1<?xml version="1.0" encoding="UTF-8" ?>
2
3<!--
4 Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
5 Use is subject to license terms.
6
7 CDDL HEADER START
8
9 The contents of this file are subject to the terms of the
10 Common Development and Distribution License (the "License").
11 You may not use this file except in compliance with the License.
12
13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14 or http://www.opensolaris.org/os/licensing.
15 See the License for the specific language governing permissions
16 and limitations under the License.
17
18 When distributing Covered Code, include this CDDL HEADER in each
19 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20 If applicable, add the following below this CDDL HEADER, with the
21 fields enclosed by brackets "[]" replaced with your own identifying
22 information: Portions Copyright [yyyy] [name of copyright owner]
23
24 CDDL HEADER END
25-->
26
27
28<!--Entity Definitions-->
29
30<!-- timeattr or iso8601
31
32timeattr:
33	the time/date to the second in strftime(3C) default format,
34	followed by milliseconds offset.
35
36	Example:	time="Mon May 06 12:10:18 2002" msec="750"
37
38iso8601:
39	ISO 8601 standard format date time and timezone;
40	YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with
41	milliseconds + or - offset from Universal Time (UTC, aka GMT)
42
43	Example:        iso8601="2003-09-17 16:47:41.831 -07:00"
44
45-->
46<!ENTITY % timeattr	"time		CDATA #IMPLIED
47			msec		CDATA #IMPLIED">
48
49<!ENTITY % iso8601	"iso8601	CDATA #IMPLIED">
50
51<!-- xinfo	Generic info for X related tokens.  -->
52<!ENTITY % xinfo	"xid		CDATA #REQUIRED
53			xcreator-uid	CDATA #REQUIRED">
54
55<!-- reserved_toks
56
57This represents the set of "reserved" tokens whose placement is
58fixed.
59
60-->
61<!ENTITY % reserved_toks	"(
62			file			|
63			record			|
64			host			|
65			sequence
66			)
67">
68
69<!-- normaltoks
70
71This represents the set of all tokens other than the "reserved"
72tokens.
73
74-->
75<!ENTITY % normaltoks	"(
76			acl			|
77			arbitrary		|
78			argument		|
79			attribute		|
80			cmd			|
81			exit			|
82			exec_args		|
83			exec_env		|
84			fmri			|
85			group			|
86			ip			|
87			ip_address		|
88			IPC			|
89			IPC_perm		|
90			ip_port			|
91			liaison			|
92			opaque			|
93			path			|
94			path_attr		|
95			privilege		|
96			process			|
97			return			|
98			sensitivity_label	|
99			old_socket		|
100			socket			|
101			subject			|
102			text			|
103			user			|
104			use_of_authorization	|
105			use_of_privilege	|
106			X_atom			|
107			X_client		|
108			X_color_map		|
109			X_cursor		|
110			X_font			|
111			X_graphic_context	|
112			X_pixmap		|
113			X_property		|
114			X_selection		|
115			X_window		|
116			zone
117			)
118">
119
120<!--Element Definitions-->
121
122<!--
123
124The main element, "audit", consists of a sequence of file & record tokens.
125
126-->
127<!ELEMENT audit (file | record)*>
128
129<!-- file token -->
130<!ELEMENT file		(#PCDATA)>
131<!ATTLIST file		%iso8601;>
132
133
134<!-- record token
135
136Audit records will have this general layout of tokens after the
137first token (which is the record token):
138	(tokens),subject,group,(tokens),return,sequence,host
139
140(all tokens after the record token are optional; the host token is unused.)
141
142-->
143<!ELEMENT record (
144		(%normaltoks;)*,
145		sequence?,
146		host?
