1<?xml version="1.0" encoding="UTF-8" ?>
2
3<!--
4 Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
5 Use is subject to license terms.
6
7 CDDL HEADER START
8
9 The contents of this file are subject to the terms of the
10 Common Development and Distribution License (the "License").
11 You may not use this file except in compliance with the License.
12
13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14 or http://www.opensolaris.org/os/licensing.
15 See the License for the specific language governing permissions
16 and limitations under the License.
17
18 When distributing Covered Code, include this CDDL HEADER in each
19 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20 If applicable, add the following below this CDDL HEADER, with the
21 fields enclosed by brackets "[]" replaced with your own identifying
22 information: Portions Copyright [yyyy] [name of copyright owner]
23
24 CDDL HEADER END
25-->
26
27
28<!--Entity Definitions-->
29
30<!-- timeattr or iso8601
31
32timeattr:
33	the time/date to the second in strftime(3C) default format,
34	followed by milliseconds offset.
35
36	Example:	time="Mon May 06 12:10:18 2002" msec="750"
37
38iso8601:
39	ISO 8601 standard format date time and timezone;
40	YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with
41	milliseconds + or - offset from Universal Time (UTC, aka GMT)
42
43	Example:        iso8601="2003-09-17 16:47:41.831 -07:00"
44
45-->
46<!ENTITY % timeattr	"time		CDATA #IMPLIED
47			msec		CDATA #IMPLIED">
48
49<!ENTITY % iso8601	"iso8601	CDATA #IMPLIED">
50
51<!-- xinfo	Generic info for X related tokens.  -->
52<!ENTITY % xinfo	"xid		CDATA #REQUIRED
53			xcreator-uid	CDATA #REQUIRED">
54
55<!-- reserved_toks
56
57This represents the set of "reserved" tokens whose placement is
58fixed.
59
60-->
61<!ENTITY % reserved_toks	"(
62			file			|
63			record			|
64			host			|
65			sequence
66			)
67">
68
69<!-- normaltoks
70
71This represents the set of all tokens other than the "reserved"
72tokens.
73
74-->
75<!ENTITY % normaltoks	"(
76			acl			|
77			arbitrary		|
78			argument		|
79			attribute		|
80			cmd			|
81			exit			|
82			exec_args		|
83			exec_env		|
84			fmri			|
85			group			|
86			ip			|
87			ip_address		|
88			IPC			|
89			IPC_perm		|
90			ip_port			|
91			liaison			|
92			opaque			|
93			path			|
94			path_attr		|
95			privilege		|
96			process			|
97			return			|
98			sensitivity_label	|
99			old_socket		|
100			socket			|
101			subject			|
102			text			|
103			user			|
104			use_of_authorization	|
105			use_of_privilege	|
106			X_atom			|
107			X_client		|
108			X_color_map		|
109			X_cursor		|
110			X_font			|
111			X_graphic_context	|
112			X_pixmap		|
113			X_property		|
114			X_selection		|
115			X_window		|
116			zone
117			)
118">
119
120<!--Element Definitions-->
121
122<!--
123
124The main element, "audit", consists of a sequence of file & record tokens.
125
126-->
127<!ELEMENT audit (file | record)*>
128
129<!-- file token -->
130<!ELEMENT file		(#PCDATA)>
131<!ATTLIST file		%iso8601;>
132
133
134<!-- record token
135
136Audit records will have this general layout of tokens after the
137first token (which is the record token):
138	(tokens),subject,group,(tokens),return,sequence,host
139
140(all tokens after the record token are optional; the host token is unused.)
141
142-->
143<!ELEMENT record (
144		(%normaltoks;)*,
145		sequence?,
146		host?
