seaudit_avc_message Struct Reference

#include <seaudit_internal.h>

List of all members.

Detailed Description

Definition of an avc message.

Note that unless stated otherwise, character pointers are into the message's log's respective BST.

Definition at line 168 of file seaudit_internal.h.


Public Attributes
seaudit_avc_message_type_e	msg
seaudit_avc_message_class_e	avc_type
	type of avc message this is, either a deny or a granted (i.e., auditallow)
char *	exe
	executable and path - free() this
char *	comm
	command - free() this
char *	path
	path of the OBJECT - free() this
char *	dev
	device for the object - free() this
char *	netif
	network interface - free() this
char *	laddr
	local address - free() this
char *	faddr
	foreign address - free() this
char *	saddr
	source address - free() this
char *	daddr
	destination address - free() this
char *	name
	free() this
char *	ipaddr
	free() this
char *	suser
	source context's user
char *	srole
	source context's role
char *	stype
	source context's type
char *	tuser
	target context's user
char *	trole
	target context's role
char *	ttype
	target context's type
char *	tclass
	target class
time_t	tm_stmp_sec
	audit header timestamp (seconds)
long	tm_stmp_nano
	audit header timestamp (nanoseconds)
unsigned int	serial
	audit header serial number
apol_vector_t *	perms
	pointers into log->perms BST (hence char *)
int	key
	key for an IPC call
int	is_key
int	capability
	process capability (corresponds with class 'capability')
int	is_capability
unsigned long	inode
	inode of the object
int	is_inode
int	source
	source port
int	dest
	destination port
int	lport
	local port
int	fport
	foreign port
int	port
unsigned int	src_sid
	source sid
int	is_src_sid
unsigned int	tgt_sid
	target sid
int	is_tgt_sid
unsigned int	pid
	process ID of the subject
int	is_pid

Member Data Documentation

seaudit_avc_message_type_e seaudit_avc_message::msg

Definition at line 170 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_access_type(), filter_avc_msg_type_accept(), model_recalc_stats(), report_print_avc_listing(), report_print_enforce_toggles(), seaudit_avc_message_get_message_type(), and sort_message_type_comp().

seaudit_avc_message_class_e seaudit_avc_message::avc_type

type of avc message this is, either a deny or a granted (i.e., auditallow)

Definition at line 173 of file seaudit_internal.h.

Referenced by avc_msg_insert_additional_field_data().

char* seaudit_avc_message::exe

executable and path - free() this

Definition at line 175 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), filter_exe_accept(), filter_exe_support(), seaudit_avc_message_get_exe(), sort_executable_comp(), and sort_executable_support().

char* seaudit_avc_message::comm

command - free() this

Definition at line 177 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), filter_comm_accept(), filter_comm_support(), seaudit_avc_message_get_comm(), sort_command_comp(), and sort_command_support().

char* seaudit_avc_message::path

path of the OBJECT - free() this

Definition at line 179 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), avc_msg_reformat_path(), filter_path_accept(), filter_path_support(), seaudit_avc_message_get_path(), sort_path_comp(), and sort_path_support().

char* seaudit_avc_message::dev

device for the object - free() this

Definition at line 181 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), seaudit_avc_message_get_dev(), sort_device_comp(), and sort_device_support().

char* seaudit_avc_message::netif

network interface - free() this

Definition at line 183 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_netif_accept(), filter_netif_support(), and seaudit_avc_message_get_netif().

char* seaudit_avc_message::laddr

local address - free() this

Definition at line 185 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_anyaddr_accept(), filter_anyaddr_support(), filter_laddr_accept(), filter_laddr_support(), seaudit_avc_message_get_laddr(), sort_laddr_comp(), and sort_laddr_support().

char* seaudit_avc_message::faddr

foreign address - free() this

Definition at line 187 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_anyaddr_accept(), filter_anyaddr_support(), filter_faddr_accept(), filter_faddr_support(), seaudit_avc_message_get_faddr(), sort_faddr_comp(), and sort_faddr_support().