147	)
148>
149<!ATTLIST record
150		version		CDATA #REQUIRED
151		event		CDATA #REQUIRED
152		modifier	CDATA #IMPLIED
153		host		CDATA #IMPLIED
154		%iso8601;
155>
156
157<!-- text token -->
158<!ELEMENT text		(#PCDATA)>
159
160<!-- user token -->
161<!ELEMENT user	EMPTY>
162<!ATTLIST user
163		uid		CDATA #REQUIRED
164		username	CDATA #REQUIRED
165>
166
167<!-- path token -->
168<!ELEMENT path		(#PCDATA)>
169
170<!-- path_attr token -->
171<!ELEMENT path_attr		(xattr*)>
172<!ELEMENT xattr			(#PCDATA)>
173
174<!-- host token -->
175<!ELEMENT host		(#PCDATA)>
176
177<!-- subject token -->
178<!ELEMENT subject	EMPTY>
179<!ATTLIST subject
180		audit-uid	CDATA #REQUIRED
181		uid		CDATA #REQUIRED
182		gid		CDATA #REQUIRED
183		ruid		CDATA #REQUIRED
184		rgid		CDATA #REQUIRED
185		pid		CDATA #REQUIRED
186		sid		CDATA #REQUIRED
187		tid		CDATA #REQUIRED
188>
189
190<!-- process token -->
191<!ELEMENT process	EMPTY>
192<!ATTLIST process
193		audit-uid	CDATA #REQUIRED
194		uid		CDATA #REQUIRED
195		gid		CDATA #REQUIRED
196		ruid		CDATA #REQUIRED
197		rgid		CDATA #REQUIRED
198		pid		CDATA #REQUIRED
199		sid		CDATA #REQUIRED
200		tid		CDATA #REQUIRED
201>
202
203<!-- return token -->
204<!ELEMENT return		EMPTY>
205<!ATTLIST return
206		errval		CDATA #REQUIRED
207		retval		CDATA #REQUIRED
208>
209
210<!-- exit token -->
211<!ELEMENT exit			EMPTY>
212<!ATTLIST exit
213		errval		CDATA #REQUIRED
214		retval		CDATA #REQUIRED
215>
216
217<!-- sequence token -->
218<!ELEMENT sequence		EMPTY>
219<!ATTLIST sequence
220		seq-num		CDATA #REQUIRED
221>
222
223<!-- fmri token -->
224<!ELEMENT fmri			(#PCDATA)>
225
226<!-- group token -->
227<!ELEMENT group			(gid)*>
228<!ELEMENT gid			(#PCDATA)>
229
230<!-- opaque token -->
231<!ELEMENT opaque		(#PCDATA)>
232
233<!-- liaison token -->
234<!-- (NOTE: liaison is obsolete and is no longer generated -->
235<!ELEMENT liaison		(#PCDATA)>
236
237<!-- argument token -->
238<!ELEMENT argument		EMPTY>
239<!ATTLIST argument
240		arg-num		CDATA #REQUIRED
241		value		CDATA #REQUIRED
242		desc		CDATA #REQUIRED
243>
244
245<!-- attribute token -->
246<!ELEMENT attribute		EMPTY>
247<!ATTLIST attribute
248		mode		CDATA #REQUIRED
249		uid		CDATA #REQUIRED
250		gid		CDATA #REQUIRED
251		fsid		CDATA #REQUIRED
252		nodeid		CDATA #REQUIRED
253		device		CDATA #REQUIRED
254>
255
256<!-- cmd token -->
257<!ELEMENT cmd			(argv*, arge*)>
258<!ELEMENT argv			(#PCDATA)>
259<!ELEMENT arge			(#PCDATA)>
260
261<!-- exec_args token -->
262<!ELEMENT exec_args		(arg*)>
263<!ELEMENT arg			(#PCDATA)>
264
265<!-- exec_env token -->
266<!ELEMENT exec_env		(env*)>
267<!ELEMENT env			(#PCDATA)>
268
269<!-- arbitrary token -->
270<!ELEMENT arbitrary		(#PCDATA)>
271<!ATTLIST arbitrary
272		print		CDATA #REQUIRED
273		type		CDATA #REQUIRED
274		count		CDATA #REQUIRED
275>
276
277<!-- privilege token -->
278<!ELEMENT privilege		(#PCDATA)>
279<!ATTLIST privilege
280		set-type	CDATA #REQUIRED
281>
282
283<!-- secflags token -->
284<!ELEMENT secflags		(#PCDATA)>
285<!ATTLIST secflags
286		set-type	CDATA #REQUIRED
287>
288
289
290<!-- use_of_privilege token -->
291<!ELEMENT use_of_privilege	(#PCDATA)>
292<!ATTLIST use_of_privilege
293		result		CDATA #REQUIRED
294>
295
296<!-- sensitivity_label token -->
297<!ELEMENT sensitivity_label	(#PCDATA)>
298