147	)
148>
149<!ATTLIST record
150		version		CDATA #REQUIRED
151		event		CDATA #REQUIRED
152		modifier	CDATA #IMPLIED
153		host		CDATA #IMPLIED
154		%iso8601;
155>
156
157<!-- text token -->
158<!ELEMENT text		(#PCDATA)>
159
160<!-- user token -->
161<!ELEMENT user	EMPTY>
162<!ATTLIST user
163		uid		CDATA #REQUIRED
164		username	CDATA #REQUIRED
165>
166
167<!-- path token -->
168<!ELEMENT path		(#PCDATA)>
169
170<!-- path_attr token -->
171<!ELEMENT path_attr		(xattr*)>
172<!ELEMENT xattr			(#PCDATA)>
173
174<!-- host token -->
175<!ELEMENT host		(#PCDATA)>
176
177<!-- subject token -->
178<!ELEMENT subject	EMPTY>
179<!ATTLIST subject
180		audit-uid	CDATA #REQUIRED
181		uid		CDATA #REQUIRED
182		gid		CDATA #REQUIRED
183		ruid		CDATA #REQUIRED
184		rgid		CDATA #REQUIRED
185		pid		CDATA #REQUIRED
186		sid		CDATA #REQUIRED
187		tid		CDATA #REQUIRED
188>
189
190<!-- process token -->
191<!ELEMENT process	EMPTY>
192<!ATTLIST process
193		audit-uid	CDATA #REQUIRED
194		uid		CDATA #REQUIRED
195		gid		CDATA #REQUIRED
196		ruid		CDATA #REQUIRED
197		rgid		CDATA #REQUIRED
198		pid		CDATA #REQUIRED
199		sid		CDATA #REQUIRED
200		tid		CDATA #REQUIRED
201>
202
203<!-- return token -->
204<!ELEMENT return		EMPTY>
205<!ATTLIST return
206		errval		CDATA #REQUIRED
207		retval		CDATA #REQUIRED
208>
209
210<!-- exit token -->
211<!ELEMENT exit			EMPTY>
212<!ATTLIST exit
213		errval		CDATA #REQUIRED
214		retval		CDATA #REQUIRED
215>
216
217<!-- sequence token -->
218<!ELEMENT sequence		EMPTY>
219<!ATTLIST sequence
220		seq-num		CDATA #REQUIRED
221>
222
223<!-- fmri token -->
224<!ELEMENT fmri			(#PCDATA)>
225
226<!-- group token -->
227<!ELEMENT group			(gid)*>
228<!ELEMENT gid			(#PCDATA)>
229
230<!-- opaque token -->
231<!ELEMENT opaque		(#PCDATA)>
232
233<!-- liaison token -->
234<!-- (NOTE: liaison is obsolete and is no longer generated -->
235<!ELEMENT liaison		(#PCDATA)>
236
237<!-- argument token -->
238<!ELEMENT argument		EMPTY>
239<!ATTLIST argument
240		arg-num		CDATA #REQUIRED
241		value		CDATA #REQUIRED
242		desc		CDATA #REQUIRED
243>
244
245<!-- attribute token -->
246<!ELEMENT attribute		EMPTY>
247<!ATTLIST attribute
248		mode		CDATA #REQUIRED
249		uid		CDATA #REQUIRED
250		gid		CDATA #REQUIRED
251		fsid		CDATA #REQUIRED
252		nodeid		CDATA #REQUIRED
253		device		CDATA #REQUIRED
254>
255
256<!-- cmd token -->
257<!ELEMENT cmd			(argv*, arge*)>
258<!ELEMENT argv			(#PCDATA)>
259<!ELEMENT arge			(#PCDATA)>
260
261<!-- exec_args token -->
262<!ELEMENT exec_args		(arg*)>
263<!ELEMENT arg			(#PCDATA)>
264
265<!-- exec_env token -->
266<!ELEMENT exec_env		(env*)>
267<!ELEMENT env			(#PCDATA)>
268
269<!-- arbitrary token -->
270<!ELEMENT arbitrary		(#PCDATA)>
271<!ATTLIST arbitrary
272		print		CDATA #REQUIRED
273		type		CDATA #REQUIRED
274		count		CDATA #REQUIRED
275>
276
277<!-- privilege token -->
278<!ELEMENT privilege		(#PCDATA)>
279<!ATTLIST privilege
280		set-type	CDATA #REQUIRED
281>
282
283<!-- use_of_privilege token -->
284<!ELEMENT use_of_privilege	(#PCDATA)>
285<!ATTLIST use_of_privilege
286		result		CDATA #REQUIRED
287>
288
289<!-- sensitivity_label token -->
290<!ELEMENT sensitivity_label	(#PCDATA)>
291
292<!-- use_of_authorization token -->
293<!ELEMENT use_of_authorization	(#PCDATA)>