char* seaudit_avc_message::saddr

source address - free() this

Definition at line 189 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_anyaddr_accept(), filter_anyaddr_support(), filter_saddr_accept(), filter_saddr_support(), seaudit_avc_message_get_saddr(), sort_saddr_comp(), and sort_saddr_support().

char* seaudit_avc_message::daddr

destination address - free() this

Definition at line 191 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_anyaddr_accept(), filter_anyaddr_support(), filter_daddr_accept(), filter_daddr_support(), seaudit_avc_message_get_daddr(), sort_daddr_comp(), and sort_daddr_support().

char* seaudit_avc_message::name

free() this

Definition at line 193 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), seaudit_avc_message_get_name(), sort_name_comp(), and sort_name_support().

char* seaudit_avc_message::ipaddr

free() this

Definition at line 195 of file seaudit_internal.h.

Referenced by avc_message_free(), avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_anyaddr_accept(), and filter_anyaddr_support().

char* seaudit_avc_message::suser

source context's user

Definition at line 197 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), avc_msg_insert_scon(), filter_src_user_accept(), filter_src_user_support(), seaudit_avc_message_get_source_user(), sort_source_user_comp(), and sort_source_user_support().

char* seaudit_avc_message::srole

source context's role

Definition at line 199 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_scon(), filter_src_role_accept(), filter_src_role_support(), seaudit_avc_message_get_source_role(), sort_source_role_comp(), and sort_source_role_support().

char* seaudit_avc_message::stype

source context's type

Definition at line 201 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_scon(), filter_src_type_accept(), filter_src_type_support(), seaudit_avc_message_get_source_type(), sort_source_type_comp(), and sort_source_type_support().

char* seaudit_avc_message::tuser

target context's user

Definition at line 203 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), avc_msg_insert_tcon(), filter_tgt_user_accept(), filter_tgt_user_support(), seaudit_avc_message_get_target_user(), sort_target_user_comp(), and sort_target_user_support().

char* seaudit_avc_message::trole

target context's role

Definition at line 205 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_tcon(), filter_tgt_role_accept(), filter_tgt_role_support(), seaudit_avc_message_get_target_role(), sort_target_role_comp(), and sort_target_role_support().

char* seaudit_avc_message::ttype

target context's type

Definition at line 207 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_tcon(), filter_tgt_type_accept(), filter_tgt_type_support(), seaudit_avc_message_get_target_type(), sort_target_type_comp(), and sort_target_type_support().

char* seaudit_avc_message::tclass

target class

Definition at line 209 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), avc_msg_insert_tclass(), filter_tgt_class_accept(), filter_tgt_class_support(), seaudit_avc_message_get_object_class(), sort_object_class_comp(), and sort_object_class_support().

time_t seaudit_avc_message::tm_stmp_sec

audit header timestamp (seconds)

Definition at line 211 of file seaudit_internal.h.

Referenced by avc_message_to_misc_string(), avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_syscall_info(), and seaudit_avc_message_get_timestamp_nano().

long seaudit_avc_message::tm_stmp_nano

audit header timestamp (nanoseconds)

Definition at line 213 of file seaudit_internal.h.

Referenced by avc_message_to_misc_string(), avc_message_to_string(), avc_message_to_string_html(), and avc_msg_insert_syscall_info().

unsigned int seaudit_avc_message::serial

audit header serial number

Definition at line 215 of file seaudit_internal.h.

Referenced by avc_message_to_misc_string(), avc_message_to_string(), avc_message_to_string_html(), and avc_msg_insert_syscall_info().

apol_vector_t* seaudit_avc_message::perms

pointers into log->perms BST (hence char *)

Definition at line 217 of file seaudit_internal.h.

Referenced by avc_message_create(), avc_message_free(), avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_perms(), filter_perm_accept(), filter_perm_support(), report_print_enforce_toggles(), seaudit_avc_message_get_perm(), sort_perm_comp(), and sort_perm_support().

int seaudit_avc_message::key

key for an IPC call

Definition at line 219 of file seaudit_internal.h.

