];
- if (v < mid_val)
- right = mid - 1;
- else
- left = mid + 1;
- }
- return NULL;
-}
-
-struct transtab {
- int value;
- unsigned offset;
-};
-
-#endif
diff --git a/framework/src/audit/lib/i386_table.h b/framework/src/audit/lib/i386_table.h
deleted file mode 100644
index 208310cf..00000000
--- a/framework/src/audit/lib/i386_table.h
+++ /dev/null
@@ -1,379 +0,0 @@
-/* i386_table.h --
- * Copyright 2005-15 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(0, "restart_syscall")
-_S(1, "exit")
-_S(2, "fork")
-_S(3, "read")
-_S(4, "write")
-_S(5, "open")
-_S(6, "close")
-_S(7, "waitpid")
-_S(8, "creat")
-_S(9, "link")
-_S(10, "unlink")
-_S(11, "execve")
-_S(12, "chdir")
-_S(13, "time")
-_S(14, "mknod")
-_S(15, "chmod")
-_S(16, "lchown")
-_S(17, "break")
-_S(18, "oldstat")
-_S(19, "lseek")
-_S(20, "getpid")
-_S(21, "mount")
-_S(22, "umount")
-_S(23, "setuid")
-_S(24, "getuid")
-_S(25, "stime")
-_S(26, "ptrace")
-_S(27, "alarm")
-_S(28, "oldfstat")
-_S(29, "pause")
-_S(30, "utime")
-_S(31, "stty")
-_S(32, "gtty")
-_S(33, "access")
-_S(34, "nice")
-_S(35, "ftime")
-_S(36, "sync")
-_S(37, "kill")
-_S(38, "rename")
-_S(39, "mkdir")
-_S(40, "rmdir")
-_S(41, "dup")
-_S(42, "pipe")
-_S(43, "times")
-_S(44, "prof")
-_S(45, "brk")
-_S(46, "setgid")
-_S(47, "getgid")
-_S(48, "signal")
-_S(49, "geteuid")
-_S(50, "getegid")
-_S(51, "acct")
-_S(52, "umount2")
-_S(53, "lock")
-_S(54, "ioctl")
-_S(55, "fcntl")
-_S(56, "mpx")
-_S(57, "setpgid")
-_S(58, "ulimit")
-_S(59, "oldolduname")
-_S(60, "umask")
-_S(61, "chroot")
-_S(62, "ustat")
-_S(63, "dup2")
-_S(64, "getppid")
-_S(65, "getpgrp")
-_S(66, "setsid")
-_S(67, "sigaction")
-_S(68, "sgetmask")
-_S(69, "ssetmask")
-_S(70, "setreuid")
-_S(71, "setregid")
-_S(72, "sigsuspend")
-_S(73, "sigpending")
-_S(74, "sethostname")
-_S(75, "setrlimit")
-_S(76, "getrlimit")
-_S(77, "getrusage")
-_S(78, "gettimeofday")
-_S(79, "settimeofday")
-_S(80, "getgroups")
-_S(81, "setgroups")
-_S(82, "select")
-_S(83, "symlink")
-_S(84, "oldlstat")
-_S(85, "readlink")
-_S(86, "uselib")
-_S(87, "swapon")
-_S(88, "reboot")
-_S(89, "readdir")
-_S(90, "mmap")
-_S(91, "munmap")
-_S(92, "truncate")
-_S(93, "ftruncate")
-_S(94, "fchmod")
-_S(95, "fchown")
-_S(96, "getpriority")
-_S(97, "setpriority")
-_S(98, "profil")
-_S(99, "statfs")
-_S(100, "fstatfs")
-_S(101, "ioperm")
-_S(102, "socketcall")
-_S(103, "syslog")
-_S(104, "setitimer")
-_S(105, "getitimer")
-_S(106, "stat")
-_S(107, "lstat")
-_S(108, "fstat")
-_S(109, "olduname")
-_S(110, "iopl")
-_S(111, "vhangup")
-_S(112, "idle")
-_S(113, "vm86old")
-_S(114, "wait4")
-_S(115, "swapoff")
-_S(116, "sysinfo")
-_S(117, "ipc")
-_S(118, "fsync")
-_S(119, "sigreturn")
-_S(120, "clone")
-_S(121, "setdomainname")
-_S(122, "uname")
-_S(123, "modify_ldt")
-_S(124, "adjtimex")
-_S(125, "mprotect")
-_S(126, "sigprocmask")
-_S(127, "create_module")
-_S(128, "init_module")
-_S(129, "delete_module")
-_S(130, "get_kernel_syms")
-_S(131, "quotactl")
-_S(132, "getpgid")
-_S(133, "fchdir")
-_S(134, "bdflush")
-_S(135, "sysfs")
-_S(136, "personality")
-_S(137, "afs_syscall")
-_S(138, "setfsuid")
-_S(139, "setfsgid")
-_S(140, "_llseek")
-_S(141, "getdents")
-_S(142, "_newselect")
-_S(143, "flock")
-_S(144, "msync")
-_S(145, "readv")
-_S(146, "writev")
-_S(147, "getsid")
-_S(148, "fdatasync")
-_S(149, "_sysctl")
-_S(150, "mlock")
-_S(151, "munlock")
-_S(152, "mlockall")
-_S(153, "munlockall")
-_S(154, "sched_setparam")
-_S(155, "sched_getparam")
-_S(156, "sched_setscheduler")
-_S(157, "sched_getscheduler")
-_S(158, "sched_yield")
-_S(159, "sched_get_priority_max")
-_S(160, "sched_get_priority_min")
-_S(161, "sched_rr_get_interval")
-_S(162, "nanosleep")
-_S(163, "mremap")
-_S(164, "setresuid")
-_S(165, "getresuid")
-_S(166, "vm86")
-_S(167, "query_module")
-_S(168, "poll")
-_S(169, "nfsservctl")
-_S(170, "setresgid")
-_S(171, "getresgid")
-_S(172, "prctl")
-_S(173, "rt_sigreturn")
-_S(174, "rt_sigaction")
-_S(175, "rt_sigprocmask")
-_S(176, "rt_sigpending")
-_S(177, "rt_sigtimedwait")
-_S(178, "rt_sigqueueinfo")
-_S(179, "rt_sigsuspend")
-_S(180, "pread64")
-_S(181, "pwrite64")
-_S(182, "chown")
-_S(183, "getcwd")
-_S(184, "capget")
-_S(185, "capset")
-_S(186, "sigaltstack")
-_S(187, "sendfile")
-_S(188, "getpmsg")
-_S(189, "putpmsg")
-_S(190, "vfork")
-_S(191, "ugetrlimit")
-_S(192, "mmap2")
-_S(193, "truncate64")
-_S(194, "ftruncate64")
-_S(195, "stat64")
-_S(196, "lstat64")
-_S(197, "fstat64")
-_S(198, "lchown32")
-_S(199, "getuid32")
-_S(200, "getgid32")
-_S(201, "geteuid32")
-_S(202, "getegid32")
-_S(203, "setreuid32")
-_S(204, "setregid32")
-_S(205, "getgroups32")
-_S(206, "setgroups32")
-_S(207, "fchown32")
-_S(208, "setresuid32")
-_S(209, "getresuid32")
-_S(210, "setresgid32")
-_S(211, "getresgid32")
-_S(212, "chown32")
-_S(213, "setuid32")
-_S(214, "setgid32")
-_S(215, "setfsuid32")
-_S(216, "setfsgid32")
-_S(217, "pivot_root")
-_S(218, "mincore")
-_S(219, "madvise")
-_S(219, "madvise1")
-_S(220, "getdents64")
-_S(221, "fcntl64")
-_S(224, "gettid")
-_S(225, "readahead")
-_S(226, "setxattr")
-_S(227, "lsetxattr")
-_S(228, "fsetxattr")
-_S(229, "getxattr")
-_S(230, "lgetxattr")
-_S(231, "fgetxattr")
-_S(232, "listxattr")
-_S(233, "llistxattr")
-_S(234, "flistxattr")
-_S(235, "removexattr")
-_S(236, "lremovexattr")
-_S(237, "fremovexattr")
-_S(238, "tkill")
-_S(239, "sendfile64")
-_S(240, "futex")
-_S(241, "sched_setaffinity")
-_S(242, "sched_getaffinity")
-_S(243, "set_thread_area")
-_S(244, "get_thread_area")
-_S(245, "io_setup")
-_S(246, "io_destroy")
-_S(247, "io_getevents")
-_S(248, "io_submit")
-_S(249, "io_cancel")
-_S(250, "fadvise64")
-_S(252, "exit_group")
-_S(253, "lookup_dcookie")
-_S(254, "epoll_create")
-_S(255, "epoll_ctl")
-_S(256, "epoll_wait")
-_S(257, "remap_file_pages")
-_S(258, "set_tid_address")
-_S(259, "timer_create")
-_S(260, "timer_settime")
-_S(261, "timer_gettime")
-_S(262, "timer_getoverrun")
-_S(263, "timer_delete")
-_S(264, "clock_settime")
-_S(265, "clock_gettime")
-_S(266, "clock_getres")
-_S(267, "clock_nanosleep")
-_S(268, "statfs64")
-_S(269, "fstatfs64")
-_S(270, "tgkill")
-_S(271, "utimes")
-_S(272, "fadvise64_64")
-_S(273, "vserver")
-_S(274, "mbind")
-_S(275, "get_mempolicy")
-_S(276, "set_mempolicy")
-_S(277, "mq_open")
-_S(278, "mq_unlink")
-_S(279, "mq_timedsend")
-_S(280, "mq_timedreceive")
-_S(281, "mq_notify")
-_S(282, "mq_getsetattr")
-_S(283, "sys_kexec_load")
-_S(284, "waitid")
-// 285 is setaltroot but it is not defined (yet)
-_S(286, "add_key")
-_S(287, "request_key")
-_S(288, "keyctl")
-_S(289, "ioprio_set")
-_S(290, "ioprio_get")
-_S(291, "inotify_init")
-_S(292, "inotify_add_watch")
-_S(293, "inotify_rm_watch")
-_S(294, "migrate_pages")
-_S(295, "openat")
-_S(296, "mkdirat")
-_S(297, "mknodat")
-_S(298, "fchownat")
-_S(299, "futimesat")
-_S(300, "fstatat64")
-_S(301, "unlinkat")
-_S(302, "renameat")
-_S(303, "linkat")
-_S(304, "symlinkat")
-_S(305, "readlinkat")
-_S(306, "fchmodat")
-_S(307, "faccessat")
-_S(308, "pselect6")
-_S(309, "ppoll")
-_S(310, "unshare")
-_S(311, "set_robust_list")
-_S(312, "get_robust_list")
-_S(313, "splice")
-_S(314, "sync_file_range")
-_S(315, "tee")
-_S(316, "vmsplice")
-_S(317, "move_pages")
-_S(318, "getcpu")
-_S(319, "epoll_pwait")
-_S(320, "utimensat")
-_S(321, "signalfd")
-_S(322, "timerfd")
-_S(323, "eventfd")
-_S(324, "fallocate")
-_S(325, "timerfd_settime")
-_S(326, "timerfd_gettime")
-_S(327, "signalfd4")
-_S(328, "eventfd2")
-_S(329, "epoll_create1")
-_S(330, "dup3")
-_S(331, "pipe2")
-_S(332, "inotify_init1")
-_S(333, "preadv")
-_S(334, "pwritev")
-_S(335, "rt_tgsigqueueinfo")
-_S(336, "perf_event_open")
-_S(337, "recvmmsg")
-_S(338, "fanotify_init")
-_S(339, "fanotify_mark")
-_S(340, "prlimit64")
-_S(341, "name_to_handle_at")
-_S(342, "open_by_handle_at")
-_S(343, "clock_adjtime")
-_S(344, "syncfs")
-_S(345, "sendmmsg")
-_S(346, "setns")
-_S(347, "process_vm_readv")
-_S(348, "process_vm_writev")
-_S(349, "kcmp")
-_S(350, "finit_module")
-_S(351, "sched_setattr")
-_S(352, "sched_getattr")
-_S(353, "renameat2")
-_S(354, "seccomp")
-_S(355, "getrandom")
-_S(356, "memfd_create")
-_S(357, "bpf")
-_S(358, "execveat")
diff --git a/framework/src/audit/lib/ia64_table.h b/framework/src/audit/lib/ia64_table.h
deleted file mode 100644
index 4a154670..00000000
--- a/framework/src/audit/lib/ia64_table.h
+++ /dev/null
@@ -1,335 +0,0 @@
-/* ia64_table.h --
- * Copyright 2005-15 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(1024, "ni_syscall")
-_S(1025, "exit")
-_S(1026, "read")
-_S(1027, "write")
-_S(1028, "open")
-_S(1029, "close")
-_S(1030, "creat")
-_S(1031, "link")
-_S(1032, "unlink")
-_S(1033, "execve")
-_S(1034, "chdir")
-_S(1035, "fchdir")
-_S(1036, "utimes")
-_S(1037, "mknod")
-_S(1038, "chmod")
-_S(1039, "chown")
-_S(1040, "lseek")
-_S(1041, "getpid")
-_S(1042, "getppid")
-_S(1043, "mount")
-_S(1044, "umount")
-_S(1045, "setuid")
-_S(1046, "getuid")
-_S(1047, "geteuid")
-_S(1048, "ptrace")
-_S(1049, "access")
-_S(1050, "sync")
-_S(1051, "fsync")
-_S(1052, "fdatasync")
-_S(1053, "kill")
-_S(1054, "rename")
-_S(1055, "mkdir")
-_S(1056, "rmdir")
-_S(1057, "dup")
-_S(1058, "pipe")
-_S(1059, "times")
-_S(1060, "brk")
-_S(1061, "setgid")
-_S(1062, "getgid")
-_S(1063, "getegid")
-_S(1064, "acct")
-_S(1065, "ioctl")
-_S(1066, "fcntl")
-_S(1067, "umask")
-_S(1068, "chroot")
-_S(1069, "ustat")
-_S(1070, "dup2")
-_S(1071, "setreuid")
-_S(1072, "setregid")
-_S(1073, "getresuid")
-_S(1074, "setresuid")
-_S(1075, "getresgid")
-_S(1076, "setresgid")
-_S(1077, "getgroups")
-_S(1078, "setgroups")
-_S(1079, "getpgid")
-_S(1080, "setpgid")
-_S(1081, "setsid")
-_S(1082, "getsid")
-_S(1083, "sethostname")
-_S(1084, "setrlimit")
-_S(1085, "getrlimit")
-_S(1086, "getrusage")
-_S(1087, "gettimeofday")
-_S(1088, "settimeofday")
-_S(1089, "select")
-_S(1090, "poll")
-_S(1091, "symlink")
-_S(1092, "readlink")
-_S(1093, "uselib")
-_S(1094, "swapon")
-_S(1095, "swapoff")
-_S(1096, "reboot")
-_S(1097, "truncate")
-_S(1098, "ftruncate")
-_S(1099, "fchmod")
-_S(1100, "fchown")
-_S(1101, "getpriority")
-_S(1102, "setpriority")
-_S(1103, "statfs")
-_S(1104, "fstatfs")
-_S(1105, "gettid")
-_S(1106, "semget")
-_S(1107, "semop")
-_S(1108, "semctl")
-_S(1109, "msgget")
-_S(1110, "msgsnd")
-_S(1111, "msgrcv")
-_S(1112, "msgctl")
-_S(1113, "shmget")
-_S(1114, "shmat")
-_S(1115, "shmdt")
-_S(1116, "shmctl")
-_S(1117, "syslog")
-_S(1118, "setitimer")
-_S(1119, "getitimer")
-_S(1120, "tux")
-_S(1123, "vhangup")
-_S(1124, "lchown")
-_S(1125, "remap_file_pages")
-_S(1126, "wait4")
-_S(1127, "sysinfo")
-_S(1128, "clone")
-_S(1129, "setdomainname")
-_S(1130, "uname")
-_S(1131, "adjtimex")
-_S(1133, "init_module")
-_S(1134, "delete_module")
-_S(1137, "quotactl")
-_S(1138, "bdflush")
-_S(1139, "sysfs")
-_S(1140, "personality")
-_S(1141, "afs_syscall")
-_S(1142, "setfsuid")
-_S(1143, "setfsgid")
-_S(1144, "getdents")
-_S(1145, "flock")
-_S(1146, "readv")
-_S(1147, "writev")
-_S(1148, "pread64")
-_S(1149, "pwrite64")
-_S(1150, "_sysctl")
-_S(1151, "mmap")
-_S(1152, "munmap")
-_S(1153, "mlock")
-_S(1154, "mlockall")
-_S(1155, "mprotect")
-_S(1156, "mremap")
-_S(1157, "msync")
-_S(1158, "munlock")
-_S(1159, "munlockall")
-_S(1160, "sched_getparam")
-_S(1161, "sched_setparam")
-_S(1162, "sched_getscheduler")
-_S(1163, "sched_setscheduler")
-_S(1164, "sched_yield")
-_S(1165, "sched_get_priority_max")
-_S(1166, "sched_get_priority_min")
-_S(1167, "sched_rr_get_interval")
-_S(1168, "nanosleep")
-_S(1169, "nfsservctl")
-_S(1170, "prctl")
-_S(1172, "mmap2")
-_S(1173, "pciconfig_read")
-_S(1174, "pciconfig_write")
-_S(1175, "perfmonctl")
-_S(1176, "sigaltstack")
-_S(1177, "rt_sigaction")
-_S(1178, "rt_sigpending")
-_S(1179, "rt_sigprocmask")
-_S(1180, "rt_sigqueueinfo")
-_S(1181, "rt_sigreturn")
-_S(1182, "rt_sigsuspend")
-_S(1183, "rt_sigtimedwait")
-_S(1184, "getcwd")
-_S(1185, "capget")
-_S(1186, "capset")
-_S(1187, "sendfile")
-_S(1188, "getpmsg")
-_S(1189, "putpmsg")
-_S(1190, "socket")
-_S(1191, "bind")
-_S(1192, "connect")
-_S(1193, "listen")
-_S(1194, "accept")
-_S(1195, "getsockname")
-_S(1196, "getpeername")
-_S(1197, "socketpair")
-_S(1198, "send")
-_S(1199, "sendto")
-_S(1200, "recv")
-_S(1201, "recvfrom")
-_S(1202, "shutdown")
-_S(1203, "setsockopt")
-_S(1204, "getsockopt")
-_S(1205, "sendmsg")
-_S(1206, "recvmsg")
-_S(1207, "pivot_root")
-_S(1208, "mincore")
-_S(1209, "madvise")
-_S(1210, "stat")
-_S(1211, "lstat")
-_S(1212, "fstat")
-_S(1213, "clone2")
-_S(1214, "getdents64")
-_S(1215, "getunwind")
-_S(1216, "readahead")
-_S(1217, "setxattr")
-_S(1218, "lsetxattr")
-_S(1219, "fsetxattr")
-_S(1220, "getxattr")
-_S(1221, "lgetxattr")
-_S(1222, "fgetxattr")
-_S(1223, "listxattr")
-_S(1224, "llistxattr")
-_S(1225, "flistxattr")
-_S(1226, "removexattr")
-_S(1227, "lremovexattr")
-_S(1228, "fremovexattr")
-_S(1229, "tkill")
-_S(1230, "futex")
-_S(1231, "sched_setaffinity")
-_S(1232, "sched_getaffinity")
-_S(1233, "set_tid_address")
-_S(1234, "fadvise64")
-_S(1235, "tgkill")
-_S(1236, "exit_group")
-_S(1237, "lookup_dcookie")
-_S(1238, "io_setup")
-_S(1239, "io_destroy")
-_S(1240, "io_getevents")
-_S(1241, "io_submit")
-_S(1242, "io_cancel")
-_S(1243, "epoll_create")
-_S(1244, "epoll_ctl")
-_S(1245, "epoll_wait")
-_S(1246, "restart_syscall")
-_S(1247, "semtimedop")
-_S(1248, "timer_create")
-_S(1249, "timer_settime")
-_S(1250, "timer_gettime")
-_S(1251, "timer_getoverrun")
-_S(1252, "timer_delete")
-_S(1253, "clock_settime")
-_S(1254, "clock_gettime")
-_S(1255, "clock_getres")
-_S(1256, "clock_nanosleep")
-_S(1257, "fstatfs64")
-_S(1258, "statfs64")
-_S(1259, "mbind")
-_S(1260, "get_mempolicy")
-_S(1261, "set_mempolicy")
-_S(1262, "mq_open")
-_S(1263, "mq_unlink")
-_S(1264, "mq_timedsend")
-_S(1265, "mq_timedreceive")
-_S(1266, "mq_notify")
-_S(1267, "mq_getsetattr")
-_S(1268, "kexec_load")
-_S(1269, "vserver")
-_S(1270, "waitid")
-_S(1271, "add_key")
-_S(1272, "request_key")
-_S(1273, "keyctl")
-_S(1274, "ioprio_set")
-_S(1275, "ioprio_get")
-_S(1276, "set_zone_reclaim")
-_S(1277, "inotify_init")
-_S(1278, "inotify_add_watch")
-_S(1279, "inotify_rm_watch")
-_S(1280, "migrate_pages")
-_S(1281, "openat")
-_S(1282, "mkdirat")
-_S(1283, "mknodat")
-_S(1284, "fchownat")
-_S(1285, "futimesat")
-_S(1286, "newfstatat")
-_S(1287, "unlinkat")
-_S(1288, "renameat")
-_S(1289, "linkat")
-_S(1290, "symlinkat")
-_S(1291, "readlinkat")
-_S(1292, "fchmodat")
-_S(1293, "faccessat")
-_S(1294, "pselect")
-_S(1295, "ppoll")
-_S(1296, "unshare")
-_S(1297, "splice")
-_S(1298, "set_robust_list")
-_S(1299, "get_robust_list")
-_S(1300, "sync_file_range")
-_S(1301, "tee")
-_S(1302, "vmsplice")
-_S(1303, "fallocate")
-_S(1304, "getcpu")
-_S(1305, "epoll_pwait")
-_S(1306, "utimensat")
-_S(1307, "signalfd")
-_S(1308, "timerfd")
-_S(1309, "eventfd")
-_S(1310, "timerfd_create")
-_S(1311, "timerfd_settime")
-_S(1312, "timerfd_gettime")
-_S(1313, "signalfd4")
-_S(1314, "eventfd2")
-_S(1315, "epoll_create1")
-_S(1316, "dup3")
-_S(1317, "pipe2")
-_S(1318, "inotify_init1")
-_S(1319, "preadv")
-_S(1320, "pwritev")
-_S(1321, "rt_tgsigqueueinfo")
-_S(1322, "recvmmsg")
-_S(1323, "fanotify_init")
-_S(1324, "fanotify_mark")
-_S(1325, "prlimit64")
-_S(1326, "name_to_handle_at")
-_S(1327, "open_by_handle_at")
-_S(1328, "clock_adjtime")
-_S(1329, "syncfs")
-_S(1330, "setns")
-_S(1331, "sendmmsg")
-_S(1332, "process_vm_readv")
-_S(1333, "process_vm_writev")
-_S(1334, "accept4")
-_S(1335, "finit_module")
-_S(1336, "sched_setattr")
-_S(1337, "sched_getattr")
-_S(1338, "renameat2")
-_S(1339, "getrandom")
-_S(1340, "memfd_create")
-_S(1341, "bpf")
-_S(1342, "execveat")
diff --git a/framework/src/audit/lib/libaudit.c b/framework/src/audit/lib/libaudit.c
deleted file mode 100644
index 6311b813..00000000
--- a/framework/src/audit/lib/libaudit.c
+++ /dev/null
@@ -1,1606 +0,0 @@
-/* libaudit.c --
- * Copyright 2004-2009,2012,2014 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- * Rickard E. (Rik) Faith <faith@redhat.com>
- */
-
-#include "config.h"
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <ctype.h>
-#include <time.h>
-#include <pwd.h>
-#include <grp.h>
-#include <errno.h>
-#include <sys/poll.h>
-#include <sys/utsname.h>
-#include <sys/stat.h>
-#include <fcntl.h> /* O_NOFOLLOW needs gnu defined */
-#include <limits.h> /* for PATH_MAX */
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include "libaudit.h"
-#include "private.h"
-#include "errormsg.h"
-
-/* #defines for the audit failure query */
-#define CONFIG_FILE "/etc/libaudit.conf"
-
-/* Local prototypes */
-struct nv_pair
-{
- const char *name;
- const char *value;
-};
-
-struct kw_pair
-{
- const char *name;
- int (*parser)(const char *, int);
-};
-
-struct nv_list
-{
- const char *name;
- int option;
-};
-
-struct libaudit_conf
-{
- auditfail_t failure_action;
-};
-
-static const struct nv_list failure_actions[] =
-{
- {"ignore", FAIL_IGNORE },
- {"log", FAIL_LOG },
- {"terminate", FAIL_TERMINATE },
- { NULL, 0 }
-};
-
-int _audit_permadded = 0;
-int _audit_archadded = 0;
-int _audit_syscalladded = 0;
-unsigned int _audit_elf = 0U;
-static struct libaudit_conf config;
-
-static int audit_failure_parser(const char *val, int line);
-static int audit_name_to_uid(const char *name, uid_t *uid);
-static int audit_name_to_gid(const char *name, gid_t *gid);
-
-static const struct kw_pair keywords[] =
-{
- {"failure_action", audit_failure_parser },
- { NULL, NULL }
-};
-
-static int audit_priority(int xerrno)
-{
- /* If they've compiled their own kernel and did not include
- * the audit susbsystem, they will get ECONNREFUSED. We'll
- * demote the message to debug so its not lost entirely. */
- if (xerrno == ECONNREFUSED)
- return LOG_DEBUG;
- else
- return LOG_WARNING;
-}
-
-int audit_request_status(int fd)
-{
- int rc = audit_send(fd, AUDIT_GET, NULL, 0);
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error sending status request (%s)", strerror(-rc));
- return rc;
-}
-hidden_def(audit_request_status)
-
-/*
- * Set everything to its default value
- */
-static void clear_config(void)
-{
- config.failure_action = FAIL_IGNORE;
-}
-
-/* Get 1 line from file */
-static char *get_line(FILE *f, char *buf, size_t len)
-{
- if (fgets(buf, len, f)) {
- /* remove newline */
- char *ptr = strchr(buf, 0x0a);
- if (ptr)
- *ptr = 0;
- return buf;
- }
- return NULL;
-}
-
-static int nv_split(char *buf, struct nv_pair *nv)
-{
- /* Get the name part */
- char *ptr, *saved=NULL;
-
- nv->name = NULL;
- nv->value = NULL;
- ptr = audit_strsplit_r(buf, &saved);
- if (ptr == NULL)
- return 0; /* If there's nothing, go to next line */
- if (ptr[0] == '#')
- return 0; /* If there's a comment, go to next line */
- nv->name = ptr;
-
- /* Check for a '=' */
- ptr = audit_strsplit_r(NULL, &saved);
- if (ptr == NULL)
- return 1;
- if (strcmp(ptr, "=") != 0)
- return 2;
-
- /* get the value */
- ptr = audit_strsplit_r(NULL, &saved);
- if (ptr == NULL)
- return 1;
- nv->value = ptr;
-
- /* Make sure there's nothing else */
- ptr = audit_strsplit_r(NULL, &saved);
- if (ptr)
- return 1;
-
- /* Everything is OK */
- return 0;
-}
-
-static const struct kw_pair *kw_lookup(const char *val)
-{
- int i = 0;
- while (keywords[i].name != NULL) {
- if (strcasecmp(keywords[i].name, val) == 0)
- break;
- i++;
- }
- return &keywords[i];
-}
-
-static int audit_failure_parser(const char *val, int line)
-{
- int i;
-
- audit_msg(LOG_DEBUG, "audit_failure_parser called with: %s", val);
- for (i=0; failure_actions[i].name != NULL; i++) {
- if (strcasecmp(val, failure_actions[i].name) == 0) {
- config.failure_action = failure_actions[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", val, line);
- return 1;
-}
-
-/*
- * Read the /etc/libaudit.conf file and all tunables.
