From df5afa4fcd9725380f94ca6476248d4cc24f889a Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Sun, 29 Nov 2015 08:22:13 -0800 Subject: v2.4.4 audit sources Change-Id: I9315a7408817db51edf084fb4d27fbb492785084 Signed-off-by: Ashlee Young --- framework/src/audit/auparse/auparse-idata.h | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 framework/src/audit/auparse/auparse-idata.h (limited to 'framework/src/audit/auparse/auparse-idata.h') diff --git a/framework/src/audit/auparse/auparse-idata.h b/framework/src/audit/auparse/auparse-idata.h new file mode 100644 index 00000000..d1995538 --- /dev/null +++ b/framework/src/audit/auparse/auparse-idata.h @@ -0,0 +1,49 @@ +/* +* idata.h - Header file for ausearch-lookup.c +* Copyright (c) 2013 Red Hat Inc., Durham, North Carolina. +* All Rights Reserved. +* +* This library is free software; you can redistribute it and/or +* modify it under the terms of the GNU Lesser General Public +* License as published by the Free Software Foundation; either +* version 2.1 of the License, or (at your option) any later version. +* +* This library is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this library; if not, write to the Free Software +* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +* +* Authors: +* Steve Grubb +*/ + +#ifndef IDATA_HEADER +#define IDATA_HEADER + +#include "config.h" +#include "dso.h" +#include "auparse-defs.h" + +typedef struct _idata { + unsigned int machine; // The machine type for the event + int syscall; // The syscall for the event + unsigned long long a0; // arg 0 to the syscall + unsigned long long a1; // arg 1 to the syscall + const char *name; // name of field being interpretted + const char *val; // value of field being interpretted +} idata; + +int auparse_interp_adjust_type(int rtype, const char *name, const char *val); +const char *auparse_do_interpretation(int type, const idata *id); +int set_escape_mode(auparse_esc_t mode); + +hidden_proto(auparse_interp_adjust_type) +hidden_proto(auparse_do_interpretation) +hidden_proto(set_escape_mode) + +#endif + -- cgit 1.2.3-korg