294
295<!-- IPC token -->
296<!ELEMENT IPC			EMPTY>
297<!ATTLIST IPC
298		ipc-type	CDATA #REQUIRED
299		ipc-id		CDATA #REQUIRED
300>
301
302<!-- IPC_perm token -->
303<!ELEMENT IPC_perm		EMPTY>
304<!ATTLIST IPC_perm
305		uid		CDATA #REQUIRED
306		gid		CDATA #REQUIRED
307		creator-uid	CDATA #REQUIRED
308		creator-gid	CDATA #REQUIRED
309		mode		CDATA #REQUIRED
310		seq		CDATA #REQUIRED
311		key		CDATA #REQUIRED
312>
313
314<!-- ip_address token -->
315<!ELEMENT ip_address		(#PCDATA)>
316
317<!-- ip_port token -->
318<!-- (NOTE: ip_port is obsolete and is no longer generated -->
319<!ELEMENT ip_port		(#PCDATA)>
320
321<!-- ip token -->
322<!-- (NOTE: ip is obsolete and is no longer generated -->
323<!ELEMENT ip			EMPTY>
324<!ATTLIST ip
325		version		CDATA #REQUIRED
326		service_type	CDATA #REQUIRED
327		len		CDATA #REQUIRED
328		id		CDATA #REQUIRED
329		offset		CDATA #REQUIRED
330		time_to_live	CDATA #REQUIRED
331		protocol	CDATA #REQUIRED
332		cksum		CDATA #REQUIRED
333		src_addr	CDATA #REQUIRED
334		dest_addr	CDATA #REQUIRED
335>
336
337<!-- old_socket token -->
338<!ELEMENT old_socket		EMPTY>
339<!ATTLIST old_socket
340		type		CDATA #REQUIRED
341		port		CDATA #REQUIRED
342		addr		CDATA #REQUIRED
343>
344
345<!-- socket token -->
346<!ELEMENT socket		EMPTY>
347<!ATTLIST socket
348		sock_domain	CDATA #REQUIRED
349		sock_type	CDATA #REQUIRED
350		lport		CDATA #REQUIRED
351		laddr		CDATA #REQUIRED
352		fport		CDATA #REQUIRED
353		faddr		CDATA #REQUIRED
354>
355
356<!-- acl token -->
357<!ELEMENT acl			EMPTY>
358<!ATTLIST acl
359		type		CDATA #IMPLIED
360		value		CDATA #IMPLIED
361		mode		CDATA #IMPLIED
362		flags		CDATA #IMPLIED
363		id		CDATA #IMPLIED
364		access_mask	CDATA #IMPLIED
365>
366
367<!-- tid token -->
368<!-- future intent: contain one of ipadr | MTUadr | device -->
369<!ELEMENT tid			(ipadr*)>
370<!ATTLIST tid
371		type		CDATA #REQUIRED
372>
373
374<!-- ipadr content of tid token -->
375<!ELEMENT ipadr			EMPTY>
376<!ATTLIST ipadr
377		local-port	CDATA #REQUIRED
378		remote-port	CDATA #REQUIRED
379		host		CDATA #REQUIRED
380>
381
382<!-- X_atom token -->
383<!ELEMENT X_atom		(#PCDATA)>
384
385<!-- X_color_map token -->
386<!ELEMENT X_color_map		EMPTY>
387<!ATTLIST X_color_map		%xinfo;>
388
389<!-- X_cursor token -->
390<!ELEMENT X_cursor		EMPTY>
391<!ATTLIST X_cursor		%xinfo;>
392
393<!-- X_font token -->
394<!ELEMENT X_font		EMPTY>
395<!ATTLIST X_font		%xinfo;>
396
397<!-- X_graphic_context token -->
398<!ELEMENT X_graphic_context	EMPTY>
399<!ATTLIST X_graphic_context	%xinfo;>
400
401<!-- X_pixmap token -->
402<!ELEMENT X_pixmap		EMPTY>
403<!ATTLIST X_pixmap		%xinfo;>
404
405<!-- X_window token -->
406<!ELEMENT X_window		EMPTY>
407<!ATTLIST X_window		%xinfo;>
408
409<!-- X_property token -->
410<!ELEMENT X_property		(#PCDATA)>
411<!ATTLIST X_property		%xinfo;>
412
413<!-- X_client token -->
414<!ELEMENT X_client		(#PCDATA)>
415
416<!-- X_selection token -->
417<!ELEMENT X_selection		(xsel_text, xsel_type, xsel_data)>
418<!ELEMENT x_sel_text		(#PCDATA)>
419<!ELEMENT x_sel_type		(#PCDATA)>
420<!ELEMENT x_sel_data		(#PCDATA)>
421
422<!-- zonename token -->
423<!ELEMENT zone			EMPTY>
424<!ATTLIST zone
425		name		CDATA #REQUIRED
426>
427