- */
-static int load_libaudit_config(const char *path)
-{
- int fd, rc, lineno = 1;
- struct stat st;
- FILE *f;
- char buf[128];
-
- /* open the file */
- rc = open(path, O_NOFOLLOW|O_RDONLY);
- if (rc < 0) {
- if (errno != ENOENT) {
- audit_msg(LOG_ERR, "Error opening %s (%s)",
- path, strerror(errno));
- return 1;
- }
- audit_msg(LOG_WARNING,
- "Config file %s doesn't exist, skipping", path);
- return 0;
- }
- fd = rc;
-
- /* check the file's permissions: owned by root, not world writable,
- * not symlink.
- */
- audit_msg(LOG_DEBUG, "Config file %s opened for parsing", path);
- if (fstat(fd, &st) < 0) {
- audit_msg(LOG_ERR, "Error fstat'ing %s (%s)",
- path, strerror(errno));
- close(fd);
- return 1;
- }
- if (st.st_uid != 0) {
- audit_msg(LOG_ERR, "Error - %s isn't owned by root", path);
- close(fd);
- return 1;
- }
- if ((st.st_mode & S_IWOTH) == S_IWOTH) {
- audit_msg(LOG_ERR, "Error - %s is world writable", path);
- close(fd);
- return 1;
- }
- if (!S_ISREG(st.st_mode)) {
- audit_msg(LOG_ERR, "Error - %s is not a regular file", path);
- close(fd);
- return 1;
- }
-
- /* it's ok, read line by line */
- f = fdopen(fd, "rm");
- if (f == NULL) {
- audit_msg(LOG_ERR, "Error - fdopen failed (%s)",
- strerror(errno));
- close(fd);
- return 1;
- }
-
- while (get_line(f, buf, sizeof(buf))) {
- // convert line into name-value pair
- const struct kw_pair *kw;
- struct nv_pair nv;
- rc = nv_split(buf, &nv);
- switch (rc) {
- case 0: // fine
- break;
- case 1: // not the right number of tokens.
- audit_msg(LOG_ERR,
- "Wrong number of arguments for line %d in %s",
- lineno, path);
- break;
- case 2: // no '=' sign
- audit_msg(LOG_ERR,
- "Missing equal sign for line %d in %s",
- lineno, path);
- break;
- default: // something else went wrong...
- audit_msg(LOG_ERR,
- "Unknown error for line %d in %s",
- lineno, path);
- break;
- }
- if (nv.name == NULL) {
- lineno++;
- continue;
- }
- if (nv.value == NULL) {
- fclose(f);
- return 1;
- }
-
- /* identify keyword or error */
- kw = kw_lookup(nv.name);
- if (kw->name == NULL) {
- audit_msg(LOG_ERR,
- "Unknown keyword \"%s\" in line %d of %s",
- nv.name, lineno, path);
- fclose(f);
- return 1;
- }
-
- /* dispatch to keyword's local parser */
- rc = kw->parser(nv.value, lineno);
- if (rc != 0) {
- fclose(f);
- return 1; // local parser puts message out
- }
-
- lineno++;
- }
-
- fclose(f);
- return 0;
-}
-
-
-/*
- * This function is called to get the value of the failure_action
- * tunable stored in /etc/libaudit.conf. The function returns 1 if
- * the tunable is not found or there is an error. If the tunable is found,
- * 0 is returned the the tunable value is saved in the failmode parameter.
- */
-int get_auditfail_action(auditfail_t *failmode)
-{
- clear_config();
-
- if (load_libaudit_config(CONFIG_FILE)) {
- *failmode = config.failure_action;
- return 1;
- }
-
- *failmode = config.failure_action;
- return 0;
-}
-
-int audit_set_enabled(int fd, uint32_t enabled)
-{
- int rc;
- struct audit_status s;
-
- memset(&s, 0, sizeof(s));
- s.mask = AUDIT_STATUS_ENABLED;
- s.enabled = enabled;
- rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error sending enable request (%s)", strerror(-rc));
- return rc;
-}
-
-/*
- * This function will return 0 if auditing is NOT enabled and
- * 1 if enabled, and -1 on error.
- */
-int audit_is_enabled(int fd)
-{
- int rc;
-
- if (fd < 0)
- return 0;
-
- if ((rc = audit_request_status(fd)) > 0) {
- struct audit_reply rep;
- int i;
- int timeout = 40; /* tenths of seconds */
- struct pollfd pfd[1];
-
- pfd[0].fd = fd;
- pfd[0].events = POLLIN;
-
- for (i = 0; i < timeout; i++) {
- do {
- rc = poll(pfd, 1, 100);
- } while (rc < 0 && errno == EINTR);
-
- rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING,0);
- if (rc > 0) {
- /* If we get done or error, break out */
- if (rep.type == NLMSG_DONE ||
- rep.type == NLMSG_ERROR)
- break;
-
- /* If its not status, keep looping */
- if (rep.type != AUDIT_GET)
- continue;
-
- /* Found it... */
- return rep.status->enabled;
- }
- }
- }
- if (rc == -ECONNREFUSED) {
- /* This is here to let people that build their own kernel
- and disable the audit system get in. ECONNREFUSED is
- issued by the kernel when there is "no on listening". */
- return 0;
- } else if (rc == -EPERM && getuid() != 0) {
- /* If we get this, then the kernel supports auditing
- * but we don't have enough privilege to write to the
- * socket. Therefore, we have already been authenticated
- * and we are a common user. Just act as though auditing
- * is not enabled. Any other error we take seriously.
- * This is here basically to satisfy Xscreensaver. */
- return 0;
- }
- return -1;
-}
-
-int audit_set_failure(int fd, uint32_t failure)
-{
- int rc;
- struct audit_status s;
-
- memset(&s, 0, sizeof(s));
- s.mask = AUDIT_STATUS_FAILURE;
- s.failure = failure;
- rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error sending failure mode request (%s)",
- strerror(-rc));
- return rc;
-}
-
-/*
- * This function returns -1 on error and 1 on success.
- */
-int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode)
-{
- struct audit_status s;
- struct audit_reply rep;
- struct pollfd pfd[1];
- int rc;
-
- memset(&s, 0, sizeof(s));
- s.mask = AUDIT_STATUS_PID;
- s.pid = pid;
- rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
- if (rc < 0) {
- audit_msg(audit_priority(errno),
- "Error setting audit daemon pid (%s)",
- strerror(-rc));
- return rc;
- }
- if (wmode == WAIT_NO)
- return 1;
-
- /* Now we'll see if there's any reply message. This only
- happens on error. It is not fatal if there is no message.
- As a matter of fact, we don't do anything with the message
- besides gobble it. */
- pfd[0].fd = fd;
- pfd[0].events = POLLIN;
- do {
- rc = poll(pfd, 1, 100); /* .1 second */
- } while (rc < 0 && errno == EINTR);
-
- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
- return 1;
-}
-
-int audit_set_rate_limit(int fd, uint32_t limit)
-{
- int rc;
- struct audit_status s;
-
- memset(&s, 0, sizeof(s));
- s.mask = AUDIT_STATUS_RATE_LIMIT;
- s.rate_limit = limit;
- rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error sending rate limit request (%s)",
- strerror(-rc));
- return rc;
-}
-
-int audit_set_backlog_limit(int fd, uint32_t limit)
-{
- int rc;
- struct audit_status s;
-
- memset(&s, 0, sizeof(s));
- s.mask = AUDIT_STATUS_BACKLOG_LIMIT;
- s.backlog_limit = limit;
- rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error sending backlog limit request (%s)",
- strerror(-rc));
- return rc;
-}
-
-int audit_set_backlog_wait_time(int fd, uint32_t bwt)
-{
- int rc = -1;
-#if HAVE_DECL_AUDIT_VERSION_BACKLOG_WAIT_TIME
- struct audit_status s;
-
- memset(&s, 0, sizeof(s));
- s.mask = AUDIT_STATUS_BACKLOG_WAIT_TIME;
- s.backlog_wait_time = bwt;
- rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error sending backlog limit request (%s)",
- strerror(-rc));
-#endif
- return rc;
-}
-
-int audit_set_feature(int fd, unsigned feature, unsigned value, unsigned lock)
-{
-#if HAVE_DECL_AUDIT_FEATURE_VERSION
- int rc;
- struct audit_features f;
-
- memset(&f, 0, sizeof(f));
- f.mask = AUDIT_FEATURE_TO_MASK(feature);
- if (value)
- f.features = AUDIT_FEATURE_TO_MASK(feature);
- if (lock)
- f.lock = AUDIT_FEATURE_TO_MASK(feature);
- rc = audit_send(fd, AUDIT_SET_FEATURE, &f, sizeof(f));
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error setting feature (%s)",
- strerror(-rc));
- return rc;
-#else
- errno = EINVAL;
- return -1;
-#endif
-}
-hidden_def(audit_set_feature)
-
-int audit_request_features(int fd)
-{
-#if HAVE_DECL_AUDIT_FEATURE_VERSION
- int rc;
- struct audit_features f;
-
- memset(&f, 0, sizeof(f));
- rc = audit_send(fd, AUDIT_GET_FEATURE, &f, sizeof(f));
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error getting feature (%s)",
- strerror(-rc));
- return rc;
-#else
- errno = EINVAL;
- return -1;
-#endif
-}
-hidden_def(audit_request_features)
-
-extern int audit_set_loginuid_immutable(int fd)
-{
-#if HAVE_DECL_AUDIT_FEATURE_VERSION
- return audit_set_feature(fd, AUDIT_FEATURE_LOGINUID_IMMUTABLE, 1, 1);
-#else
- errno = EINVAL;
- return -1;
-#endif
-}
-
-int audit_request_rules_list_data(int fd)
-{
- int rc = audit_send(fd, AUDIT_LIST_RULES, NULL, 0);
- if (rc < 0 && rc != -EINVAL)
- audit_msg(audit_priority(errno),
- "Error sending rule list data request (%s)",
- strerror(-rc));
- return rc;
-}
-
-int audit_request_signal_info(int fd)
-{
- int rc = audit_send(fd, AUDIT_SIGNAL_INFO, NULL, 0);
- if (rc < 0)
- audit_msg(LOG_WARNING,
- "Error sending signal_info request (%s)",
- strerror(-rc));
- return rc;
-}
-
-int audit_update_watch_perms(struct audit_rule_data *rule, int perms)
-{
- int i, done=0;
-
- if (rule->field_count < 1)
- return -1;
-
- // First see if we have an entry we are updating
- for (i=0; i< rule->field_count; i++) {
- if (rule->fields[i] == AUDIT_PERM) {
- rule->values[i] = perms;
- done = 1;
- }
- }
- if (!done) {
- // If not check to see if we have room to add a field
- if (rule->field_count >= (AUDIT_MAX_FIELDS - 1))
- return -2;
-
- // Add the perm
- rule->fields[rule->field_count] = AUDIT_PERM;
- rule->fieldflags[rule->field_count] = AUDIT_EQUAL;
- rule->values[rule->field_count] = perms;
- rule->field_count++;
- }
- return 0;
-}
-
-int audit_add_watch(struct audit_rule_data **rulep, const char *path)
-{
- return audit_add_watch_dir(AUDIT_WATCH, rulep, path);
-}
-
-int audit_add_dir(struct audit_rule_data **rulep, const char *path)
-{
- return audit_add_watch_dir(AUDIT_DIR, rulep, path);
-}
-
-int audit_add_watch_dir(int type, struct audit_rule_data **rulep,
- const char *path)
-{
- size_t len = strlen(path);
- struct audit_rule_data *rule = *rulep;
-
- if (rule && rule->field_count) {
- audit_msg(LOG_ERR, "Rule is not empty\n");
- return -1;
- }
- if (type != AUDIT_WATCH && type != AUDIT_DIR) {
- audit_msg(LOG_ERR, "Invalid type used\n");
- return -1;
- }
-
- *rulep = realloc(rule, len + sizeof(*rule));
- if (*rulep == NULL) {
- free(rule);
- audit_msg(LOG_ERR, "Cannot realloc memory!\n");
- return -1;
- }
- rule = *rulep;
- memset(rule, 0, len + sizeof(*rule));
-
- rule->flags = AUDIT_FILTER_EXIT;
- rule->action = AUDIT_ALWAYS;
- audit_rule_syscallbyname_data(rule, "all");
- rule->field_count = 2;
- rule->fields[0] = type;
- rule->values[0] = len;
- rule->fieldflags[0] = AUDIT_EQUAL;
- rule->buflen = len;
- memcpy(&rule->buf[0], path, len);
-
- // Default to all permissions
- rule->fields[1] = AUDIT_PERM;
- rule->fieldflags[1] = AUDIT_EQUAL;
- rule->values[1] = AUDIT_PERM_READ | AUDIT_PERM_WRITE |
- AUDIT_PERM_EXEC | AUDIT_PERM_ATTR;
-
- _audit_permadded = 1;
-
- return 0;
-}
-hidden_def(audit_add_watch_dir)
-
-int audit_add_rule_data(int fd, struct audit_rule_data *rule,
- int flags, int action)
-{
- int rc;
-
- if (flags == AUDIT_FILTER_ENTRY) {
- audit_msg(LOG_WARNING, "Use of entry filter is deprecated");
- return -2;
- }
- rule->flags = flags;
- rule->action = action;
- rc = audit_send(fd, AUDIT_ADD_RULE, rule,
- sizeof(struct audit_rule_data) + rule->buflen);
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error sending add rule data request (%s)",
- errno == EEXIST ?
- "Rule exists" : strerror(-rc));
- return rc;
-}
-
-int audit_delete_rule_data(int fd, struct audit_rule_data *rule,
- int flags, int action)
-{
- int rc;
-
- if (flags == AUDIT_FILTER_ENTRY) {
- audit_msg(LOG_WARNING, "Use of entry filter is deprecated");
- return -2;
- }
- rule->flags = flags;
- rule->action = action;
- rc = audit_send(fd, AUDIT_DEL_RULE, rule,
- sizeof(struct audit_rule_data) + rule->buflen);
- if (rc < 0) {
- if (rc == -ENOENT)
- audit_msg(LOG_WARNING,
- "Error sending delete rule request (No rule matches)");
- else
- audit_msg(audit_priority(errno),
- "Error sending delete rule data request (%s)",
- strerror(-rc));
- }
- return rc;
-}
-
-/*
- * This function is part of the directory auditing code
- */
-int audit_trim_subtrees(int fd)
-{
- int rc = audit_send(fd, AUDIT_TRIM, NULL, 0);
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error sending trim subtrees command (%s)",
- strerror(-rc));
- return rc;
-}
-
-/*
- * This function is part of the directory auditing code
- */
-int audit_make_equivalent(int fd, const char *mount_point,
- const char *subtree)
-{
- int rc;
- size_t len1 = strlen(mount_point);
- size_t len2 = strlen(subtree);
- struct {
- uint32_t sizes[2];
- unsigned char buf[];
- } *cmd = malloc(sizeof(*cmd) + len1 + len2);
-
- memset(cmd, 0, sizeof(*cmd) + len1 + len2);
-
- cmd->sizes[0] = len1;
- cmd->sizes[1] = len2;
- memcpy(&cmd->buf[0], mount_point, len1);
- memcpy(&cmd->buf[len1], subtree, len2);
-
- rc = audit_send(fd, AUDIT_MAKE_EQUIV, cmd, sizeof(*cmd) + len1 + len2);
- if (rc < 0)
- audit_msg(audit_priority(errno),
- "Error sending make_equivalent command (%s)",
- strerror(-rc));
- free(cmd);
- return rc;
-}
-
-/*
- * This function will retreive the loginuid or -1 if there
- * is an error.
