├── LICENSE
├── README.md
├── app
├── .gitignore
├── .idea
│ ├── caches
│ │ └── build_file_checksums.ser
│ ├── codeStyles
│ │ └── Project.xml
│ ├── gradle.xml
│ ├── misc.xml
│ ├── modules.xml
│ └── runConfigurations.xml
├── app
│ ├── .gitignore
│ ├── build.gradle
│ ├── proguard-rules.pro
│ └── src
│ │ ├── androidTest
│ │ └── java
│ │ │ └── org
│ │ │ └── nuii0
│ │ │ └── nuii0
│ │ │ └── androidforensik
│ │ │ └── ExampleInstrumentedTest.java
│ │ ├── main
│ │ ├── AndroidManifest.xml
│ │ ├── java
│ │ │ └── org
│ │ │ │ └── nuii0
│ │ │ │ └── nuii0
│ │ │ │ └── androidforensik
│ │ │ │ ├── AddAuditRuleDialog.java
│ │ │ │ ├── AuditRuleAdapter.java
│ │ │ │ ├── AuditRules
│ │ │ │ ├── AppStartStopRule.java
│ │ │ │ ├── AuditRule.java
│ │ │ │ ├── CameraActivity.java
│ │ │ │ ├── DirWatchRule.java
│ │ │ │ ├── EmptyRule.java
│ │ │ │ ├── ExecveRule.java
│ │ │ │ ├── FileWatchRule.java
│ │ │ │ ├── NetworkActivity.java
│ │ │ │ ├── SyscallRule.java
│ │ │ │ └── SystemCommandRule.java
│ │ │ │ ├── Ausearch
│ │ │ │ ├── AusearchEntry.java
│ │ │ │ └── Types
│ │ │ │ │ ├── Avc.java
│ │ │ │ │ ├── Config_change.java
│ │ │ │ │ ├── Cwd.java
│ │ │ │ │ ├── Eoe.java
│ │ │ │ │ ├── Execve.java
│ │ │ │ │ ├── Fd_pair.java
│ │ │ │ │ ├── Netfilter_cfg.java
│ │ │ │ │ ├── Path.java
│ │ │ │ │ ├── Sockaddr.java
│ │ │ │ │ ├── Socketcall.java
│ │ │ │ │ ├── Syscall.java
│ │ │ │ │ ├── Syscall_exe.java
│ │ │ │ │ ├── Syscall_exit.java
│ │ │ │ │ └── Type.java
│ │ │ │ ├── IndexedLinkedMap.java
│ │ │ │ ├── MainActivity.java
│ │ │ │ ├── Request.java
│ │ │ │ ├── RequestManager.java
│ │ │ │ ├── SOCKETSTATE.java
│ │ │ │ ├── SocketAlertPrompt.java
│ │ │ │ ├── SocketConnection.java
│ │ │ │ ├── SocketConnectionWatcher.java
│ │ │ │ ├── SocketOperations
│ │ │ │ ├── ID.java
│ │ │ │ ├── SocketRequests
│ │ │ │ │ ├── AuditRuleAddRequest.java
│ │ │ │ │ ├── AuditRuleDeleteRequest.java
│ │ │ │ │ ├── AuditRuleListRequest.java
│ │ │ │ │ ├── AusearchRequest.java
│ │ │ │ │ └── PingRequest.java
│ │ │ │ └── SocketResponses
│ │ │ │ │ ├── AuditRuleAddResponse.java
│ │ │ │ │ ├── AuditRuleDeleteResponse.java
│ │ │ │ │ ├── AuditRuleListResponse.java
│ │ │ │ │ ├── AusearchResponse.java
│ │ │ │ │ ├── PingResponse.java
│ │ │ │ │ └── Response.java
│ │ │ │ └── TypeAlertPrompt.java
│ │ └── res
│ │ │ ├── drawable-v24
│ │ │ └── ic_launcher_foreground.xml
│ │ │ ├── drawable
│ │ │ └── ic_launcher_background.xml
│ │ │ ├── layout
│ │ │ ├── activity_main.xml
│ │ │ ├── audit_rule_entry_element.xml
│ │ │ └── audit_rule_list_element.xml
│ │ │ ├── mipmap-anydpi-v26
│ │ │ ├── ic_launcher.xml
│ │ │ └── ic_launcher_round.xml
│ │ │ ├── mipmap-hdpi
│ │ │ ├── ic_launcher.png
│ │ │ └── ic_launcher_round.png
│ │ │ ├── mipmap-mdpi
│ │ │ ├── ic_launcher.png
│ │ │ └── ic_launcher_round.png
│ │ │ ├── mipmap-xhdpi
│ │ │ ├── ic_launcher.png
│ │ │ └── ic_launcher_round.png
│ │ │ ├── mipmap-xxhdpi
│ │ │ ├── ic_launcher.png
│ │ │ └── ic_launcher_round.png
│ │ │ ├── mipmap-xxxhdpi
│ │ │ ├── ic_launcher.png
│ │ │ └── ic_launcher_round.png
│ │ │ └── values
│ │ │ ├── colors.xml
│ │ │ ├── strings.xml
│ │ │ └── styles.xml
│ │ └── test
│ │ └── java
│ │ └── org
│ │ └── nuii0
│ │ └── nuii0
│ │ └── androidforensik
│ │ └── ExampleUnitTest.java
├── build.gradle
├── gradle.properties
├── gradle
│ └── wrapper
│ │ ├── gradle-wrapper.jar
│ │ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
└── settings.gradle
├── audit_system_components
├── .gitignore
├── Android.mk
├── Application.mk
├── build.sh
└── src
│ ├── audit-dispatch.c
│ ├── cjson
│ ├── cJSON.c
│ └── cJSON.h
│ ├── externalcommand.c
│ ├── externalcommand.h
│ ├── forensikmediator.c
│ ├── requesthandling.c
│ ├── requesthandling.h
│ ├── responses.c
│ ├── responses.h
│ ├── socketoperations.c
│ └── socketoperations.h
├── auditd_port
├── Android.mk
├── Application.mk
├── COPYING
├── audit.spec
├── auparse
│ ├── Makefile.am
│ ├── accesstab.h
│ ├── accesstabs.h
│ ├── auditd-config.c
│ ├── auparse-defs.h
│ ├── auparse-idata.h
│ ├── auparse.c
│ ├── auparse.h
│ ├── auparse.pc.in
│ ├── captab.h
│ ├── captabs.h
│ ├── clocktab.h
│ ├── clocktabs.h
│ ├── clone-flagtab.h
│ ├── clone-flagtabs.h
│ ├── data_buf.c
│ ├── data_buf.h
│ ├── ellist.c
│ ├── ellist.h
│ ├── epoll_ctl.h
│ ├── epoll_ctls.h
│ ├── expression-design.txt
│ ├── expression.c
│ ├── expression.h
│ ├── famtab.h
│ ├── famtabs.h
│ ├── fcntl-cmdtab.h
│ ├── fcntl-cmdtabs.h
│ ├── flagtab.h
│ ├── flagtabs.h
│ ├── icmptypetab.h
│ ├── icmptypetabs.h
│ ├── inethooktab.h
│ ├── inethooktabs.h
│ ├── internal.h
│ ├── interpret.c
│ ├── interpret.h
│ ├── ioctlreqtab.h
│ ├── ioctlreqtabs.h
│ ├── ip6optnametab.h
│ ├── ip6optnametabs.h
│ ├── ipccmdtab.h
│ ├── ipccmdtabs.h
│ ├── ipctab.h
│ ├── ipctabs.h
│ ├── ipoptnametab.h
│ ├── ipoptnametabs.h
│ ├── lru.c
│ ├── lru.h
│ ├── message.c
│ ├── mmaptab.h
│ ├── mmaptabs.h
│ ├── mounttab.h
│ ├── mounttabs.h
│ ├── netactiontab.h
│ ├── netactiontabs.h
│ ├── nfprototab.h
│ ├── nfprototabs.h
│ ├── normalize-internal.h
│ ├── normalize-llist.c
│ ├── normalize-llist.h
│ ├── normalize.c
│ ├── normalize_evtypetab.h
│ ├── normalize_evtypetabs.h
│ ├── normalize_obj_kind_map.h
│ ├── normalize_obj_kind_maps.h
│ ├── normalize_record_map.h
│ ├── normalize_record_maps.h
│ ├── normalize_syscall_map.h
│ ├── normalize_syscall_maps.h
│ ├── nvlist.c
│ ├── nvlist.h
│ ├── open-flagtab.h
│ ├── open-flagtabs.h
│ ├── persontab.h
│ ├── persontabs.h
│ ├── pktoptnametab.h
│ ├── pktoptnametabs.h
│ ├── prctl-opt-tab.h
│ ├── prctl_opttabs.h
│ ├── private.h
│ ├── prottab.h
│ ├── prottabs.h
│ ├── ptracetab.h
│ ├── ptracetabs.h
│ ├── recvtab.h
│ ├── recvtabs.h
│ ├── rlimittab.h
│ ├── rlimittabs.h
│ ├── rnode.h
│ ├── schedtab.h
│ ├── schedtabs.h
│ ├── seccomptab.h
│ ├── seccomptabs.h
│ ├── seektab.h
│ ├── seektabs.h
│ ├── shm_modetab.h
│ ├── shm_modetabs.h
│ ├── signaltab.h
│ ├── signaltabs.h
│ ├── sockleveltab.h
│ ├── sockleveltabs.h
│ ├── sockoptnametab.h
│ ├── sockoptnametabs.h
│ ├── socktab.h
│ ├── socktabs.h
│ ├── socktypetab.h
│ ├── socktypetabs.h
│ ├── tcpoptnametab.h
│ ├── tcpoptnametabs.h
│ ├── test
│ │ ├── Makefile.am
│ │ ├── auditd_raw.sed
│ │ ├── auparse_test.c
│ │ ├── auparse_test.py
│ │ ├── auparse_test.ref
│ │ ├── auparse_test.ref.py
│ │ ├── auparselol_test.c
│ │ ├── lookup_test.c
│ │ ├── test.log
│ │ ├── test2.log
│ │ └── test3.log
│ ├── tty_named_keys.h
│ ├── typetab.h
│ ├── typetabs.h
│ ├── umounttab.h
│ └── umounttabs.h
├── ausearch
│ ├── .gitignore
│ ├── Android.mk
│ ├── Application.mk
│ ├── accesstabs.h
│ ├── android.h
│ ├── auparse
│ │ ├── Makefile.am
│ │ ├── accesstab.h
│ │ ├── auditd-config.c
│ │ ├── auparse-defs.h
│ │ ├── auparse-idata.h
│ │ ├── auparse.c
│ │ ├── auparse.h
│ │ ├── auparse.pc.in
│ │ ├── captab.h
│ │ ├── captabs.h
│ │ ├── clocktab.h
│ │ ├── clone-flagtab.h
│ │ ├── data_buf.c
│ │ ├── data_buf.h
│ │ ├── ellist.c
│ │ ├── ellist.h
│ │ ├── epoll_ctl.h
│ │ ├── expression-design.txt
│ │ ├── expression.c
│ │ ├── expression.h
│ │ ├── famtab.h
│ │ ├── fcntl-cmdtab.h
│ │ ├── flagtab.h
│ │ ├── icmptypetab.h
│ │ ├── inethooktab.h
│ │ ├── internal.h
│ │ ├── interpret.c
│ │ ├── interpret.h
│ │ ├── ioctlreqtab.h
│ │ ├── ip6optnametab.h
│ │ ├── ipccmdtab.h
│ │ ├── ipctab.h
│ │ ├── ipoptnametab.h
│ │ ├── lru.c
│ │ ├── lru.h
│ │ ├── message.c
│ │ ├── mmaptab.h
│ │ ├── mounttab.h
│ │ ├── netactiontab.h
│ │ ├── nfprototab.h
│ │ ├── normalize-internal.h
│ │ ├── normalize-llist.c
│ │ ├── normalize-llist.h
│ │ ├── normalize.c
│ │ ├── normalize_evtypetab.h
│ │ ├── normalize_obj_kind_map.h
│ │ ├── normalize_obj_kind_maps.h
│ │ ├── normalize_record_map.h
│ │ ├── normalize_record_maps.h
│ │ ├── normalize_syscall_map.h
│ │ ├── normalize_syscall_maps.h
│ │ ├── nvlist.c
│ │ ├── nvlist.h
│ │ ├── open-flagtab.h
│ │ ├── persontab.h
│ │ ├── pktoptnametab.h
│ │ ├── prctl-opt-tab.h
│ │ ├── private.h
│ │ ├── prottab.h
│ │ ├── ptracetab.h
│ │ ├── recvtab.h
│ │ ├── rlimittab.h
│ │ ├── rnode.h
│ │ ├── schedtab.h
│ │ ├── seccomptab.h
│ │ ├── seektab.h
│ │ ├── shm_modetab.h
│ │ ├── signaltab.h
│ │ ├── sockleveltab.h
│ │ ├── sockoptnametab.h
│ │ ├── socktab.h
│ │ ├── socktypetab.h
│ │ ├── tcpoptnametab.h
│ │ ├── test
│ │ │ ├── Makefile.am
│ │ │ ├── auditd_raw.sed
│ │ │ ├── auparse_test.c
│ │ │ ├── auparse_test.py
│ │ │ ├── auparse_test.ref
│ │ │ ├── auparse_test.ref.py
│ │ │ ├── auparselol_test.c
│ │ │ ├── lookup_test.c
│ │ │ ├── test.log
│ │ │ ├── test2.log
│ │ │ └── test3.log
│ │ ├── tty_named_keys.h
│ │ ├── typetab.h
│ │ └── umounttab.h
│ ├── build.sh
│ ├── captabs.h
│ ├── clocktabs.h
│ ├── clone-flagtabs.h
│ ├── config.h
│ ├── epoll_ctls.h
│ ├── famtabs.h
│ ├── fcntl-cmdtabs.h
│ ├── flagtabs.h
│ ├── icmptypetabs.h
│ ├── inethooktabs.h
│ ├── ioctlreqtabs.h
│ ├── ip6optnametabs.h
│ ├── ipccmdtabs.h
│ ├── ipctabs.h
│ ├── ipoptnametabs.h
│ ├── kernel
│ │ └── linux
│ │ │ └── audit.h
│ ├── lib
│ │ ├── actiontabs.h
│ │ ├── armeb_table.h
│ │ ├── armeb_tables.h
│ │ ├── audit_logging.c
│ │ ├── deprecated.c
│ │ ├── dso.h
│ │ ├── errormsg.h
│ │ ├── errtabs.h
│ │ ├── fieldtab.h
│ │ ├── fieldtabs.h
│ │ ├── flagtabs.h
│ │ ├── ftypetabs.h
│ │ ├── gen_tables.h
│ │ ├── i386_tables.h
│ │ ├── ia64_tables.h
│ │ ├── libaudit.c
│ │ ├── libaudit.h
│ │ ├── lookup_table.c
│ │ ├── machinetab.h
│ │ ├── machinetabs.h
│ │ ├── message.c
│ │ ├── msg_typetab.h
│ │ ├── msg_typetabs.h
│ │ ├── netlink.c
│ │ ├── optabs.h
│ │ ├── ppc_tables.h
│ │ ├── private.h
│ │ ├── s390_tables.h
│ │ ├── s390x_tables.h
│ │ ├── strsplit.c
│ │ ├── unlocked-io.h
│ │ └── x86_64_tables.h
│ ├── libc.so
│ ├── libc
│ │ ├── stpcpy.c
│ │ ├── stpcpy.h
│ │ └── stpcpytest.c
│ ├── libcutils.so
│ ├── libev
│ │ ├── .deps
│ │ │ ├── ev.Po
│ │ │ └── event.Po
│ │ ├── Makefile
│ │ ├── Makefile.am
│ │ ├── Makefile.in
│ │ ├── README
│ │ ├── ev.c
│ │ ├── ev.h
│ │ ├── ev.o
│ │ ├── ev_epoll.c
│ │ ├── ev_poll.c
│ │ ├── ev_select.c
│ │ ├── ev_vars.h
│ │ ├── ev_wrap.h
│ │ ├── event.c
│ │ ├── event.h
│ │ ├── event.o
│ │ ├── libev.a
│ │ └── libev.m4
│ ├── libs
│ │ └── x86
│ │ │ ├── ausearch
│ │ │ ├── libcutils.so
│ │ │ └── liblog.so
│ ├── mmaptabs.h
│ ├── mounttabs.h
│ ├── netactiontabs.h
│ ├── nfprototabs.h
│ ├── normalize_evtypetabs.h
│ ├── open-flagtabs.h
│ ├── persontabs.h
│ ├── pktoptnametabs.h
│ ├── prctl_opttabs.h
│ ├── prottabs.h
│ ├── ptracetabs.h
│ ├── recvtabs.h
│ ├── rlimittabs.h
│ ├── schedtabs.h
│ ├── seccomptabs.h
│ ├── seektabs.h
│ ├── shm_modetabs.h
│ ├── signaltabs.h
│ ├── sockleveltabs.h
│ ├── sockoptnametabs.h
│ ├── socktabs.h
│ ├── socktypetabs.h
│ ├── src
│ │ ├── accesstab.h
│ │ ├── auditctl-llist.c
│ │ ├── auditctl-llist.h
│ │ ├── auditctl.c
│ │ ├── auditd-config.c
│ │ ├── auditd-config.h
│ │ ├── auditd-event.c
│ │ ├── auditd-event.h
│ │ ├── auditd-listen.c
│ │ ├── auditd-listen.h
│ │ ├── auditd-parse.c
│ │ ├── auditd-parse.h
│ │ ├── auditd-reconfig.c
│ │ ├── auditd-sendmail.c
│ │ ├── auditd.c
│ │ ├── ausearch-avc.c
│ │ ├── ausearch-avc.h
│ │ ├── ausearch-checkpt.c
│ │ ├── ausearch-checkpt.h
│ │ ├── ausearch-common.h
│ │ ├── ausearch-int.c
│ │ ├── ausearch-int.h
│ │ ├── ausearch-llist.c
│ │ ├── ausearch-llist.h
│ │ ├── ausearch-lol.c
│ │ ├── ausearch-lol.h
│ │ ├── ausearch-lookup.c
│ │ ├── ausearch-lookup.h
│ │ ├── ausearch-match.c
│ │ ├── ausearch-nvpair.c
│ │ ├── ausearch-nvpair.h
│ │ ├── ausearch-options.c
│ │ ├── ausearch-options.h
│ │ ├── ausearch-parse.c
│ │ ├── ausearch-parse.h
│ │ ├── ausearch-report.c
│ │ ├── ausearch-string.c
│ │ ├── ausearch-string.h
│ │ ├── ausearch-time.c
│ │ ├── ausearch-time.h
│ │ ├── ausearch.c
│ │ ├── delete_all.c
│ │ └── spadeLinuxAudit.c
│ ├── tcpoptnametabs.h
│ ├── typetabs.h
│ └── umounttabs.h
├── build.sh
├── config.h
├── lib
│ ├── Makefile.am
│ ├── aarch64_table.h
│ ├── actiontab.h
│ ├── actiontabs.h
│ ├── alpha_table.h
│ ├── arm_table.h
│ ├── arm_tables.h
│ ├── audit.pc.in
│ ├── audit_logging.c
│ ├── deprecated.c
│ ├── dso.h
│ ├── errormsg.h
│ ├── errtab.h
│ ├── errtabs.h
│ ├── fieldtab.h
│ ├── fieldtabs.h
│ ├── flagtab.h
│ ├── flagtabs.h
│ ├── fstypetab.h
│ ├── fstypetabs.h
│ ├── ftypetab.h
│ ├── ftypetabs.h
│ ├── gen_tables.c
│ ├── gen_tables.h
│ ├── i386_table.h
│ ├── i386_tables.h
│ ├── ia64_table.h
│ ├── ia64_tables.h
│ ├── libaudit.c
│ ├── libaudit.h
│ ├── lookup_table.c
│ ├── machinetab.h
│ ├── machinetabs.h
│ ├── message.c
│ ├── msg_typetab.h
│ ├── msg_typetabs.h
│ ├── netlink.c
│ ├── optab.h
│ ├── optabs.h
│ ├── ppc_table.h
│ ├── ppc_tables.h
│ ├── private.h
│ ├── s390_table.h
│ ├── s390_tables.h
│ ├── s390x_table.h
│ ├── s390x_tables.h
│ ├── strsplit.c
│ ├── syscall-update.txt
│ ├── test
│ │ ├── Makefile.am
│ │ └── lookup_test.c
│ ├── x86_64_table.h
│ └── x86_64_tables.h
└── src
│ ├── Makefile.am
│ ├── auditctl-llist.c
│ ├── auditctl-llist.h
│ ├── auditctl.c
│ ├── auditd-config.c
│ ├── auditd-config.h
│ ├── auditd-dispatch.c
│ ├── auditd-dispatch.h
│ ├── auditd-event.c
│ ├── auditd-event.h
│ ├── auditd-listen.c
│ ├── auditd-listen.h
│ ├── auditd-reconfig.c
│ ├── auditd-sendmail.c
│ ├── auditd.c
│ ├── aureport-options.c
│ ├── aureport-options.h
│ ├── aureport-output.c
│ ├── aureport-scan.c
│ ├── aureport-scan.h
│ ├── aureport.c
│ ├── ausearch-avc.c
│ ├── ausearch-avc.h
│ ├── ausearch-checkpt.c
│ ├── ausearch-checkpt.h
│ ├── ausearch-common.h