299<!-- use_of_authorization token -->
300<!ELEMENT use_of_authorization	(#PCDATA)>
301
302<!-- IPC token -->
303<!ELEMENT IPC			EMPTY>
304<!ATTLIST IPC
305		ipc-type	CDATA #REQUIRED
306		ipc-id		CDATA #REQUIRED
307>
308
309<!-- IPC_perm token -->
310<!ELEMENT IPC_perm		EMPTY>
311<!ATTLIST IPC_perm
312		uid		CDATA #REQUIRED
313		gid		CDATA #REQUIRED
314		creator-uid	CDATA #REQUIRED
315		creator-gid	CDATA #REQUIRED
316		mode		CDATA #REQUIRED
317		seq		CDATA #REQUIRED
318		key		CDATA #REQUIRED
319>
320
321<!-- ip_address token -->
322<!ELEMENT ip_address		(#PCDATA)>
323
324<!-- ip_port token -->
325<!-- (NOTE: ip_port is obsolete and is no longer generated -->
326<!ELEMENT ip_port		(#PCDATA)>
327
328<!-- ip token -->
329<!-- (NOTE: ip is obsolete and is no longer generated -->
330<!ELEMENT ip			EMPTY>
331<!ATTLIST ip
332		version		CDATA #REQUIRED
333		service_type	CDATA #REQUIRED
334		len		CDATA #REQUIRED
335		id		CDATA #REQUIRED
336		offset		CDATA #REQUIRED
337		time_to_live	CDATA #REQUIRED
338		protocol	CDATA #REQUIRED
339		cksum		CDATA #REQUIRED
340		src_addr	CDATA #REQUIRED
341		dest_addr	CDATA #REQUIRED
342>
343
344<!-- old_socket token -->
345<!ELEMENT old_socket		EMPTY>
346<!ATTLIST old_socket
347		type		CDATA #REQUIRED
348		port		CDATA #REQUIRED
349		addr		CDATA #REQUIRED
350>
351
352<!-- socket token -->
353<!ELEMENT socket		EMPTY>
354<!ATTLIST socket
355		sock_domain	CDATA #REQUIRED
356		sock_type	CDATA #REQUIRED
357		lport		CDATA #REQUIRED
358		laddr		CDATA #REQUIRED
359		fport		CDATA #REQUIRED
360		faddr		CDATA #REQUIRED
361>
362
363<!-- acl token -->
364<!ELEMENT acl			EMPTY>
365<!ATTLIST acl
366		type		CDATA #IMPLIED
367		value		CDATA #IMPLIED
368		mode		CDATA #IMPLIED
369		flags		CDATA #IMPLIED
370		id		CDATA #IMPLIED
371		access_mask	CDATA #IMPLIED
372>
373
374<!-- tid token -->
375<!-- future intent: contain one of ipadr | MTUadr | device -->
376<!ELEMENT tid			(ipadr*)>
377<!ATTLIST tid
378		type		CDATA #REQUIRED
379>
380
381<!-- ipadr content of tid token -->
382<!ELEMENT ipadr			EMPTY>
383<!ATTLIST ipadr
384		local-port	CDATA #REQUIRED
385		remote-port	CDATA #REQUIRED
386		host		CDATA #REQUIRED
387>
388
389<!-- X_atom token -->
390<!ELEMENT X_atom		(#PCDATA)>
391
392<!-- X_color_map token -->
393<!ELEMENT X_color_map		EMPTY>
394<!ATTLIST X_color_map		%xinfo;>
395
396<!-- X_cursor token -->
397<!ELEMENT X_cursor		EMPTY>
398<!ATTLIST X_cursor		%xinfo;>
399
400<!-- X_font token -->
401<!ELEMENT X_font		EMPTY>
402<!ATTLIST X_font		%xinfo;>
403
404<!-- X_graphic_context token -->
405<!ELEMENT X_graphic_context	EMPTY>
406<!ATTLIST X_graphic_context	%xinfo;>
407
408<!-- X_pixmap token -->
409<!ELEMENT X_pixmap		EMPTY>
410<!ATTLIST X_pixmap		%xinfo;>
411
412<!-- X_window token -->
413<!ELEMENT X_window		EMPTY>
414<!ATTLIST X_window		%xinfo;>
415
416<!-- X_property token -->
417<!ELEMENT X_property		(#PCDATA)>
418<!ATTLIST X_property		%xinfo;>
419
420<!-- X_client token -->
421<!ELEMENT X_client		(#PCDATA)>
422
423<!-- X_selection token -->
424<!ELEMENT X_selection		(xsel_text, xsel_type, xsel_data)>
425<!ELEMENT x_sel_text		(#PCDATA)>
426<!ELEMENT x_sel_type		(#PCDATA)>
427<!ELEMENT x_sel_data		(#PCDATA)>
428
429<!-- zonename token -->
430<!ELEMENT zone			EMPTY>
431<!ATTLIST zone
432		name		CDATA #REQUIRED
433>
434