- */
-uid_t audit_getloginuid(void)
-{
- uid_t uid;
- int len, in;
- char buf[16];
-
- errno = 0;
- in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY);
- if (in < 0)
- return -1;
- do {
- len = read(in, buf, sizeof(buf));
- } while (len < 0 && errno == EINTR);
- close(in);
- if (len < 0 || len >= sizeof(buf))
- return -1;
- buf[len] = 0;
- errno = 0;
- uid = strtol(buf, 0, 10);
- if (errno)
- return -1;
- else
- return uid;
-}
-
-/*
- * This function returns 0 on success and 1 on failure
- */
-int audit_setloginuid(uid_t uid)
-{
- char loginuid[16];
- int o, count, rc = 0;
-
- errno = 0;
- count = snprintf(loginuid, sizeof(loginuid), "%u", uid);
- o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC);
- if (o >= 0) {
- int block, offset = 0;
-
- while (count > 0) {
- block = write(o, &loginuid[offset], (unsigned)count);
-
- if (block < 0) {
- if (errno == EINTR)
- continue;
- audit_msg(LOG_ERR, "Error writing loginuid");
- close(o);
- return 1;
- }
- offset += block;
- count -= block;
- }
- close(o);
- } else {
- audit_msg(LOG_ERR, "Error opening /proc/self/loginuid");
- rc = 1;
- }
- return rc;
-}
-
-int audit_rule_syscall_data(struct audit_rule_data *rule, int scall)
-{
- int word = AUDIT_WORD(scall);
- int bit = AUDIT_BIT(scall);
-
- if (word >= (AUDIT_BITMASK_SIZE-1))
- return -1;
- rule->mask[word] |= bit;
- return 0;
-}
-hidden_def(audit_rule_syscall_data)
-
-int audit_rule_syscallbyname_data(struct audit_rule_data *rule,
- const char *scall)
-{
- int nr, i;
- int machine;
-
- if (!strcmp(scall, "all")) {
- for (i = 0; i < (AUDIT_BITMASK_SIZE-1); i++)
- rule->mask[i] = ~0;
- return 0;
- }
- if (!_audit_elf)
- machine = audit_detect_machine();
- else
- machine = audit_elf_to_machine(_audit_elf);
- if (machine < 0)
- return -2;
- nr = audit_name_to_syscall(scall, machine);
- if (nr < 0) {
- if (isdigit(scall[0]))
- nr = strtol(scall, NULL, 0);
- }
- if (nr >= 0)
- return audit_rule_syscall_data(rule, nr);
- return -1;
-}
-hidden_def(audit_rule_syscallbyname_data)
-
-int audit_rule_interfield_comp_data(struct audit_rule_data **rulep,
- const char *pair,
- int flags) {
- const char *f = pair;
- char *v;
- int op;
- int field1, field2;
- struct audit_rule_data *rule = *rulep;
-
- if (f == NULL)
- return -1;
-
- if (rule->field_count >= (AUDIT_MAX_FIELDS - 1))
- return -28;
-
- /* look for 2-char operators first
- then look for 1-char operators afterwards
- when found, null out the bytes under the operators to split
- and set value pointer just past operator bytes
- */
- if ( (v = strstr(pair, "!=")) ) {
- *v++ = '\0';
- *v++ = '\0';
- op = AUDIT_NOT_EQUAL;
- } else if ( (v = strstr(pair, "=")) ) {
- *v++ = '\0';
- op = AUDIT_EQUAL;
- } else {
- return -13;
- }
-
- if (*f == 0)
- return -24;
-
- if (*v == 0)
- return -25;
-
- if ((field1 = audit_name_to_field(f)) < 0)
- return -26;
-
- if ((field2 = audit_name_to_field(v)) < 0)
- return -27;
-
- /* Interfield comparison can only be in exit filter */
- if (flags != AUDIT_FILTER_EXIT)
- return -7;
-
- // It should always be AUDIT_FIELD_COMPARE
- rule->fields[rule->field_count] = AUDIT_FIELD_COMPARE;
- rule->fieldflags[rule->field_count] = op;
- /* oh god, so many permutations */
- switch (field1)
- {
- /* UID comparison */
- case AUDIT_EUID:
- switch(field2) {
- case AUDIT_LOGINUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_EUID;
- break;
- case AUDIT_FSUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_FSUID;
- break;
- case AUDIT_OBJ_UID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_OBJ_UID;
- break;
- case AUDIT_SUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_SUID;
- break;
- case AUDIT_UID:
- rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_EUID;
- break;
- default:
- return -1;
- }
- break;
- case AUDIT_FSUID:
- switch(field2) {
- case AUDIT_LOGINUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_FSUID;
- break;
- case AUDIT_EUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_FSUID;
- break;
- case AUDIT_OBJ_UID:
- rule->values[rule->field_count] = AUDIT_COMPARE_FSUID_TO_OBJ_UID;
- break;
- case AUDIT_SUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_SUID_TO_FSUID;
- break;
- case AUDIT_UID:
- rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_FSUID;
- break;
- default:
- return -1;
- }
- break;
- case AUDIT_LOGINUID:
- switch(field2) {
- case AUDIT_EUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_EUID;
- break;
- case AUDIT_FSUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_FSUID;
- break;
- case AUDIT_OBJ_UID:
- rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_OBJ_UID;
- break;
- case AUDIT_SUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_SUID;
- break;
- case AUDIT_UID:
- rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_AUID;
- break;
- default:
- return -1;
- }
- break;
- case AUDIT_SUID:
- switch(field2) {
- case AUDIT_LOGINUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_SUID;
- break;
- case AUDIT_EUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_SUID;
- break;
- case AUDIT_FSUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_SUID_TO_FSUID;
- break;
- case AUDIT_OBJ_UID:
- rule->values[rule->field_count] = AUDIT_COMPARE_SUID_TO_OBJ_UID;
- break;
- case AUDIT_UID:
- rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_SUID;
- break;
- default:
- return -1;
- }
- break;
- case AUDIT_OBJ_UID:
- switch(field2) {
- case AUDIT_LOGINUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_OBJ_UID;
- break;
- case AUDIT_EUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_OBJ_UID;
- break;
- case AUDIT_FSUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_FSUID_TO_OBJ_UID;
- break;
- case AUDIT_UID:
- rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_OBJ_UID;
- break;
- case AUDIT_SUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_SUID_TO_OBJ_UID;
- break;
- default:
- return -1;
- }
- break;
- case AUDIT_UID:
- switch(field2) {
- case AUDIT_LOGINUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_AUID;
- break;
- case AUDIT_EUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_EUID;
- break;
- case AUDIT_FSUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_FSUID;
- break;
- case AUDIT_OBJ_UID:
- rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_OBJ_UID;
- break;
- case AUDIT_SUID:
- rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_SUID;
- break;
- default:
- return -1;
- }
- break;
-
- /* GID comparisons */
- case AUDIT_EGID:
- switch(field2) {
- case AUDIT_FSGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_FSGID;
- break;
- case AUDIT_GID:
- rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_EGID;
- break;
- case AUDIT_OBJ_GID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_OBJ_GID;
- break;
- case AUDIT_SGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_SGID;
- break;
- default:
- return -1;
- }
- break;
- case AUDIT_FSGID:
- switch(field2) {
- case AUDIT_SGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_SGID_TO_FSGID;
- break;
- case AUDIT_GID:
- rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_FSGID;
- break;
- case AUDIT_OBJ_GID:
- rule->values[rule->field_count] = AUDIT_COMPARE_FSGID_TO_OBJ_GID;
- break;
- case AUDIT_EGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_FSGID;
- break;
- default:
- return -1;
- }
- break;
- case AUDIT_GID:
- switch(field2) {
- case AUDIT_EGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_EGID;
- break;
- case AUDIT_FSGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_FSGID;
- break;
- case AUDIT_OBJ_GID:
- rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_OBJ_GID;
- break;
- case AUDIT_SGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_SGID;
- break;
- default:
- return -1;
- }
- break;
- case AUDIT_OBJ_GID:
- switch(field2) {
- case AUDIT_EGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_OBJ_GID;
- break;
- case AUDIT_FSGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_FSGID_TO_OBJ_GID;
- break;
- case AUDIT_GID:
- rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_OBJ_GID;
- break;
- case AUDIT_SGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_SGID_TO_OBJ_GID;
- break;
- default:
- return -1;
- }
- break;
- case AUDIT_SGID:
- switch(field2) {
- case AUDIT_FSGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_SGID_TO_FSGID;
- break;
- case AUDIT_GID:
- rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_SGID;
- break;
- case AUDIT_OBJ_GID:
- rule->values[rule->field_count] = AUDIT_COMPARE_SGID_TO_OBJ_GID;
- break;
- case AUDIT_EGID:
- rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_SGID;
- break;
- default:
- return -1;
- }
- break;
- default:
- return -1;
- break;
- }
- rule->field_count++;
- return 0;
-}
-
-int audit_determine_machine(const char *arch)
-{ // What do we want? i686, x86_64, ia64 or b64, b32
- int machine;
- unsigned int bits = 0;
-
- if (strcasecmp("b64", arch) == 0) {
- bits = __AUDIT_ARCH_64BIT;
- machine = audit_detect_machine();
- } else if (strcasecmp("b32", arch) == 0) {
- bits = ~__AUDIT_ARCH_64BIT;
- machine = audit_detect_machine();
- } else {
- machine = audit_name_to_machine(arch);
- if (machine < 0) {
- // See if its numeric
- unsigned int ival;
- errno = 0;
- ival = strtoul(arch, NULL, 16);
- if (errno)
- return -4;
- machine = audit_elf_to_machine(ival);
- }
- }
-
- if (machine < 0)
- return -4;
-
- /* Here's where we fixup the machine. For example, they give
- * x86_64 & want 32 bits we translate that to i686. */
- if (bits == ~__AUDIT_ARCH_64BIT && machine == MACH_86_64)
- machine = MACH_X86;
- else if (bits == ~__AUDIT_ARCH_64BIT && machine == MACH_PPC64)
- machine = MACH_PPC;
- else if (bits == ~__AUDIT_ARCH_64BIT && machine == MACH_S390X)
- machine = MACH_S390;
- else if (bits == ~__AUDIT_ARCH_64BIT && machine == MACH_AARCH64)
- machine = MACH_ARM;
-
- /* Check for errors - return -6
- * We don't allow 32 bit machines to specify 64 bit. */
- switch (machine)
- {
- case MACH_X86:
- if (bits == __AUDIT_ARCH_64BIT)
- return -6;
- break;
- case MACH_IA64:
- if (bits == ~__AUDIT_ARCH_64BIT)
- return -6;
- break;
- case MACH_PPC:
- if (bits == __AUDIT_ARCH_64BIT)
- return -6;
- break;
- case MACH_S390:
- if (bits == __AUDIT_ARCH_64BIT)
- return -6;
- break;
-#ifdef WITH_ARM
- case MACH_ARM:
- if (bits == __AUDIT_ARCH_64BIT)
- return -6; // Deadcode - just incase of mistake
- break;
-#endif
-#ifdef WITH_AARCH64
- case MACH_AARCH64:
- if (bits && bits != __AUDIT_ARCH_64BIT)
- return -6;
- break;
-#endif
- case MACH_86_64: /* fallthrough */
- case MACH_PPC64: /* fallthrough */
- case MACH_PPC64LE: /* fallthrough */
- case MACH_S390X: /* fallthrough */
- break;
- default:
- return -6;
- }
- return machine;
-}
-
-int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
- int flags)
-{
- const char *f = pair;
- char *v;
- int op;
- int field;
- int vlen;
- int offset;
- struct audit_rule_data *rule = *rulep;
-
- if (f == NULL)
- return -1;
-
- if (rule->field_count >= (AUDIT_MAX_FIELDS - 1))
- return -28;
-
- /* look for 2-char operators first
- then look for 1-char operators afterwards
- when found, null out the bytes under the operators to split
- and set value pointer just past operator bytes
- */
- if ( (v = strstr(pair, "!=")) ) {
- *v++ = '\0';
- *v++ = '\0';
- op = AUDIT_NOT_EQUAL;
- } else if ( (v = strstr(pair, ">=")) ) {
- *v++ = '\0';
- *v++ = '\0';
- op = AUDIT_GREATER_THAN_OR_EQUAL;
- } else if ( (v = strstr(pair, "<=")) ) {
- *v++ = '\0';
- *v++ = '\0';
- op = AUDIT_LESS_THAN_OR_EQUAL;
- } else if ( (v = strstr(pair, "&=")) ) {
- *v++ = '\0';
- *v++ = '\0';
- op = AUDIT_BIT_TEST;
- } else if ( (v = strstr(pair, "=")) ) {
- *v++ = '\0';
- op = AUDIT_EQUAL;
- } else if ( (v = strstr(pair, ">")) ) {
- *v++ = '\0';
- op = AUDIT_GREATER_THAN;
- } else if ( (v = strstr(pair, "<")) ) {
- *v++ = '\0';
- op = AUDIT_LESS_THAN;
- } else if ( (v = strstr(pair, "&")) ) {
- *v++ = '\0';
- op = AUDIT_BIT_MASK;
- }
-
- if (v == NULL)
- return -1;
-
- if (*f == 0)
- return -22;
-
- if (*v == 0)
- return -20;
-
- if ((field = audit_name_to_field(f)) < 0)
- return -2;
-
- /* Exclude filter can be used only with MSGTYPE field */
- if (flags == AUDIT_FILTER_EXCLUDE && field != AUDIT_MSGTYPE)
- return -12;
-
- rule->fields[rule->field_count] = field;
- rule->fieldflags[rule->field_count] = op;
- switch (field)
- {
- case AUDIT_UID:
- case AUDIT_EUID:
- case AUDIT_SUID:
- case AUDIT_FSUID:
- case AUDIT_LOGINUID:
- case AUDIT_OBJ_UID:
- // Do positive & negative separate for 32 bit systems
- vlen = strlen(v);
- if (isdigit((char)*(v)))
- rule->values[rule->field_count] =
- strtoul(v, NULL, 0);
- else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
- rule->values[rule->field_count] =
- strtol(v, NULL, 0);
- else {
- if (strcmp(v, "unset") == 0)
- rule->values[rule->field_count] =
- 4294967295;
- else if (audit_name_to_uid(v,
- &rule->values[rule->field_count])) {
- audit_msg(LOG_ERR, "Unknown user: %s",
- v);
- return -2;
- }
- }
- break;
- case AUDIT_GID:
- case AUDIT_EGID:
- case AUDIT_SGID:
- case AUDIT_FSGID:
- case AUDIT_OBJ_GID:
- if (isdigit((char)*(v)))
- rule->values[rule->field_count] =
- strtol(v, NULL, 0);
- else {
- if (audit_name_to_gid(v,
- &rule->values[rule->field_count])) {
- audit_msg(LOG_ERR, "Unknown group: %s",
- v);
- return -2;
- }
- }
- break;
- case AUDIT_EXIT:
- if (flags != AUDIT_FILTER_EXIT)
- return -7;
- vlen = strlen(v);
- if (isdigit((char)*(v)))
- rule->values[rule->field_count] =
- strtol(v, NULL, 0);
- else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
- rule->values[rule->field_count] =
- strtol(v, NULL, 0);
- else {
- rule->values[rule->field_count] =
- audit_name_to_errno(v);
- if (rule->values[rule->field_count] == 0)
- return -15;
- }
- break;
- case AUDIT_MSGTYPE:
- if (flags != AUDIT_FILTER_EXCLUDE &&
- flags != AUDIT_FILTER_USER)
- return -9;
-
- if (isdigit((char)*(v)))
- rule->values[rule->field_count] =
- strtol(v, NULL, 0);
- else
- if (audit_name_to_msg_type(v) > 0)
- rule->values[rule->field_count] =
- audit_name_to_msg_type(v);
- else
- return -8;
- break;
- /* These next few are strings */
- case AUDIT_OBJ_USER:
- case AUDIT_OBJ_ROLE:
- case AUDIT_OBJ_TYPE:
- case AUDIT_OBJ_LEV_LOW:
- case AUDIT_OBJ_LEV_HIGH:
- case AUDIT_WATCH:
- case AUDIT_DIR:
- /* Watch & object filtering is invalid on anything
- * but exit */
- if (flags != AUDIT_FILTER_EXIT)
- return -7;
- if (field == AUDIT_WATCH || field == AUDIT_DIR)
- _audit_permadded = 1;
-
- /* fallthrough */
- case AUDIT_SUBJ_USER:
- case AUDIT_SUBJ_ROLE:
- case AUDIT_SUBJ_TYPE:
- case AUDIT_SUBJ_SEN:
- case AUDIT_SUBJ_CLR:
- case AUDIT_FILTERKEY:
- if (field == AUDIT_FILTERKEY && !(_audit_syscalladded || _audit_permadded))
- return -19;
- vlen = strlen(v);
- if (field == AUDIT_FILTERKEY &&
- vlen > AUDIT_MAX_KEY_LEN)
- return -11;
- else if (vlen > PATH_MAX)
- return -11;
- rule->values[rule->field_count] = vlen;
- offset = rule->buflen;
- rule->buflen += vlen;
- *rulep = realloc(rule, sizeof(*rule) + rule->buflen);
- if (*rulep == NULL) {
- free(rule);
- audit_msg(LOG_ERR, "Cannot realloc memory!\n");
- return -3;
- } else {
- rule = *rulep;
- }
- strncpy(&rule->buf[offset], v, vlen);
-
- break;
- case AUDIT_ARCH:
- if (_audit_syscalladded)
- return -3;
- if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL))
- return -13;
- if (isdigit((char)*(v))) {
- int machine;
-
- errno = 0;
- _audit_elf = strtoul(v, NULL, 0);
- if (errno)
- return -5;
-
- // Make sure we have a valid mapping
- machine = audit_elf_to_machine(_audit_elf);
- if (machine < 0)
- return -5;
- }
- else {
- const char *arch=v;
- unsigned int machine, elf;
- machine = audit_determine_machine(arch);
- /* OK, we have the machine type, now convert
- to elf. */
- elf = audit_machine_to_elf(machine);
- if (elf == 0)
- return -5;
-
- _audit_elf = elf;
- }
- rule->values[rule->field_count] = _audit_elf;
- _audit_archadded = 1;
- break;
- case AUDIT_PERM:
- if (flags != AUDIT_FILTER_EXIT)
- return -7;
- else if (op != AUDIT_EQUAL)
- return -13;
- else {
- unsigned int i, len, val = 0;
-
- len = strlen(v);
- if (len > 4)
- return -11;
-
- for (i = 0; i < len; i++) {
- switch (tolower(v[i])) {
- case 'r':
- val |= AUDIT_PERM_READ;
- break;
- case 'w':
- val |= AUDIT_PERM_WRITE;
- break;
- case 'x':
- val |= AUDIT_PERM_EXEC;
- break;
- case 'a':
- val |= AUDIT_PERM_ATTR;
- break;
- default:
- return -14;
- }
- }
- rule->values[rule->field_count] = val;
- }
- break;
- case AUDIT_FILETYPE:
- if (!(flags == AUDIT_FILTER_EXIT || flags == AUDIT_FILTER_ENTRY))
- return -17;
- rule->values[rule->field_count] =
- audit_name_to_ftype(v);
- if ((int)rule->values[rule->field_count] < 0) {
- return -16;
- }
- break;
- case AUDIT_ARG0...AUDIT_ARG3:
- vlen = strlen(v);
- if (isdigit((char)*(v)))
- rule->values[rule->field_count] =
- strtoul(v, NULL, 0);
- else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
- rule->values[rule->field_count] =
- strtol(v, NULL, 0);
- else
- return -21;
- break;
- case AUDIT_DEVMAJOR...AUDIT_INODE:
- case AUDIT_SUCCESS:
- if (flags != AUDIT_FILTER_EXIT)
- return -7;
- /* fallthrough */
- default:
- if (field == AUDIT_INODE) {
- if (!(op == AUDIT_NOT_EQUAL ||
- op == AUDIT_EQUAL))
- return -13;
- }
-
- if (field == AUDIT_PPID && !(flags == AUDIT_FILTER_EXIT
- || flags == AUDIT_FILTER_ENTRY))
- return -17;
-
- if (!isdigit((char)*(v)))
- return -21;
-
- if (field == AUDIT_INODE)
- rule->values[rule->field_count] =
- strtoul(v, NULL, 0);
- else
- rule->values[rule->field_count] =
- strtol(v, NULL, 0);
- break;
- }
- rule->field_count++;
- return 0;
-}
-
-void audit_rule_free_data(struct audit_rule_data *rule)
-{
- free(rule);
-}
-
-static int audit_name_to_uid(const char *name, uid_t *uid)
-{
- struct passwd *pw;
-
- pw = getpwnam(name);
- if (pw == NULL)
- return 1;
-
- memset(pw->pw_passwd, ' ', strlen(pw->pw_passwd));
- *uid = pw->pw_uid;
- return 0;
-}
-
-static int audit_name_to_gid(const char *name, gid_t *gid)
-{
- struct group *gr;
-
- gr = getgrnam(name);
- if (gr == NULL)
- return 1;
-
- *gid = gr->gr_gid;
- return 0;
-}
-
-int audit_detect_machine(void)
-{
- struct utsname uts;
- if (uname(&uts) == 0)
-// strcpy(uts.machine, "x86_64");
- return audit_name_to_machine(uts.machine);
- return -1;
-}
-hidden_def(audit_detect_machine)
-
-#ifndef NO_TABLES
-void audit_number_to_errmsg(int errnumber, const char *opt)
-{
- unsigned int i;
-
- for (i = 0; i < sizeof(err_msgtab)/sizeof(struct msg_tab); i++) {
- if (err_msgtab[i].key == errnumber) {
- switch (err_msgtab[i].position)
- {
- case 0:
- fprintf(stderr, "%s\n",
- err_msgtab[i].cvalue);
- break;
- case 1:
- fprintf(stderr, "%s %s\n", opt,
- err_msgtab[i].cvalue);
- break;
- case 2:
- fprintf(stderr, "%s %s\n",
- err_msgtab[i].cvalue, opt);
- break;
- default:
- break;
- }
- return;
- }
- }
-}
-#endif
diff --git a/framework/src/audit/lib/libaudit.h b/framework/src/audit/lib/libaudit.h
deleted file mode 100644
index 8f96c5db..00000000
--- a/framework/src/audit/lib/libaudit.h
+++ /dev/null
@@ -1,584 +0,0 @@
-/* libaudit.h --
- * Copyright 2004-2015 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- * Rickard E. (Rik) Faith <faith@redhat.com>
- */
-#ifndef _LIBAUDIT_H_
-#define _LIBAUDIT_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#include <asm/types.h>
-#include <stdint.h>