│ ├── ausearch-int.c
│ ├── ausearch-int.h
│ ├── ausearch-llist.c
│ ├── ausearch-llist.h
│ ├── ausearch-lol.c
│ ├── ausearch-lol.h
│ ├── ausearch-lookup.c
│ ├── ausearch-lookup.h
│ ├── ausearch-match.c
│ ├── ausearch-nvpair.c
│ ├── ausearch-nvpair.h
│ ├── ausearch-options.c
│ ├── ausearch-options.h
│ ├── ausearch-parse.c
│ ├── ausearch-parse.h
│ ├── ausearch-report.c
│ ├── ausearch-string.c
│ ├── ausearch-string.h
│ ├── ausearch-time.c
│ ├── ausearch-time.h
│ ├── ausearch.c
│ ├── autrace.c
│ ├── bionic_port.c
│ ├── bionic_port.h
│ ├── delete_all.c
│ ├── libev
│ ├── Makefile.am
│ ├── README
│ ├── ev.c
│ ├── ev.h
│ ├── ev_epoll.c
│ ├── ev_poll.c
│ ├── ev_select.c
│ ├── ev_vars.h
│ ├── ev_wrap.h
│ ├── event.c
│ ├── event.h
│ └── libev.m4
│ └── test
│ ├── Makefile.am
│ ├── ilist_test.c
│ └── slist_test.c
└── doc
└── img
├── all_arch_en.png
└── auditd_app_network.png
/app/.gitignore:
--------------------------------------------------------------------------------
1 | *.iml
2 | .gradle
3 | /local.properties
4 | /.idea/workspace.xml
5 | /.idea/libraries
6 | .DS_Store
7 | /build
8 | /captures
9 | .externalNativeBuild
10 |
--------------------------------------------------------------------------------
/app/.idea/caches/build_file_checksums.ser:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/.idea/caches/build_file_checksums.ser
--------------------------------------------------------------------------------
/app/.idea/gradle.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
17 |
18 |
--------------------------------------------------------------------------------
/app/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/app/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/app/.idea/runConfigurations.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
11 |
12 |
--------------------------------------------------------------------------------
/app/app/.gitignore:
--------------------------------------------------------------------------------
1 | /build
2 |
--------------------------------------------------------------------------------
/app/app/build.gradle:
--------------------------------------------------------------------------------
1 | apply plugin: 'com.android.application'
2 |
3 | android {
4 | compileSdkVersion 26
5 | defaultConfig {
6 | applicationId "org.nuii0.nuii0.androidforensik"
7 | minSdkVersion 23
8 | targetSdkVersion 26
9 | versionCode 1
10 | versionName "1.0"
11 | testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
12 | }
13 | buildTypes {
14 | release {
15 | minifyEnabled false
16 | proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
17 | }
18 | }
19 | }
20 |
21 | dependencies {
22 | implementation fileTree(dir: 'libs', include: ['*.jar'])
23 | implementation 'com.android.support.constraint:constraint-layout:1.0.2'
24 | testImplementation 'junit:junit:4.12'
25 | androidTestImplementation 'com.android.support.test:runner:1.0.1'
26 | androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.1'
27 | }
28 |
--------------------------------------------------------------------------------
/app/app/proguard-rules.pro:
--------------------------------------------------------------------------------
1 | # Add project specific ProGuard rules here.
2 | # You can control the set of applied configuration files using the
3 | # proguardFiles setting in build.gradle.
4 | #
5 | # For more details, see
6 | # http://developer.android.com/guide/developing/tools/proguard.html
7 |
8 | # If your project uses WebView with JS, uncomment the following
9 | # and specify the fully qualified class name to the JavaScript interface
10 | # class:
11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview {
12 | # public *;
13 | #}
14 |
15 | # Uncomment this to preserve the line number information for
16 | # debugging stack traces.
17 | #-keepattributes SourceFile,LineNumberTable
18 |
19 | # If you keep the line number information, uncomment this to
20 | # hide the original source file name.
21 | #-renamesourcefileattribute SourceFile
22 |
--------------------------------------------------------------------------------
/app/app/src/androidTest/java/org/nuii0/nuii0/androidforensik/ExampleInstrumentedTest.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik;
2 |
3 | import android.content.Context;
4 | import android.support.test.InstrumentationRegistry;
5 | import android.support.test.runner.AndroidJUnit4;
6 |
7 | import org.junit.Test;
8 | import org.junit.runner.RunWith;
9 |
10 | import static org.junit.Assert.assertEquals;
11 |
12 | /**
13 | * Instrumented test, which will execute on an Android device.
14 | *
15 | * @see Testing documentation
16 | */
17 | @RunWith(AndroidJUnit4.class)
18 | public class ExampleInstrumentedTest {
19 | @Test
20 | public void useAppContext() throws Exception {
21 | // Context of the app under test.
22 | Context appContext = InstrumentationRegistry.getTargetContext();
23 |
24 | assertEquals("org.nuii0.nuii0.androidforensik", appContext.getPackageName());
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/app/app/src/main/AndroidManifest.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 |
5 |
6 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/AuditRules/DirWatchRule.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.AuditRules;
2 |
3 |
4 | public class DirWatchRule extends AuditRule {
5 | public String dir;
6 | public String perm;
7 |
8 | public DirWatchRule(String action, String filter, String watch, String perm, String key) {
9 | super(action, filter, key);
10 | this.dir = watch;
11 | this.perm = perm;
12 | }
13 | @Override
14 | public String toString() {
15 | return "Verzeichnis: " + dir;
16 | }
17 |
18 | @Override
19 | public String detail() {
20 | return "Verzeichnis: " + dir + " \n" + "Modi: " + perm;
21 | }
22 |
23 | @Override
24 | public String auditctlDeleteString() {
25 | return "-W " + dir + " -p " + perm + " -k " + key;
26 | }
27 |
28 | @Override
29 | public String auditctlAddString() {
30 | return "-w " + dir + " -p " + perm + " -k " + key;
31 | }
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/AuditRules/EmptyRule.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.AuditRules;
2 |
3 |
4 | public class EmptyRule extends AuditRule {
5 | public String mode;
6 | public String watch;
7 |
8 | public EmptyRule() {
9 | super(null,null,"nokey");
10 | }
11 | public String toString() {
12 | return "Keine Regeln angelegt.";
13 | }
14 |
15 | @Override
16 | public String auditctlDeleteString() {
17 | return null;
18 | }
19 |
20 | @Override
21 | public String auditctlAddString() {
22 | return null;
23 | }
24 |
25 | @Override
26 | public String detail() {
27 | return null;
28 | }
29 |
30 | }
31 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/AuditRules/FileWatchRule.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.AuditRules;
2 |
3 |
4 | public class FileWatchRule extends AuditRule {
5 | public String watch;
6 | public String perm;
7 |
8 | public FileWatchRule(String action, String filter, String watch, String perm, String key) {
9 | super(action, filter, key);
10 | this.watch = watch;
11 | this.perm = perm;
12 | }
13 | @Override
14 | public String toString() {
15 | return "Pfadüberwachung: " + watch;
16 | }
17 |
18 | @Override
19 | public String detail() {
20 | return "Pfad: " + watch + " \n" + "Modi: " + perm;
21 | }
22 |
23 | @Override
24 | public String auditctlDeleteString() {
25 | return "-W " + watch + " -p " + perm + " -k " + key;
26 | }
27 |
28 | @Override
29 | public String auditctlAddString() {
30 | return "-w " + watch + " -p " + perm + " -k " + key;
31 | }
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/AuditRules/SyscallRule.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.AuditRules;
2 |
3 |
4 | public class SyscallRule extends AuditRule {
5 | public String watch;
6 | public String perm;
7 | public String syscall;
8 |
9 | public SyscallRule(String action, String filter, String syscall, String key) {
10 | super(action, filter, key);
11 | this.syscall = syscall;
12 | }
13 | @Override
14 | public String toString() {
15 | return "Systemcall: " + syscall;
16 | }
17 |
18 | @Override
19 | public String detail() {
20 | return "Nicht verfügbar.";
21 | }
22 |
23 | @Override
24 | public String auditctlDeleteString() {
25 | return "-W " + watch + " -p " + perm + " -k " + key;
26 | }
27 |
28 | @Override
29 | public String auditctlAddString() {
30 | return "-w " + watch + " -p " + perm + " -k " + key;
31 | }
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/Ausearch/Types/Avc.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.Ausearch.Types;
2 |
3 |
4 | import java.util.regex.Pattern;
5 |
6 | /**
7 | * Das Audit-System heftet zu jedem Ereignise ein AVC-Event an.
8 | * Diese beinhalten in der Regel Informationen wenn SELinux eine Operation blockiert hat
9 | * oder in welchem Kontext eine Audit-Nachricht ausgelöst worden ist.
10 | *
11 | * Für die Interpetation der Ereignisse spielt der AVC in dieser App keine Rolle,
12 | * daher sind die Felder auskommentiert.
13 | */
14 | public class Avc extends Type {
15 |
16 | private final Pattern r = Pattern.compile("^.*: (avc: .*) for\\s+(pid=.*) (comm=.*) (name=.*) (dev=.*) (ino=.*) (scontext=.*) (tcontext=.*) (tclass=.*)$");
17 |
18 | /*public final String avc;
19 | public final String pid;
20 | public final String comm;
21 | public final String name;
22 | public final String dev;
23 | public final String ino;
24 | public final String scontext;
25 | public final String tcontext;
26 | public final String tclass; */
27 |
28 | public Avc(String raw) {
29 | super(raw);
30 | /*Matcher m = r.matcher(raw);
31 | performFind(m);
32 | this.avc = m.group(1);
33 | this.pid = m.group(2);
34 | this.comm = m.group(3);
35 | this.name = m.group(4);
36 | this.dev = m.group(5);
37 | this.ino = m.group(6);
38 | this.scontext = m.group(7);
39 | this.tcontext = m.group(8);
40 | this.tclass = m.group(9); */
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/Ausearch/Types/Config_change.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.Ausearch.Types;
2 |
3 |
4 | import java.util.regex.Pattern;
5 |
6 | /**
7 | * Config_change Ereignisse werden ausgelöst,
8 | * wenn sich die Konfiguration des Audit-Subsystem ändert.
9 | * Beispielsweise durch das Hinzufügen oder Entfernen von Regeln.
10 | *
11 | * Änderungen am Audit-Subsystem werden in dieser App nicht explizit interpretiert.
12 | * Daher sind die Felder auskommentiert.
13 | */
14 | public class Config_change extends Type {
15 |
16 | private final Pattern r = Pattern.compile("^.*: (auid=.*) (ses=.*) (subj=.*) (op=.*) (key=.*) (list=.*) (res=.*)$");
17 |
18 | /* public final String auid;
19 | public final String ses;
20 | public final String subj;
21 | public final String op;
22 | public final String key;
23 | public final String list;
24 | public final String res; */
25 |
26 | public Config_change(String raw) {
27 | super(raw);
28 | /* Matcher m = r.matcher(raw);
29 | performFind(m);
30 | this.auid = m.group(1);
31 | this.ses = m.group(2);
32 | this.subj = m.group(3);
33 | this.op = m.group(4);
34 | this.key = m.group(5);
35 | this.list = m.group(6);
36 | this.res = m.group(7); */
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/Ausearch/Types/Cwd.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.Ausearch.Types;
2 |
3 |
4 | import java.util.regex.Matcher;
5 | import java.util.regex.Pattern;
6 |
7 | /**
8 | * Cwd Einträge stehen für 'Change Working Directory' und werden vom Audit-Subsystem erzeugt,
9 | * um das Arbeitsverzeichnis des Prozesses, welcher einen Syscall ausgelöst hat, anzugeben.
10 | */
11 | public class Cwd extends Type {
12 |
13 | private final Pattern r = Pattern.compile("^.*(cwd=.*)$");
14 |
15 | /**
16 | * Gibt das Arbeitsverzeichnis des Prozesses an.
17 | */
18 | public final String cwd;
19 |
20 | public Cwd(String raw) {
21 | super(raw);
22 | Matcher m = r.matcher(raw);
23 | performFind(m);
24 | this.cwd = m.group(1);
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/Ausearch/Types/Eoe.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.Ausearch.Types;
2 |
3 | /**
4 | * Eoe steht für 'End of Event' und werden vom Audit-Susbystem erzeugt
5 | * um anzugeben, dass ein Multi-Line Event nun beendet ist.
6 | * Ahand von Eoe-Einträgen kann 'ausearch' beispielsweise erkennen, wann ein Eintrag zuende ist
7 | * und der nächste Eintrag folgt.
8 | */
9 | public class Eoe extends Type {
10 | public Eoe(String raw) {
11 | super(raw);
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/Ausearch/Types/Execve.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.Ausearch.Types;
2 |
3 |
4 | import java.util.regex.Matcher;
5 | import java.util.regex.Pattern;
6 | /**
7 | * Execve Syscalls haben vom Audit-Subsystem einen eigenen Eintrag, welcher
8 | * über diesen Typen modelliert wird.
9 | */
10 | public class Execve extends Type {
11 |
12 | private final Pattern r = Pattern.compile("^.*: argc=(.*) .*$");
13 | private final String raw;
14 |
15 | /**
16 | * Enthält die Anzahl der Argumente, welche an execve() übergeben wurde.