Referenced by avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_key_accept(), seaudit_avc_message_get_key(), and sort_key_comp().

int seaudit_avc_message::is_key

Definition at line 220 of file seaudit_internal.h.

Referenced by avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_key_support(), seaudit_avc_message_get_key(), and sort_key_support().

int seaudit_avc_message::capability

process capability (corresponds with class 'capability')

Definition at line 222 of file seaudit_internal.h.

Referenced by avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_cap_accept(), seaudit_avc_message_get_cap(), and sort_cap_comp().

int seaudit_avc_message::is_capability

Definition at line 223 of file seaudit_internal.h.

Referenced by avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_cap_support(), seaudit_avc_message_get_cap(), and sort_cap_support().

unsigned long seaudit_avc_message::inode

inode of the object

Definition at line 225 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), filter_inode_accept(), seaudit_avc_message_get_inode(), sort_inode_comp(), and sort_inode_support().

int seaudit_avc_message::is_inode

Definition at line 226 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), filter_inode_support(), and seaudit_avc_message_get_inode().

int seaudit_avc_message::source

source port

Definition at line 228 of file seaudit_internal.h.

Referenced by avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_anyport_accept(), filter_anyport_support(), filter_sport_accept(), filter_sport_support(), seaudit_avc_message_get_sport(), sort_sport_comp(), and sort_sport_support().

int seaudit_avc_message::dest

destination port

Definition at line 230 of file seaudit_internal.h.

Referenced by avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_anyport_accept(), filter_anyport_support(), filter_dport_accept(), filter_dport_support(), seaudit_avc_message_get_dport(), sort_dport_comp(), and sort_dport_support().

int seaudit_avc_message::lport

local port

Definition at line 232 of file seaudit_internal.h.

Referenced by avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_anyport_accept(), filter_anyport_support(), filter_lport_accept(), filter_lport_support(), seaudit_avc_message_get_lport(), sort_lport_comp(), and sort_lport_support().

int seaudit_avc_message::fport

foreign port

Definition at line 234 of file seaudit_internal.h.

Referenced by avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_anyport_accept(), filter_anyport_support(), filter_fport_accept(), filter_fport_support(), seaudit_avc_message_get_fport(), sort_fport_comp(), and sort_fport_support().

int seaudit_avc_message::port

Definition at line 235 of file seaudit_internal.h.

Referenced by avc_message_get_misc_string(), avc_msg_insert_additional_field_data(), filter_anyport_accept(), filter_anyport_support(), filter_port_accept(), filter_port_support(), seaudit_avc_message_get_port(), sort_port_comp(), and sort_port_support().

unsigned int seaudit_avc_message::src_sid

source sid

Definition at line 237 of file seaudit_internal.h.

Referenced by avc_msg_insert_additional_field_data().

int seaudit_avc_message::is_src_sid

Definition at line 238 of file seaudit_internal.h.

Referenced by avc_msg_insert_additional_field_data().

unsigned int seaudit_avc_message::tgt_sid

target sid

Definition at line 240 of file seaudit_internal.h.

Referenced by avc_msg_insert_additional_field_data().

int seaudit_avc_message::is_tgt_sid

Definition at line 241 of file seaudit_internal.h.

Referenced by avc_msg_insert_additional_field_data().

unsigned int seaudit_avc_message::pid

process ID of the subject

Definition at line 243 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), filter_pid_accept(), seaudit_avc_message_get_pid(), sort_pid_comp(), and sort_pid_support().

int seaudit_avc_message::is_pid

Definition at line 244 of file seaudit_internal.h.

Referenced by avc_message_to_string(), avc_message_to_string_html(), avc_msg_insert_additional_field_data(), filter_pid_support(), and seaudit_avc_message_get_pid().

The documentation for this struct was generated from the following file:

libseaudit/src/seaudit_internal.h