-#include <sys/socket.h>
-#include <linux/netlink.h>
-#include <linux/audit.h>
-#include <stdarg.h>
-#include <syslog.h>
-
-
-/* Audit message types as of 2.6.29 kernel:
- * 1000 - 1099 are for commanding the audit system
- * 1100 - 1199 user space trusted application messages
- * 1200 - 1299 messages internal to the audit daemon
- * 1300 - 1399 audit event messages
- * 1400 - 1499 kernel SE Linux use
- * 1500 - 1599 AppArmor events
- * 1600 - 1699 kernel crypto events
- * 1700 - 1799 kernel anomaly records
- * 1800 - 1899 kernel integrity labels and related events
- * 1800 - 1999 future kernel use
- * 2001 - 2099 unused (kernel)
- * 2100 - 2199 user space anomaly records
- * 2200 - 2299 user space actions taken in response to anomalies
- * 2300 - 2399 user space generated LSPP events
- * 2400 - 2499 user space crypto events
- * 2500 - 2599 user space virtualization management events
- * 2600 - 2999 future user space (maybe integrity labels and related events)
- */
-
-#define AUDIT_FIRST_USER_MSG 1100 /* First user space message */
-#define AUDIT_LAST_USER_MSG 1199 /* Last user space message */
-#define AUDIT_USER_AUTH 1100 /* User system access authentication */
-#define AUDIT_USER_ACCT 1101 /* User system access authorization */
-#define AUDIT_USER_MGMT 1102 /* User acct attribute change */
-#define AUDIT_CRED_ACQ 1103 /* User credential acquired */
-#define AUDIT_CRED_DISP 1104 /* User credential disposed */
-#define AUDIT_USER_START 1105 /* User session start */
-#define AUDIT_USER_END 1106 /* User session end */
-#define AUDIT_USER_AVC 1107 /* User space avc message */
-#define AUDIT_USER_CHAUTHTOK 1108 /* User acct password or pin changed */
-#define AUDIT_USER_ERR 1109 /* User acct state error */
-#define AUDIT_CRED_REFR 1110 /* User credential refreshed */
-#define AUDIT_USYS_CONFIG 1111 /* User space system config change */
-#define AUDIT_USER_LOGIN 1112 /* User has logged in */
-#define AUDIT_USER_LOGOUT 1113 /* User has logged out */
-#define AUDIT_ADD_USER 1114 /* User account added */
-#define AUDIT_DEL_USER 1115 /* User account deleted */
-#define AUDIT_ADD_GROUP 1116 /* Group account added */
-#define AUDIT_DEL_GROUP 1117 /* Group account deleted */
-#define AUDIT_DAC_CHECK 1118 /* User space DAC check results */
-#define AUDIT_CHGRP_ID 1119 /* User space group ID changed */
-#define AUDIT_TEST 1120 /* Used for test success messages */
-#define AUDIT_TRUSTED_APP 1121 /* Trusted app msg - freestyle text */
-#define AUDIT_USER_SELINUX_ERR 1122 /* SE Linux user space error */
-#define AUDIT_USER_CMD 1123 /* User shell command and args */
-#define AUDIT_USER_TTY 1124 /* Non-ICANON TTY input meaning */
-#define AUDIT_CHUSER_ID 1125 /* Changed user ID supplemental data */
-#define AUDIT_GRP_AUTH 1126 /* Authentication for group password */
-#define AUDIT_SYSTEM_BOOT 1127 /* System boot */
-#define AUDIT_SYSTEM_SHUTDOWN 1128 /* System shutdown */
-#define AUDIT_SYSTEM_RUNLEVEL 1129 /* System runlevel change */
-#define AUDIT_SERVICE_START 1130 /* Service (daemon) start */
-#define AUDIT_SERVICE_STOP 1131 /* Service (daemon) stop */
-#define AUDIT_GRP_MGMT 1132 /* Group account attr was modified */
-#define AUDIT_GRP_CHAUTHTOK 1133 /* Group acct password or pin changed */
-#define AUDIT_MAC_CHECK 1134 /* User space MAC decision results */
-
-#define AUDIT_FIRST_DAEMON 1200
-#define AUDIT_LAST_DAEMON 1299
-#define AUDIT_DAEMON_RECONFIG 1204 /* Auditd should reconfigure */
-#define AUDIT_DAEMON_ROTATE 1205 /* Auditd should rotate logs */
-#define AUDIT_DAEMON_RESUME 1206 /* Auditd should resume logging */
-#define AUDIT_DAEMON_ACCEPT 1207 /* Auditd accepted remote connection */
-#define AUDIT_DAEMON_CLOSE 1208 /* Auditd closed remote connection */
-
-#define AUDIT_FIRST_EVENT 1300
-#define AUDIT_LAST_EVENT 1399
-
-#define AUDIT_FIRST_SELINUX 1400
-#define AUDIT_LAST_SELINUX 1499
-
-#define AUDIT_FIRST_APPARMOR 1500
-#define AUDIT_LAST_APPARMOR 1599
-#ifndef AUDIT_AA
-#define AUDIT_AA 1500 /* Not upstream yet */
-#define AUDIT_APPARMOR_AUDIT 1501
-#define AUDIT_APPARMOR_ALLOWED 1502
-#define AUDIT_APPARMOR_DENIED 1503
-#define AUDIT_APPARMOR_HINT 1504
-#define AUDIT_APPARMOR_STATUS 1505
-#define AUDIT_APPARMOR_ERROR 1506
-#endif
-
-#define AUDIT_FIRST_KERN_CRYPTO_MSG 1600
-#define AUDIT_LAST_KERN_CRYPTO_MSG 1699
-
-#define AUDIT_FIRST_KERN_ANOM_MSG 1700
-#define AUDIT_LAST_KERN_ANOM_MSG 1799
-
-#define AUDIT_INTEGRITY_FIRST_MSG 1800
-#define AUDIT_INTEGRITY_LAST_MSG 1899
-#ifndef AUDIT_INTEGRITY_DATA
-#define AUDIT_INTEGRITY_DATA 1800 /* Data integrity verification */
-#define AUDIT_INTEGRITY_METADATA 1801 // Metadata integrity verification
-#define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */
-#define AUDIT_INTEGRITY_HASH 1803 /* Integrity HASH type */
-#define AUDIT_INTEGRITY_PCR 1804 /* PCR invalidation msgs */
-#define AUDIT_INTEGRITY_RULE 1805 /* Policy rule */
-#endif
-
-#define AUDIT_FIRST_ANOM_MSG 2100
-#define AUDIT_LAST_ANOM_MSG 2199
-#define AUDIT_ANOM_LOGIN_FAILURES 2100 // Failed login limit reached
-#define AUDIT_ANOM_LOGIN_TIME 2101 // Login attempted at bad time
-#define AUDIT_ANOM_LOGIN_SESSIONS 2102 // Max concurrent sessions reached
-#define AUDIT_ANOM_LOGIN_ACCT 2103 // Login attempted to watched acct
-#define AUDIT_ANOM_LOGIN_LOCATION 2104 // Login from forbidden location
-#define AUDIT_ANOM_MAX_DAC 2105 // Max DAC failures reached
-#define AUDIT_ANOM_MAX_MAC 2106 // Max MAC failures reached
-#define AUDIT_ANOM_AMTU_FAIL 2107 // AMTU failure
-#define AUDIT_ANOM_RBAC_FAIL 2108 // RBAC self test failure
-#define AUDIT_ANOM_RBAC_INTEGRITY_FAIL 2109 // RBAC file integrity failure
-#define AUDIT_ANOM_CRYPTO_FAIL 2110 // Crypto system test failure
-#define AUDIT_ANOM_ACCESS_FS 2111 // Access of file or dir
-#define AUDIT_ANOM_EXEC 2112 // Execution of file
-#define AUDIT_ANOM_MK_EXEC 2113 // Make an executable
-#define AUDIT_ANOM_ADD_ACCT 2114 // Adding an acct
-#define AUDIT_ANOM_DEL_ACCT 2115 // Deleting an acct
-#define AUDIT_ANOM_MOD_ACCT 2116 // Changing an acct
-#define AUDIT_ANOM_ROOT_TRANS 2117 // User became root
-
-#define AUDIT_FIRST_ANOM_RESP 2200
-#define AUDIT_LAST_ANOM_RESP 2299
-#define AUDIT_RESP_ANOMALY 2200 /* Anomaly not reacted to */
-#define AUDIT_RESP_ALERT 2201 /* Alert email was sent */
-#define AUDIT_RESP_KILL_PROC 2202 /* Kill program */
-#define AUDIT_RESP_TERM_ACCESS 2203 /* Terminate session */
-#define AUDIT_RESP_ACCT_REMOTE 2204 /* Acct locked from remote access*/
-#define AUDIT_RESP_ACCT_LOCK_TIMED 2205 /* User acct locked for time */
-#define AUDIT_RESP_ACCT_UNLOCK_TIMED 2206 /* User acct unlocked from time */
-#define AUDIT_RESP_ACCT_LOCK 2207 /* User acct was locked */
-#define AUDIT_RESP_TERM_LOCK 2208 /* Terminal was locked */
-#define AUDIT_RESP_SEBOOL 2209 /* Set an SE Linux boolean */
-#define AUDIT_RESP_EXEC 2210 /* Execute a script */
-#define AUDIT_RESP_SINGLE 2211 /* Go to single user mode */
-#define AUDIT_RESP_HALT 2212 /* take the system down */
-
-#define AUDIT_FIRST_USER_LSPP_MSG 2300
-#define AUDIT_LAST_USER_LSPP_MSG 2399
-#define AUDIT_USER_ROLE_CHANGE 2300 /* User changed to a new role */
-#define AUDIT_ROLE_ASSIGN 2301 /* Admin assigned user to role */
-#define AUDIT_ROLE_REMOVE 2302 /* Admin removed user from role */
-#define AUDIT_LABEL_OVERRIDE 2303 /* Admin is overriding a label */
-#define AUDIT_LABEL_LEVEL_CHANGE 2304 /* Object's level was changed */
-#define AUDIT_USER_LABELED_EXPORT 2305 /* Object exported with label */
-#define AUDIT_USER_UNLABELED_EXPORT 2306 /* Object exported without label */
-#define AUDIT_DEV_ALLOC 2307 /* Device was allocated */
-#define AUDIT_DEV_DEALLOC 2308 /* Device was deallocated */
-#define AUDIT_FS_RELABEL 2309 /* Filesystem relabeled */
-#define AUDIT_USER_MAC_POLICY_LOAD 2310 /* Userspc daemon loaded policy */
-#define AUDIT_ROLE_MODIFY 2311 /* Admin modified a role */
-#define AUDIT_USER_MAC_CONFIG_CHANGE 2312 /* Change made to MAC policy */
-
-#define AUDIT_FIRST_CRYPTO_MSG 2400
-#define AUDIT_CRYPTO_TEST_USER 2400 /* Crypto test results */
-#define AUDIT_CRYPTO_PARAM_CHANGE_USER 2401 /* Crypto attribute change */
-#define AUDIT_CRYPTO_LOGIN 2402 /* Logged in as crypto officer */
-#define AUDIT_CRYPTO_LOGOUT 2403 /* Logged out from crypto */
-#define AUDIT_CRYPTO_KEY_USER 2404 /* Create,delete,negotiate */
-#define AUDIT_CRYPTO_FAILURE_USER 2405 /* Fail decrypt,encrypt,randomiz */
-#define AUDIT_CRYPTO_REPLAY_USER 2406 /* Crypto replay detected */
-#define AUDIT_CRYPTO_SESSION 2407 /* Record parameters set during
- TLS session establishment */
-#define AUDIT_CRYPTO_IKE_SA 2408 /* Record parameters related to
- IKE SA */
-#define AUDIT_CRYPTO_IPSEC_SA 2409 /* Record parameters related to
- IPSEC SA */
-
-#define AUDIT_LAST_CRYPTO_MSG 2499
-
-#define AUDIT_FIRST_VIRT_MSG 2500
-#define AUDIT_VIRT_CONTROL 2500 /* Start, Pause, Stop VM */
-#define AUDIT_VIRT_RESOURCE 2501 /* Resource assignment */
-#define AUDIT_VIRT_MACHINE_ID 2502 /* Binding of label to VM */
-
-#define AUDIT_LAST_VIRT_MSG 2599
-
-#ifndef AUDIT_FIRST_USER_MSG2
-#define AUDIT_FIRST_USER_MSG2 2100 /* More userspace messages */
-#define AUDIT_LAST_USER_MSG2 2999
-#endif
-
-/* New kernel event definitions since 2.6.30 */
-#ifndef AUDIT_SET_FEATURE
-#define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */
-#endif
-
-#ifndef AUDIT_GET_FEATURE
-#define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */
-#endif
-
-#ifndef AUDIT_MMAP
-#define AUDIT_MMAP 1323 /* Descriptor and flags in mmap */
-#endif
-
-#ifndef AUDIT_NETFILTER_PKT
-#define AUDIT_NETFILTER_PKT 1324 /* Packets traversing netfilter chains */
-#endif
-#ifndef AUDIT_NETFILTER_CFG
-#define AUDIT_NETFILTER_CFG 1325 /* Netfilter chain modifications */
-#endif
-
-#ifndef AUDIT_SECCOMP
-#define AUDIT_SECCOMP 1326 /* Secure Computing event */
-#endif
-
-#ifndef AUDIT_PROCTITLE
-#define AUDIT_PROCTITLE 1327 /* Process Title info */
-#endif
-
-#undef AUDIT_FEATURE_CHANGE
-#ifndef AUDIT_FEATURE_CHANGE
-#define AUDIT_FEATURE_CHANGE 1328 /* Audit feature changed value */
-#endif
-
-#ifndef AUDIT_ANOM_LINK
-#define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */
-#endif
-
-/* This is related to the filterkey patch */
-#define AUDIT_KEY_SEPARATOR 0x01
-
-/* These are used in filter control */
-#define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE
-#define AUDIT_FILTER_MASK 0x07 /* Mask to get actual filter */
-#define AUDIT_FILTER_UNSET 0x80 /* This value means filter is unset */
-
-/* Defines for interfield comparison update */
-#ifndef AUDIT_OBJ_UID
-#define AUDIT_OBJ_UID 109
-#endif
-#ifndef AUDIT_OBJ_GID
-#define AUDIT_OBJ_GID 110
-#endif
-#ifndef AUDIT_FIELD_COMPARE
-#define AUDIT_FIELD_COMPARE 111
-#endif
-
-#ifndef AUDIT_COMPARE_UID_TO_OBJ_UID
-#define AUDIT_COMPARE_UID_TO_OBJ_UID 1
-#endif
-#ifndef AUDIT_COMPARE_GID_TO_OBJ_GID
-#define AUDIT_COMPARE_GID_TO_OBJ_GID 2
-#endif
-#ifndef AUDIT_COMPARE_EUID_TO_OBJ_UID
-#define AUDIT_COMPARE_EUID_TO_OBJ_UID 3
-#endif
-#ifndef AUDIT_COMPARE_EGID_TO_OBJ_GID
-#define AUDIT_COMPARE_EGID_TO_OBJ_GID 4
-#endif
-#ifndef AUDIT_COMPARE_AUID_TO_OBJ_UID
-#define AUDIT_COMPARE_AUID_TO_OBJ_UID 5
-#endif
-#ifndef AUDIT_COMPARE_SUID_TO_OBJ_UID
-#define AUDIT_COMPARE_SUID_TO_OBJ_UID 6
-#endif
-#ifndef AUDIT_COMPARE_SGID_TO_OBJ_GID
-#define AUDIT_COMPARE_SGID_TO_OBJ_GID 7
-#endif
-#ifndef AUDIT_COMPARE_FSUID_TO_OBJ_UID
-#define AUDIT_COMPARE_FSUID_TO_OBJ_UID 8
-#endif
-#ifndef AUDIT_COMPARE_FSGID_TO_OBJ_GID
-#define AUDIT_COMPARE_FSGID_TO_OBJ_GID 9
-#endif
-#ifndef AUDIT_COMPARE_UID_TO_AUID
-#define AUDIT_COMPARE_UID_TO_AUID 10
-#endif
-#ifndef AUDIT_COMPARE_UID_TO_EUID
-#define AUDIT_COMPARE_UID_TO_EUID 11
-#endif
-#ifndef AUDIT_COMPARE_UID_TO_FSUID
-#define AUDIT_COMPARE_UID_TO_FSUID 12
-#endif
-#ifndef AUDIT_COMPARE_UID_TO_SUID
-#define AUDIT_COMPARE_UID_TO_SUID 13
-#endif
-#ifndef AUDIT_COMPARE_AUID_TO_FSUID
-#define AUDIT_COMPARE_AUID_TO_FSUID 14
-#endif
-#ifndef AUDIT_COMPARE_AUID_TO_SUID
-#define AUDIT_COMPARE_AUID_TO_SUID 15
-#endif
-#ifndef AUDIT_COMPARE_AUID_TO_EUID
-#define AUDIT_COMPARE_AUID_TO_EUID 16
-#endif
-#ifndef AUDIT_COMPARE_EUID_TO_SUID
-#define AUDIT_COMPARE_EUID_TO_SUID 17
-#endif
-#ifndef AUDIT_COMPARE_EUID_TO_FSUID
-#define AUDIT_COMPARE_EUID_TO_FSUID 18
-#endif
-#ifndef AUDIT_COMPARE_SUID_TO_FSUID
-#define AUDIT_COMPARE_SUID_TO_FSUID 19
-#endif
-#ifndef AUDIT_COMPARE_GID_TO_EGID
-#define AUDIT_COMPARE_GID_TO_EGID 20
-#endif
-#ifndef AUDIT_COMPARE_GID_TO_FSGID
-#define AUDIT_COMPARE_GID_TO_FSGID 21
-#endif
-#ifndef AUDIT_COMPARE_GID_TO_SGID
-#define AUDIT_COMPARE_GID_TO_SGID 22
-#endif
-#ifndef AUDIT_COMPARE_EGID_TO_FSGID
-#define AUDIT_COMPARE_EGID_TO_FSGID 23
-#endif
-#ifndef AUDIT_COMPARE_EGID_TO_SGID
-#define AUDIT_COMPARE_EGID_TO_SGID 24
-#endif
-#ifndef AUDIT_COMPARE_SGID_TO_FSGID
-#define AUDIT_COMPARE_SGID_TO_FSGID 25
-#endif
-
-#ifndef EM_ARM
-#define EM_ARM 40
-#endif
-#ifndef EM_AARCH64
-#define EM_AARCH64 183
-#endif
-
-#ifndef AUDIT_ARCH_AARCH64
-#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
-#endif
-
-#ifndef AUDIT_ARCH_PPC64LE
-#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
-#endif
-
-//////////////////////////////////////////////////////
-// This is an external ABI. Any changes in here will
-// likely affect pam_loginuid. There might be other
-// apps that use this low level interface, but I don't
-// know of any.
-//
-/* data structure for who signaled the audit daemon */
-struct audit_sig_info {
- uid_t uid;
- pid_t pid;
- char ctx[0];
-};
-
-/* defines for audit subsystem */
-#define MAX_AUDIT_MESSAGE_LENGTH 8970 // PATH_MAX*2+CONTEXT_SIZE*2+11+256+1
-struct audit_message {
- struct nlmsghdr nlh;
- char data[MAX_AUDIT_MESSAGE_LENGTH];
-};
-
-// internal - forward declaration
-struct daemon_conf;
-
-struct audit_reply {
- int type;
- int len;
- struct nlmsghdr *nlh;
- struct audit_message msg;
-
- /* Using a union to compress this structure since only one of
- * the following should be valid for any packet. */
- union {
- struct audit_status *status;
- struct audit_rule_data *ruledata;
- struct audit_login *login;
- char *message;
- struct nlmsgerr *error;
- struct audit_sig_info *signal_info;
- struct daemon_conf *conf;
-#if HAVE_DECL_AUDIT_FEATURE_VERSION
- struct audit_features *features;
-#endif
- };
-};
-
-//
-// End of ABI control
-//////////////////////////////////////////////////////
-
-//////////////////////////////////////////////////////
-// audit dispatcher interface
-//
-/* audit_dispatcher_header: This header is versioned. If anything gets
- * added to it, it must go at the end and the version number bumped.
- * This MUST BE fixed size for compatibility. If you are going to add
- * new member then add them into _structure_ part.
- */
-struct audit_dispatcher_header {
- uint32_t ver; /* The version of this protocol */
- uint32_t hlen; /* Header length */
- uint32_t type; /* Message type */
- uint32_t size; /* Size of data following the header */
-};
-
-#define AUDISP_PROTOCOL_VER 0
-
-///////////////////////////////////////////////////
-// Libaudit API
-//
-
-/* This is the machine type list */
-typedef enum {
- MACH_X86=0,
- MACH_86_64,
- MACH_IA64,
- MACH_PPC64,
- MACH_PPC,
- MACH_S390X,
- MACH_S390,
- MACH_ALPHA,
- MACH_ARM,
- MACH_AARCH64,
- MACH_PPC64LE
-} machine_t;
-
-/* These are the valid audit failure tunable enum values */
-typedef enum {
- FAIL_IGNORE=0,
- FAIL_LOG,
- FAIL_TERMINATE
-} auditfail_t;
-
-/* Messages */
-typedef enum { MSG_STDERR, MSG_SYSLOG, MSG_QUIET } message_t;
-typedef enum { DBG_NO, DBG_YES } debug_message_t;
-void set_aumessage_mode(message_t mode, debug_message_t debug);
-
-/* General */
-typedef enum { GET_REPLY_BLOCKING=0, GET_REPLY_NONBLOCKING } reply_t;
-extern int audit_open(void);
-extern void audit_close(int fd);
-extern int audit_get_reply(int fd, struct audit_reply *rep, reply_t block,
- int peek);
-extern uid_t audit_getloginuid(void);
-extern int audit_setloginuid(uid_t uid);
-extern int audit_detect_machine(void);
-extern int audit_determine_machine(const char *arch);
-
-/* Translation functions */
-extern int audit_name_to_field(const char *field);
-extern const char *audit_field_to_name(int field);
-extern int audit_name_to_syscall(const char *sc, int machine);
-extern const char *audit_syscall_to_name(int sc, int machine);
-extern int audit_name_to_flag(const char *flag);
-extern const char *audit_flag_to_name(int flag);
-extern int audit_name_to_action(const char *action);
-extern const char *audit_action_to_name(int action);
-extern int audit_name_to_msg_type(const char *msg_type);
-extern const char *audit_msg_type_to_name(int msg_type);
-extern int audit_name_to_machine(const char *machine);
-extern const char *audit_machine_to_name(int machine);
-extern unsigned int audit_machine_to_elf(int machine);
-extern int audit_elf_to_machine(unsigned int elf);
-extern const char *audit_operator_to_symbol(int op);
-extern int audit_name_to_errno(const char *error);
-extern const char *audit_errno_to_name(int error);
-extern int audit_name_to_ftype(const char *name);
-extern const char *audit_ftype_to_name(int ftype);
-extern void audit_number_to_errmsg(int errnumber, const char *opt);
-
-/* AUDIT_GET */
-extern int audit_request_status(int fd);
-extern int audit_is_enabled(int fd);
-extern int get_auditfail_action(auditfail_t *failmode);
-extern int audit_request_features(int fd);
-
-/* AUDIT_SET */
-typedef enum { WAIT_NO, WAIT_YES } rep_wait_t;
-extern int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode);
-extern int audit_set_enabled(int fd, uint32_t enabled);
-extern int audit_set_failure(int fd, uint32_t failure);
-extern int audit_set_rate_limit(int fd, uint32_t limit);
-extern int audit_set_backlog_limit(int fd, uint32_t limit);
-int audit_set_backlog_wait_time(int fd, uint32_t bwt);
-extern int audit_set_feature(int fd, unsigned feature, unsigned value, unsigned lock);
-extern int audit_set_loginuid_immutable(int fd);
-
-/* AUDIT_LIST_RULES */
-extern int audit_request_rules_list_data(int fd);
-
-/* SIGNAL_INFO */
-extern int audit_request_signal_info(int fd);
-
-/* AUDIT_WATCH */
-extern int audit_update_watch_perms(struct audit_rule_data *rule, int perms);
-extern int audit_add_watch(struct audit_rule_data **rulep, const char *path);
-extern int audit_add_dir(struct audit_rule_data **rulep, const char *path);
-extern int audit_add_watch_dir(int type, struct audit_rule_data **rulep,
- const char *path);
-extern int audit_trim_subtrees(int fd);
-extern int audit_make_equivalent(int fd, const char *mount_point,
- const char *subtree);
-
-/* AUDIT_ADD_RULE */
-extern int audit_add_rule_data(int fd, struct audit_rule_data *rule,
- int flags, int action);
-
-/* AUDIT_DEL_RULE */
-extern int audit_delete_rule_data(int fd, struct audit_rule_data *rule,
- int flags, int action);
-
-/* The following are for standard formatting of messages */
-extern int audit_value_needs_encoding(const char *str, unsigned int len);
-extern char *audit_encode_value(char *final,const char *buf,unsigned int size);
-extern char *audit_encode_nv_string(const char *name, const char *value,
- unsigned int vlen);
-extern int audit_log_user_message(int audit_fd, int type, const char *message,
- const char *hostname, const char *addr, const char *tty, int result);
-extern int audit_log_user_comm_message(int audit_fd, int type,