17 | */
18 | public final String argc;
19 | //public final String a0;
20 | public Execve(String raw) {
21 | super(raw);
22 | this.raw = raw;
23 | Matcher m = r.matcher(raw);
24 | performFind(m);
25 | this.argc = m.group(1);
26 | }
27 |
28 | @Override
29 | public String toDetail() {
30 | StringBuilder r = new StringBuilder();
31 | r.append("Execve Aufruf :");
32 | r.append(System.getProperty("line.separator"));
33 | r.append(raw);
34 | return r.toString();
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/Ausearch/Types/Fd_pair.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.Ausearch.Types;
2 |
3 | /**
4 | * Die Syscalls 'pipe' und 'socketpair' erzeugen immer zwei File-Deskriptoren um
5 | * Daten hinein- und herauszuschreiben.
6 | * Dieses Ereignis gibt die Identitifier dieser beiden Deskriptoren an.
7 | *
8 | * Deskriptoren werden von dieser App allerdings nicht interpretiert, daher
9 | * sind hier keine Felder gesetzt.
10 | */
11 | public class Fd_pair extends Type {
12 | public Fd_pair(String raw) {
13 | super(raw);
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/Ausearch/Types/Netfilter_cfg.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.Ausearch.Types;
2 |
3 |
4 | import java.util.regex.Matcher;
5 | import java.util.regex.Pattern;
6 |
7 | /**
8 | * Ein Netfilger_cfg Ereignis wird von Audit-Subsystem bei Änderungen am Netfilter-System, also der
9 | * Firewall ausgelöst.
10 | *
11 | * Beispielsweise dann, wenn über den Befehl 'iptables' Firewallregeln hinzugefügt oder entfernt werden.
12 | */
13 | public class Netfilter_cfg extends Type {
14 |
15 | private final Pattern r = Pattern.compile("^.*: (table=.*) (family=.*) (entries=.*)$");
16 |
17 | /**
18 | * Nennt die Netfilter-Tabelle, in der eine Änderung stattgefunden hat.
19 | */
20 | public final String table;
21 | /**
22 | * Gibt die Netzwerkfamilie an (IPv4 oder IPv6)
23 | */
24 | public final String family;
25 | /**
26 | * Zählt die geänderten Einträge auf.
27 | */
28 | public final String entries;
29 |
30 | public Netfilter_cfg(String raw) {
31 | super(raw);
32 | Matcher m = r.matcher(raw);
33 | performFind(m);
34 | this.table = m.group(1);
35 | this.family = m.group(2);
36 | this.entries = m.group(3);
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/Ausearch/Types/Socketcall.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.Ausearch.Types;
2 |
3 |
4 | import java.util.regex.Matcher;
5 | import java.util.regex.Pattern;
6 |
7 | /**
8 | * X86 basierte Systeme bündeln alle Syscalls die Sockets betrefen (connect(), bind(), close() usw)
9 | * über den Socketcall-Syscall.
10 | * Dieser erhält als Parameter die auszuführende Socketoperation.
11 | * Das Audit-Subsystem hält diese Syscalls als Socketcall Ereignise fest.
12 | *
13 | * Andere Architetkuren (ARM, x86_64) verwenden für jede Socketoperationen einen einzelnen Syscall
14 | * und bündeln diese nicht.
15 | */
16 | public class Socketcall extends Type {
17 |
18 | private final Pattern r = Pattern.compile("^.*: nargs=(.*) .*$");
19 |
20 | public final String nargs;
21 |
22 | public Socketcall(String raw) {
23 | super(raw);
24 | Matcher m = r.matcher(raw);
25 | performFind(m);
26 | this.nargs = m.group(1);
27 | }
28 |
29 | @Override
30 | public String toDetail() {
31 | StringBuilder r = new StringBuilder();
32 | r.append("nargs : " + this.nargs);
33 | return r.toString();
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/IndexedLinkedMap.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik;
2 |
3 | import java.util.LinkedHashMap;
4 | import java.util.Map;
5 | import java.util.Set;
6 |
7 | /**
8 | * Eigene Klasse, die LinkedHashMap um einen Index erweitert.
9 | * Sie wird benötigt um klare Zurordnungen zu Audit-Regeln
10 | * und den dazugehöhrigen Ereignissen zu behalten.
11 | *
12 | * Die Funktion ist von: https://stackoverflow.com/questions/13581997/how-get-value-from-linkedhashmap-based-on-index-not-on-key
13 | *
14 | * Die GUI Elemente benutzen den Index um die entsprechenden
15 | * Regeln und Einträge auszulesen.
16 | * @param HashMap-Key
17 | * @param HashMap-Value
18 | */
19 | public class IndexedLinkedMap extends LinkedHashMap {
20 | public VALUE getValue(int i)
21 | {
22 |
23 | Map.Entryentry = this.getEntry(i);
24 | if(entry == null) {
25 | return null;
26 | }
27 | return entry.getValue();
28 | }
29 |
30 | public Map.Entry getEntry(int index)
31 | {
32 | Set> entries = entrySet();
33 | int inner_index = 0;
34 |
35 | for(Map.Entryentry : entries) {
36 | if (inner_index++ == index) {
37 | return entry;
38 | }
39 | }
40 | return null;
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/Request.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik;
2 |
3 | import org.json.JSONException;
4 | import org.json.JSONObject;
5 |
6 | import org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses.Response;
7 |
8 | /**
9 | * Diese Klasse modelliert die Basisklasse für einen Request, welcher über den Socket abgeschickt werden kann.
10 | * Die Klasse beschreibt, wie ein Request in ein ByteArray zu konvertieren ist.
11 | * Ausserdem hält jeder Request die dazugehöhrige Response-Klasse vor und weiss, wie aus einem
12 | * empfangenen ByteArray eine Response zu bauen ist.
13 | */
14 | public abstract class Request {
15 | private static final String TAG = Response.class.getSimpleName();
16 |
17 | public final int id;
18 | public final JSONObject json;
19 |
20 | public Request(final int id) {
21 | this.id = id;
22 | json = new JSONObject();
23 | try {
24 | json.put("id", id);
25 | } catch (JSONException e) {
26 | e.printStackTrace();
27 | }
28 | }
29 | // Zu jedem Request gibt es einen passenden Response,
30 | // welcher hiermit modelliert wird.
31 | abstract public Response makeResponse(byte[] data);
32 |
33 | protected byte[] toByteArray() {
34 | return json.toString().getBytes();
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SOCKETSTATE.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik;
2 |
3 | public enum SOCKETSTATE {
4 | CONNECTED,
5 | DISCONNECTED,
6 | RECONNECTING
7 | }
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SocketAlertPrompt.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik;
2 |
3 | import android.app.AlertDialog;
4 | import android.content.Context;
5 |
6 | /**
7 | * Dieses Prompt erscheint, sobald die Socketverbindung abbricht.
8 | */
9 | public class SocketAlertPrompt {
10 | private AlertDialog ad;
11 |
12 | public SocketAlertPrompt(Context context) {
13 | ad = new AlertDialog.Builder(context).create();
14 | ad.setTitle("Keine Socketverbindung");
15 | ad.setMessage("Bitte warten");
16 | }
17 |
18 | public void show(){
19 | ad.show();
20 | }
21 |
22 | public void hide() {
23 | ad.hide();
24 | }
25 |
26 | }
27 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SocketOperations/ID.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.SocketOperations;
2 |
3 | /** Jeder Request und jede Response hat einen Identifier,
4 | * welcher in diesem Enum abgebildelt wird.
5 | * Die Gegenstelle muss dieselben Werte für die Kommunikation verwenden.
6 | */
7 | public enum ID {
8 | PingRequest(0),
9 | PongResponse(10),
10 | AuditRuleListRequest(1),
11 | AuditRuleListResponse(111),
12 | AuditRuleAddRequest(2),
13 | AuditRuleAddResponse(222),
14 | AuditRuleDeleteRequest(3),
15 | AuditRuleDeleteResponse(333),
16 | AusearchRequest(4),
17 | AusearchResponse(444);
18 |
19 | public final int id;
20 |
21 | ID(int id) {
22 | this.id = id;
23 | }
24 | }
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SocketOperations/SocketRequests/AuditRuleAddRequest.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.SocketOperations.SocketRequests;
2 |
3 | import android.util.Log;
4 |
5 | import org.json.JSONException;
6 |
7 | import org.nuii0.nuii0.androidforensik.AuditRules.AuditRule;
8 | import org.nuii0.nuii0.androidforensik.Request;
9 | import org.nuii0.nuii0.androidforensik.SocketOperations.ID;
10 | import org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses.AuditRuleAddResponse;
11 | import org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses.Response;
12 |
13 | import static java.lang.System.exit;
14 |
15 | /**
16 | * Dieser Request wird verwendet wenn eine Audit-Regel hinzugefügt werden soll.
17 | * In dem Feld 'rule' steht die Audit-Regel im String-Format.
18 | */
19 | public class AuditRuleAddRequest extends Request {
20 | private static final String TAG = Response.class.getSimpleName();
21 |
22 | public AuditRuleAddRequest(AuditRule rule) {
23 | super(ID.AuditRuleAddRequest.id);
24 | try {
25 | json.put("rule", rule.auditctlAddString());
26 | } catch (JSONException e) {
27 | Log.e(TAG,"Regel konnte nicht eingefügt werden.");
28 | e.printStackTrace();
29 | exit(1);
30 | }
31 | }
32 |
33 | @Override
34 | public Response makeResponse(byte[] data) {
35 | return new AuditRuleAddResponse(data);
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SocketOperations/SocketRequests/AuditRuleDeleteRequest.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.SocketOperations.SocketRequests;
2 |
3 | import android.util.Log;
4 |
5 | import org.json.JSONException;
6 |
7 | import org.nuii0.nuii0.androidforensik.AuditRules.AuditRule;
8 | import org.nuii0.nuii0.androidforensik.Request;
9 | import org.nuii0.nuii0.androidforensik.SocketOperations.ID;
10 | import org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses.AuditRuleDeleteResponse;
11 | import org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses.Response;
12 |
13 | import static java.lang.System.exit;
14 |
15 | /**
16 | * Dieser Request wird verwendet wenn eine Audit-Regel entfernt werden soll.
17 | * In dem Feld 'rule' steht die Audit-Regel im String-Format.
18 | */
19 | public class AuditRuleDeleteRequest extends Request {
20 | private static final String TAG = Response.class.getSimpleName();
21 |
22 | public AuditRuleDeleteRequest(AuditRule rule) {
23 | super(ID.AuditRuleDeleteRequest.id);
24 | try {
25 | json.put("rule", rule.auditctlDeleteString());
26 | } catch (JSONException e) {
27 | Log.e(TAG,"Regel konnte nicht eingefügt werden.");
28 | e.printStackTrace();
29 | exit(1);
30 | }
31 | }
32 |
33 | @Override
34 | public Response makeResponse(byte[] data) {
35 | return new AuditRuleDeleteResponse(data);
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SocketOperations/SocketRequests/AuditRuleListRequest.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.SocketOperations.SocketRequests;
2 |
3 | import org.nuii0.nuii0.androidforensik.Request;
4 | import org.nuii0.nuii0.androidforensik.SocketOperations.ID;
5 | import org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses.AuditRuleListResponse;
6 | import org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses.Response;
7 |
8 | /**
9 | * Dieser Request wird verwendet um eine Liste aller bestehenden Audit-Regeln zu erhalten.
10 | */
11 | public class AuditRuleListRequest extends Request {
12 | private static final String TAG = Response.class.getSimpleName();
13 |
14 | public AuditRuleListRequest() {
15 | super(ID.AuditRuleListRequest.id);
16 | }
17 |
18 | @Override
19 | public Response makeResponse(byte[] data) {
20 | return new AuditRuleListResponse(data);
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SocketOperations/SocketRequests/AusearchRequest.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.SocketOperations.SocketRequests;
2 |
3 | import android.util.Log;
4 |
5 | import org.json.JSONException;
6 |
7 | import org.nuii0.nuii0.androidforensik.Request;
8 | import org.nuii0.nuii0.androidforensik.SocketOperations.ID;
9 | import org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses.AusearchResponse;
10 |
11 | import static java.lang.System.exit;
12 |
13 | /**
14 | * Dieser Request enthält Parameter die an 'ausearch' weitergeleitet werden um
15 | * aufgelaufende Ereignisse aus dem Audit-System zu erhalten.
16 | */
17 | public class AusearchRequest extends Request {
18 | private static final String TAG = AusearchRequest.class.getSimpleName();
19 |
20 | public AusearchRequest(String param) {
21 | super(ID.AusearchRequest.id);
22 | try {
23 | json.put("param", param);
24 | } catch (JSONException e) {
25 | Log.e(TAG,"Ausearch konnte nicht abgefragt werden.");
26 | e.printStackTrace();
27 | exit(1);
28 | }
29 | }
30 |
31 | @Override
32 | public AusearchResponse makeResponse(byte[] data) {
33 | return new AusearchResponse(data);
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SocketOperations/SocketRequests/PingRequest.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.SocketOperations.SocketRequests;
2 |
3 | import org.nuii0.nuii0.androidforensik.Request;
4 | import org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses.PingResponse;
5 | import org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses.Response;
6 |
7 | /**
8 | * Dieser PingRequest kann verwendet werden um zu prüfen,
9 | * ob die Socketverbindung besteht.
10 | */
11 | public class PingRequest extends Request {
12 | private static final String TAG = Response.class.getSimpleName();
13 |
14 | public PingRequest() {
15 | super(0);
16 | }
17 |
18 | @Override
19 | public Response makeResponse(byte[] data) {
20 | return new PingResponse(data);
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SocketOperations/SocketResponses/AuditRuleAddResponse.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses;
2 |
3 | import android.util.Log;
4 |
5 | import org.json.JSONException;
6 |
7 | import org.nuii0.nuii0.androidforensik.SocketOperations.ID;
8 |
9 | /**
10 | * Dieser Response wird gesendet wenn vorher ein AuditRuleAddRequest geschickt wurde.
11 | * Er sagt aus, ob das Anlegen der Regel erfolgreich war oder nicht.
12 | */
13 | public class AuditRuleAddResponse extends Response {
14 | private static final String TAG = Response.class.getSimpleName();
15 |
16 | private static int RESPONSE_ID = ID.AuditRuleAddResponse.id;
17 | public AuditRuleAddResponse(byte[] data) {
18 | super(data,RESPONSE_ID);
19 | }
20 |
21 | public Boolean success() {
22 | Boolean success = false;
23 | try {
24 | if (json.getInt("success") == 1)
25 | success = true;
26 | } catch (JSONException e) {
27 | Log.e(TAG,"Fehler beim Verarbeiten von JSON Daten.");
28 | e.printStackTrace();
29 | }
30 | return success;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SocketOperations/SocketResponses/AuditRuleDeleteResponse.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses;
2 |
3 | import android.util.Log;
4 |
5 | import org.json.JSONException;
6 |
7 | import org.nuii0.nuii0.androidforensik.SocketOperations.ID;
8 |
9 | /**
10 | * Dieser Response wird gesendet wenn vorher ein AuditRuleDeleteRequest geschickt wurde.
11 | * Er sagt aus, ob das Entfernen der Regel erfolgreich war oder nicht.
12 | */
13 | public class AuditRuleDeleteResponse extends Response {
14 | private static final String TAG = Response.class.getSimpleName();
15 |
16 | private static int RESPONSE_ID = ID.AuditRuleDeleteResponse.id;
17 | public AuditRuleDeleteResponse(byte[] data) {
18 | super(data,RESPONSE_ID);
19 | }
20 |
21 | public Boolean success() {
22 | Boolean success = false;
23 | try {
24 | if (json.getInt("success") == 1)
25 | success = true;
26 | } catch (JSONException e) {
27 | Log.e(TAG,"Fehler beim Verarbeiten von JSON Daten.");
28 | e.printStackTrace();
29 | }
30 | return success;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/app/app/src/main/java/org/nuii0/nuii0/androidforensik/SocketOperations/SocketResponses/AuditRuleListResponse.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik.SocketOperations.SocketResponses;
2 |
3 | import android.util.Log;
4 |
5 | import org.json.JSONArray;
6 | import org.json.JSONException;
7 |
8 | import java.util.ArrayList;
9 |
10 | import org.nuii0.nuii0.androidforensik.SocketOperations.ID;
11 |
12 | /**
13 | * Dieser Response wird gesendet wenn vorher ein AuditRuleListRequest geschickt wurde.
14 | * Er enthält alle angelegten Audit-Regeln.
15 | */
16 | public class AuditRuleListResponse extends Response {
17 | private static final String TAG = Response.class.getSimpleName();
18 |
19 | private static int RESPONSE_ID = ID.AuditRuleListResponse.id;
20 | public AuditRuleListResponse(byte[] data) {
21 | super(data,RESPONSE_ID);
22 | }
23 |
24 | public ArrayList entries() {
25 | ArrayList list = new ArrayList();
26 | try {
27 | JSONArray jsonArray = json.getJSONArray("entries");
28 | if (jsonArray != null) {
29 | int len = jsonArray.length();
30 | for (int i=0;i
2 |
6 |
7 |
16 |
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-hdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/app/src/main/res/mipmap-hdpi/ic_launcher.png
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-hdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/app/src/main/res/mipmap-hdpi/ic_launcher_round.png
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-mdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/app/src/main/res/mipmap-mdpi/ic_launcher.png
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-mdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/app/src/main/res/mipmap-mdpi/ic_launcher_round.png
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-xhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/app/src/main/res/mipmap-xhdpi/ic_launcher.png
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-xhdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/app/src/main/res/mipmap-xhdpi/ic_launcher_round.png
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-xxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/app/src/main/res/mipmap-xxhdpi/ic_launcher.png
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.png
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png
--------------------------------------------------------------------------------
/app/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.png
--------------------------------------------------------------------------------
/app/app/src/main/res/values/colors.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | #3F51B5
4 | #303F9F
5 | #FF4081
6 |
7 |
--------------------------------------------------------------------------------
/app/app/src/main/res/values/strings.xml:
--------------------------------------------------------------------------------
1 |
2 | AndroidForensik
3 | org.nuii0.nuii0.androidforensik.socket
4 |
5 |
--------------------------------------------------------------------------------
/app/app/src/main/res/values/styles.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/app/app/src/test/java/org/nuii0/nuii0/androidforensik/ExampleUnitTest.java:
--------------------------------------------------------------------------------
1 | package org.nuii0.nuii0.androidforensik;
2 |
3 | import org.junit.Test;
4 |
5 | import static org.junit.Assert.assertEquals;
6 |
7 | /**
8 | * Example local unit test, which will execute on the development machine (host).
9 | *
10 | * @see Testing documentation
11 | */
12 | public class ExampleUnitTest {
13 | @Test
14 | public void addition_isCorrect() throws Exception {
15 | assertEquals(4, 2 + 2);
16 | }
17 | }
--------------------------------------------------------------------------------
/app/build.gradle:
--------------------------------------------------------------------------------
1 | // Top-level build file where you can add configuration options common to all sub-projects/modules.
2 |
3 | buildscript {
4 |
5 | repositories {
6 | google()
7 | jcenter()
8 | }
9 | dependencies {
10 | classpath 'com.android.tools.build:gradle:3.0.0'
11 |
12 |
13 | // NOTE: Do not place your application dependencies here; they belong
14 | // in the individual module build.gradle files
15 | }
16 | }
17 |
18 | allprojects {
19 | repositories {
20 | google()
21 | jcenter()
22 | }
23 | }
24 |
25 | task clean(type: Delete) {
26 | delete rootProject.buildDir
27 | }
28 |
--------------------------------------------------------------------------------
/app/gradle.properties:
--------------------------------------------------------------------------------
1 | # Project-wide Gradle settings.
2 |
3 | # IDE (e.g. Android Studio) users:
4 | # Gradle settings configured through the IDE *will override*
5 | # any settings specified in this file.
6 |
7 | # For more details on how to configure your build environment visit
8 | # http://www.gradle.org/docs/current/userguide/build_environment.html
9 |
10 | # Specifies the JVM arguments used for the daemon process.
11 | # The setting is particularly useful for tweaking memory settings.
12 | org.gradle.jvmargs=-Xmx1536m
13 |
14 | # When configured, Gradle will run in incubating parallel mode.
15 | # This option should only be used with decoupled projects. More details, visit
16 | # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
17 | # org.gradle.parallel=true
18 |
--------------------------------------------------------------------------------
/app/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/app/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/app/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | #Mon Nov 06 00:58:11 CET 2017
2 | distributionBase=GRADLE_USER_HOME
3 | distributionPath=wrapper/dists
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.1-all.zip
7 |
--------------------------------------------------------------------------------
/app/settings.gradle:
--------------------------------------------------------------------------------
1 | include ':app'
2 |
--------------------------------------------------------------------------------
/audit_system_components/.gitignore:
--------------------------------------------------------------------------------
1 | *.swp
2 | obj/
3 |
--------------------------------------------------------------------------------
/audit_system_components/Android.mk:
--------------------------------------------------------------------------------
1 | # Build the auditctl binary
2 |
3 | LOCAL_PATH:= $(call my-dir)
4 | MY_PATH := $(LOCAL_PATH)
5 |
6 | # Kompilieren des forensikmediator Programmes.
7 | include $(CLEAR_VARS)
8 |
9 | LOCAL_PATH := $(MY_PATH)
10 |
11 | ETC_DIR := $(TARGET_OUT)/etc/audit
12 |
13 | LOCAL_MODULE := forensikmediator
14 | LOCAL_MODULE_TAGS := eng
15 | LOCAL_SRC_FILES:= src/forensikmediator.c \
16 | src/socketoperations.h \
17 | src/socketoperations.c \
18 | src/requesthandling.h \
19 | src/requesthandling.c \
20 | src/responses.h \
21 | src/responses.c \
22 | src/externalcommand.h \
23 | src/externalcommand.c \
24 | src/cjson/cJSON.h \
25 | src/cjson/cJSON.c
26 |
27 |
28 | LOCAL_C_INCLUDES := ./ \
29 | ./src
30 |
31 | LOCAL_CFLAGS := -fPIE -DPIE -g -D_GNU_SOURCE -fno-strict-aliasing
32 | LOCAL_CFLAGS += -fPIE
33 | LOCAL_LDFLAGS += -fPIE -pie
34 |
35 | LOCAL_LDLIBS := -llog
36 |
37 | include $(BUILD_EXECUTABLE)
38 |
39 | # Kompilieren des audit-dispatch Programmes.
40 | include $(CLEAR_VARS)
41 |
42 | LOCAL_PATH := $(MY_PATH)
43 |
44 | ETC_DIR := $(TARGET_OUT)/etc/audit
45 |
46 | LOCAL_MODULE := audit-dispatch
47 | LOCAL_MODULE_TAGS := eng
48 | LOCAL_SRC_FILES:= src/audit-dispatch.c \
49 | src/socketoperations.h \
50 | src/socketoperations.c \
51 |
52 |
53 | LOCAL_C_INCLUDES := ./ \
54 | ./src
55 |
56 | LOCAL_CFLAGS := -fPIE -DPIE -g -D_GNU_SOURCE -fno-strict-aliasing
57 | LOCAL_CFLAGS += -fPIE
58 | LOCAL_LDFLAGS += -fPIE -pie
59 |
60 | LOCAL_LDLIBS := -llog
61 |
62 | include $(BUILD_EXECUTABLE)
63 |
64 |
--------------------------------------------------------------------------------
/audit_system_components/Application.mk:
--------------------------------------------------------------------------------
1 | # Root Verzeichnis vom Projekt (Ort der Android.mk Datei)
2 | APP_PROJECT_PATH := ./
3 |
4 | # Android 6 Marshmallow als Zielplattform
5 | APP_PLATFORM := android-23
6 |
7 | APP_BUILD_SCRIPT := ./Android.mk
8 |
9 | # Richtige Releases sollten aus Performancegründen mit 'release' gebaut werden
10 | APP_OPTIM := debug
11 | #APP_OPTIM := release
12 |
13 | APP_CPPFLAGS :=
14 |
15 | # Unterstütze ABI sind:
16 | # armeabi-v7a
17 | # x86_64
18 | # x86
19 | APP_ABI := x86
20 |
--------------------------------------------------------------------------------
/audit_system_components/build.sh:
--------------------------------------------------------------------------------
1 | ndk-build V=1 NDK_PROJECT_PATH=. NDK_APPLICATION_MK=Application.mk
2 |
--------------------------------------------------------------------------------
/audit_system_components/src/externalcommand.h:
--------------------------------------------------------------------------------
1 | /**
2 | * In dieser Datei sind Funktionen für Aufrufe von externen
3 | * Kommandozeilenprogrammen.
4 | */
5 |
6 | #include
7 | #include
8 | #include
9 |
10 | /**
11 | * Aufruf von 'auditctl'.
12 | * Die Argumente werden als Char-Pointer übergeben.
13 | * Die Ergebnisse des Aufrufs werden als Char-Array zurückgegeben.
14 | * Ausserdem wird die Zeile der ausgelesenen Zeilen als OUT-Paramter
15 | * in lines geschrieben */
16 | char** auditctl(const char* args, int* lines);
17 |
18 | /**
19 | * Aufruf von 'ausearch'.
20 | * Die Argumente werden als Char-Pointer übergeben.
21 | * Die Ergebnisse des Aufrufs werden als Char-Array zurückgegeben.
22 | * Ausserdem wird die Zeile der ausgelesenen Zeilen als OUT-Paramter
23 | * in lines geschrieben */
24 | char** ausearch(const char* args, int* lines);
25 |
26 | /** Mit dieser Funktion können die zurückgegeben
27 | * Ergebnisse aus den vorherigen beiden Funktionen
28 | * wieder gelöscht werden. */
29 | void free_command(char** cmd, int lines);
30 |
--------------------------------------------------------------------------------
/audit_system_components/src/requesthandling.h:
--------------------------------------------------------------------------------
1 | /**
2 | * requesthandling.h beinhaltet Funktionen
3 | * die sich mit der Verarbeitung von eingehenden Requests
4 | * und der Erzeugung von dazugehöhrigen Responses
5 | * beschäftigen
6 | */
7 | #include
8 | #include
9 | #include
10 | #include
11 | #include
12 | #include "cjson/cJSON.h"
13 | #include "responses.h"
14 | #include "socketoperations.h"
15 |
16 | /**
17 | * Das Feld, welches die Größe von Request und Responsepaketen
18 | * angibt ist 8 Byte gross.
19 | */
20 | static const int sizefield_length = 8;
21 |
22 | /** Diese Funktion liest einen eingehenden Request
23 | * aus dem Filedeskriptor (Socket) aus
24 | * und gibt den Payload als JSON-Objekt zurück.
25 | */
26 | cJSON* receive_request(int fd);
27 |
28 | /** Diese Funktion nimmt einen Filedeskriptor (Socket
29 | * und ein JSON-Objekt und schickt dieses als Response
30 | * über den Socket.
31 | */
32 |
33 | bool send_request(int fd, cJSON* request);
34 |
35 | /** Diese Funktion nimmt ein Request entgegen und baut
36 | * daraus den dazugehöhrigen Response.
37 | */
38 | cJSON* build_response(const cJSON* request);
39 |
40 |
41 |
--------------------------------------------------------------------------------
/audit_system_components/src/responses.h:
--------------------------------------------------------------------------------
1 | /**
2 | * resonses.h beinhaltet für jede
3 | * Art von Response eine eigene Funktion.
4 | */
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 | #include "cjson/cJSON.h"
11 | #include "externalcommand.h"
12 |
13 | cJSON* pong_response();
14 | cJSON* audit_rule_list_response();
15 | cJSON* audit_rule_add_response(const char* parameter);
16 | cJSON* audit_rule_delete_response(const char* parameter);
17 | cJSON* ausearch_response(const char* parameter);
18 |
19 |
--------------------------------------------------------------------------------
/audit_system_components/src/socketoperations.h:
--------------------------------------------------------------------------------
1 | /* socketoperations.h beinhaltet Funktionen um
2 | * auf Byte-Ebene in einen Socket zu schreiben bzw.
3 | * daraus zu lesen
4 | *
5 | * Die standarisierten write() und read() Operationen auf einen
6 | * Socket geben keine Garantie über die tatsächlich gelesenen Bytes,
7 | * daher sind die hier definierten Funktionen readsize() und writesize()
8 | * nötig.
9 | *
10 | * Die Funktionen wurden sind inspiriert und ähnlich zu denen aus
11 | * http://www.informit.com/articles/article.aspx?p=169505&seqNum=9
12 | */
13 | #include
14 | #include
15 | #include
16 | #include
17 | #include
18 | #include
19 | #include
20 |
21 | ssize_t readsize(int fd, void* buf, size_t size);
22 | ssize_t writesize(int fd, const void* buf, size_t size);
23 |
24 | /* Diese Funktion liest eine gesamte Zeile aus dem Socket
25 | * bis zum Newline-Terminator \n
26 | * Quelle: https://stackoverflow.com/questions/9828752/read-line-by-line-from-a-socket-buffer
27 | */
28 | ssize_t readline(int fd, char** out);
29 |
30 | void close_socket(int fd);
31 | int getSO_ERROR(int fd);
32 |
--------------------------------------------------------------------------------
/auditd_port/Application.mk:
--------------------------------------------------------------------------------
1 | # Root Verzeichnis vom Projekt (Ort der Android.mk Datei)
2 | APP_PROJECT_PATH := ./
3 |
4 | # Android 6 Marshmallow als Zielplattform
5 | APP_PLATFORM := android-23
6 |
7 | APP_BUILD_SCRIPT := ./Android.mk
8 |
9 | # Richtige Releases sollten aus Performancegründen mit 'release' gebaut werden
10 | APP_OPTIM := debug
11 | #APP_OPTIM := release
12 |
13 | APP_CPPFLAGS :=
14 |
15 | # Unterstütze ABI sind:
16 | # armeabi-v7a
17 | # x86_64
18 | # (x86)
19 | APP_ABI := x86
20 |
--------------------------------------------------------------------------------
/auditd_port/auparse/accesstab.h:
--------------------------------------------------------------------------------
1 | /* accesstab.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | */
22 |
23 |
24 | _S(0x1U, "X_OK" )
25 | _S(0x2U, "W_OK" )
26 | _S(0x4U, "R_OK" )