- const char *message, const char *comm, const char *hostname,
- const char *addr, const char *tty, int result);
-extern int audit_log_acct_message(int audit_fd, int type, const char *pgname,
- const char *op, const char *name, unsigned int id,
- const char *host, const char *addr, const char *tty, int result);
-extern int audit_log_user_avc_message(int audit_fd, int type,
- const char *message, const char *hostname, const char *addr,
- const char *tty, uid_t uid);
-extern int audit_log_semanage_message(int audit_fd, int type,
- const char *pgname, const char *op, const char *name, unsigned int id,
- const char *new_seuser, const char *new_role, const char *new_range,
- const char *old_seuser, const char *old_role, const char *old_range,
- const char *host, const char *addr,
- const char *tty, int result);
-extern int audit_log_user_command(int audit_fd, int type, const char *command,
- const char *tty, int result);
-
-/* Rule-building helper functions */
-extern int audit_rule_syscall_data(struct audit_rule_data *rule, int scall);
-extern int audit_rule_syscallbyname_data(struct audit_rule_data *rule,
- const char *scall);
-/* Note that the following function takes a **, where audit_rule_fieldpair()
- * takes just a *. That structure may need to be reallocated as a result of
- * adding new fields */
-extern int audit_rule_fieldpair_data(struct audit_rule_data **rulep,
- const char *pair, int flags);
-extern int audit_rule_interfield_comp_data(struct audit_rule_data **rulep,
- const char *pair, int flags);
-extern void audit_rule_free_data(struct audit_rule_data *rule);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/framework/src/audit/lib/lookup_table.c b/framework/src/audit/lib/lookup_table.c
deleted file mode 100644
index 6dc63d4b..00000000
--- a/framework/src/audit/lib/lookup_table.c
+++ /dev/null
@@ -1,359 +0,0 @@
-/* lookup_table.c --
- * Copyright 2004-2008,2012-13 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- * Rickard E. (Rik) Faith <faith@redhat.com>
- */
-
-#include "config.h"
-#include <stddef.h>
-#include <stdint.h>
-#include <string.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-
-#include "libaudit.h"
-#include "gen_tables.h"
-#include "private.h"
-
-#ifndef NO_TABLES
-#ifdef WITH_ALPHA
-#include "alpha_tables.h"
-#endif
-#ifdef WITH_ARM
-#include "arm_tables.h"
-#endif
-#ifdef WITH_AARCH64
-#include "aarch64_tables.h"
-#endif
-#include "i386_tables.h"
-#include "ia64_tables.h"
-#include "ppc_tables.h"
-#include "s390_tables.h"
-#include "s390x_tables.h"
-#include "x86_64_tables.h"
-#include "errtabs.h"
-#include "ftypetabs.h"
-#include "fieldtabs.h"
-#endif
-#include "msg_typetabs.h"
-#include "actiontabs.h"
-#include "flagtabs.h"
-#include "machinetabs.h"
-#include "optabs.h"
-
-struct int_transtab {
- int key;
- unsigned int lvalue;
-};
-
-static const struct int_transtab elftab[] = {
- { MACH_X86, AUDIT_ARCH_I386 },
- { MACH_86_64, AUDIT_ARCH_X86_64 },
- { MACH_IA64, AUDIT_ARCH_IA64 },
- { MACH_PPC64, AUDIT_ARCH_PPC64 },
- { MACH_PPC64LE, AUDIT_ARCH_PPC64LE},
- { MACH_PPC, AUDIT_ARCH_PPC },
- { MACH_S390X, AUDIT_ARCH_S390X },
- { MACH_S390, AUDIT_ARCH_S390 },
-#ifdef WITH_ALPHA
- { MACH_ALPHA, AUDIT_ARCH_ALPHA },
-#endif
-#ifdef WITH_ARM
- { MACH_ARM, AUDIT_ARCH_ARM },
-#endif
-#ifdef WITH_AARCH64
- { MACH_AARCH64, AUDIT_ARCH_AARCH64},
-#endif
-};
-#define AUDIT_ELF_NAMES (sizeof(elftab)/sizeof(elftab[0]))
-
-int audit_name_to_field(const char *field)
-{
-#ifndef NO_TABLES
- int res;
-
- if (field_s2i(field, &res) != 0)
- return res;
-#endif
- return -1;
-}
-hidden_def(audit_name_to_field)
-
-const char *audit_field_to_name(int field)
-{
-#ifndef NO_TABLES
- return field_i2s(field);
-#else
- return NULL;
-#endif
-}
-
-int audit_name_to_syscall(const char *sc, int machine)
-{
- int res, found = 0;
-
- switch (machine)
- {
-#ifndef NO_TABLES
- case MACH_X86:
- found = i386_syscall_s2i(sc, &res);
- break;
- case MACH_86_64:
- found = x86_64_syscall_s2i(sc, &res);
- break;
- case MACH_IA64:
- found = ia64_syscall_s2i(sc, &res);
- break;
- case MACH_PPC64:
- case MACH_PPC64LE:
- case MACH_PPC:
- found = ppc_syscall_s2i(sc, &res);
- break;
- case MACH_S390X:
- found = s390x_syscall_s2i(sc, &res);
- break;
- case MACH_S390:
- found = s390_syscall_s2i(sc, &res);
- break;
-#ifdef WITH_ALPHA
- case MACH_ALPHA:
- found = alpha_syscall_s2i(sc, &res);
- break;
-#endif
-#ifdef WITH_ARM
- case MACH_ARM:
- found = arm_syscall_s2i(sc, &res);
- break;
-#endif
-#ifdef WITH_AARCH64
- case MACH_AARCH64:
- found = aarch64_syscall_s2i(sc, &res);
- break;
-#endif
-#endif
- default:
- return -1;
- }
- if (found)
- return res;
- return -1;
-}
-hidden_def(audit_name_to_syscall)
-
-const char *audit_syscall_to_name(int sc, int machine)
-{
-#ifndef NO_TABLES
- switch (machine)
- {
- case MACH_X86:
- return i386_syscall_i2s(sc);
- case MACH_86_64:
- return x86_64_syscall_i2s(sc);
- case MACH_IA64:
- return ia64_syscall_i2s(sc);
- case MACH_PPC64:
- case MACH_PPC64LE:
- case MACH_PPC:
- return ppc_syscall_i2s(sc);
- case MACH_S390X:
- return s390x_syscall_i2s(sc);
- case MACH_S390:
- return s390_syscall_i2s(sc);
-#ifdef WITH_ALPHA
- case MACH_ALPHA:
- return alpha_syscall_i2s(sc);
-#endif
-#ifdef WITH_ARM
- case MACH_ARM:
- return arm_syscall_i2s(sc);
-#endif
-#ifdef WITH_AARCH64
- case MACH_AARCH64:
- return aarch64_syscall_i2s(sc);
-#endif
- }
-#endif
- return NULL;
-}
-
-int audit_name_to_flag(const char *flag)
-{
- int res;
-
- if (flag_s2i(flag, &res) != 0)
- return res;
- return -1;
-}
-
-const char *audit_flag_to_name(int flag)
-{
- return flag_i2s(flag);
-}
-
-int audit_name_to_action(const char *action)
-{
- int res;
-
- if (action_s2i(action, &res) != 0)
- return res;
- return -1;
-}
-
-const char *audit_action_to_name(int action)
-{
- return action_i2s(action);
-}
-
-// On the critical path for ausearch parser
-int audit_name_to_msg_type(const char *msg_type)
-{
- int rc;
-
- if (msg_type_s2i(msg_type, &rc) != 0)
- return rc;
-
- /* Take a stab at converting */
- if (strncmp(msg_type, "UNKNOWN[", 8) == 0) {
- int len;
- char buf[8];
- const char *end = strchr(msg_type + 8, ']');
- if (end == NULL)
- return -1;
-
- len = end - (msg_type + 8);
- if (len > 7)
- len = 7;
- memset(buf, 0, sizeof(buf));
- strncpy(buf, msg_type + 8, len);
- errno = 0;
- return strtol(buf, NULL, 10);
- } else if (isdigit(*msg_type)) {
- errno = 0;
- return strtol(msg_type, NULL, 10);
- }
-
- return -1;
-}
-hidden_def(audit_name_to_msg_type)
-
-const char *audit_msg_type_to_name(int msg_type)
-{
- return msg_type_i2s(msg_type);
-}
-hidden_def(audit_msg_type_to_name)
-
-int audit_name_to_machine(const char *machine)
-{
- int res;
-
- if (machine_s2i(machine, &res) != 0)
- return res;
- return -1;
-}
-hidden_def(audit_name_to_machine)
-
-const char *audit_machine_to_name(int machine)
-{
- return machine_i2s(machine);
-}
-
-unsigned int audit_machine_to_elf(int machine)
-{
- unsigned int i;
-
- for (i = 0; i < AUDIT_ELF_NAMES; i++)
- if (elftab[i].key == machine)
- return elftab[i].lvalue;
- return 0;
-}
-hidden_def(audit_machine_to_elf)
-
-int audit_elf_to_machine(unsigned int elf)
-{
- unsigned int i;
-
- for (i = 0; i < AUDIT_ELF_NAMES; i++)
- if (elftab[i].lvalue == elf) return elftab[i].key;
- return -1;
-}
-hidden_def(audit_elf_to_machine)
-
-const char *audit_operator_to_symbol(int op)
-{
- return op_i2s(op);
-}
-hidden_def(audit_operator_to_symbol)
-
-/* This function returns 0 on error, otherwise the converted value */
-int audit_name_to_errno(const char *error)
-{
-#ifndef NO_TABLES
- int rc, minus = 1;
-
- if (*error == '-') {
- minus = -1;
- error++;
- }
- if (err_s2i(error, &rc) == 0)
- rc = 0;
-
- return rc*minus;
-#else
- return 0;
-#endif
-}
-hidden_def(audit_name_to_errno)
-
-/* This function does not handle negative numbers yet */
-const char *audit_errno_to_name(int error)
-{
-#ifndef NO_TABLES
- if (error < 0)
- return NULL;
-
- return err_i2s(error);
-#else
- return NULL;
-#endif
-}
-
-int audit_name_to_ftype(const char *name)
-{
- int res;
-
-#ifndef NO_TABLES
- if (ftype_s2i(name, &res) != 0)
- return res;
-#endif
- return -1;
-}
-hidden_def(audit_name_to_ftype)
-
-const char *audit_ftype_to_name(int ftype)
-{
-#ifndef NO_TABLES
- return ftype_i2s(ftype);
-#else
- return NULL;
-#endif
-}
-
diff --git a/framework/src/audit/lib/machinetab.h b/framework/src/audit/lib/machinetab.h
deleted file mode 100644
index 27c69420..00000000
--- a/framework/src/audit/lib/machinetab.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/* machine.h --
- * Copyright 2005,2006,2009,2012,2013 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(MACH_X86, "i386" )
-_S(MACH_X86, "i486" )
-_S(MACH_X86, "i586" )
-_S(MACH_X86, "i686" )
-_S(MACH_86_64, "x86_64" )
-_S(MACH_IA64, "ia64" )
-_S(MACH_PPC64, "ppc64" )
-_S(MACH_PPC64LE, "ppc64le")
-_S(MACH_PPC, "ppc" )
-_S(MACH_S390X, "s390x" )
-_S(MACH_S390, "s390" )
-#ifdef WITH_ALPHA
-_S(MACH_ALPHA, "alpha" )
-#endif
-#ifdef WITH_ARM
-_S(MACH_ARM, "armeb" )
-_S(MACH_ARM, "arm" )
-_S(MACH_ARM, "armv5tejl")
-_S(MACH_ARM, "armv5tel")
-_S(MACH_ARM, "armv6l")
-_S(MACH_ARM, "armv7l")
-#endif
-#ifdef WITH_AARCH64
-_S(MACH_AARCH64, "aarch64" )
-#endif
diff --git a/framework/src/audit/lib/message.c b/framework/src/audit/lib/message.c
deleted file mode 100644
index 85e9e64b..00000000
--- a/framework/src/audit/lib/message.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/* message.c --
- * Copyright 2004, 2005 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-#include "config.h"
-#include <stdio.h>
-#include <stdarg.h>
-#include "libaudit.h"
-#include "private.h"
-
-/* The message mode refers to where informational messages go
- 0 - stderr, 1 - syslog, 2 - quiet. The default is quiet. */
-static message_t message_mode = MSG_QUIET;
-static debug_message_t debug_message = DBG_NO;
-
-void set_aumessage_mode(message_t mode, debug_message_t debug)
-{
- message_mode = mode;
- debug_message = debug;
-}
-
-void audit_msg(int priority, const char *fmt, ...)
-{
- va_list ap;
-
- if (message_mode == MSG_QUIET)
- return;
-
- if (priority == LOG_DEBUG && debug_message == DBG_NO)
- return;
-
- va_start(ap, fmt);
- if (message_mode == MSG_SYSLOG)
- vsyslog(priority, fmt, ap);
- else {
- vfprintf(stderr, fmt, ap);
- fputc('\n', stderr);
- }
- va_end( ap );
-}
-hidden_def(audit_msg)
diff --git a/framework/src/audit/lib/msg_typetab.h b/framework/src/audit/lib/msg_typetab.h
deleted file mode 100644
index c8e47564..00000000
--- a/framework/src/audit/lib/msg_typetab.h
+++ /dev/null
@@ -1,214 +0,0 @@
-/* msg_typetab.h --
- * Copyright 2005-07,2009-15 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-/*
- * This table is arranged from lowest number to highest number. The
- * items that are commented out are for completeness. The audit
- * daemon filters these and they never show up in the logs, therefore
- * they are not needed for reporting. Or they have been deprecated for
- * a long time.
- */
-//_S(AUDIT_GET, "GET" )
-//_S(AUDIT_SET, "SET" )
-//_S(AUDIT_LIST, "LIST" )
-//_S(AUDIT_ADD, "ADD" )
-//_S(AUDIT_DEL, "DEL" )
-_S(AUDIT_USER, "USER" )
-_S(AUDIT_LOGIN, "LOGIN" )
-//_S(AUDIT_SIGNAL_INFO, "SIGNAL_INFO" )
-//_S(AUDIT_ADD_RULE, "ADD_RULE" )
-//_S(AUDIT_DEL_RULE, "DEL_RULE" )
-//_S(AUDIT_LIST_RULES, "LIST_RULES" )
-//_S(AUDIT_TRIM, "TRIM" )
-//_S(AUDIT_MAKE_EQUIV, "MAKE_EQUIV" )
-//_S(AUDIT_TTY_GET, "TTY_GET" )
-//_S(AUDIT_TTY_SET, "TTY_SET" )
-//_S(AUDIT_SET_FEATURE, "SET_FEATURE" )
-//_S(AUDIT_GET_FEATURE, "GET_FEATURE" )
-_S(AUDIT_USER_AUTH, "USER_AUTH" )
-_S(AUDIT_USER_ACCT, "USER_ACCT" )
-_S(AUDIT_USER_MGMT, "USER_MGMT" )
-_S(AUDIT_CRED_ACQ, "CRED_ACQ" )
-_S(AUDIT_CRED_DISP, "CRED_DISP" )
-_S(AUDIT_USER_START, "USER_START" )
-_S(AUDIT_USER_END, "USER_END" )
-_S(AUDIT_USER_AVC, "USER_AVC" )
-_S(AUDIT_USER_CHAUTHTOK, "USER_CHAUTHTOK" )
-_S(AUDIT_USER_ERR, "USER_ERR" )
-_S(AUDIT_CRED_REFR, "CRED_REFR" )
-_S(AUDIT_USYS_CONFIG, "USYS_CONFIG" )
-_S(AUDIT_USER_LOGIN, "USER_LOGIN" )
-_S(AUDIT_USER_LOGOUT, "USER_LOGOUT" )
-_S(AUDIT_ADD_USER, "ADD_USER" )
-_S(AUDIT_DEL_USER, "DEL_USER" )
-_S(AUDIT_ADD_GROUP, "ADD_GROUP" )
-_S(AUDIT_DEL_GROUP, "DEL_GROUP" )
-_S(AUDIT_DAC_CHECK, "DAC_CHECK" )
-_S(AUDIT_CHGRP_ID, "CHGRP_ID" )
-_S(AUDIT_TEST, "TEST" )
-_S(AUDIT_TRUSTED_APP, "TRUSTED_APP" )
-_S(AUDIT_USER_SELINUX_ERR, "USER_SELINUX_ERR" )
-_S(AUDIT_USER_CMD, "USER_CMD" )
-_S(AUDIT_USER_TTY, "USER_TTY" )
-_S(AUDIT_CHUSER_ID, "CHUSER_ID" )
-_S(AUDIT_GRP_AUTH, "GRP_AUTH" )
-_S(AUDIT_MAC_CHECK, "MAC_CHECK" )
-_S(AUDIT_SYSTEM_BOOT, "SYSTEM_BOOT" )
-_S(AUDIT_SYSTEM_SHUTDOWN, "SYSTEM_SHUTDOWN" )
-_S(AUDIT_SYSTEM_RUNLEVEL, "SYSTEM_RUNLEVEL" )
-_S(AUDIT_SERVICE_START, "SERVICE_START" )
-_S(AUDIT_SERVICE_STOP, "SERVICE_STOP" )
-_S(AUDIT_GRP_MGMT, "GRP_MGMT" )
-_S(AUDIT_GRP_CHAUTHTOK, "GRP_CHAUTHTOK" )
-_S(AUDIT_DAEMON_START, "DAEMON_START" )
-_S(AUDIT_DAEMON_END, "DAEMON_END" )
-_S(AUDIT_DAEMON_ABORT, "DAEMON_ABORT" )
-_S(AUDIT_DAEMON_CONFIG, "DAEMON_CONFIG" )
-//_S(AUDIT_DAEMON_RECONFIG, "DAEMON_RECONFIG" )
-_S(AUDIT_DAEMON_ROTATE, "DAEMON_ROTATE" )
-_S(AUDIT_DAEMON_RESUME, "DAEMON_RESUME" )
-_S(AUDIT_DAEMON_ACCEPT, "DAEMON_ACCEPT" )
-_S(AUDIT_DAEMON_CLOSE, "DAEMON_CLOSE" )
-_S(AUDIT_SYSCALL, "SYSCALL" )
-//_S(AUDIT_FS_WATCH, "FS_WATCH" )
-_S(AUDIT_PATH, "PATH" )
-_S(AUDIT_IPC, "IPC" )
-_S(AUDIT_SOCKETCALL, "SOCKETCALL" )
-_S(AUDIT_CONFIG_CHANGE, "CONFIG_CHANGE" )
-_S(AUDIT_SOCKADDR, "SOCKADDR" )
-_S(AUDIT_CWD, "CWD" )
-//_S(AUDIT_FS_INODE, "FS_INODE" )
-_S(AUDIT_EXECVE, "EXECVE" )
-_S(AUDIT_IPC_SET_PERM, "IPC_SET_PERM" )
-_S(AUDIT_MQ_OPEN, "MQ_OPEN" )
-_S(AUDIT_MQ_SENDRECV, "MQ_SENDRECV" )
-_S(AUDIT_MQ_NOTIFY, "MQ_NOTIFY" )
-_S(AUDIT_MQ_GETSETATTR, "MQ_GETSETATTR" )
-_S(AUDIT_KERNEL_OTHER, "KERNEL_OTHER" )
-_S(AUDIT_FD_PAIR, "FD_PAIR" )
-_S(AUDIT_OBJ_PID, "OBJ_PID" )
-_S(AUDIT_TTY, "TTY" )
-_S(AUDIT_EOE, "EOE" )
-_S(AUDIT_BPRM_FCAPS, "BPRM_FCAPS" )
-_S(AUDIT_CAPSET, "CAPSET" )
-_S(AUDIT_MMAP, "MMAP" )
-_S(AUDIT_NETFILTER_PKT, "NETFILTER_PKT" )
-_S(AUDIT_NETFILTER_CFG, "NETFILTER_CFG" )
-_S(AUDIT_SECCOMP, "SECCOMP" )
-_S(AUDIT_PROCTITLE, "PROCTITLE" )
-_S(AUDIT_FEATURE_CHANGE, "FEATURE_CHANGE" )
-_S(AUDIT_AVC, "AVC" )
-_S(AUDIT_SELINUX_ERR, "SELINUX_ERR" )
-_S(AUDIT_AVC_PATH, "AVC_PATH" )
-_S(AUDIT_MAC_POLICY_LOAD, "MAC_POLICY_LOAD" )
-_S(AUDIT_MAC_STATUS, "MAC_STATUS" )
-_S(AUDIT_MAC_CONFIG_CHANGE, "MAC_CONFIG_CHANGE" )
-_S(AUDIT_MAC_UNLBL_ALLOW, "MAC_UNLBL_ALLOW" )
-_S(AUDIT_MAC_CIPSOV4_ADD, "MAC_CIPSOV4_ADD" )
-_S(AUDIT_MAC_CIPSOV4_DEL, "MAC_CIPSOV4_DEL" )
-_S(AUDIT_MAC_MAP_ADD, "MAC_MAP_ADD" )
-_S(AUDIT_MAC_MAP_DEL, "MAC_MAP_DEL" )
-_S(AUDIT_MAC_IPSEC_ADDSA, "MAC_IPSEC_ADDSA" )
-_S(AUDIT_MAC_IPSEC_DELSA, "MAC_IPSEC_DELSA" )
-_S(AUDIT_MAC_IPSEC_ADDSPD, "MAC_IPSEC_ADDSPD" )
-_S(AUDIT_MAC_IPSEC_DELSPD, "MAC_IPSEC_DELSPD" )
-_S(AUDIT_MAC_IPSEC_EVENT, "MAC_IPSEC_EVENT" )
-_S(AUDIT_MAC_UNLBL_STCADD, "MAC_UNLBL_STCADD" )
-_S(AUDIT_MAC_UNLBL_STCDEL, "MAC_UNLBL_STCDEL" )
-_S(AUDIT_ANOM_PROMISCUOUS, "ANOM_PROMISCUOUS" )
-_S(AUDIT_ANOM_ABEND, "ANOM_ABEND" )
-_S(AUDIT_ANOM_LINK, "ANOM_LINK" )
-_S(AUDIT_INTEGRITY_DATA, "INTEGRITY_DATA" )
-_S(AUDIT_INTEGRITY_METADATA, "INTEGRITY_METADATA" )
-_S(AUDIT_INTEGRITY_STATUS, "INTEGRITY_STATUS" )
-_S(AUDIT_INTEGRITY_HASH, "INTEGRITY_HASH" )
-_S(AUDIT_INTEGRITY_PCR, "INTEGRITY_PCR" )
-_S(AUDIT_INTEGRITY_RULE, "INTEGRITY_RULE" )
-
-#ifdef WITH_APPARMOR
-_S(AUDIT_AA, "APPARMOR" )
-_S(AUDIT_APPARMOR_AUDIT, "APPARMOR_AUDIT" )
-_S(AUDIT_APPARMOR_ALLOWED, "APPARMOR_ALLOWED" )
-_S(AUDIT_APPARMOR_DENIED, "APPARMOR_DENIED" )
-_S(AUDIT_APPARMOR_HINT, "APPARMOR_HINT" )
-_S(AUDIT_APPARMOR_STATUS, "APPARMOR_STATUS" )
-_S(AUDIT_APPARMOR_ERROR, "APPARMOR_ERROR" )
-#endif
-_S(AUDIT_KERNEL, "KERNEL" )
-_S(AUDIT_ANOM_LOGIN_FAILURES, "ANOM_LOGIN_FAILURES" )
-_S(AUDIT_ANOM_LOGIN_TIME, "ANOM_LOGIN_TIME" )
-_S(AUDIT_ANOM_LOGIN_SESSIONS, "ANOM_LOGIN_SESSIONS" )
-_S(AUDIT_ANOM_LOGIN_ACCT, "ANOM_LOGIN_ACCT" )
-_S(AUDIT_ANOM_LOGIN_LOCATION, "ANOM_LOGIN_LOCATION" )
-_S(AUDIT_ANOM_MAX_DAC, "ANOM_MAX_DAC" )
-_S(AUDIT_ANOM_MAX_MAC, "ANOM_MAX_MAC" )
-_S(AUDIT_ANOM_AMTU_FAIL, "ANOM_AMTU_FAIL" )
-_S(AUDIT_ANOM_RBAC_FAIL, "ANOM_RBAC_FAIL" )
-_S(AUDIT_ANOM_RBAC_INTEGRITY_FAIL, "ANOM_RBAC_INTEGRITY_FAIL" )
-_S(AUDIT_ANOM_CRYPTO_FAIL, "ANOM_CRYPTO_FAIL" )
-_S(AUDIT_ANOM_ACCESS_FS, "ANOM_ACCESS_FS" )
-_S(AUDIT_ANOM_EXEC, "ANOM_EXEC" )
-_S(AUDIT_ANOM_MK_EXEC, "ANOM_MK_EXEC" )
-_S(AUDIT_ANOM_ADD_ACCT, "ANOM_ADD_ACCT" )
-_S(AUDIT_ANOM_DEL_ACCT, "ANOM_DEL_ACCT" )
-_S(AUDIT_ANOM_MOD_ACCT, "ANOM_MOD_ACCT" )
-_S(AUDIT_ANOM_ROOT_TRANS, "ANOM_ROOT_TRANS" )
-_S(AUDIT_RESP_ANOMALY, "RESP_ANOMALY" )
-_S(AUDIT_RESP_ALERT, "RESP_ALERT" )
-_S(AUDIT_RESP_KILL_PROC, "RESP_KILL_PROC" )
-_S(AUDIT_RESP_TERM_ACCESS, "RESP_TERM_ACCESS" )
-_S(AUDIT_RESP_ACCT_REMOTE, "RESP_ACCT_REMOTE" )
-_S(AUDIT_RESP_ACCT_LOCK_TIMED, "RESP_ACCT_LOCK_TIMED" )
-_S(AUDIT_RESP_ACCT_UNLOCK_TIMED, "RESP_ACCT_UNLOCK_TIMED" )
-_S(AUDIT_RESP_ACCT_LOCK, "RESP_ACCT_LOCK" )
-_S(AUDIT_RESP_TERM_LOCK, "RESP_TERM_LOCK" )
-_S(AUDIT_RESP_SEBOOL, "RESP_SEBOOL" )
-_S(AUDIT_RESP_EXEC, "RESP_EXEC" )
-_S(AUDIT_RESP_SINGLE, "RESP_SINGLE" )
-_S(AUDIT_RESP_HALT, "RESP_HALT" )
-_S(AUDIT_USER_ROLE_CHANGE, "USER_ROLE_CHANGE" )
-_S(AUDIT_ROLE_ASSIGN, "ROLE_ASSIGN" )
-_S(AUDIT_ROLE_REMOVE, "ROLE_REMOVE" )
-_S(AUDIT_LABEL_OVERRIDE, "LABEL_OVERRIDE" )
-_S(AUDIT_LABEL_LEVEL_CHANGE, "LABEL_LEVEL_CHANGE" )
-_S(AUDIT_USER_LABELED_EXPORT, "USER_LABELED_EXPORT" )
-_S(AUDIT_USER_UNLABELED_EXPORT, "USER_UNLABELED_EXPORT" )
-_S(AUDIT_DEV_ALLOC, "DEV_ALLOC" )
-_S(AUDIT_DEV_DEALLOC, "DEV_DEALLOC" )
-_S(AUDIT_FS_RELABEL, "FS_RELABEL" )
-_S(AUDIT_USER_MAC_POLICY_LOAD, "USER_MAC_POLICY_LOAD" )
-_S(AUDIT_ROLE_MODIFY, "ROLE_MODIFY" )
-_S(AUDIT_USER_MAC_CONFIG_CHANGE, "USER_MAC_CONFIG_CHANGE" )
-_S(AUDIT_CRYPTO_TEST_USER, "CRYPTO_TEST_USER" )
-_S(AUDIT_CRYPTO_PARAM_CHANGE_USER, "CRYPTO_PARAM_CHANGE_USER" )
-_S(AUDIT_CRYPTO_LOGIN, "CRYPTO_LOGIN" )
-_S(AUDIT_CRYPTO_LOGOUT, "CRYPTO_LOGOUT" )
-_S(AUDIT_CRYPTO_KEY_USER, "CRYPTO_KEY_USER" )
-_S(AUDIT_CRYPTO_FAILURE_USER, "CRYPTO_FAILURE_USER" )
-_S(AUDIT_CRYPTO_REPLAY_USER, "CRYPTO_REPLAY_USER" )
-_S(AUDIT_CRYPTO_SESSION, "CRYPTO_SESSION" )
-_S(AUDIT_CRYPTO_IKE_SA, "CRYPTO_IKE_SA" )
-_S(AUDIT_CRYPTO_IPSEC_SA, "CRYPTO_IPSEC_SA" )
-_S(AUDIT_VIRT_CONTROL, "VIRT_CONTROL" )
-_S(AUDIT_VIRT_RESOURCE, "VIRT_RESOURCE" )
-_S(AUDIT_VIRT_MACHINE_ID, "VIRT_MACHINE_ID" )
-
diff --git a/framework/src/audit/lib/netlink.c b/framework/src/audit/lib/netlink.c
deleted file mode 100644
index 6c80c30c..00000000
--- a/framework/src/audit/lib/netlink.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/* netlink.c --
- * Copyright 2004, 2005, 2009, 2013 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- * Rickard E. (Rik) Faith <faith@redhat.com>
- */
-
-#include "config.h"
-#include <unistd.h>
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <time.h>
-#include <sys/poll.h>
-#include "libaudit.h"
-#include "private.h"
-
-#ifndef NETLINK_AUDIT
-#define NETLINK_AUDIT 9
-#endif
-
-static int adjust_reply(struct audit_reply *rep, int len);
-static int check_ack(int fd, int seq);
-
-/*
- * This function opens a connection to the kernel's audit
- * subsystem. You must be root for the call to succeed. On error,
- * a negative value is returned. On success, the file descriptor is
- * returned - which can be 0 or higher.