27 |
28 |
--------------------------------------------------------------------------------
/auditd_port/auparse/accesstabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char access_strings[] = "R_OK\0W_OK\0X_OK";
3 | static const struct transtab access_table[] = {
4 | {1,10},{2,5},{4,0},
5 | };
6 | #define ACCESS_NUM_ENTRIES (sizeof(access_table) / sizeof(*access_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/auparse/auparse.pc.in:
--------------------------------------------------------------------------------
1 | prefix=@prefix@
2 | exec_prefix=@exec_prefix@
3 | libdir=@libdir@
4 | includedir=@includedir@
5 |
6 | Name: libauparse
7 | Description: Library for apps that want to parse and interpret audit events
8 | Version: @VERSION@
9 | Libs: -L${libdir} -lauparse
10 | Libs.private: -laudit
11 | Cflags: -I${includedir}
12 |
--------------------------------------------------------------------------------
/auditd_port/auparse/captabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char cap_strings[] = "audit_control\0audit_read\0audit_write\0block_suspend\0chown\0dac_override\0dac_read_search\0fowner\0fsetid\0ipc_lock\0"
3 | "ipc_owner\0kill\0lease\0linux_immutable\0mac_admin\0mac_override\0mknod\0net_admin\0net_bind_service\0net_broadcast\0"
4 | "net_raw\0setfcap\0setgid\0setpcap\0setuid\0sys_admin\0sys_boot\0sys_chroot\0sys_module\0sys_nice\0"
5 | "sys_pacct\0sys_ptrace\0sys_rawio\0sys_resource\0sys_time\0sys_tty_config\0syslog\0wake_alarm";
6 | static const unsigned cap_i2s_direct[] = {
7 | 51,57,70,86,93,119,232,247,239,130,
8 | 185,202,175,216,100,109,284,325,273,314,
9 | 304,254,264,295,335,348,357,169,124,25,
10 | 0,224,156,146,372,379,37,14,
11 | };
12 | static const char *cap_i2s(int v) {
13 | return i2s_direct__(cap_strings, cap_i2s_direct, 0, 37, v);
14 | }
15 |
--------------------------------------------------------------------------------
/auditd_port/auparse/clocktab.h:
--------------------------------------------------------------------------------
1 | /* clocktab.h --
2 | * Copyright 2012,2014 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/time.h
22 | */
23 |
24 | _S(0, "CLOCK_REALTIME" )
25 | _S(1, "CLOCK_MONOTONIC" )
26 | _S(2, "CLOCK_PROCESS_CPUTIME_ID" )
27 | _S(3, "CLOCK_THREAD_CPUTIME_ID" )
28 | _S(4, "CLOCK_MONOTONIC_RAW" )
29 | _S(5, "CLOCK_REALTIME_COARSE" )
30 | _S(6, "CLOCK_MONOTONIC_COARSE" )
31 | _S(7, "CLOCK_BOOTTIME" )
32 | _S(8, "CLOCK_REALTIME_ALARM" )
33 | _S(9, "CLOCK_BOOTTIME_ALARM" )
34 | _S(10, "CLOCK_SGI_CYCLE" )
35 | _S(11, "CLOCK_TAI" )
36 |
37 |
--------------------------------------------------------------------------------
/auditd_port/auparse/clocktabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char clock_strings[] = "CLOCK_BOOTTIME\0CLOCK_BOOTTIME_ALARM\0CLOCK_MONOTONIC\0CLOCK_MONOTONIC_COARSE\0CLOCK_MONOTONIC_RAW\0CLOCK_PROCESS_CPUTIME_ID\0CLOCK_REALTIME\0CLOCK_REALTIME_ALARM\0CLOCK_REALTIME_COARSE\0CLOCK_SGI_CYCLE\0"
3 | "CLOCK_TAI\0CLOCK_THREAD_CPUTIME_ID";
4 | static const unsigned clock_i2s_direct[] = {
5 | 120,36,95,204,75,156,52,0,135,15,
6 | 178,194,
7 | };
8 | static const char *clock_i2s(int v) {
9 | return i2s_direct__(clock_strings, clock_i2s_direct, 0, 11, v);
10 | }
11 |
--------------------------------------------------------------------------------
/auditd_port/auparse/clone-flagtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char clone_flag_strings[] = "CLONE_CHILD_CLEARTID\0CLONE_CHILD_SETTID\0CLONE_DETACHED\0CLONE_FILES\0CLONE_FS\0CLONE_IO\0CLONE_NEWIPC\0CLONE_NEWNET\0CLONE_NEWNS\0CLONE_NEWPID\0"
3 | "CLONE_NEWUSER\0CLONE_NEWUTS\0CLONE_PARENT\0CLONE_PARENT_SETTID\0CLONE_PTRACE\0CLONE_SETTLS\0CLONE_SIGHAND\0CLONE_STOPPED\0CLONE_SYSVSEM\0CLONE_THREAD\0"
4 | "CLONE_UNTRACED\0CLONE_VFORK\0CLONE_VM";
5 | static const struct transtab clone_flag_table[] = {
6 | {256,304},{512,67},{1024,55},{2048,222},{8192,196},{16384,292},{32768,163},{65536,264},{131072,111},{262144,250},
7 | {524288,209},{1048576,176},{2097152,0},{4194304,40},{8388608,277},{16777216,21},{33554432,236},{67108864,150},{134217728,85},{268435456,136},
8 | {536870912,123},{1073741824,98},{-2147483648,76},
9 | };
10 | #define CLONE_FLAG_NUM_ENTRIES (sizeof(clone_flag_table) / sizeof(*clone_flag_table))
11 |
--------------------------------------------------------------------------------
/auditd_port/auparse/epoll_ctl.h:
--------------------------------------------------------------------------------
1 | /* epoll_ctl.h --
2 | * Copyright 2008,2012,2014 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/eventpoll.h
22 | */
23 |
24 | _S(1, "EPOLL_CTL_ADD" )
25 | _S(2, "EPOLL_CTL_DEL" )
26 | _S(3, "EPOLL_CTL_MOD" )
27 |
--------------------------------------------------------------------------------
/auditd_port/auparse/epoll_ctls.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char epoll_ctl_strings[] = "EPOLL_CTL_ADD\0EPOLL_CTL_DEL\0EPOLL_CTL_MOD";
3 | static const unsigned epoll_ctl_i2s_direct[] = {
4 | 0,14,28,
5 | };
6 | static const char *epoll_ctl_i2s(int v) {
7 | return i2s_direct__(epoll_ctl_strings, epoll_ctl_i2s_direct, 1, 3, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/auparse/famtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char fam_strings[] = "alg\0appletalk\0ash\0atmpvc\0atmsvc\0ax25\0bluetooth\0bridge\0caif\0can\0"
3 | "decnet\0econet\0ieee802154\0inet\0inet6\0ipx\0irda\0isdn\0iucv\0kcm\0"
4 | "key\0llc\0local\0netbeui\0netlink\0netrom\0nfc\0packet\0phonet\0pppox\0"
5 | "qipcrtr\0rds\0rose\0rxrpc\0security\0smc\0sna\0tipc\0vsock\0wanpipe\0"
6 | "x25";
7 | static const unsigned fam_i2s_direct[] = {
8 | 130,88,32,99,4,152,47,18,242,93,
9 | 195,63,136,206,122,144,163,14,70,25,
10 | 191,219,103,177,234,126,-1u,-1u,59,223,
11 | 37,113,200,108,170,77,54,0,159,228,
12 | 118,183,215,
13 | };
14 | static const char *fam_i2s(int v) {
15 | return i2s_direct__(fam_strings, fam_i2s_direct, 1, 43, v);
16 | }
17 |
--------------------------------------------------------------------------------
/auditd_port/auparse/fcntl-cmdtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char fcntl_strings[] = "F_ADD_SEALS\0F_CANCELLK\0F_DUPFD\0F_DUPFD_CLOEXEC\0F_GETFD\0F_GETFL\0F_GETLEASE\0F_GETLK\0F_GETLK64\0F_GETOWN\0"
3 | "F_GETOWNER_UIDS\0F_GETOWN_EX\0F_GETPIPE_SZ\0F_GETSIG\0F_GET_FILE_RW_HINT\0F_GET_RW_HINT\0F_GET_SEALS\0F_NOTIFY\0F_SETFD\0F_SETFL\0"
4 | "F_SETLEASE\0F_SETLK\0F_SETLK64\0F_SETLKW\0F_SETLKW64\0F_SETOWN\0F_SETOWN_EX\0F_SETPIPE_SZ\0F_SETSIG\0F_SET_FILE_RW_HINT\0"
5 | "F_SET_RW_HINT";
6 | static const int fcntl_i2s_i[] = {
7 | 0,1,2,3,4,5,6,7,8,9,
8 | 10,11,12,13,14,15,16,17,1024,1025,
9 | 1026,1029,1030,1031,1032,1033,1034,1035,1036,1037,
10 | 1038,
11 | };
12 | static const unsigned fcntl_i2s_s[] = {
13 | 23,47,205,55,213,74,232,250,270,92,
14 | 304,142,82,240,259,279,117,101,221,63,
15 | 196,12,31,291,129,0,184,170,332,151,
16 | 313,
17 | };
18 | static const char *fcntl_i2s(int v) {
19 | return i2s_bsearch__(fcntl_strings, fcntl_i2s_i, fcntl_i2s_s, 31, v);
20 | }
21 |
--------------------------------------------------------------------------------
/auditd_port/auparse/flagtab.h:
--------------------------------------------------------------------------------
1 | /* flagtab.h --
2 | * Copyright 2007,2012 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: these are only for the RHEL4 kernel
22 | */
23 |
24 | _S(0x0001, "follow" )
25 | _S(0x0002, "directory" )
26 | _S(0x0004, "continue" )
27 | _S(0x0010, "parent" )
28 | _S(0x0020, "noalt" )
29 | _S(0x0040, "atomic" )
30 | _S(0x0100, "open" )
31 | _S(0x0200, "create" )
32 | _S(0x0400, "access" )
33 |
34 |
--------------------------------------------------------------------------------
/auditd_port/auparse/flagtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char flag_strings[] = "access\0atomic\0continue\0create\0directory\0follow\0noalt\0open\0parent";
3 | static const struct transtab flag_table[] = {
4 | {1,40},{2,30},{4,14},{16,58},{32,47},{64,7},{256,53},{512,23},{1024,0},
5 | };
6 | #define FLAG_NUM_ENTRIES (sizeof(flag_table) / sizeof(*flag_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/auparse/icmptypetab.h:
--------------------------------------------------------------------------------
1 | /* icmptypetab.h --
2 | * Copyright 2011-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/icmp.h
22 | */
23 |
24 | _S(0, "echo-reply" )
25 | _S(3, "destination-unreachable" )
26 | _S(4, "source-quench" )
27 | _S(5, "redirect" )
28 | _S(8, "echo" )
29 | _S(11, "time-exceeded" )
30 | _S(12, "parameter-problem" )
31 | _S(13, "timestamp-request" )
32 | _S(14, "timestamp-reply" )
33 | _S(15, "info-request" )
34 | _S(16, "info-reply" )
35 | _S(17, "address-mask-request" )
36 | _S(18, "address-mask-reply" )
37 |
38 |
--------------------------------------------------------------------------------
/auditd_port/auparse/icmptypetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char icmptype_strings[] = "address-mask-reply\0address-mask-request\0destination-unreachable\0echo\0echo-reply\0info-reply\0info-request\0parameter-problem\0redirect\0source-quench\0"
3 | "time-exceeded\0timestamp-reply\0timestamp-request";
4 | static const unsigned icmptype_i2s_direct[] = {
5 | 69,-1u,-1u,40,131,122,-1u,-1u,64,-1u,
6 | -1u,145,104,175,159,91,80,19,0,
7 | };
8 | static const char *icmptype_i2s(int v) {
9 | return i2s_direct__(icmptype_strings, icmptype_i2s_direct, 0, 18, v);
10 | }
11 |
--------------------------------------------------------------------------------
/auditd_port/auparse/inethooktab.h:
--------------------------------------------------------------------------------
1 | /* inethooktab.h --
2 | * Copyright 2016 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: net/netfilter/x_tables.c textify_hooks()
22 | */
23 |
24 | _S(0, "PREROUTING")
25 | _S(1, "INPUT")
26 | _S(2, "FORWARD")
27 | _S(3, "OUTPUT")
28 | _S(4, "POSTROUTING")
29 | _S(5, "BROUTING")
30 |
31 |
--------------------------------------------------------------------------------
/auditd_port/auparse/inethooktabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char inethook_strings[] = "BROUTING\0FORWARD\0INPUT\0OUTPUT\0POSTROUTING\0PREROUTING";
3 | static const unsigned inethook_i2s_direct[] = {
4 | 42,17,9,23,30,0,
5 | };
6 | static const char *inethook_i2s(int v) {
7 | return i2s_direct__(inethook_strings, inethook_i2s_direct, 0, 5, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/auparse/ioctlreqtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ioctlreq_strings[] = "CDROMEJECT\0CDROMEJECT_SW\0CDROMSEEK\0CDROM_GET_UPC\0DRM_IOCTL_MODE_CURSOR\0DRM_IOCTL_MODE_DIRTYFB\0DRM_IOCTL_MODE_PAGE_FLIP\0FIOGETOWN\0FIONBIO\0FIOSETOWN\0"
3 | "KDGETMODE\0KDSETMODE\0SIOCBRADDIF\0SIOCGIFHWADDR\0SIOCGIFINDEX\0SIOCGIFNAME\0TCFLSH\0TCGETS\0TCSBRK\0TCSETS\0"
4 | "TCSETSF\0TCSETSW\0TIOCGPGRP\0TIOCGPTN\0TIOCGWINSZ\0TIOCINQ\0TIOCNOTTY\0TIOCSCTTY\0TIOCSPGRP\0TIOCSPTLCK\0"
5 | "TIOCSPTLCK\0TIOCSWINSZ";
6 | static const int ioctlreq_i2s_i[] = {
7 | -2147199952,-2147199951,-1072143184,-1072143183,-1071881053,19258,19259,21257,21263,21265,
8 | 21270,21505,21506,21507,21508,21513,21515,21518,21519,21520,
9 | 21523,21524,21531,21537,21538,35073,35075,35088,35111,35123,
10 | 35234,1074025521,
11 | };
12 | static const unsigned ioctlreq_i2s_s[] = {
13 | 272,341,94,71,49,157,147,0,11,35,
14 | 25,225,239,254,246,232,218,310,262,320,
15 | 281,352,292,129,300,137,119,206,179,193,
16 | 167,330,
17 | };
18 | static const char *ioctlreq_i2s(int v) {
19 | return i2s_bsearch__(ioctlreq_strings, ioctlreq_i2s_i, ioctlreq_i2s_s, 32, v);
20 | }
21 |
--------------------------------------------------------------------------------
/auditd_port/auparse/ipccmdtab.h:
--------------------------------------------------------------------------------
1 | /* ipccmdtab.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/ipc.h
22 | */
23 |
24 |
25 | _S(00001000, "IPC_CREAT" )
26 | _S(00002000, "IPC_EXCL" )
27 | _S(00004000, "IPC_NOWAIT" )
28 |
29 |
--------------------------------------------------------------------------------
/auditd_port/auparse/ipccmdtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ipccmd_strings[] = "IPC_CREAT\0IPC_EXCL\0IPC_NOWAIT";
3 | static const struct transtab ipccmd_table[] = {
4 | {512,0},{1024,10},{2048,19},
5 | };
6 | #define IPCCMD_NUM_ENTRIES (sizeof(ipccmd_table) / sizeof(*ipccmd_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/auparse/ipctab.h:
--------------------------------------------------------------------------------
1 | /* ipctab.h --
2 | * Copyright 2007,2012-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/ipc.h
22 | */
23 |
24 |
25 | _S(SEMOP, "semop" )
26 | _S(SEMGET, "semget" )
27 | _S(SEMCTL, "semctl" )
28 | _S(4, "semtimedop" )
29 | _S(MSGSND, "msgsnd" )
30 | _S(MSGRCV, "msgrcv" )
31 | _S(MSGGET, "msgget" )
32 | _S(MSGCTL, "msgctl" )
33 | _S(SHMAT, "shmat" )
34 | _S(SHMDT, "shmdt" )
35 | _S(SHMGET, "shmget" )
36 | _S(SHMCTL, "shmctl" )
37 |
38 |
--------------------------------------------------------------------------------
/auditd_port/auparse/ipctabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ipc_strings[] = "msgctl\0msgget\0msgrcv\0msgsnd\0semctl\0semget\0semop\0semtimedop\0shmat\0shmctl\0"
3 | "shmdt\0shmget";
4 | static const unsigned ipc_i2s_direct[] = {
5 | 42,35,28,48,-1u,-1u,-1u,-1u,-1u,-1u,
6 | 21,14,7,0,-1u,-1u,-1u,-1u,-1u,-1u,
7 | 59,72,78,65,
8 | };
9 | static const char *ipc_i2s(int v) {
10 | return i2s_direct__(ipc_strings, ipc_i2s_direct, 1, 24, v);
11 | }
12 |
--------------------------------------------------------------------------------
/auditd_port/auparse/ipoptnametabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ipoptname_strings[] = "IPT_SO_GET_REVISION_TARGET\0IPT_SO_SET_ADD_COUNTERS\0IPT_SO_SET_REPLACE\0IP_ADD_MEMBERSHIP\0IP_ADD_SOURCE_MEMBERSHIP\0IP_BLOCK_SOURCE\0IP_CHECKSUM\0IP_DROP_MEMBERSHIP\0IP_DROP_SOURCE_MEMBERSHIP\0IP_FREEBIND\0"