- */
-int audit_open(void)
-{
- int saved_errno;
- int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
-
- if (fd < 0) {
- saved_errno = errno;
- if (errno == EINVAL || errno == EPROTONOSUPPORT ||
- errno == EAFNOSUPPORT)
- audit_msg(LOG_ERR,
- "Error - audit support not in kernel");
- else
- audit_msg(LOG_ERR,
- "Error opening audit netlink socket (%s)",
- strerror(errno));
- errno = saved_errno;
- return fd;
- }
- if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
- saved_errno = errno;
- close(fd);
- audit_msg(LOG_ERR,
- "Error setting audit netlink socket CLOEXEC flag (%s)",
- strerror(errno));
- errno = saved_errno;
- return -1;
- }
- return fd;
-}
-
-
-void audit_close(int fd)
-{
- if (fd >= 0)
- close(fd);
-}
-
-
-/*
- * This function returns -1 on error, 0 if error response received,
- * and > 0 if packet OK.
- */
-int audit_get_reply(int fd, struct audit_reply *rep, reply_t block, int peek)
-{
- int len;
- struct sockaddr_nl nladdr;
- socklen_t nladdrlen = sizeof(nladdr);
-
- if (fd < 0)
- return -EBADF;
-
- if (block == GET_REPLY_NONBLOCKING)
- block = MSG_DONTWAIT;
-
-retry:
- len = recvfrom(fd, &rep->msg, sizeof(rep->msg), block|peek,
- (struct sockaddr*)&nladdr, &nladdrlen);
-
- if (len < 0) {
- if (errno == EINTR)
- goto retry;
- if (errno != EAGAIN) {
- int saved_errno = errno;
- audit_msg(LOG_ERR,
- "Error receiving audit netlink packet (%s)",
- strerror(errno));
- errno = saved_errno;
- }
- return -errno;
- }
- if (nladdrlen != sizeof(nladdr)) {
- audit_msg(LOG_ERR,
- "Bad address size reading audit netlink socket");
- return -EPROTO;
- }
- if (nladdr.nl_pid) {
- audit_msg(LOG_ERR,
- "Spoofed packet received on audit netlink socket");
- return -EINVAL;
- }
-
- len = adjust_reply(rep, len);
- if (len == 0)
- len = -errno;
- return len;
-}
-hidden_def(audit_get_reply)
-
-
-/*
- * This function returns 0 on error and len on success.
- */
-static int adjust_reply(struct audit_reply *rep, int len)
-{
- rep->type = rep->msg.nlh.nlmsg_type;
- rep->len = rep->msg.nlh.nlmsg_len;
- rep->nlh = &rep->msg.nlh;
- rep->status = NULL;
- rep->ruledata = NULL;
- rep->login = NULL;
- rep->message = NULL;
- rep->error = NULL;
- rep->signal_info = NULL;
- rep->conf = NULL;
-#if HAVE_DECL_AUDIT_FEATURE_VERSION
- rep->features = NULL;
-#endif
- if (!NLMSG_OK(rep->nlh, (unsigned int)len)) {
- if (len == sizeof(rep->msg)) {
- audit_msg(LOG_ERR,
- "Netlink event from kernel is too big");
- errno = EFBIG;
- } else {
- audit_msg(LOG_ERR,
- "Netlink message from kernel was not OK");
- errno = EBADE;
- }
- return 0;
- }
-
- /* Next we'll set the data structure to point to msg.data. This is
- * to avoid having to use casts later. */
- switch (rep->type) {
- case NLMSG_ERROR:
- rep->error = NLMSG_DATA(rep->nlh);
- break;
- case AUDIT_GET:
- rep->status = NLMSG_DATA(rep->nlh);
- break;
-#if HAVE_DECL_AUDIT_FEATURE_VERSION
- case AUDIT_GET_FEATURE:
- rep->features = NLMSG_DATA(rep->nlh);
- break;
-#endif
- case AUDIT_LIST_RULES:
- rep->ruledata = NLMSG_DATA(rep->nlh);
- break;
- case AUDIT_USER:
- case AUDIT_LOGIN:
- case AUDIT_KERNEL:
- case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
- case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:
- case AUDIT_FIRST_EVENT...AUDIT_INTEGRITY_LAST_MSG:
- rep->message = NLMSG_DATA(rep->nlh);
- break;
- case AUDIT_SIGNAL_INFO:
- rep->signal_info = NLMSG_DATA(rep->nlh);
- break;
- }
- return len;
-}
-
-
-/*
- * Return values: success: positive non-zero sequence number
- * error: -errno
- * short: 0
- */
-int audit_send(int fd, int type, const void *data, unsigned int size)
-{
- static int sequence = 0;
- struct audit_message req;
- int retval;
- struct sockaddr_nl addr;
-
- /* Due to user space library callbacks, there's a chance that
- a -1 for the fd could be passed. Just check for and handle it. */
- if (fd < 0) {
- errno = EBADF;
- return -errno;
- }
-
- if (NLMSG_SPACE(size) > MAX_AUDIT_MESSAGE_LENGTH) {
- errno = EINVAL;
- return -errno;
- }
-
- if (++sequence < 0)
- sequence = 1;
-
- memset(&req, 0, sizeof(req));
- req.nlh.nlmsg_len = NLMSG_SPACE(size);
- req.nlh.nlmsg_type = type;
- req.nlh.nlmsg_flags = NLM_F_REQUEST|NLM_F_ACK;
- req.nlh.nlmsg_seq = sequence;
- if (size && data)
- memcpy(NLMSG_DATA(&req.nlh), data, size);
- memset(&addr, 0, sizeof(addr));
- addr.nl_family = AF_NETLINK;
- addr.nl_pid = 0;
- addr.nl_groups = 0;
-
- do {
- retval = sendto(fd, &req, req.nlh.nlmsg_len, 0,
- (struct sockaddr*)&addr, sizeof(addr));
- } while (retval < 0 && errno == EINTR);
- if (retval == (int)req.nlh.nlmsg_len) {
- if ((retval = check_ack(fd, sequence)) == 0)
- return sequence;
- else
- return retval;
- }
- if (retval < 0)
- return -errno;
-
- return 0;
-}
-hidden_def(audit_send)
-
-/*
- * This function will take a peek into the next packet and see if there's
- * an error. If so, the error is returned and its non-zero. Otherwise a
- * zero is returned indicating that we don't know of any problems.
- */
-static int check_ack(int fd, int seq)
-{
- int rc, retries = 80;
- struct audit_reply rep;
- struct pollfd pfd[1];
-
-retry:
- pfd[0].fd = fd;
- pfd[0].events = POLLIN;
- do {
- rc = poll(pfd, 1, 500); /* .5 second */
- } while (rc < 0 && errno == EINTR);
-
- /* We don't look at rc from above as it doesn't matter. We are
- * going to try to read nonblocking just in case packet shows up. */
-
- /* NOTE: whatever is returned is treated as the errno */
- rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, MSG_PEEK);
- if (rc == -EAGAIN && retries) {
- retries--;
- goto retry;
- } else if (rc < 0)
- return rc;
- else if (rc == 0)
- return -EINVAL; /* This can't happen anymore */
- else if (rc > 0 && rep.type == NLMSG_ERROR) {
- int error = rep.error->error;
- /* Eat the message */
- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
-
- /* NLMSG_ERROR can indicate success, only report nonzero */
- if (error) {
- errno = -error;
- return error;
- }
- }
- return 0;
-}
-
diff --git a/framework/src/audit/lib/optab.h b/framework/src/audit/lib/optab.h
deleted file mode 100644
index bddac253..00000000
--- a/framework/src/audit/lib/optab.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/* optab.h --
- * Copyright 2005-07 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(AUDIT_EQUAL, "=" )
-_S(AUDIT_NOT_EQUAL, "!=" )
-_S(AUDIT_GREATER_THAN, ">" )
-_S(AUDIT_GREATER_THAN_OR_EQUAL, ">=" )
-_S(AUDIT_LESS_THAN, "<" )
-_S(AUDIT_LESS_THAN_OR_EQUAL, "<=" )
-_S(AUDIT_BIT_MASK, "&" )
-_S(AUDIT_BIT_TEST, "&=" )
-
diff --git a/framework/src/audit/lib/ppc_table.h b/framework/src/audit/lib/ppc_table.h
deleted file mode 100644
index 5a22f8bc..00000000
--- a/framework/src/audit/lib/ppc_table.h
+++ /dev/null
@@ -1,379 +0,0 @@
-/* ppc_table.h --
- * Copyright 2005-09,2011-15 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- * Note from include/powerpc/unistd.h
- */
-
-_S(1, "exit")
-_S(2, "fork")
-_S(3, "read")
-_S(4, "write")
-_S(5, "open")
-_S(6, "close")
-_S(7, "waitpid")
-_S(8, "creat")
-_S(9, "link")
-_S(10, "unlink")
-_S(11, "execve")
-_S(12, "chdir")
-_S(13, "time")
-_S(14, "mknod")
-_S(15, "chmod")
-_S(16, "lchown")
-_S(17, "break")
-_S(18, "oldstat")
-_S(19, "lseek")
-_S(20, "getpid")
-_S(21, "mount")
-_S(22, "umount")
-_S(23, "setuid")
-_S(24, "getuid")
-_S(25, "stime")
-_S(26, "ptrace")
-_S(27, "alarm")
-_S(28, "oldfstat")
-_S(29, "pause")
-_S(30, "utime")
-_S(31, "stty")
-_S(32, "gtty")
-_S(33, "access")
-_S(34, "nice")
-_S(35, "ftime")
-_S(36, "sync")
-_S(37, "kill")
-_S(38, "rename")
-_S(39, "mkdir")
-_S(40, "rmdir")
-_S(41, "dup")
-_S(42, "pipe")
-_S(43, "times")
-_S(44, "prof")
-_S(45, "brk")
-_S(46, "setgid")
-_S(47, "getgid")
-_S(48, "signal")
-_S(49, "geteuid")
-_S(50, "getegid")
-_S(51, "acct")
-_S(52, "umount2")
-_S(53, "lock")
-_S(54, "ioctl")
-_S(55, "fcntl")
-_S(56, "mpx")
-_S(57, "setpgid")
-_S(58, "ulimit")
-_S(59, "oldolduname")
-_S(60, "umask")
-_S(61, "chroot")
-_S(62, "ustat")
-_S(63, "dup2")
-_S(64, "getppid")
-_S(65, "getpgrp")
-_S(66, "setsid")
-_S(67, "sigaction")
-_S(68, "sgetmask")
-_S(69, "ssetmask")
-_S(70, "setreuid")
-_S(71, "setregid")
-_S(72, "sigsuspend")
-_S(73, "sigpending")
-_S(74, "sethostname")
-_S(75, "setrlimit")
-_S(76, "getrlimit")
-_S(77, "getrusage")
-_S(78, "gettimeofday")
-_S(79, "settimeofday")
-_S(80, "getgroups")
-_S(81, "setgroups")
-_S(82, "select")
-_S(83, "symlink")
-_S(84, "oldlstat")
-_S(85, "readlink")
-_S(86, "uselib")
-_S(87, "swapon")
-_S(88, "reboot")
-_S(89, "readdir")
-_S(90, "mmap")
-_S(91, "munmap")
-_S(92, "truncate")
-_S(93, "ftruncate")
-_S(94, "fchmod")
-_S(95, "fchown")
-_S(96, "getpriority")
-_S(97, "setpriority")
-_S(98, "profil")
-_S(99, "statfs")
-_S(100, "fstatfs")
-_S(101, "ioperm")
-_S(102, "socketcall")
-_S(103, "syslog")
-_S(104, "setitimer")
-_S(105, "getitimer")
-_S(106, "stat")
-_S(107, "lstat")
-_S(108, "fstat")
-_S(109, "olduname")
-_S(110, "iopl")
-_S(111, "vhangup")
-_S(112, "idle")
-_S(113, "vm86")
-_S(114, "wait4")
-_S(115, "swapoff")
-_S(116, "sysinfo")
-_S(117, "ipc")
-_S(118, "fsync")
-_S(119, "sigreturn")
-_S(120, "clone")
-_S(121, "setdomainname")
-_S(122, "uname")
-_S(123, "modify_ldt")
-_S(124, "adjtimex")
-_S(125, "mprotect")
-_S(126, "sigprocmask")
-_S(127, "create_module")
-_S(128, "init_module")
-_S(129, "delete_module")
-_S(130, "get_kernel_syms")
-_S(131, "quotactl")
-_S(132, "getpgid")
-_S(133, "fchdir")
-_S(134, "bdflush")
-_S(135, "sysfs")
-_S(136, "personality")
-_S(137, "afs_syscall")
-_S(138, "setfsuid")
-_S(139, "setfsgid")
-_S(140, "_llseek")
-_S(141, "getdents")
-_S(142, "_newselect")
-_S(143, "flock")
-_S(144, "msync")
-_S(145, "readv")
-_S(146, "writev")
-_S(147, "getsid")
-_S(148, "fdatasync")
-_S(149, "_sysctl")
-_S(150, "mlock")
-_S(151, "munlock")
-_S(152, "mlockall")
-_S(153, "munlockall")
-_S(154, "sched_setparam")
-_S(155, "sched_getparam")
-_S(156, "sched_setscheduler")
-_S(157, "sched_getscheduler")
-_S(158, "sched_yield")
-_S(159, "sched_get_priority_max")
-_S(160, "sched_get_priority_min")
-_S(161, "sched_rr_get_interval")
-_S(162, "nanosleep")
-_S(163, "mremap")
-_S(164, "setresuid")
-_S(165, "getresuid")
-_S(166, "query_module")
-_S(167, "poll")
-_S(168, "nfsservctl")
-_S(169, "setresgid")
-_S(170, "getresgid")
-_S(171, "prctl")
-_S(172, "rt_sigreturn")
-_S(173, "rt_sigaction")
-_S(174, "rt_sigprocmask")
-_S(175, "rt_sigpending")
-_S(176, "rt_sigtimedwait")
-_S(177, "rt_sigqueueinfo")
-_S(178, "rt_sigsuspend")
-_S(179, "pread")
-_S(180, "pwrite")
-_S(181, "chown")
-_S(182, "getcwd")
-_S(183, "capget")
-_S(184, "capset")
-_S(185, "sigaltstack")
-_S(186, "sendfile")
-_S(187, "getpmsg")
-_S(188, "putpmsg")
-_S(189, "vfork")
-_S(190, "ugetrlimit")
-_S(191, "readahead")
-_S(192, "mmap2")
-_S(193, "truncate64")
-_S(194, "ftruncate64")
-_S(195, "stat64")
-_S(196, "lstat64")
-_S(197, "fstat64")
-_S(198, "pciconfig_read")
-_S(199, "pciconfig_write")
-_S(200, "pciconfig_iobase")
-_S(201, "multiplexer")
-_S(202, "getdents64")
-_S(203, "pivot_root")
-_S(204, "fcntl64")
-_S(205, "madvise")
-_S(206, "mincore")
-_S(207, "gettid")
-_S(208, "tkill")
-_S(209, "setxattr")
-_S(210, "lsetxattr")
-_S(211, "fsetxattr")
-_S(212, "getxattr")
-_S(213, "lgetxattr")
-_S(214, "fgetxattr")
-_S(215, "listxattr")
-_S(216, "llistxattr")
-_S(217, "flistxattr")
-_S(218, "removexattr")
-_S(219, "lremovexattr")
-_S(220, "fremovexattr")
-_S(221, "futex")
-_S(222, "sched_setaffinity")
-_S(223, "sched_getaffinity")
-_S(225, "tuxcall")
-_S(226, "sendfile64")
-_S(227, "io_setup")
-_S(228, "io_destroy")
-_S(229, "io_getevents")
-_S(230, "io_submit")
-_S(231, "io_cancel")
-_S(232, "set_tid_address")
-_S(233, "fadvise64")
-_S(234, "exit_group")
-_S(235, "lookup_dcookie")
-_S(236, "epoll_create")
-_S(237, "epoll_ctl")
-_S(238, "epoll_wait")
-_S(239, "remap_file_pages")
-_S(240, "timer_create")
-_S(241, "timer_settime")
-_S(242, "timer_gettime")
-_S(243, "timer_getoverrun")
-_S(244, "timer_delete")
-_S(245, "clock_settime")
-_S(246, "clock_gettime")
-_S(247, "clock_getres")
-_S(248, "clock_nanosleep")
-_S(249, "swapcontext")
-_S(250, "tgkill")
-_S(251, "utimes")
-_S(252, "statfs64")
-_S(253, "fstatfs64")
-_S(254, "fadvise64_64")
-_S(255, "rtas")
-_S(262, "mq_open")
-_S(263, "mq_unlink")
-_S(264, "mq_timedsend")
-_S(265, "mq_timedreceive")
-_S(266, "mq_notify")
-_S(267, "mq_getsetattr")
-_S(268, "kexec_load")
-_S(269, "add_key")
-_S(270, "request_key")
-_S(271, "keyctl")
-_S(272, "waitid")
-_S(273, "ioprio_set")
-_S(274, "ioprio_get")
-_S(275, "inotify_init")
-_S(276, "inotify_add_watch")
-_S(277, "inotify_rm_watch")
-_S(278, "spu_run")
-_S(279, "spu_create")
-_S(280, "pselect6")
-_S(281, "ppoll")
-_S(282, "unshare")
-_S(283, "splice")
-_S(284, "tee")
-_S(285, "vmsplice")
-_S(286, "openat")
-_S(287, "mkdirat")
-_S(288, "mknodat")
-_S(289, "fchownat")
-_S(290, "futimesat")
-_S(291, "fstatat64")
-_S(292, "unlinkat")
-_S(293, "renameat")
-_S(294, "linkat")
-_S(295, "symlinkat")
-_S(296, "readlinkat")
-_S(297, "fchmodat")
-_S(298, "faccessat")
-_S(299, "get_robust_list")
-_S(300, "set_robust_list")
-_S(301, "move_pages")
-_S(302, "getcpu")
-_S(303, "epoll_pwait")
-_S(304, "utimensat")
-_S(305, "signalfd")
-_S(306, "timerfd")
-_S(307, "eventfd")
-_S(308, "sync_file_range2")
-_S(309, "fallocate")
-_S(310, "subpage_prot")
-_S(311, "timerfd_settime")
-_S(312, "timerfd_gettime")
-_S(313, "signalfd4")
-_S(314, "eventfd2")
-_S(315, "epoll_create1")
-_S(316, "dup3")
-_S(317, "pipe2")
-_S(318, "inotify_init1")
-_S(319, "perf_counter_open")
-_S(320, "preadv")
-_S(321, "pwritev")
-_S(322, "rt_tgsigqueueinfo")
-_S(323, "fanotify_init")
-_S(324, "fanotify_mark")
-_S(325, "prlimit64")
-_S(326, "socket")
-_S(327, "bind")
-_S(328, "connect")
-_S(329, "listen")
-_S(330, "accept")
-_S(331, "getsockname")
-_S(332, "getpeername")
-_S(333, "socketpair")
-_S(334, "send")
-_S(335, "sendto")
-_S(336, "recv")
-_S(337, "recvfrom")
-_S(338, "shutdown")
-_S(339, "setsockopt")
-_S(340, "getsockopt")
-_S(341, "sendmsg")
-_S(342, "recvmsg")
-_S(343, "recvmmsg")
-_S(344, "accept4")
-_S(345, "name_to_handle_at")
-_S(346, "open_by_handle_at")
-_S(347, "clock_adjtime")
-_S(348, "syncfs")
-_S(349, "sendmmsg")
-_S(350, "setns")
-_S(351, "process_vm_readv")
-_S(352, "process_vm_writev")
-_S(353, "finit_module")
-_S(354, "kcmp")
-_S(355, "sched_setattr")
-_S(356, "sched_getattr")
-_S(357, "renameat2")
-_S(358, "seccomp")
-_S(359, "getrandom")
-_S(360, "memfd_create")
-_S(361, "bpf")
-_S(362, "execveat")
-_S(363, "switch_endian")
diff --git a/framework/src/audit/lib/private.h b/framework/src/audit/lib/private.h
deleted file mode 100644
index a0e3e35c..00000000
--- a/framework/src/audit/lib/private.h
+++ /dev/null
@@ -1,175 +0,0 @@
-/* private.h --
- * Copyright 2005,2006,2009,2013-14 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-#ifndef _PRIVATE_H_
-#define _PRIVATE_H_
-
-#include "dso.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum { REAL_ERR, HIDE_IT } hide_t;
-
-/* Internal syslog messaging */
-void audit_msg(int priority, const char *fmt, ...)
-#ifdef __GNUC__
- __attribute__ ((format (printf, 2, 3)));
-#else
- ;
-#endif
-
-/* This structure is for protocol reference only. All fields are
- packed and in network order (LSB first). */
-struct auditd_remote_message_wrapper {
- /* The magic number shall never have LF (0x0a) as one of its bytes. */
- uint32_t magic;
- /* Bumped when the layout of this structure changes. */
- uint8_t header_version;
- /* The minimum support needed to understand this message type.