3 | "IP_HDRINCL\0IP_IPSEC_POLICY\0IP_MINTTL\0IP_MSFILTER\0IP_MTU\0IP_MTU_DISCOVER\0IP_MULTICAST_ALL\0IP_MULTICAST_IF\0IP_MULTICAST_LOOP\0IP_MULTICAST_TTL\0"
4 | "IP_NODEFRAG\0IP_OPTIONS\0IP_ORIGDSTADDR\0IP_PASSSEC\0IP_PKTINFO\0IP_PKTOPTIONS\0IP_RECVERR\0IP_RECVOPTS\0IP_RECVTTL\0IP_RETOPTS\0"
5 | "IP_ROUTER_ALERT\0IP_TOS\0IP_TRANSPARENT\0IP_TTL\0IP_UNBLOCK_SOURCE\0IP_UNICAST_IF\0IP_XFRM_POLICY\0MCAST_BLOCK_SOURCE\0MCAST_JOIN_GROUP\0MCAST_JOIN_SOURCE_GROUP\0"
6 | "MCAST_LEAVE_GROUP\0MCAST_LEAVE_SOURCE_GROUP\0MCAST_MSFILTER\0MCAST_UNBLOCK_SOURCE";
7 | static const unsigned ipoptname_i2s_direct[] = {
8 | 473,495,198,350,457,423,446,387,398,254,
9 | 412,435,-1u,247,186,209,534,376,480,361,
10 | 225,338,129,-1u,-1u,-1u,-1u,-1u,-1u,-1u,
11 | -1u,287,321,303,70,141,502,113,88,160,
12 | 235,568,549,667,609,585,627,652,270,520,
13 | -1u,-1u,-1u,-1u,-1u,-1u,-1u,-1u,-1u,-1u,
14 | -1u,-1u,-1u,51,27,0,
15 | };
16 | static const char *ipoptname_i2s(int v) {
17 | return i2s_direct__(ipoptname_strings, ipoptname_i2s_direct, 1, 66, v);
18 | }
19 |
--------------------------------------------------------------------------------
/auditd_port/auparse/mmaptab.h:
--------------------------------------------------------------------------------
1 | /* mmaptab.h --
2 | * Copyright 2012-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/asm-generic/mman.h >0x100
22 | * include/uapi/asm-generic/mman-common.h < 0x100
23 | */
24 |
25 | _S(0x00001, "MAP_SHARED" )
26 | _S(0x00002, "MAP_PRIVATE" )
27 | _S(0x00010, "MAP_FIXED" )
28 | _S(0x00020, "MAP_ANONYMOUS" )
29 | _S(0x00040, "MAP_32BIT" )
30 | _S(0x00100, "MAP_GROWSDOWN" )
31 | _S(0x00800, "MAP_DENYWRITE" )
32 | _S(0x01000, "MAP_EXECUTABLE" )
33 | _S(0x02000, "MAP_LOCKED" )
34 | _S(0x04000, "MAP_NORESERVE" )
35 | _S(0x08000, "MAP_POPULATE" )
36 | _S(0x10000, "MAP_NONBLOCK" )
37 | _S(0x20000, "MAP_STACK" )
38 | _S(0x40000, "MAP_HUGETLB" )
39 |
40 |
--------------------------------------------------------------------------------
/auditd_port/auparse/mmaptabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char mmap_strings[] = "MAP_32BIT\0MAP_ANONYMOUS\0MAP_DENYWRITE\0MAP_EXECUTABLE\0MAP_FIXED\0MAP_GROWSDOWN\0MAP_HUGETLB\0MAP_LOCKED\0MAP_NONBLOCK\0MAP_NORESERVE\0"
3 | "MAP_POPULATE\0MAP_PRIVATE\0MAP_SHARED\0MAP_STACK";
4 | static const struct transtab mmap_table[] = {
5 | {1,152},{2,140},{16,53},{32,10},{64,0},{256,63},{2048,24},{4096,38},{8192,89},{16384,113},
6 | {32768,127},{65536,100},{131072,163},{262144,77},
7 | };
8 | #define MMAP_NUM_ENTRIES (sizeof(mmap_table) / sizeof(*mmap_table))
9 |
--------------------------------------------------------------------------------
/auditd_port/auparse/mounttabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char mount_strings[] = "MS_ACTIVE\0MS_BIND\0MS_BORN\0MS_DIRSYNC\0MS_I_VERSION\0MS_KERNMOUNT\0MS_MANDLOCK\0MS_MOVE\0MS_NOATIME\0MS_NODEV\0"
3 | "MS_NODIRATIME\0MS_NOEXEC\0MS_NOSEC\0MS_NOSUID\0MS_NOUSER\0MS_POSIXACL\0MS_PRIVATE\0MS_RDONLY\0MS_REC\0MS_RELATIME\0"
4 | "MS_REMOUNT\0MS_SHARED\0MS_SILENT\0MS_SLAVE\0MS_SNAP_STABLE\0MS_STRICTATIME\0MS_SYNCHRONOUS\0MS_UNBINDABLE";
5 | static const struct transtab mount_table[] = {
6 | {1,179},{2,136},{4,94},{8,117},{16,278},{32,208},{64,63},{128,26},{1024,83},{2048,103},
7 | {4096,10},{8192,75},{16384,189},{32768,229},{65536,156},{131072,293},{262144,168},{524288,239},{1048576,219},{2097152,196},
8 | {4194304,50},{8388608,37},{16777216,263},{134217728,248},{268435456,127},{536870912,18},{1073741824,0},{-2147483648,146},
9 | };
10 | #define MOUNT_NUM_ENTRIES (sizeof(mount_table) / sizeof(*mount_table))
11 |
--------------------------------------------------------------------------------
/auditd_port/auparse/netactiontab.h:
--------------------------------------------------------------------------------
1 | /* netactiontab.h --
2 | * Copyright 2016 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/netfilter/xt_AUDIT.h
22 | */
23 |
24 | _S(0, "ACCEPT")
25 | _S(1, "DROP")
26 | _S(2, "REJECT")
27 |
28 |
--------------------------------------------------------------------------------
/auditd_port/auparse/netactiontabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char netaction_strings[] = "ACCEPT\0DROP\0REJECT";
3 | static const unsigned netaction_i2s_direct[] = {
4 | 0,7,12,
5 | };
6 | static const char *netaction_i2s(int v) {
7 | return i2s_direct__(netaction_strings, netaction_i2s_direct, 0, 2, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/auparse/nfprototab.h:
--------------------------------------------------------------------------------
1 | /* nfprototab.h --
2 | * Copyright 2011-14 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/netfilter.h
22 | */
23 |
24 | _S(0, "unspecified" )
25 | _S(1, "inet" )
26 | _S(2, "ipv4" )
27 | _S(3, "arp" )
28 | _S(7, "bridge" )
29 | _S(10, "ipv6" )
30 | _S(12, "decnet" )
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/auparse/nfprototabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char nfproto_strings[] = "arp\0bridge\0decnet\0inet\0ipv4\0ipv6\0unspecified";
3 | static const unsigned nfproto_i2s_direct[] = {
4 | 33,18,23,0,-1u,-1u,-1u,4,-1u,-1u,
5 | 28,-1u,11,
6 | };
7 | static const char *nfproto_i2s(int v) {
8 | return i2s_direct__(nfproto_strings, nfproto_i2s_direct, 0, 12, v);
9 | }
10 |
--------------------------------------------------------------------------------
/auditd_port/auparse/normalize_evtypetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char evtype_strings[] = "TTY\0anomaly\0anomaly-response\0audit-daemon\0audit-rule\0av-decision\0configuration\0crypto\0dac-decision\0group-change\0"
3 | "integrity\0mac\0mac-decision\0system-services\0unknown\0user-account\0user-login\0user-space\0virt";
4 | static const unsigned evtype_i2s_direct[] = {
5 | 155,187,139,65,0,163,176,29,126,4,
6 | 112,12,122,79,198,42,86,99,53,
7 | };
8 | static const char *evtype_i2s(int v) {
9 | return i2s_direct__(evtype_strings, evtype_i2s_direct, 0, 18, v);
10 | }
11 |
--------------------------------------------------------------------------------
/auditd_port/auparse/normalize_obj_kind_maps.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char normalize_obj_kind_map_strings[] = "account\0admin-defined-rule\0audit-config\0block-device\0character-device\0device\0directory\0fifo\0file\0file-system\0"
3 | "firewall\0keystrokes\0mac-config\0memory\0printer\0process\0service\0socket\0symlink\0system\0"
4 | "unknown\0user-session\0virtual-machine";
5 | static const unsigned normalize_obj_kind_map_i2s_direct[] = {
6 | 193,87,53,77,40,92,178,171,155,109,
7 | 163,0,201,214,147,186,8,27,129,97,
8 | 140,118,70,
9 | };
10 | static const char *normalize_obj_kind_map_i2s(int v) {
11 | return i2s_direct__(normalize_obj_kind_map_strings, normalize_obj_kind_map_i2s_direct, 0, 22, v);
12 | }
13 |
--------------------------------------------------------------------------------
/auditd_port/auparse/open-flagtab.h:
--------------------------------------------------------------------------------
1 | /* open-flagtab.h --
2 | * Copyright 2007,2012-14 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/asm-generic/fcntl.h
22 | */
23 |
24 | // Handled in the code: _S(00, "O_RDONLY" )
25 | _S(01, "O_WRONLY" )
26 | _S(02, "O_RDWR" )
27 | _S(0100, "O_CREAT")
28 | _S(0200, "O_EXCL" )
29 | _S(0400, "O_NOCTTY" )
30 | _S(01000, "O_TRUNC" )
31 | _S(02000, "O_APPEND" )
32 | _S(04000, "O_NONBLOCK" )
33 | _S(010000, "O_DSYNC" )
34 | _S(020000, "O_ASYNC" )
35 | _S(040000, "O_DIRECT" )
36 | _S(0200000, "O_DIRECTORY" )
37 | _S(0400000, "O_NOFOLLOW" )
38 | _S(01000000, "O_NOATIME" )
39 | _S(02000000, "O_CLOEXEC")
40 | _S(04000000, "__O_SYNC")
41 | _S(010000000, "O_PATH")
42 | _S(020000000, "__O_TMPFILE")
43 |
44 |
--------------------------------------------------------------------------------
/auditd_port/auparse/open-flagtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char open_flag_strings[] = "O_APPEND\0O_ASYNC\0O_CLOEXEC\0O_CREAT\0O_DIRECT\0O_DIRECTORY\0O_DSYNC\0O_EXCL\0O_NOATIME\0O_NOCTTY\0"
3 | "O_NOFOLLOW\0O_NONBLOCK\0O_PATH\0O_RDWR\0O_TRUNC\0O_WRONLY\0__O_SYNC\0__O_TMPFILE";
4 | static const struct transtab open_flag_table[] = {
5 | {1,134},{2,119},{64,27},{128,64},{256,81},{512,126},{1024,0},{2048,101},{4096,56},{8192,9},
6 | {16384,35},{65536,44},{131072,90},{262144,71},{524288,17},{1048576,143},{2097152,112},{4194304,152},
7 | };
8 | #define OPEN_FLAG_NUM_ENTRIES (sizeof(open_flag_table) / sizeof(*open_flag_table))
9 |
--------------------------------------------------------------------------------
/auditd_port/auparse/persontabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char person_strings[] = "PER_BSD\0PER_HPUX\0PER_IRIX32\0PER_IRIX64\0PER_IRIXN32\0PER_ISCR4\0PER_LINUX\0PER_LINUX32\0PER_LINUX32_3GB\0PER_LINUX_32BIT\0"
3 | "PER_OSF4\0PER_OSR5\0PER_RISCOS\0PER_SCOSVR3\0PER_SOLARIS\0PER_SUNOS\0PER_SVR3\0PER_SVR4\0PER_UW7\0PER_WYSEV386\0"
4 | "PER_XENIX";
5 | static const int person_i2s_i[] = {
6 | 0,6,8,12,15,16,8388608,67108869,67108870,67108873,
7 | 67108874,67108875,67108877,68157441,68157454,83886082,83886084,83886087,100663299,117440515,
8 | 134217736,
9 | };
10 | static const unsigned person_i2s_s[] = {
11 | 61,0,71,133,115,8,99,51,168,17,
12 | 39,28,156,187,196,178,204,217,124,144,
13 | 83,
14 | };
15 | static const char *person_i2s(int v) {
16 | return i2s_bsearch__(person_strings, person_i2s_i, person_i2s_s, 21, v);
17 | }
18 |
--------------------------------------------------------------------------------
/auditd_port/auparse/pktoptnametabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char pktoptname_strings[] = "PACKET_ADD_MEMBERSHIP\0PACKET_AUXDATA\0PACKET_COPY_THRESH\0PACKET_DROP_MEMBERSHIP\0PACKET_FANOUT\0PACKET_FANOUT_DATA\0PACKET_HDRLEN\0PACKET_LOSS\0PACKET_ORIGDEV\0PACKET_QDISC_BYPASS\0"
3 | "PACKET_RECV_OUTPUT\0PACKET_RESERVE\0PACKET_ROLLOVER_STATS\0PACKET_RX_RING\0PACKET_STATISTICS\0PACKET_TIMESTAMP\0PACKET_TX_HAS_OFF\0PACKET_TX_RING\0PACKET_TX_TIMESTAMP\0PACKET_VERSION\0"
4 | "PACKET_VNET_HDR";
5 | static const unsigned pktoptname_i2s_direct[] = {
6 | 0,56,173,-1u,229,244,37,22,138,332,
7 | 112,192,297,126,347,312,262,79,279,153,
8 | 207,93,
9 | };
10 | static const char *pktoptname_i2s(int v) {
11 | return i2s_direct__(pktoptname_strings, pktoptname_i2s_direct, 1, 22, v);
12 | }
13 |
--------------------------------------------------------------------------------
/auditd_port/auparse/prctl_opttabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char prctl_opt_strings[] = "PR_CAPBSET_DROP\0PR_CAPBSET_READ\0PR_CAP_AMBIENT\0PR_GET_CHILD_SUBREAPER\0PR_GET_DUMPABLE\0PR_GET_ENDIAN\0PR_GET_FPEMU\0PR_GET_FPEXC\0PR_GET_FP_MODE\0PR_GET_KEEPCAPS\0"
3 | "PR_GET_NAME\0PR_GET_NO_NEW_PRIVS\0PR_GET_PDEATHSIG\0PR_GET_SECCOMP\0PR_GET_SECUREBITS\0PR_GET_THP_DISABLE\0PR_GET_TID_ADDRESS\0PR_GET_TIMERSLACK\0PR_GET_TIMING\0PR_GET_TSC\0"
4 | "PR_GET_UNALIGN\0PR_MCE_KILL\0PR_MCE_KILL_GET\0PR_MPX_DISABLE_MANAGEMENT\0PR_MPX_ENABLE_MANAGEMENT\0PR_SET_CHILD_SUBREAPER\0PR_SET_DUMPABLE\0PR_SET_ENDIAN\0PR_SET_FPEMU\0PR_SET_FPEXC\0"
5 | "PR_SET_FP_MODE\0PR_SET_KEEPCAPS\0PR_SET_MM\0PR_SET_NAME\0PR_SET_NO_NEW_PRIVS\0PR_SET_PDEATHSIG\0PR_SET_SECCOMP\0PR_SET_SECUREBITS\0PR_SET_THP_DISABLE\0PR_SET_TIMERSLACK\0"
6 | "PR_SET_TIMING\0PR_SET_TSC\0PR_SET_UNALIGN\0PR_TASK_PERF_EVENTS_DISABLE\0PR_TASK_PERF_EVENTS_ENABLE";
7 | static const unsigned prctl_opt_i2s_direct[] = {
8 | 566,189,70,437,320,678,141,508,100,467,
9 | 113,480,295,653,534,157,-1u,-1u,86,453,
10 | 206,583,16,0,309,667,221,598,635,277,
11 | 693,721,335,347,524,414,47,546,169,258,
12 | 616,239,389,363,493,126,32,
13 | };
14 | static const char *prctl_opt_i2s(int v) {
15 | return i2s_direct__(prctl_opt_strings, prctl_opt_i2s_direct, 1, 47, v);
16 | }
17 |
--------------------------------------------------------------------------------
/auditd_port/auparse/prottab.h:
--------------------------------------------------------------------------------
1 | /* prottab.h --
2 | * Copyright 2012-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/asm-generic/mman-common.h
22 | */
23 |
24 | _S(1, "PROT_READ" )
25 | _S(2, "PROT_WRITE" )
26 | _S(4, "PROT_EXEC" )
27 | _S(8, "PROT_SEM" )
28 |
29 |
--------------------------------------------------------------------------------
/auditd_port/auparse/prottabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char prot_strings[] = "PROT_EXEC\0PROT_READ\0PROT_SEM\0PROT_WRITE";
3 | static const struct transtab prot_table[] = {
4 | {1,10},{2,29},{4,0},{8,20},
5 | };
6 | #define PROT_NUM_ENTRIES (sizeof(prot_table) / sizeof(*prot_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/auparse/ptracetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ptrace_strings[] = "PTRACE_ARCH_PRCTL\0PTRACE_ATTACH\0PTRACE_CONT\0PTRACE_DETACH\0PTRACE_GETEVENTMSG\0PTRACE_GETFPREGS\0PTRACE_GETFPXREGS\0PTRACE_GETREGS\0PTRACE_GETREGSET\0PTRACE_GETSIGINFO\0"
3 | "PTRACE_GETSIGMASK\0PTRACE_GET_THREAD_AREA\0PTRACE_INTERRUPT\0PTRACE_KILL\0PTRACE_LISTEN\0PTRACE_PEEKDATA\0PTRACE_PEEKSIGINFO\0PTRACE_PEEKTEXT\0PTRACE_PEEKUSER\0PTRACE_POKEDATA\0"
4 | "PTRACE_POKETEXT\0PTRACE_POKEUSER\0PTRACE_SECCOMP_GET_FILTER\0PTRACE_SEIZE\0PTRACE_SETFPREGS\0PTRACE_SETFPXREGS\0PTRACE_SETOPTIONS\0PTRACE_SETREGS\0PTRACE_SETREGSET\0PTRACE_SETSIGINFO\0"
5 | "PTRACE_SETSIGMASK\0PTRACE_SET_THREAD_AREA\0PTRACE_SINGLEBLOCK\0PTRACE_SINGLESTEP\0PTRACE_SYSCALL\0PTRACE_SYSEMU\0PTRACE_SYSEMU_SINGLESTEP\0PTRACE_TRACEME";
6 | static const int ptrace_i2s_i[] = {
7 | 0,1,2,3,4,5,6,7,8,9,
8 | 12,13,14,15,16,17,18,19,24,25,
9 | 26,30,31,32,33,16896,16897,16898,16899,16900,
10 | 16901,16902,16903,16904,16905,16906,16907,16908,
11 | };
12 | static const unsigned ptrace_i2s_s[] = {
13 | 635,281,246,297,329,313,345,32,220,563,
14 | 112,453,77,400,18,44,94,417,581,180,
15 | 521,0,596,610,544,435,58,144,485,127,
16 | 468,387,203,232,262,162,503,361,
17 | };
18 | static const char *ptrace_i2s(int v) {
19 | return i2s_bsearch__(ptrace_strings, ptrace_i2s_i, ptrace_i2s_s, 38, v);
20 | }
21 |
--------------------------------------------------------------------------------
/auditd_port/auparse/recvtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char recv_strings[] = "MSG_BATCH\0MSG_CMSG_CLOEXEC\0MSG_CMSG_COMPAT\0MSG_CONFIRM\0MSG_CTRUNC\0MSG_DONTROUTE\0MSG_DONTWAIT\0MSG_EOR\0MSG_ERRQUEUE\0MSG_FASTOPEN\0"
3 | "MSG_FIN\0MSG_MORE\0MSG_NOSIGNAL\0MSG_OOB\0MSG_PEEK\0MSG_PROXY\0MSG_RST\0MSG_SENDPAGE_NOTLAST\0MSG_SYN\0MSG_TRUNC\0"
4 | "MSG_WAITALL\0MSG_WAITFORONE";
5 | static const struct transtab recv_table[] = {
6 | {1,157},{2,165},{4,66},{8,55},{16,174},{32,221},{64,80},{128,93},{256,231},{512,127},
7 | {1024,213},{2048,43},{4096,184},{8192,101},{16384,144},{32768,135},{65536,243},{131072,192},{262144,0},{536870912,114},
8 | {1073741824,10},{-2147483648,27},
9 | };
10 | #define RECV_NUM_ENTRIES (sizeof(recv_table) / sizeof(*recv_table))
11 |
--------------------------------------------------------------------------------
/auditd_port/auparse/rlimittab.h:
--------------------------------------------------------------------------------
1 | /* rlimittab.h --
2 | * Copyright 2012-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/asm-generic/resource.h
22 | */
23 |
24 | _S(0, "RLIMIT_CPU")
25 | _S(1, "RLIMIT_FSIZE")
26 | _S(2, "RLIMIT_DATA")
27 | _S(3, "RLIMIT_STACK")
28 | _S(4, "RLIMIT_CORE")
29 | _S(5, "RLIMIT_RSS")
30 | _S(6, "RLIMIT_NPROC")
31 | _S(7, "RLIMIT_NOFILE")
32 | _S(8, "RLIMIT_MEMLOCK")
33 | _S(9, "RLIMIT_AS")
34 | _S(10,"RLIMIT_LOCKS")
35 | _S(11,"RLIMIT_SIGPENDING")
36 | _S(12,"RLIMIT_MSGQUEUE")
37 | _S(13,"RLIMIT_NICE")
38 | _S(14,"RLIMIT_RTPRIO")
39 | _S(15,"RLIMIT_RTTIME")
40 |
41 |
--------------------------------------------------------------------------------
/auditd_port/auparse/rlimittabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char rlimit_strings[] = "RLIMIT_AS\0RLIMIT_CORE\0RLIMIT_CPU\0RLIMIT_DATA\0RLIMIT_FSIZE\0RLIMIT_LOCKS\0RLIMIT_MEMLOCK\0RLIMIT_MSGQUEUE\0RLIMIT_NICE\0RLIMIT_NOFILE\0"
3 | "RLIMIT_NPROC\0RLIMIT_RSS\0RLIMIT_RTPRIO\0RLIMIT_RTTIME\0RLIMIT_SIGPENDING\0RLIMIT_STACK";
4 | static const unsigned rlimit_i2s_direct[] = {
5 | 22,45,33,198,10,141,128,114,71,0,
6 | 58,180,86,102,152,166,
7 | };
8 | static const char *rlimit_i2s(int v) {
9 | return i2s_direct__(rlimit_strings, rlimit_i2s_direct, 0, 15, v);
10 | }
11 |
--------------------------------------------------------------------------------
/auditd_port/auparse/schedtab.h:
--------------------------------------------------------------------------------
1 | /* schedtab.h --
2 | * Copyright 2013-14 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/sched.h
22 | */
23 |
24 |
25 | _S(0, "SCHED_OTHER" )
26 | _S(1, "SCHED_FIFO" )
27 | _S(2, "SCHED_RR" )
28 | _S(3, "SCHED_BATCH" )
29 | _S(5, "SCHED_IDLE" )
30 | _S(6, "SCHED_DEADLINE")
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/auparse/schedtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char sched_strings[] = "SCHED_BATCH\0SCHED_DEADLINE\0SCHED_FIFO\0SCHED_IDLE\0SCHED_OTHER\0SCHED_RR";
3 | static const unsigned sched_i2s_direct[] = {
4 | 49,27,61,0,-1u,38,12,
5 | };
6 | static const char *sched_i2s(int v) {
7 | return i2s_direct__(sched_strings, sched_i2s_direct, 0, 6, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/auparse/seccomptab.h:
--------------------------------------------------------------------------------
1 | /* seccomptab.h --
2 | * Copyright 2012-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/seccomp.h
22 | */
23 |
24 |
25 | _S(0x00000000U, "kill" )
26 | _S(0x00030000U, "trap" )
27 | _S(0x00050000U, "errno" )
28 | _S(0x7ff00000U, "trace" )
29 | _S(0x7ffc0000U, "log" )
30 | _S(0x7fff0000U, "allow" )
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/auparse/seccomptabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char seccomp_strings[] = "allow\0errno\0kill\0log\0trace\0trap";
3 | static const int seccomp_i2s_i[] = {
4 | 0,196608,327680,2146435072,2147221504,2147418112,
5 | };
6 | static const unsigned seccomp_i2s_s[] = {
7 | 12,27,6,21,17,0,
8 | };
9 | static const char *seccomp_i2s(int v) {
10 | return i2s_bsearch__(seccomp_strings, seccomp_i2s_i, seccomp_i2s_s, 6, v);
11 | }
12 |
--------------------------------------------------------------------------------
/auditd_port/auparse/seektab.h:
--------------------------------------------------------------------------------
1 | /* seektab.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/fs.h
22 | */
23 |
24 | _S(0, "SEEK_SET")
25 | _S(1, "SEEK_CUR")
26 | _S(2, "SEEK_END")
27 | _S(3, "SEEK_DATA")
28 | _S(4, "SEEK_HOLE")
29 |
30 |
--------------------------------------------------------------------------------
/auditd_port/auparse/seektabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char seek_strings[] = "SEEK_CUR\0SEEK_DATA\0SEEK_END\0SEEK_HOLE\0SEEK_SET";
3 | static const unsigned seek_i2s_direct[] = {
4 | 38,0,19,9,28,
5 | };
6 | static const char *seek_i2s(int v) {
7 | return i2s_direct__(seek_strings, seek_i2s_direct, 0, 4, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/auparse/shm_modetab.h:
--------------------------------------------------------------------------------
1 | /* shm_mode.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/linux/shm.h
22 | * include/uapi/linux/shm.h
23 | */
24 |
25 |
26 | _S(00001000, "SHM_DEST" )
27 | _S(00002000, "SHM_LOCKED" )
28 |
29 | _S(00004000, "SHM_HUGETLB" )
30 | _S(00010000, "SHM_NORESERVE" )
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/auparse/shm_modetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char shm_mode_strings[] = "SHM_DEST\0SHM_HUGETLB\0SHM_LOCKED\0SHM_NORESERVE";
3 | static const struct transtab shm_mode_table[] = {
4 | {512,0},{1024,21},{2048,9},{4096,32},
5 | };
6 | #define SHM_MODE_NUM_ENTRIES (sizeof(shm_mode_table) / sizeof(*shm_mode_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/auparse/signaltabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char signal_strings[] = "IGPWR\0SIG0\0SIGABRT\0SIGALRM\0SIGBUS\0SIGCHLD\0SIGCONT\0SIGFPE\0SIGHUP\0SIGILL\0"
3 | "SIGINT\0SIGIO\0SIGKILL\0SIGPIPE\0SIGPROF\0SIGQUIT\0SIGSEGV\0SIGSTKFLT\0SIGSTOP\0SIGSYS\0"
4 | "SIGTERM\0SIGTRAP\0SIGTSTP\0SIGTTIN\0SIGTTOU\0SIGURG\0SIGUSR1\0SIGUSR2\0SIGVTALRM\0SIGWINCH\0"
5 | "SIGXCPU\0SIGXFSZ";
6 | static const unsigned signal_i2s_direct[] = {
7 | 6,57,71,108,64,157,11,27,50,84,
8 | 196,116,204,92,19,149,124,34,42,134,
9 | 165,173,181,189,231,239,212,100,222,78,
10 | 0,142,
11 | };
12 | static const char *signal_i2s(int v) {
13 | return i2s_direct__(signal_strings, signal_i2s_direct, 0, 31, v);
14 | }
15 |
--------------------------------------------------------------------------------
/auditd_port/auparse/sockleveltabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char socklevel_strings[] = "SOL_AAL\0SOL_ALG\0SOL_ATALK\0SOL_ATM\0SOL_AX25\0SOL_BLUETOOTH\0SOL_CAIF\0SOL_DCCP\0SOL_DECNET\0SOL_ICMPV6\0"
3 | "SOL_IP\0SOL_IPV6\0SOL_IPX\0SOL_IRDA\0SOL_IUCV\0SOL_KCM\0SOL_LLC\0SOL_NETBEUI\0SOL_NETLINK\0SOL_NETROM\0"
4 | "SOL_NFC\0SOL_PACKET\0SOL_PNPIPE\0SOL_PPPOL2TP\0SOL_RAW\0SOL_RDS\0SOL_ROSE\0SOL_RXRPC\0SOL_SCTP\0SOL_TCP\0"
5 | "SOL_TIPC\0SOL_TLS\0SOL_UDP\0SOL_UDPLITE";
6 | static const int socklevel_i2s_i[] = {
7 | 0,6,17,41,58,132,136,255,256,257,
8 | 258,259,260,261,263,264,265,266,267,268,
9 | 269,270,271,272,273,274,275,276,277,278,
10 | 279,280,281,282,
11 | };
12 | static const unsigned socklevel_i2s_s[] = {
13 | 97,277,302,104,86,268,310,233,113,34,
14 | 16,179,249,75,198,26,0,121,155,147,
15 | 66,167,285,258,220,43,209,241,130,57,
16 | 8,190,139,294,
17 | };
18 | static const char *socklevel_i2s(int v) {
19 | return i2s_bsearch__(socklevel_strings, socklevel_i2s_i, socklevel_i2s_s, 34, v);
20 | }
21 |
--------------------------------------------------------------------------------
/auditd_port/auparse/socktabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char sock_strings[] = "accept\0accept4\0bind\0connect\0getpeername\0getsockname\0getsockopt\0listen\0recv\0recvfrom\0"
3 | "recvmmsg\0recvmsg\0send\0sendmmsg\0sendmsg\0sendto\0setsockopt\0shutdown\0socket\0socketpair";
4 | static const unsigned sock_i2s_direct[] = {
5 | 150,15,20,63,0,40,28,157,101,70,
6 | 123,75,141,130,52,115,93,7,84,106,
7 | };
8 | static const char *sock_i2s(int v) {
9 | return i2s_direct__(sock_strings, sock_i2s_direct, 1, 20, v);
10 | }
11 |
--------------------------------------------------------------------------------
/auditd_port/auparse/socktypetab.h:
--------------------------------------------------------------------------------
1 | /* socktypetab.h --
2 | * Copyright 2012 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/linux/net.h
22 | */
23 |
24 | _S(1, "SOCK_STREAM")
25 | _S(2, "SOCK_DGRAM")
26 | _S(3, "SOCK_RAW")
27 | _S(4, "SOCK_RDM")
28 | _S(5, "SOCK_SEQPACKET")
29 | _S(6, "SOCK_DCCP")
30 | _S(10, "SOCK_PACKET")
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/auparse/socktypetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char sock_type_strings[] = "SOCK_DCCP\0SOCK_DGRAM\0SOCK_PACKET\0SOCK_RAW\0SOCK_RDM\0SOCK_SEQPACKET\0SOCK_STREAM";
3 | static const unsigned sock_type_i2s_direct[] = {
4 | 66,10,33,42,51,0,-1u,-1u,-1u,21,
5 | };
6 | static const char *sock_type_i2s(int v) {
7 | return i2s_direct__(sock_type_strings, sock_type_i2s_direct, 1, 10, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/auparse/tcpoptnametabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char tcpoptname_strings[] = "TCP_CC_INFO\0TCP_CONGESTION\0TCP_COOKIE_TRANSACTIONS\0TCP_CORK\0TCP_DEFER_ACCEPT\0TCP_FASTOPEN\0TCP_FASTOPEN_CONNECT\0TCP_INFO\0TCP_KEEPCNT\0TCP_KEEPIDLE\0"
3 | "TCP_KEEPINTVL\0TCP_LINGER2\0TCP_MAXSEG\0TCP_MD5SIG\0TCP_MD5SIG_EXT\0TCP_NODELAY\0TCP_NOTSENT_LOWAT\0TCP_QUEUE_SEQ\0TCP_QUICKACK\0TCP_REPAIR\0"
4 | "TCP_REPAIR_OPTIONS\0TCP_REPAIR_QUEUE\0TCP_REPAIR_WINDOW\0TCP_SAVED_SYN\0TCP_SAVE_SYN\0TCP_SYNCNT\0TCP_THIN_DUPACK\0TCP_THIN_LINEAR_TIMEOUTS\0TCP_TIMESTAMP\0TCP_ULP\0"
5 | "TCP_USER_TIMEOUT\0TCP_WINDOW_CLAMP";
6 | static const unsigned tcpoptname_i2s_direct[] = {
7 | 208,171,51,132,145,120,357,159,60,448,
8 | 111,252,12,182,27,384,368,431,265,295,
9 | 238,276,77,409,220,0,344,330,312,90,
10 | 423,193,
11 | };
12 | static const char *tcpoptname_i2s(int v) {
13 | return i2s_direct__(tcpoptname_strings, tcpoptname_i2s_direct, 1, 32, v);
14 | }
15 |
--------------------------------------------------------------------------------
/auditd_port/auparse/test/auditd_raw.sed:
--------------------------------------------------------------------------------
1 | s/ cwd/ cwd/
2 | s/ comm=/ comm=/
3 | s/msg='//
4 | s/(hostname=/hostname=/
5 | s/success)/success/
6 | s/ : exe=/ exe=/
7 | s/'$//
8 | s/): a/): a/
9 | s/, addr=/ addr=/
10 | s/, terminal=/ terminal=/
11 | s/tty pid=/pid=/
12 | s/Unknown permission start for class system //
13 | s/Unknown permission stop for class system //
14 | s/ exe=/ exe=/
15 | s/ pam: default-context/ default-context/
16 | s/ avc: denied { stop } for auid=/ auid=/
17 | s/old ses=/ses=/
18 | s/new ses=/ses=/
19 | s/old auid=/auid=/
20 | s/login pid=/pid=/
21 | s/user pid=/pid=/
22 | s/new auid=/auid=/
23 | s/auditd start, ver=/ver=/
24 | s/policy loaded auid=/auid=/
25 | s/auditd normal halt, sending auid=/auid=/
26 | s/op=change password id=/op=change id=/
27 | s/avc: received policyload notice (seqno=\(\d+)\))/seqno=\1/
28 | s/PAM: accounting acct/acct/
29 | s/PAM: session open acct/acct/
30 | s/PAM: session close acct/acct/
31 | s/PAM: setcred acct/acct/
32 | s/avc: denied { read write } for pid=/seresult=denied seperms=read,write pid=/
33 |
--------------------------------------------------------------------------------
/auditd_port/auparse/umounttab.h:
--------------------------------------------------------------------------------
1 | /* umounttab.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/linux/fs.h
22 | */
23 |
24 |
25 | _S(0x00000001, "MNT_FORCE" )
26 | _S(0x00000002, "MNT_DETACH" )
27 | _S(0x00000004, "MNT_EXPIRE" )
28 | _S(0x00000008, "UMOUNT_NOFOLLOW" )
29 | _S(0x80000000, "UMOUNT_UNUSED" )
30 |
31 |
--------------------------------------------------------------------------------
/auditd_port/auparse/umounttabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char umount_strings[] = "MNT_DETACH\0MNT_EXPIRE\0MNT_FORCE\0UMOUNT_NOFOLLOW\0UMOUNT_UNUSED";
3 | static const struct transtab umount_table[] = {
4 | {1,22},{2,0},{4,11},{8,32},{-2147483648,48},
5 | };
6 | #define UMOUNT_NUM_ENTRIES (sizeof(umount_table) / sizeof(*umount_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/.gitignore:
--------------------------------------------------------------------------------
1 | *.swp
2 | obj/
3 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/Application.mk:
--------------------------------------------------------------------------------
1 | # Root Verzeichnis vom Projekt (Ort der Android.mk Datei)
2 | APP_PROJECT_PATH := ./
3 |
4 | # Android 6 Marshmallow als Zielplattform
5 | APP_PLATFORM := android-23
6 |
7 | APP_BUILD_SCRIPT := ./Android.mk
8 |
9 | # Richtige Releases sollten aus Performancegründen mit 'release' gebaut werden
10 | APP_OPTIM := debug
11 | #APP_OPTIM := release
12 |
13 | APP_CPPFLAGS :=
14 |
15 | # Unterstütze ABI sind:
16 | # armeabi-v7a
17 | # x86_64
18 | # (x86)
19 | APP_ABI := x86
20 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/accesstabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char access_strings[] = "R_OK\0W_OK\0X_OK";
3 | static const struct transtab access_table[] = {
4 | {1,10},{2,5},{4,0},
5 | };
6 | #define ACCESS_NUM_ENTRIES (sizeof(access_table) / sizeof(*access_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/android.h:
--------------------------------------------------------------------------------
1 | /* android.h --
2 | * Copyright 2004-2012 SRI International
3 | * All Rights Reserved.