- * Normally zero. */
- uint8_t message_version;
- /* Upper 8 bits are generic type, see below. */
- uint32_t type;
- /* Number of bytes that follow this header Must be 0..MAX_AUDIT_MESSAGE_LENGTH. */
- uint16_t length;
- /* Copied from message to its reply. */
- uint32_t sequence_id;
- /* The message follows for LENGTH bytes. */
-};
-
-#define AUDIT_RMW_HEADER_SIZE 16
-/* The magic number shall never have LF (0x0a) as one of its bytes. */
-#define AUDIT_RMW_MAGIC 0xff0000feUL
-
-#define AUDIT_RMW_HEADER_VERSION 0
-
-/* If set, this is a reply. */
-#define AUDIT_RMW_TYPE_REPLYMASK 0x40000000
-/* If set, this reply indicates a fatal error of some sort. */
-#define AUDIT_RMW_TYPE_FATALMASK 0x20000000
-/* If set, this reply indicates success but with some warnings. */
-#define AUDIT_RMW_TYPE_WARNMASK 0x10000000
-/* This part of the message type is the details for the above. */
-#define AUDIT_RMW_TYPE_DETAILMASK 0x0fffffff
-
-/* Version 0 messages. */
-#define AUDIT_RMW_TYPE_MESSAGE 0x00000000
-#define AUDIT_RMW_TYPE_HEARTBEAT 0x00000001
-#define AUDIT_RMW_TYPE_ACK 0x40000000
-#define AUDIT_RMW_TYPE_ENDING 0x40000001
-#define AUDIT_RMW_TYPE_DISKLOW 0x50000001
-#define AUDIT_RMW_TYPE_DISKFULL 0x60000001
-#define AUDIT_RMW_TYPE_DISKERROR 0x60000002
-
-/* These next four should not be called directly. */
-#define _AUDIT_RMW_PUTN32(header,i,v) \
- header[i] = v & 0xff; \
- header[i+1] = (v>>8) & 0xff; \
- header[i+2] = (v>>16) & 0xff; \
- header[i+3] = (v>>24) & 0xff;
-#define _AUDIT_RMW_PUTN16(header,i,v) \
- header[i] = v & 0xff; \
- header[i+1] = (v>>8) & 0xff;
-#define _AUDIT_RMW_GETN32(header,i) \
- (((uint32_t)(header[i] & 0xFF)) | \
- (((uint32_t)(header[i+1] & 0xFF))<<8) | \
- (((uint32_t)(header[i+2] & 0xFF ))<<16) | \
- (((uint32_t)(header[i+3] & 0xFF))<<24))
-#define _AUDIT_RMW_GETN16(header,i) \
- ((uint32_t)(header[i] & 0xFF) | ((uint32_t)(header[i+1] & 0xFF)<<8))
-
-/* For these, HEADER must by of type "unsigned char *" or "unsigned
- char []" */
-
-#define AUDIT_RMW_PACK_HEADER(header,mver,type,len,seq) \
- _AUDIT_RMW_PUTN32 (header,0, AUDIT_RMW_MAGIC); \
- header[4] = AUDIT_RMW_HEADER_VERSION; \
- header[5] = mver; \
- _AUDIT_RMW_PUTN32 (header,6, type); \
- _AUDIT_RMW_PUTN16 (header,10, len); \
- _AUDIT_RMW_PUTN32 (header,12, seq);
-
-#define AUDIT_RMW_IS_MAGIC(header,length) \
- (length >= 4 && _AUDIT_RMW_GETN32 (header,0) == AUDIT_RMW_MAGIC)
-
-#define AUDIT_RMW_UNPACK_HEADER(header,hver,mver,type,len,seq) \
- hver = header[4]; \
- mver = header[5]; \
- type = _AUDIT_RMW_GETN32 (header,6); \
- len = _AUDIT_RMW_GETN16 (header,10); \
- seq = _AUDIT_RMW_GETN32 (header,12);
-
-/* General */
-extern int audit_send(int fd, int type, const void *data, unsigned int size);
-
-// This is the main messaging function used internally
-// Don't hide it, it used to be a part of the public API!
-extern int audit_send_user_message(int fd, int type, hide_t hide_err,
- const char *message);
-
-// libaudit.c
-extern int _audit_permadded;
-extern int _audit_archadded;
-extern int _audit_syscalladded;
-extern unsigned int _audit_elf;
-
-hidden_proto(audit_send_user_message);
-hidden_proto(audit_add_watch_dir);
-hidden_proto(audit_detect_machine);
-hidden_proto(audit_request_status);
-hidden_proto(audit_rule_syscall_data);
-hidden_proto(audit_rule_syscallbyname_data);
-hidden_proto(audit_set_feature);
-hidden_proto(audit_request_features);
-
-// lookup_table.c
-hidden_proto(audit_elf_to_machine);
-hidden_proto(audit_machine_to_elf);
-hidden_proto(audit_msg_type_to_name);
-hidden_proto(audit_name_to_errno);
-hidden_proto(audit_name_to_field);
-hidden_proto(audit_name_to_machine);
-hidden_proto(audit_name_to_msg_type);
-hidden_proto(audit_name_to_syscall);
-hidden_proto(audit_operator_to_symbol);
-hidden_proto(audit_name_to_ftype);
-
-// netlink.c
-hidden_proto(audit_get_reply);
-hidden_proto(audit_send)
-
-// message.c
-hidden_proto(audit_msg)
-
-// strsplit.c
-char *audit_strsplit_r(char *s, char **savedpp);
-char *audit_strsplit(char *s);
-hidden_proto(audit_strsplit_r)
-hidden_proto(audit_strsplit)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/framework/src/audit/lib/s390_table.h b/framework/src/audit/lib/s390_table.h
deleted file mode 100644
index d3cec4fb..00000000
--- a/framework/src/audit/lib/s390_table.h
+++ /dev/null
@@ -1,354 +0,0 @@
-/* s390_table.h --
- * Copyright 2005-15 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(1, "exit")
-_S(2, "fork")
-_S(3, "read")
-_S(4, "write")
-_S(5, "open")
-_S(6, "close")
-_S(8, "creat")
-_S(9, "link")
-_S(10, "unlink")
-_S(11, "execve")
-_S(12, "chdir")
-_S(13, "time")
-_S(14, "mknod")
-_S(15, "chmod")
-_S(16, "lchown")
-_S(19, "lseek")
-_S(20, "getpid")
-_S(21, "mount")
-_S(22, "umount")
-_S(23, "setuid")
-_S(24, "getuid")
-_S(25, "stime")
-_S(26, "ptrace")
-_S(27, "alarm")
-_S(29, "pause")
-_S(30, "utime")
-_S(33, "access")
-_S(34, "nice")
-_S(36, "sync")
-_S(37, "kill")
-_S(38, "rename")
-_S(39, "mkdir")
-_S(40, "rmdir")
-_S(41, "dup")
-_S(42, "pipe")
-_S(43, "times")
-_S(45, "brk")
-_S(46, "setgid")
-_S(47, "getgid")
-_S(48, "signal")
-_S(49, "geteuid")
-_S(50, "getegid")
-_S(51, "acct")
-_S(52, "umount2")
-_S(54, "ioctl")
-_S(55, "fcntl")
-_S(57, "setpgid")
-_S(60, "umask")
-_S(61, "chroot")
-_S(62, "ustat")
-_S(63, "dup2")
-_S(64, "getppid")
-_S(65, "getpgrp")
-_S(66, "setsid")
-_S(67, "sigaction")
-_S(70, "setreuid")
-_S(71, "setregid")
-_S(72, "sigsuspend")
-_S(73, "sigpending")
-_S(74, "sethostname")
-_S(75, "setrlimit")
-_S(76, "getrlimit")
-_S(77, "getrusage")
-_S(78, "gettimeofday")
-_S(79, "settimeofday")
-_S(80, "getgroups")
-_S(81, "setgroups")
-_S(83, "symlink")
-_S(85, "readlink")
-_S(86, "uselib")
-_S(87, "swapon")
-_S(88, "reboot")
-_S(89, "readdir")
-_S(90, "mmap")
-_S(91, "munmap")
-_S(92, "truncate")
-_S(93, "ftruncate")
-_S(94, "fchmod")
-_S(95, "fchown")
-_S(96, "getpriority")
-_S(97, "setpriority")
-_S(99, "statfs")
-_S(100, "fstatfs")
-_S(101, "ioperm")
-_S(102, "socketcall")
-_S(103, "syslog")
-_S(104, "setitimer")
-_S(105, "getitimer")
-_S(106, "stat")
-_S(107, "lstat")
-_S(108, "fstat")
-_S(111, "vhangup")
-_S(112, "idle")
-_S(114, "wait4")
-_S(115, "swapoff")
-_S(116, "sysinfo")
-_S(117, "ipc")
-_S(118, "fsync")
-_S(119, "sigreturn")
-_S(120, "clone")
-_S(121, "setdomainname")
-_S(122, "uname")
-_S(124, "adjtimex")
-_S(125, "mprotect")
-_S(126, "sigprocmask")
-_S(127, "create_module")
-_S(128, "init_module")
-_S(129, "delete_module")
-_S(130, "get_kernel_syms")
-_S(131, "quotactl")
-_S(132, "getpgid")
-_S(133, "fchdir")
-_S(134, "bdflush")
-_S(135, "sysfs")
-_S(136, "personality")
-_S(137, "afs_syscall")
-_S(138, "setfsuid")
-_S(139, "setfsgid")
-_S(140, "_llseek")
-_S(141, "getdents")
-_S(142, "_newselect")
-_S(143, "flock")
-_S(144, "msync")
-_S(145, "readv")
-_S(146, "writev")
-_S(147, "getsid")
-_S(148, "fdatasync")
-_S(149, "_sysctl")
-_S(150, "mlock")
-_S(151, "munlock")
-_S(152, "mlockall")
-_S(153, "munlockall")
-_S(154, "sched_setparam")
-_S(155, "sched_getparam")
-_S(156, "sched_setscheduler")
-_S(157, "sched_getscheduler")
-_S(158, "sched_yield")
-_S(159, "sched_get_priority_max")
-_S(160, "sched_get_priority_min")
-_S(161, "sched_rr_get_interval")
-_S(162, "nanosleep")
-_S(163, "mremap")
-_S(164, "setresuid")
-_S(165, "getresuid")
-_S(167, "query_module")
-_S(168, "poll")
-_S(169, "nfsservctl")
-_S(170, "setresgid")
-_S(171, "getresgid")
-_S(172, "prctl")
-_S(173, "rt_sigreturn")
-_S(174, "rt_sigaction")
-_S(175, "rt_sigprocmask")
-_S(176, "rt_sigpending")
-_S(177, "rt_sigtimedwait")
-_S(178, "rt_sigqueueinfo")
-_S(179, "rt_sigsuspend")
-_S(180, "pread")
-_S(181, "pwrite")
-_S(182, "chown")
-_S(183, "getcwd")
-_S(184, "capget")
-_S(185, "capset")
-_S(186, "sigaltstack")
-_S(187, "sendfile")
-_S(188, "getpmsg")
-_S(189, "putpmsg")
-_S(190, "vfork")
-_S(191, "ugetrlimit")
-_S(192, "mmap2")
-_S(193, "truncate64")
-_S(194, "ftruncate64")
-_S(195, "stat64")
-_S(196, "lstat64")
-_S(197, "fstat64")
-_S(198, "lchown32")
-_S(199, "getuid32")
-_S(200, "getgid32")
-_S(201, "geteuid32")
-_S(202, "getegid32")
-_S(203, "setreuid32")
-_S(204, "setregid32")
-_S(205, "getgroups32")
-_S(206, "setgroups32")
-_S(207, "fchown32")
-_S(208, "setresuid32")
-_S(209, "getresuid32")
-_S(210, "setresgid32")
-_S(211, "getresgid32")
-_S(212, "chown32")
-_S(213, "setuid32")
-_S(214, "setgid32")
-_S(215, "setfsuid32")
-_S(216, "setfsgid32")
-_S(217, "pivot_root")
-_S(218, "mincore")
-_S(219, "madvise")
-_S(220, "getdents64")
-_S(221, "fcntl64")
-_S(222, "readahead")
-_S(223, "sendfile64")
-_S(224, "setxattr")
-_S(225, "lsetxattr")
-_S(226, "fsetxattr")
-_S(227, "getxattr")
-_S(228, "lgetxattr")
-_S(229, "fgetxattr")
-_S(230, "listxattr")
-_S(231, "llistxattr")
-_S(232, "flistxattr")
-_S(233, "removexattr")
-_S(234, "lremovexattr")
-_S(235, "fremovexattr")
-_S(236, "gettid")
-_S(237, "tkill")
-_S(238, "futex")
-_S(239, "sched_setaffinity")
-_S(240, "sched_getaffinity")
-_S(241, "tgkill")
-//_S(242, "")
-_S(243, "io_setup")
-_S(244, "io_destroy")
-_S(245, "io_getevents")
-_S(246, "io_submit")
-_S(247, "io_cancel")
-_S(248, "exit_group")
-_S(249, "epoll_create")
-_S(250, "epoll_ctl")
-_S(251, "epoll_wait")
-_S(252, "set_tid_address")
-_S(253, "fadvise64")
-_S(254, "timer_create")
-_S(255, "timer_settime")
-_S(256, "timer_gettime")
-_S(257, "timer_getoverrun")
-_S(258, "timer_delete")
-_S(259, "clock_settime")
-_S(260, "clock_gettime")
-_S(261, "clock_getres")
-_S(262, "clock_nanosleep")
-//_S(263, "")
-_S(264, "fadvise64_64")
-_S(265, "statfs64")
-_S(266, "fstatfs64")
-_S(267, "remap_file_pages")
-//_S(268, "")
-//_S(269, "")
-//_S(270, "")
-_S(271, "mq_open")
-_S(272, "mq_unlink")
-_S(273, "mq_timedsend")
-_S(274, "mq_timedreceive")
-_S(275, "mq_notify")
-_S(276, "mq_getsetattr")
-_S(277, "kexec_load")
-_S(278, "add_key")
-_S(279, "request_key")
-_S(280, "keyctl")
-_S(281, "waitid")
-_S(282, "ioprio_set")
-_S(283, "ioprio_get")
-_S(284, "inotify_init")
-_S(285, "inotify_add_watch")
-_S(286, "inotify_rm_watch")
-//_S(287, "")
-_S(288, "openat")
-_S(289, "mkdirat")
-_S(290, "mknodat")
-_S(291, "fchownat")
-_S(292, "futimesat")
-_S(293, "fstatat64")
-_S(294, "unlinkat")
-_S(295, "renameat")
-_S(296, "linkat")
-_S(297, "symlinkat")
-_S(298, "readlinkat")
-_S(299, "fchmodat")
-_S(300, "faccessat")
-_S(301, "pselect6")
-_S(302, "ppoll")
-_S(303, "unshare")
-_S(304, "set_robust_list")
-_S(305, "get_robust_list")
-_S(306, "splice")
-_S(307, "sync_file_range")
-_S(308, "tee")
-_S(309, "vmsplice")
-//_S(310, "")
-_S(311, "getcpu")
-_S(312, "epoll_pwait")
-_S(313, "utimes")
-_S(314, "fallocate")
-_S(315, "utimensat")
-_S(316, "signalfd")
-_S(317, "timerfd")
-_S(318, "eventfd")
-_S(319, "timerfd_create")
-_S(320, "timerfd_settime")
-_S(321, "timerfd_gettime")
-_S(322, "signalfd4")
-_S(323, "eventfd2")
-_S(324, "inotify_init1")
-_S(325, "pipe2")
-_S(326, "dup3")
-_S(327, "epoll_create1")
-_S(328, "preadv")
-_S(329, "pwritev")
-_S(330, "rt_tgsigqueueinfo")
-_S(331, "perf_event_open")
-_S(332, "fanotify_init")
-_S(333, "fanotify_mark")
-_S(334, "prlimit64")
-_S(335, "name_to_handle_at")
-_S(336, "open_by_handle_at")
-_S(337, "clock_adjtime")
-_S(338, "syncfs")
-_S(339, "setns")
-_S(340, "process_vm_readv")
-_S(341, "process_vm_writev")
-_S(342, "s390_runtime_instr")
-_S(343, "kcmp")
-_S(344, "finit_module")
-_S(345, "sched_setattr")
-_S(346, "sched_getattr")
-_S(347, "renameat2")
-_S(348, "seccomp")
-_S(349, "getrandom")
-_S(350, "memfd_create")
-_S(351, "bpf")
-_S(352, "s390_pci_mmio_write")
-_S(353, "s390_pci_mmio_read")
-_S(354, "execveat")
diff --git a/framework/src/audit/lib/s390x_table.h b/framework/src/audit/lib/s390x_table.h
deleted file mode 100644
index 73ba0ec0..00000000
--- a/framework/src/audit/lib/s390x_table.h
+++ /dev/null
@@ -1,319 +0,0 @@
-/* s390x_table.h --
- * Copyright 2005-06,2008-15 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(1, "exit")
-_S(2, "fork")
-_S(3, "read")
-_S(4, "write")
-_S(5, "open")
-_S(6, "close")
-_S(8, "creat")
-_S(9, "link")
-_S(10, "unlink")
-_S(11, "execve")
-_S(12, "chdir")
-_S(14, "mknod")
-_S(15, "chmod")
-_S(19, "lseek")
-_S(20, "getpid")
-_S(21, "mount")
-_S(22, "umount")
-_S(26, "ptrace")
-_S(27, "alarm")
-_S(29, "pause")
-_S(30, "utime")
-_S(33, "access")
-_S(34, "nice")
-_S(36, "sync")
-_S(37, "kill")
-_S(38, "rename")
-_S(39, "mkdir")
-_S(40, "rmdir")
-_S(41, "dup")
-_S(42, "pipe")
-_S(43, "times")
-_S(45, "brk")
-_S(48, "signal")
-_S(51, "acct")
-_S(52, "umount2")
-_S(54, "ioctl")
-_S(55, "fcntl")
-_S(57, "setpgid")
-_S(60, "umask")
-_S(61, "chroot")
-_S(62, "ustat")
-_S(63, "dup2")
-_S(64, "getppid")
-_S(65, "getpgrp")
-_S(66, "setsid")
-_S(67, "sigaction")
-_S(72, "sigsuspend")
-_S(73, "sigpending")
-_S(74, "sethostname")
-_S(75, "setrlimit")
-_S(77, "getrusage")
-_S(78, "gettimeofday")
-_S(79, "settimeofday")
-_S(83, "symlink")
-_S(85, "readlink")
-_S(86, "uselib")
-_S(87, "swapon")
-_S(88, "reboot")
-_S(89, "readdir")
-_S(90, "mmap")
-_S(91, "munmap")
-_S(92, "truncate")
-_S(93, "ftruncate")
-_S(94, "fchmod")
-_S(96, "getpriority")
-_S(97, "setpriority")
-_S(99, "statfs")
-_S(100, "fstatfs")
-_S(102, "socketcall")
-_S(103, "syslog")
-_S(104, "setitimer")
-_S(105, "getitimer")
-_S(106, "stat")
-_S(107, "lstat")
-_S(108, "fstat")
-_S(111, "vhangup")
-_S(112, "idle")
-_S(114, "wait4")
-_S(115, "swapoff")
-_S(116, "sysinfo")
-_S(117, "ipc")
-_S(118, "fsync")
-_S(119, "sigreturn")
-_S(120, "clone")
-_S(121, "setdomainname")
-_S(122, "uname")
-_S(124, "adjtimex")
-_S(125, "mprotect")
-_S(126, "sigprocmask")
-_S(127, "create_module")
-_S(128, "init_module")
-_S(129, "delete_module")
-_S(130, "get_kernel_syms")
-_S(131, "quotactl")
-_S(132, "getpgid")
-_S(133, "fchdir")
-_S(134, "bdflush")
-_S(135, "sysfs")
-_S(136, "personality")
-_S(137, "afs_syscall")
-_S(141, "getdents")
-_S(142, "select")
-_S(143, "flock")
-_S(144, "msync")
-_S(145, "readv")
-_S(146, "writev")
-_S(147, "getsid")
-_S(148, "fdatasync")
-_S(149, "_sysctl")
-_S(150, "mlock")
-_S(151, "munlock")
-_S(152, "mlockall")
-_S(153, "munlockall")
-_S(154, "sched_setparam")
-_S(155, "sched_getparam")
-_S(156, "sched_setscheduler")
-_S(157, "sched_getscheduler")
-_S(158, "sched_yield")
-_S(159, "sched_get_priority_max")
-_S(160, "sched_get_priority_min")
-_S(161, "sched_rr_get_interval")
-_S(162, "nanosleep")
-_S(163, "mremap")
-_S(167, "query_module")
-_S(168, "poll")
-_S(169, "nfsservctl")
-_S(172, "prctl")
-_S(173, "rt_sigreturn")
-_S(174, "rt_sigaction")
-_S(175, "rt_sigprocmask")
-_S(176, "rt_sigpending")
-_S(177, "rt_sigtimedwait")
-_S(178, "rt_sigqueueinfo")
-_S(179, "rt_sigsuspend")
-_S(180, "pread")
-_S(181, "pwrite")
-_S(183, "getcwd")
-_S(184, "capget")
-_S(185, "capset")
-_S(186, "sigaltstack")
-_S(187, "sendfile")
-_S(188, "getpmsg")
-_S(189, "putpmsg")
-_S(190, "vfork")
-_S(191, "getrlimit")
-_S(198, "lchown")
-_S(199, "getuid")
-_S(200, "getgid")
-_S(201, "geteuid")
-_S(202, "getegid")
-_S(203, "setreuid")
-_S(204, "setregid")
-_S(205, "getgroups")
-_S(206, "setgroups")
-_S(207, "fchown")
-_S(208, "setresuid")
-_S(209, "getresuid")
-_S(210, "setresgid")
-_S(211, "getresgid")
-_S(212, "chown")
-_S(213, "setuid")
-_S(214, "setgid")
-_S(215, "setfsuid")
-_S(216, "setfsgid")
-_S(217, "pivot_root")
-_S(218, "mincore")
-_S(219, "madvise")
-_S(222, "readahead")
-_S(224, "setxattr")
-_S(225, "lsetxattr")
-_S(226, "fsetxattr")
-_S(227, "getxattr")
-_S(228, "lgetxattr")
-_S(229, "fgetxattr")
-_S(230, "listxattr")
-_S(231, "llistxattr")
-_S(232, "flistxattr")
-_S(233, "removexattr")
-_S(234, "lremovexattr")
-_S(235, "fremovexattr")
-_S(236, "gettid")
-_S(237, "tkill")
-_S(238, "futex")
-_S(239, "sched_setaffinity")
-_S(240, "sched_getaffinity")
-_S(241, "tgkill")
-_S(243, "io_setup")
-_S(244, "io_destroy")
-_S(245, "io_getevents")
-_S(246, "io_submit")
-_S(247, "io_cancel")
-_S(248, "exit_group")
-_S(249, "epoll_create")
-_S(250, "epoll_ctl")
-_S(251, "epoll_wait")
-_S(252, "set_tid_address")
-_S(253, "fadvise64")
-_S(254, "timer_create")
-_S(255, "timer_settime")
-_S(256, "timer_gettime")
-_S(257, "timer_getoverrun")
-_S(258, "timer_delete")
-_S(259, "clock_settime")
-_S(260, "clock_gettime")
-_S(261, "clock_getres")
-_S(262, "clock_nanosleep")
-_S(265, "statfs64")
-_S(266, "fstatfs64")
-_S(267, "remap_file_pages")
-//_S(268, "")
-//_S(269, "")
-//_S(270, "")
-_S(271, "mq_open")
-_S(272, "mq_unlink")
-_S(273, "mq_timedsend")
-_S(274, "mq_timedreceive")
-_S(275, "mq_notify")
-_S(276, "mq_getsetattr")
-_S(277, "kexec_load")
-_S(278, "add_key")
-_S(279, "request_key")
-_S(280, "keyctl")
-_S(281, "waitid")
-_S(282, "ioprio_set")
-_S(283, "ioprio_get")
-_S(284, "inotify_init")
-_S(285, "inotify_add_watch")
-_S(286, "inotify_rm_watch")
-//_S(287, "")
-_S(288, "openat")
-_S(289, "mkdirat")
-_S(290, "mknodat")
-_S(291, "fchownat")
-_S(292, "futimesat")
-_S(293, "newfstatat")
-_S(294, "unlinkat")
-_S(295, "renameat")
-_S(296, "linkat")
-_S(297, "symlinkat")
-_S(298, "readlinkat")
-_S(299, "fchmodat")
-_S(300, "faccessat")
-_S(301, "pselect6")
-_S(302, "ppoll")
-_S(303, "unshare")
-_S(304, "set_robust_list")
-_S(305, "get_robust_list")
-_S(306, "splice")
-_S(307, "sync_file_range")
-_S(308, "tee")
-_S(309, "vmsplice")
-//_S(310, "")
-_S(311, "getcpu")
-_S(312, "epoll_pwait")
-_S(313, "utimes")
-_S(314, "fallocate")
-_S(315, "utimensat")
-_S(316, "signalfd")
-_S(317, "timerfd")
-_S(318, "eventfd")
-_S(319, "timerfd_create")
-_S(320, "timerfd_settime")
-_S(321, "timerfd_gettime")
-_S(322, "signalfd4")
-_S(323, "eventfd2")
-_S(324, "inotify_init1")
-_S(325, "pipe2")
-_S(326, "dup3")
-_S(327, "epoll_create1")
-_S(328, "preadv")
-_S(329, "pwritev")
-_S(330, "rt_tgsigqueueinfo")
-_S(331, "perf_event_open")
-_S(332, "fanotify_init")
-_S(333, "fanotify_mark")
-_S(334, "prlimit64")
-_S(335, "name_to_handle_at")
-_S(336, "open_by_handle_at")
-_S(337, "clock_adjtime")
-_S(338, "syncfs")
-_S(339, "setns")
-_S(340, "process_vm_readv")
-_S(341, "process_vm_writev")
-_S(342, "s390_runtime_instr")
-_S(343, "kcmp")
-_S(344, "finit_module")
-_S(345, "sched_setattr")
-_S(346, "sched_getattr")
-_S(347, "renameat2")
-_S(348, "seccomp")
-_S(349, "getrandom")
-_S(350, "memfd_create")
-_S(351, "bpf")
-_S(352, "s390_pci_mmio_write")
-_S(353, "s390_pci_mmio_read")
-_S(354, "execveat")
-
diff --git a/framework/src/audit/lib/strsplit.c b/framework/src/audit/lib/strsplit.c
deleted file mode 100644
index 8337e6da..00000000
--- a/framework/src/audit/lib/strsplit.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/* strsplit.c --
- * Copyright 2014 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- *
- */
-
-#include <string.h>
-#include "libaudit.h"
-#include "private.h"
-
-char *audit_strsplit_r(char *s, char **savedpp)
-{
- char *ptr;
-
- if (s)
- *savedpp = s;
- else {
- if (*savedpp == NULL)
- return NULL;
- *savedpp += 1;
- }
-retry:
- ptr = strchr(*savedpp, ' ');
- if (ptr) {
- if (ptr == *savedpp) {
- *savedpp += 1;
- goto retry;
- }
- s = *savedpp;
- *ptr = 0;
- *savedpp = ptr;
- return s;
- } else {
- s = *savedpp;
- *savedpp = NULL;
- if (*s == 0)
- return NULL;
- return s;
- }
-}
-hidden_def(audit_strsplit_r)
-
-char *audit_strsplit(char *s)
-{
- static char *str = NULL;
- char *ptr;
-
- if (s)
- str = s;
- else {
- if (str == NULL)
- return NULL;
- str++;
- }
-retry:
- ptr = strchr(str, ' ');
- if (ptr) {
- if (ptr == str) {
- str++;
- goto retry;
- }
- s = str;
- *ptr = 0;
- str = ptr;
- return s;
- } else {
- s = str;
- str = NULL;
- if (*s == 0)
- return NULL;
- return s;
- }
-}
-hidden_def(audit_strsplit)
diff --git a/framework/src/audit/lib/syscall-update.txt b/framework/src/audit/lib/syscall-update.txt
deleted file mode 100644
index 89d63717..00000000
--- a/framework/src/audit/lib/syscall-update.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-The place where syscall information is gathered is:
-
-arch/alpha/include/uapi/asm/unistd.h
-arch/arm/include/uapi/asm/unistd.h
-arch/ia64/include/uapi/asm/unistd.h
-arch/powerpc/include/uapi/asm/unistd.h
-arch/s390/include/uapi/asm/unistd.h
-arch/x86/syscalls/syscall_32.tbl
-arch/x86/syscalls/syscall_64.tbl
-include/uapi/asm-generic/unistd.h (aarch64)
-
-For src/ausearch-lookup.c:
-Inspect include/linux/net.h for socketcall updates
-Inspect include/linux/ipc.h for ipccall updates
-
-For adding new arches, the following might be useful to get a first pass file:
-
-cat unistd.h | grep '^#define __NR_' | tr -d ')' | tr 'NR+' ' ' | awk '{ printf "_S(%s, \"%s\")\n", $6, $3 }; '
-
-it will still need hand editing
diff --git a/framework/src/audit/lib/test/Makefile.am b/framework/src/audit/lib/test/Makefile.am
deleted file mode 100644
index 706fd051..00000000
--- a/framework/src/audit/lib/test/Makefile.am
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright 2008 Red Hat Inc., Durham, North Carolina.
-# All Rights Reserved.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# Authors:
-# Miloslav Trmač <mitr@redhat.com>
-#
-
-check_PROGRAMS = lookup_test
-TESTS = $(check_PROGRAMS)
-
-lookup_test_LDADD = ${top_builddir}/lib/libaudit.la
diff --git a/framework/src/audit/lib/test/lookup_test.c b/framework/src/audit/lib/test/lookup_test.c
deleted file mode 100644
index 5cd00429..00000000
--- a/framework/src/audit/lib/test/lookup_test.c
+++ /dev/null
@@ -1,430 +0,0 @@
-/* lookup_test.c -- A test of table lookups.
- * Copyright 2008 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Miloslav Trmač <mitr@redhat.com>
- */
-
-#include "config.h"
-#include <assert.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-
-#include "../libaudit.h"
-
-/* Number of lookups of random strings */
-#define RAND_ITERATIONS 1000
-
-/* Maximum size of randomly generated strings, including the terminating NUL. */
-#define S_LEN 8
-
-struct entry {
- int val;
- const char *s;
-};
-#define _S(V, S) { (V), (S) },
-
-/* Generate a random string into DEST[S_LEN]. */
-static void
-gen_id(char *dest)
-{
- size_t i, len;
-
- assert(S_LEN >= 2);
- len = 1 + rand() % (S_LEN - 1);
- assert('A' == 0x41 && 'a' == 0x61); /* ASCII */
- for (i = 0; i < len; i++) {
- /* Don't start with a digit, audit_name_to_msg_type() interprets
- those strings specially. */
- do {
- dest[i] = 0x21 + rand() % (0x7F - 0x21);
- } while (i == 0 && dest[i] >= '0' && dest[i] <= '9');
- }
- dest[i] = '\0';
-}
-
-#define TEST_I2S(EXCL) \
- do { \
- size_t i; \
- \
- for (i = 0; i < sizeof(t) / sizeof(*t); i++) { \
- const char *s; \
- \
- if (EXCL) \
- continue; \
- s = I2S(t[i].val); \
- if (s == NULL) { \
- fprintf(stderr, \
- "%d -> `%s' not found\n", \
- t[i].val, t[i].s); \
- abort(); \
- } \
- if (strcmp(t[i].s, s) != 0) { \
- fprintf(stderr, \
- "%d -> `%s' mismatch `%s'\n", \
- t[i].val, t[i].s, s); \
- abort(); \
- } \
- } \
- for (i = 0; i < RAND_ITERATIONS; i++) { \
- int val; \
- size_t j; \
- val = rand(); \
- for (j = 0; j < sizeof(t) / sizeof(*t); j++) { \
- if (t[j].val == val) \
- goto test_i2s_found; \
- } \
- assert(I2S(val) == NULL); \
- test_i2s_found: \
- ; \
- } \
- } while (0)
-
-#define TEST_S2I(ERR_VALUE) \
- do { \
- size_t i; \
- char buf[S_LEN]; \
- \
- for (i = 0; i < sizeof(t) / sizeof(*t); i++) \
- assert(S2I(t[i].s) == t[i].val); \
- for (i = 0; i < RAND_ITERATIONS; i++) { \
- /* Blindly assuming this will not generate a \
- meaningful identifier. */ \
- gen_id(buf); \
- if (S2I(buf) != (ERR_VALUE)) { \
- fprintf(stderr, \
- "Unexpected match `%s'\n", \
- buf); \
- abort(); \
- } \
- } \
- } while (0)
-
-#ifdef WITH_ALPHA
-static void
-test_alpha_table(void)
-{
- static const struct entry t[] = {
-#include "../alpha_table.h"
- };
-
- printf("Testing alpha_table...\n");
-#define I2S(I) audit_syscall_to_name((I), MACH_ALPHA)
-#define S2I(S) audit_name_to_syscall((S), MACH_ALPHA)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-#endif
-
-#ifdef WITH_ARM
-static void
-test_arm_table(void)
-{
- static const struct entry t[] = {
-#include "../arm_table.h"
- };
-
- printf("Testing arm_table...\n");
-#define I2S(I) audit_syscall_to_name((I), MACH_ARM)
-#define S2I(S) audit_name_to_syscall((S), MACH_ARM)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-#endif
-
-#ifdef WITH_AARCH64
-static void
-test_aarch64_table(void)
-{
- static const struct entry t[] = {
-#include "../aarch64_table.h"
- };
-
- printf("Testing aarch64_table...\n");
-#define I2S(I) audit_syscall_to_name((I), MACH_AARCH64)
-#define S2I(S) audit_name_to_syscall((S), MACH_AARCH64)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-#endif
-
-static void
-test_i386_table(void)
-{
- static const struct entry t[] = {
-#include "../i386_table.h"
- };
-
- printf("Testing i386_table...\n");
-#define I2S(I) audit_syscall_to_name((I), MACH_X86)
-#define S2I(S) audit_name_to_syscall((S), MACH_X86)
- TEST_I2S(strcmp(t[i].s, "madvise1") == 0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_ia64_table(void)
-{
- static const struct entry t[] = {
-#include "../ia64_table.h"
- };
-
- printf("Testing ia64_table...\n");
-#define I2S(I) audit_syscall_to_name((I), MACH_IA64)
-#define S2I(S) audit_name_to_syscall((S), MACH_IA64)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_ppc_table(void)
-{
- static const struct entry t[] = {
-#include "../ppc_table.h"
- };
-
- printf("Testing ppc_table...\n");
-#define I2S(I) audit_syscall_to_name((I), MACH_PPC)
-#define S2I(S) audit_name_to_syscall((S), MACH_PPC)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_s390_table(void)
-{
- static const struct entry t[] = {
-#include "../s390_table.h"
- };
-
- printf("Testing s390_table...\n");
-#define I2S(I) audit_syscall_to_name((I), MACH_S390)
-#define S2I(S) audit_name_to_syscall((S), MACH_S390)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_s390x_table(void)
-{
- static const struct entry t[] = {
-#include "../s390x_table.h"
- };
-
- printf("Testing s390x_table...\n");
-#define I2S(I) audit_syscall_to_name((I), MACH_S390X)
-#define S2I(S) audit_name_to_syscall((S), MACH_S390X)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_x86_64_table(void)
-{
- static const struct entry t[] = {
-#include "../x86_64_table.h"
- };
-
- printf("Testing x86_64_table...\n");
-#define I2S(I) audit_syscall_to_name((I), MACH_86_64)
-#define S2I(S) audit_name_to_syscall((S), MACH_86_64)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_actiontab(void)
-{
- static const struct entry t[] = {
-#include "../actiontab.h"
- };
-
- printf("Testing actiontab...\n");
-#define I2S(I) audit_action_to_name(I)
-#define S2I(S) audit_name_to_action(S)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_errtab(void)
-{
- static const struct entry t[] = {
-#include "../errtab.h"
- };
-
- printf("Testing errtab...\n");
-#define I2S(I) audit_errno_to_name(I)
-#define S2I(S) audit_name_to_errno(S)
- TEST_I2S(strcmp(t[i].s, "EWOULDBLOCK") == 0
- || strcmp(t[i].s, "EDEADLOCK") == 0);
- TEST_S2I(0);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_fieldtab(void)
-{
- static const struct entry t[] = {
-#include "../fieldtab.h"
- };
-
- printf("Testing fieldtab...\n");
-#define I2S(I) audit_field_to_name(I)
-#define S2I(S) audit_name_to_field(S)
- TEST_I2S(strcmp(t[i].s, "loginuid") == 0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_flagtab(void)
-{
- static const struct entry t[] = {
-#include "../flagtab.h"
- };
-
- printf("Testing flagtab...\n");
-#define I2S(I) audit_flag_to_name(I)
-#define S2I(S) audit_name_to_flag(S)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_ftypetab(void)
-{
- static const struct entry t[] = {
-#include "../ftypetab.h"
- };
-
- printf("Testing ftypetab...\n");
-#define I2S(I) audit_ftype_to_name(I)
-#define S2I(S) audit_name_to_ftype(S)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_machinetab(void)
-{
- static const struct entry t[] = {
-#include "../machinetab.h"
- };
-
- printf("Testing machinetab...\n");
-#define I2S(I) audit_machine_to_name(I)
-#define S2I(S) audit_name_to_machine(S)
- TEST_I2S((t[i].s[0] == 'i' && t[i].s[1] >= '4' && t[i].s[1] <= '6'
- && strcmp(t[i].s + 2, "86") == 0) ||
- (strncmp(t[i].s, "arm", 3) == 0));
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_msg_typetab(void)
-{
- static const struct entry t[] = {
-#include "../msg_typetab.h"
- };
-
- printf("Testing msg_typetab...\n");
-#define I2S(I) audit_msg_type_to_name(I)
-#define S2I(S) audit_name_to_msg_type(S)
- TEST_I2S(0);
- TEST_S2I(-1);
-#undef I2S
-#undef S2I
-}
-
-static void
-test_optab(void)
-{
- static const struct entry t[] = {
-#include "../optab.h"
- };
-
- printf("Testing optab...\n");
-#define I2S(I) audit_operator_to_symbol(I)
- TEST_I2S(0);
-#undef I2S
-}
-
-int
-main(void)
-{
- // This is only for preventing collisions in s2i tests.
- // If collisions are found in future, change the number.
- srand(3);
-#ifdef WITH_ALPHA
- test_alpha_table();
-#endif
-#ifdef WITH_ARM
- test_arm_table();
-#endif
-#ifdef WITH_AARCH64
- test_aarch64_table();
-#endif
- test_i386_table();
- test_ia64_table();
- test_ppc_table();
- test_s390_table();
- test_s390x_table();
- test_x86_64_table();
- test_actiontab();
- test_errtab();
- test_fieldtab();
- test_flagtab();
- test_ftypetab();
- test_machinetab();
- test_msg_typetab();
- test_optab();
- return EXIT_SUCCESS;
-}
-
diff --git a/framework/src/audit/lib/x86_64_table.h b/framework/src/audit/lib/x86_64_table.h
deleted file mode 100644
index 0c8d41ad..00000000
--- a/framework/src/audit/lib/x86_64_table.h
+++ /dev/null
@@ -1,345 +0,0 @@
-/* x86_64_table.h --
- * Copyright 2005-15 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- */
-
-_S(0, "read")
-_S(1, "write")
-_S(2, "open")
-_S(3, "close")
-_S(4, "stat")
-_S(5, "fstat")
-_S(6, "lstat")
-_S(7, "poll")
-_S(8, "lseek")
-_S(9, "mmap")
-_S(10, "mprotect")
-_S(11, "munmap")
-_S(12, "brk")
-_S(13, "rt_sigaction")
-_S(14, "rt_sigprocmask")
-_S(15, "rt_sigreturn")
-_S(16, "ioctl")
-_S(17, "pread")
-_S(18, "pwrite")
-_S(19, "readv")
-_S(20, "writev")
-_S(21, "access")
-_S(22, "pipe")
-_S(23, "select")
-_S(24, "sched_yield")
-_S(25, "mremap")
-_S(26, "msync")
-_S(27, "mincore")
-_S(28, "madvise")
-_S(29, "shmget")
-_S(30, "shmat")
-_S(31, "shmctl")
-_S(32, "dup")
-_S(33, "dup2")
-_S(34, "pause")
-_S(35, "nanosleep")
-_S(36, "getitimer")
-_S(37, "alarm")
-_S(38, "setitimer")
-_S(39, "getpid")
-_S(40, "sendfile")
-_S(41, "socket")
-_S(42, "connect")
-_S(43, "accept")
-_S(44, "sendto")
-_S(45, "recvfrom")
-_S(46, "sendmsg")
-_S(47, "recvmsg")
-_S(48, "shutdown")
-_S(49, "bind")
-_S(50, "listen")
-_S(51, "getsockname")
-_S(52, "getpeername")
-_S(53, "socketpair")
-_S(54, "setsockopt")
-_S(55, "getsockopt")
-_S(56, "clone")
-_S(57, "fork")
-_S(58, "vfork")
-_S(59, "execve")
-_S(60, "exit")
-_S(61, "wait4")
-_S(62, "kill")
-_S(63, "uname")
-_S(64, "semget")
-_S(65, "semop")
-_S(66, "semctl")
-_S(67, "shmdt")
-_S(68, "msgget")
-_S(69, "msgsnd")
-_S(70, "msgrcv")
-_S(71, "msgctl")
-_S(72, "fcntl")
-_S(73, "flock")
-_S(74, "fsync")
-_S(75, "fdatasync")
-_S(76, "truncate")
-_S(77, "ftruncate")
-_S(78, "getdents")
-_S(79, "getcwd")
-_S(80, "chdir")
-_S(81, "fchdir")
-_S(82, "rename")
-_S(83, "mkdir")
-_S(84, "rmdir")
-_S(85, "creat")
-_S(86, "link")
-_S(87, "unlink")
-_S(88, "symlink")
-_S(89, "readlink")
-_S(90, "chmod")
-_S(91, "fchmod")
-_S(92, "chown")
-_S(93, "fchown")
-_S(94, "lchown")
-_S(95, "umask")
-_S(96, "gettimeofday")
-_S(97, "getrlimit")
-_S(98, "getrusage")
-_S(99, "sysinfo")
-_S(100, "times")
-_S(101, "ptrace")
-_S(102, "getuid")
-_S(103, "syslog")
-_S(104, "getgid")
-_S(105, "setuid")
-_S(106, "setgid")
-_S(107, "geteuid")
-_S(108, "getegid")
-_S(109, "setpgid")
-_S(110, "getppid")
-_S(111, "getpgrp")
-_S(112, "setsid")
-_S(113, "setreuid")
-_S(114, "setregid")
-_S(115, "getgroups")
-_S(116, "setgroups")
-_S(117, "setresuid")
-_S(118, "getresuid")
-_S(119, "setresgid")
-_S(120, "getresgid")
-_S(121, "getpgid")
-_S(122, "setfsuid")
-_S(123, "setfsgid")
-_S(124, "getsid")
-_S(125, "capget")
-_S(126, "capset")
-_S(127, "rt_sigpending")
-_S(128, "rt_sigtimedwait")
-_S(129, "rt_sigqueueinfo")
-_S(130, "rt_sigsuspend")
-_S(131, "sigaltstack")
-_S(132, "utime")
-_S(133, "mknod")
-_S(134, "uselib")
-_S(135, "personality")
-_S(136, "ustat")
-_S(137, "statfs")
-_S(138, "fstatfs")
-_S(139, "sysfs")
-_S(140, "getpriority")
-_S(141, "setpriority")
-_S(142, "sched_setparam")
-_S(143, "sched_getparam")
-_S(144, "sched_setscheduler")
-_S(145, "sched_getscheduler")
-_S(146, "sched_get_priority_max")
-_S(147, "sched_get_priority_min")
-_S(148, "sched_rr_get_interval")
-_S(149, "mlock")
-_S(150, "munlock")
-_S(151, "mlockall")
-_S(152, "munlockall")
-_S(153, "vhangup")
-_S(154, "modify_ldt")
-_S(155, "pivot_root")
-_S(156, "_sysctl")
-_S(157, "prctl")
-_S(158, "arch_prctl")
-_S(159, "adjtimex")
-_S(160, "setrlimit")
-_S(161, "chroot")
-_S(162, "sync")
-_S(163, "acct")
-_S(164, "settimeofday")
-_S(165, "mount")
-_S(166, "umount2")
-_S(167, "swapon")
-_S(168, "swapoff")
-_S(169, "reboot")
-_S(170, "sethostname")
-_S(171, "setdomainname")
-_S(172, "iopl")
-_S(173, "ioperm")
-_S(174, "create_module")
-_S(175, "init_module")
-_S(176, "delete_module")
-_S(177, "get_kernel_syms")
-_S(178, "query_module")
-_S(179, "quotactl")
-_S(180, "nfsservctl")
-_S(181, "getpmsg")
-_S(182, "putpmsg")
-_S(183, "afs_syscall")
-_S(184, "tuxcall")
-_S(185, "security")
-_S(186, "gettid")
-_S(187, "readahead")
-_S(188, "setxattr")
-_S(189, "lsetxattr")
-_S(190, "fsetxattr")
-_S(191, "getxattr")
-_S(192, "lgetxattr")
-_S(193, "fgetxattr")
-_S(194, "listxattr")
-_S(195, "llistxattr")
-_S(196, "flistxattr")
-_S(197, "removexattr")
-_S(198, "lremovexattr")
-_S(199, "fremovexattr")
-_S(200, "tkill")
-_S(201, "time")
-_S(202, "futex")
-_S(203, "sched_setaffinity")
-_S(204, "sched_getaffinity")
-_S(205, "set_thread_area")
-_S(206, "io_setup")
-_S(207, "io_destroy")
-_S(208, "io_getevents")
-_S(209, "io_submit")
-_S(210, "io_cancel")
-_S(211, "get_thread_area")
-_S(212, "lookup_dcookie")
-_S(213, "epoll_create")
-_S(214, "epoll_ctl_old")
-_S(215, "epoll_wait_old")
-_S(216, "remap_file_pages")
-_S(217, "getdents64")
-_S(218, "set_tid_address")
-_S(219, "restart_syscall")
-_S(220, "semtimedop")
-_S(221, "fadvise64")
-_S(222, "timer_create")
-_S(223, "timer_settime")
-_S(224, "timer_gettime")
-_S(225, "timer_getoverrun")
-_S(226, "timer_delete")
-_S(227, "clock_settime")
-_S(228, "clock_gettime")
-_S(229, "clock_getres")
-_S(230, "clock_nanosleep")
-_S(231, "exit_group")
-_S(232, "epoll_wait")
-_S(233, "epoll_ctl")
-_S(234, "tgkill")
-_S(235, "utimes")
-_S(236, "vserver")
-_S(237, "mbind")
-_S(238, "set_mempolicy")
-_S(239, "get_mempolicy")
-_S(240, "mq_open")
-_S(241, "mq_unlink")
-_S(242, "mq_timedsend")
-_S(243, "mq_timedreceive")
-_S(244, "mq_notify")
-_S(245, "mq_getsetattr")
-_S(246, "kexec_load")
-_S(247, "waitid")
-_S(248, "add_key")
-_S(249, "request_key")
-_S(250, "keyctl")
-_S(251, "ioprio_set")
-_S(252, "ioprio_get")
-_S(253, "inotify_init")
-_S(254, "inotify_add_watch")
-_S(255, "inotify_rm_watch")
-_S(256, "migrate_pages")
-_S(257, "openat")
-_S(258, "mkdirat")
-_S(259, "mknodat")
-_S(260, "fchownat")
-_S(261, "futimesat")
-_S(262, "newfstatat")
-_S(263, "unlinkat")
-_S(264, "renameat")
-_S(265, "linkat")
-_S(266, "symlinkat")
-_S(267, "readlinkat")
-_S(268, "fchmodat")
-_S(269, "faccessat")
-_S(270, "pselect6")
-_S(271, "ppoll")
-_S(272, "unshare")
-_S(273, "set_robust_list")
-_S(274, "get_robust_list")
-_S(275, "splice")
-_S(276, "tee")
-_S(277, "sync_file_range")
-_S(278, "vmsplice")
-_S(279, "move_pages")
-_S(280, "utimensat")
-_S(281, "epoll_pwait")
-_S(282, "signalfd")
-_S(283, "timerfd")
-_S(284, "eventfd")
-_S(285, "fallocate")
-_S(286, "timerfd_settime")
-_S(287, "timerfd_gettime")
-_S(288, "accept4")
-_S(289, "signalfd4")
-_S(290, "eventfd2")
-_S(291, "epoll_create1")
-_S(292, "dup3")
-_S(293, "pipe2")
-_S(294, "inotify_init1")
-_S(295, "preadv")
-_S(296, "pwritev")
-_S(297, "rt_tgsigqueueinfo")
-_S(298, "perf_event_open")
-_S(299, "recvmmsg")
-_S(300, "fanotify_init")
-_S(301, "fanotify_mark")
-_S(302, "prlimit64")
-_S(303, "name_to_handle_at")
-_S(304, "open_by_handle_at")
-_S(305, "clock_adjtime")
-_S(306, "syncfs")
-_S(307, "sendmmsg")
-_S(308, "setns")
-_S(309, "getcpu")
-_S(310, "process_vm_readv")
-_S(311, "process_vm_writev")
-_S(312, "kcmp")
-_S(313, "finit_module")
-_S(314, "sched_setattr")
-_S(315, "sched_getattr")
-_S(316, "renameat2")
-_S(317, "seccomp")
-_S(318, "getrandom")
-_S(319, "memfd_create")
-_S(320, "kexec_file_load")
-_S(321, "bpf")
-_S(322, "execveat")