4 | *
5 | * This program is free software; you can redistribute it and/or modify
6 | * it under the terms of the GNU General Public License as published by
7 | * the Free Software Foundation; either version 2 of the License, or
8 | * (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | * GNU General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU General Public License
16 | * along with this program; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Nathaniel Husted
21 | */
22 |
23 | /**
24 | * @brief Android specific includes
25 | *
26 | * */
27 |
28 | // Android does not implement stpcpy
29 | #include
30 |
31 | #define fgets_unlocked(x,y,z) fgets(x,y,z)
32 |
33 | #define _POSIX_HOST_NAME_MAX 255
34 |
35 | // This needs to be commented out for Android 4.2.1+
36 | //#define O_DSYNC O_SYNC
37 |
38 | typedef long fd_mask;
39 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/accesstab.h:
--------------------------------------------------------------------------------
1 | /* accesstab.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | */
22 |
23 |
24 | _S(0x1U, "X_OK" )
25 | _S(0x2U, "W_OK" )
26 | _S(0x4U, "R_OK" )
27 |
28 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/auparse.pc.in:
--------------------------------------------------------------------------------
1 | prefix=@prefix@
2 | exec_prefix=@exec_prefix@
3 | libdir=@libdir@
4 | includedir=@includedir@
5 |
6 | Name: libauparse
7 | Description: Library for apps that want to parse and interpret audit events
8 | Version: @VERSION@
9 | Libs: -L${libdir} -lauparse
10 | Libs.private: -laudit
11 | Cflags: -I${includedir}
12 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/captabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char cap_strings[] = "audit_control\0audit_read\0audit_write\0block_suspend\0chown\0dac_override\0dac_read_search\0fowner\0fsetid\0ipc_lock\0"
3 | "ipc_owner\0kill\0lease\0linux_immutable\0mac_admin\0mac_override\0mknod\0net_admin\0net_bind_service\0net_broadcast\0"
4 | "net_raw\0setfcap\0setgid\0setpcap\0setuid\0sys_admin\0sys_boot\0sys_chroot\0sys_module\0sys_nice\0"
5 | "sys_pacct\0sys_ptrace\0sys_rawio\0sys_resource\0sys_time\0sys_tty_config\0syslog\0wake_alarm";
6 | static const unsigned cap_i2s_direct[] = {
7 | 51,57,70,86,93,119,232,247,239,130,
8 | 185,202,175,216,100,109,284,325,273,314,
9 | 304,254,264,295,335,348,357,169,124,25,
10 | 0,224,156,146,372,379,37,14,
11 | };
12 | static const char *cap_i2s(int v) {
13 | return i2s_direct__(cap_strings, cap_i2s_direct, 0, 37, v);
14 | }
15 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/clocktab.h:
--------------------------------------------------------------------------------
1 | /* clocktab.h --
2 | * Copyright 2012,2014 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/time.h
22 | */
23 |
24 | _S(0, "CLOCK_REALTIME" )
25 | _S(1, "CLOCK_MONOTONIC" )
26 | _S(2, "CLOCK_PROCESS_CPUTIME_ID" )
27 | _S(3, "CLOCK_THREAD_CPUTIME_ID" )
28 | _S(4, "CLOCK_MONOTONIC_RAW" )
29 | _S(5, "CLOCK_REALTIME_COARSE" )
30 | _S(6, "CLOCK_MONOTONIC_COARSE" )
31 | _S(7, "CLOCK_BOOTTIME" )
32 | _S(8, "CLOCK_REALTIME_ALARM" )
33 | _S(9, "CLOCK_BOOTTIME_ALARM" )
34 | _S(10, "CLOCK_SGI_CYCLE" )
35 | _S(11, "CLOCK_TAI" )
36 |
37 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/epoll_ctl.h:
--------------------------------------------------------------------------------
1 | /* epoll_ctl.h --
2 | * Copyright 2008,2012,2014 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/eventpoll.h
22 | */
23 |
24 | _S(1, "EPOLL_CTL_ADD" )
25 | _S(2, "EPOLL_CTL_DEL" )
26 | _S(3, "EPOLL_CTL_MOD" )
27 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/flagtab.h:
--------------------------------------------------------------------------------
1 | /* flagtab.h --
2 | * Copyright 2007,2012 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: these are only for the RHEL4 kernel
22 | */
23 |
24 | _S(0x0001, "follow" )
25 | _S(0x0002, "directory" )
26 | _S(0x0004, "continue" )
27 | _S(0x0010, "parent" )
28 | _S(0x0020, "noalt" )
29 | _S(0x0040, "atomic" )
30 | _S(0x0100, "open" )
31 | _S(0x0200, "create" )
32 | _S(0x0400, "access" )
33 |
34 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/icmptypetab.h:
--------------------------------------------------------------------------------
1 | /* icmptypetab.h --
2 | * Copyright 2011-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/icmp.h
22 | */
23 |
24 | _S(0, "echo-reply" )
25 | _S(3, "destination-unreachable" )
26 | _S(4, "source-quench" )
27 | _S(5, "redirect" )
28 | _S(8, "echo" )
29 | _S(11, "time-exceeded" )
30 | _S(12, "parameter-problem" )
31 | _S(13, "timestamp-request" )
32 | _S(14, "timestamp-reply" )
33 | _S(15, "info-request" )
34 | _S(16, "info-reply" )
35 | _S(17, "address-mask-request" )
36 | _S(18, "address-mask-reply" )
37 |
38 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/inethooktab.h:
--------------------------------------------------------------------------------
1 | /* inethooktab.h --
2 | * Copyright 2016 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: net/netfilter/x_tables.c textify_hooks()
22 | */
23 |
24 | _S(0, "PREROUTING")
25 | _S(1, "INPUT")
26 | _S(2, "FORWARD")
27 | _S(3, "OUTPUT")
28 | _S(4, "POSTROUTING")
29 | _S(5, "BROUTING")
30 |
31 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/ipccmdtab.h:
--------------------------------------------------------------------------------
1 | /* ipccmdtab.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/ipc.h
22 | */
23 |
24 |
25 | _S(00001000, "IPC_CREAT" )
26 | _S(00002000, "IPC_EXCL" )
27 | _S(00004000, "IPC_NOWAIT" )
28 |
29 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/ipctab.h:
--------------------------------------------------------------------------------
1 | /* ipctab.h --
2 | * Copyright 2007,2012-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/ipc.h
22 | */
23 |
24 |
25 | _S(SEMOP, "semop" )
26 | _S(SEMGET, "semget" )
27 | _S(SEMCTL, "semctl" )
28 | _S(4, "semtimedop" )
29 | _S(MSGSND, "msgsnd" )
30 | _S(MSGRCV, "msgrcv" )
31 | _S(MSGGET, "msgget" )
32 | _S(MSGCTL, "msgctl" )
33 | _S(SHMAT, "shmat" )
34 | _S(SHMDT, "shmdt" )
35 | _S(SHMGET, "shmget" )
36 | _S(SHMCTL, "shmctl" )
37 |
38 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/mmaptab.h:
--------------------------------------------------------------------------------
1 | /* mmaptab.h --
2 | * Copyright 2012-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/asm-generic/mman.h >0x100
22 | * include/uapi/asm-generic/mman-common.h < 0x100
23 | */
24 |
25 | _S(0x00001, "MAP_SHARED" )
26 | _S(0x00002, "MAP_PRIVATE" )
27 | _S(0x00010, "MAP_FIXED" )
28 | _S(0x00020, "MAP_ANONYMOUS" )
29 | _S(0x00040, "MAP_32BIT" )
30 | _S(0x00100, "MAP_GROWSDOWN" )
31 | _S(0x00800, "MAP_DENYWRITE" )
32 | _S(0x01000, "MAP_EXECUTABLE" )
33 | _S(0x02000, "MAP_LOCKED" )
34 | _S(0x04000, "MAP_NORESERVE" )
35 | _S(0x08000, "MAP_POPULATE" )
36 | _S(0x10000, "MAP_NONBLOCK" )
37 | _S(0x20000, "MAP_STACK" )
38 | _S(0x40000, "MAP_HUGETLB" )
39 |
40 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/netactiontab.h:
--------------------------------------------------------------------------------
1 | /* netactiontab.h --
2 | * Copyright 2016 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/netfilter/xt_AUDIT.h
22 | */
23 |
24 | _S(0, "ACCEPT")
25 | _S(1, "DROP")
26 | _S(2, "REJECT")
27 |
28 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/nfprototab.h:
--------------------------------------------------------------------------------
1 | /* nfprototab.h --
2 | * Copyright 2011-14 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/netfilter.h
22 | */
23 |
24 | _S(0, "unspecified" )
25 | _S(1, "inet" )
26 | _S(2, "ipv4" )
27 | _S(3, "arp" )
28 | _S(7, "bridge" )
29 | _S(10, "ipv6" )
30 | _S(12, "decnet" )
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/normalize_obj_kind_maps.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char normalize_obj_kind_map_strings[] = "account\0admin-defined-rule\0audit-config\0block-device\0character-device\0device\0directory\0fifo\0file\0file-system\0"
3 | "firewall\0keystrokes\0mac-config\0memory\0printer\0process\0service\0socket\0symlink\0system\0"
4 | "unknown\0user-session\0virtual-machine";
5 | static const unsigned normalize_obj_kind_map_i2s_direct[] = {
6 | 193,87,53,77,40,92,178,171,155,109,
7 | 163,0,201,214,147,186,8,27,129,97,
8 | 140,118,70,
9 | };
10 | static const char *normalize_obj_kind_map_i2s(int v) {
11 | return i2s_direct__(normalize_obj_kind_map_strings, normalize_obj_kind_map_i2s_direct, 0, 22, v);
12 | }
13 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/open-flagtab.h:
--------------------------------------------------------------------------------
1 | /* open-flagtab.h --
2 | * Copyright 2007,2012-14 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/asm-generic/fcntl.h
22 | */
23 |
24 | // Handled in the code: _S(00, "O_RDONLY" )
25 | _S(01, "O_WRONLY" )
26 | _S(02, "O_RDWR" )
27 | _S(0100, "O_CREAT")
28 | _S(0200, "O_EXCL" )
29 | _S(0400, "O_NOCTTY" )
30 | _S(01000, "O_TRUNC" )
31 | _S(02000, "O_APPEND" )
32 | _S(04000, "O_NONBLOCK" )
33 | _S(010000, "O_DSYNC" )
34 | _S(020000, "O_ASYNC" )
35 | _S(040000, "O_DIRECT" )
36 | _S(0200000, "O_DIRECTORY" )
37 | _S(0400000, "O_NOFOLLOW" )
38 | _S(01000000, "O_NOATIME" )
39 | _S(02000000, "O_CLOEXEC")
40 | _S(04000000, "__O_SYNC")
41 | _S(010000000, "O_PATH")
42 | _S(020000000, "__O_TMPFILE")
43 |
44 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/prottab.h:
--------------------------------------------------------------------------------
1 | /* prottab.h --
2 | * Copyright 2012-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/asm-generic/mman-common.h
22 | */
23 |
24 | _S(1, "PROT_READ" )
25 | _S(2, "PROT_WRITE" )
26 | _S(4, "PROT_EXEC" )
27 | _S(8, "PROT_SEM" )
28 |
29 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/rlimittab.h:
--------------------------------------------------------------------------------
1 | /* rlimittab.h --
2 | * Copyright 2012-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/asm-generic/resource.h
22 | */
23 |
24 | _S(0, "RLIMIT_CPU")
25 | _S(1, "RLIMIT_FSIZE")
26 | _S(2, "RLIMIT_DATA")
27 | _S(3, "RLIMIT_STACK")
28 | _S(4, "RLIMIT_CORE")
29 | _S(5, "RLIMIT_RSS")
30 | _S(6, "RLIMIT_NPROC")
31 | _S(7, "RLIMIT_NOFILE")
32 | _S(8, "RLIMIT_MEMLOCK")
33 | _S(9, "RLIMIT_AS")
34 | _S(10,"RLIMIT_LOCKS")
35 | _S(11,"RLIMIT_SIGPENDING")
36 | _S(12,"RLIMIT_MSGQUEUE")
37 | _S(13,"RLIMIT_NICE")
38 | _S(14,"RLIMIT_RTPRIO")
39 | _S(15,"RLIMIT_RTTIME")
40 |
41 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/schedtab.h:
--------------------------------------------------------------------------------
1 | /* schedtab.h --
2 | * Copyright 2013-14 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/sched.h
22 | */
23 |
24 |
25 | _S(0, "SCHED_OTHER" )
26 | _S(1, "SCHED_FIFO" )
27 | _S(2, "SCHED_RR" )
28 | _S(3, "SCHED_BATCH" )
29 | _S(5, "SCHED_IDLE" )
30 | _S(6, "SCHED_DEADLINE")
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/seccomptab.h:
--------------------------------------------------------------------------------
1 | /* seccomptab.h --
2 | * Copyright 2012-13 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/seccomp.h
22 | */
23 |
24 |
25 | _S(0x00000000U, "kill" )
26 | _S(0x00030000U, "trap" )
27 | _S(0x00050000U, "errno" )
28 | _S(0x7ff00000U, "trace" )
29 | _S(0x7ffc0000U, "log" )
30 | _S(0x7fff0000U, "allow" )
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/seektab.h:
--------------------------------------------------------------------------------
1 | /* seektab.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/uapi/linux/fs.h
22 | */
23 |
24 | _S(0, "SEEK_SET")
25 | _S(1, "SEEK_CUR")
26 | _S(2, "SEEK_END")
27 | _S(3, "SEEK_DATA")
28 | _S(4, "SEEK_HOLE")
29 |
30 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/shm_modetab.h:
--------------------------------------------------------------------------------
1 | /* shm_mode.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/linux/shm.h
22 | * include/uapi/linux/shm.h
23 | */
24 |
25 |
26 | _S(00001000, "SHM_DEST" )
27 | _S(00002000, "SHM_LOCKED" )
28 |
29 | _S(00004000, "SHM_HUGETLB" )
30 | _S(00010000, "SHM_NORESERVE" )
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/socktypetab.h:
--------------------------------------------------------------------------------
1 | /* socktypetab.h --
2 | * Copyright 2012 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/linux/net.h
22 | */
23 |
24 | _S(1, "SOCK_STREAM")
25 | _S(2, "SOCK_DGRAM")
26 | _S(3, "SOCK_RAW")
27 | _S(4, "SOCK_RDM")
28 | _S(5, "SOCK_SEQPACKET")
29 | _S(6, "SOCK_DCCP")
30 | _S(10, "SOCK_PACKET")
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/test/auditd_raw.sed:
--------------------------------------------------------------------------------
1 | s/ cwd/ cwd/
2 | s/ comm=/ comm=/
3 | s/msg='//
4 | s/(hostname=/hostname=/
5 | s/success)/success/
6 | s/ : exe=/ exe=/
7 | s/'$//
8 | s/): a/): a/
9 | s/, addr=/ addr=/
10 | s/, terminal=/ terminal=/
11 | s/tty pid=/pid=/
12 | s/Unknown permission start for class system //
13 | s/Unknown permission stop for class system //
14 | s/ exe=/ exe=/
15 | s/ pam: default-context/ default-context/
16 | s/ avc: denied { stop } for auid=/ auid=/
17 | s/old ses=/ses=/
18 | s/new ses=/ses=/
19 | s/old auid=/auid=/
20 | s/login pid=/pid=/
21 | s/user pid=/pid=/
22 | s/new auid=/auid=/
23 | s/auditd start, ver=/ver=/
24 | s/policy loaded auid=/auid=/
25 | s/auditd normal halt, sending auid=/auid=/
26 | s/op=change password id=/op=change id=/
27 | s/avc: received policyload notice (seqno=\(\d+)\))/seqno=\1/
28 | s/PAM: accounting acct/acct/
29 | s/PAM: session open acct/acct/
30 | s/PAM: session close acct/acct/
31 | s/PAM: setcred acct/acct/
32 | s/avc: denied { read write } for pid=/seresult=denied seperms=read,write pid=/
33 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/auparse/umounttab.h:
--------------------------------------------------------------------------------
1 | /* umounttab.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Location: include/linux/fs.h
22 | */
23 |
24 |
25 | _S(0x00000001, "MNT_FORCE" )
26 | _S(0x00000002, "MNT_DETACH" )
27 | _S(0x00000004, "MNT_EXPIRE" )
28 | _S(0x00000008, "UMOUNT_NOFOLLOW" )
29 | _S(0x80000000, "UMOUNT_UNUSED" )
30 |
31 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/build.sh:
--------------------------------------------------------------------------------
1 | ndk-build V=1 NDK_PROJECT_PATH=. NDK_APPLICATION_MK=Application.mk
2 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/captabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char cap_strings[] = "audit_control\0audit_read\0audit_write\0block_suspend\0chown\0dac_override\0dac_read_search\0fowner\0fsetid\0ipc_lock\0"
3 | "ipc_owner\0kill\0lease\0linux_immutable\0mac_admin\0mac_override\0mknod\0net_admin\0net_bind_service\0net_broadcast\0"
4 | "net_raw\0setfcap\0setgid\0setpcap\0setuid\0sys_admin\0sys_boot\0sys_chroot\0sys_module\0sys_nice\0"
5 | "sys_pacct\0sys_ptrace\0sys_rawio\0sys_resource\0sys_time\0sys_tty_config\0syslog\0wake_alarm";
6 | static const unsigned cap_i2s_direct[] = {
7 | 51,57,70,86,93,119,232,247,239,130,
8 | 185,202,175,216,100,109,284,325,273,314,
9 | 304,254,264,295,335,348,357,169,124,25,
10 | 0,224,156,146,372,379,37,14,
11 | };
12 | static const char *cap_i2s(int v) {
13 | return i2s_direct__(cap_strings, cap_i2s_direct, 0, 37, v);
14 | }
15 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/clocktabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char clock_strings[] = "CLOCK_BOOTTIME\0CLOCK_BOOTTIME_ALARM\0CLOCK_MONOTONIC\0CLOCK_MONOTONIC_COARSE\0CLOCK_MONOTONIC_RAW\0CLOCK_PROCESS_CPUTIME_ID\0CLOCK_REALTIME\0CLOCK_REALTIME_ALARM\0CLOCK_REALTIME_COARSE\0CLOCK_SGI_CYCLE\0"
3 | "CLOCK_TAI\0CLOCK_THREAD_CPUTIME_ID";
4 | static const unsigned clock_i2s_direct[] = {
5 | 120,36,95,204,75,156,52,0,135,15,
6 | 178,194,
7 | };
8 | static const char *clock_i2s(int v) {
9 | return i2s_direct__(clock_strings, clock_i2s_direct, 0, 11, v);
10 | }
11 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/clone-flagtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char clone_flag_strings[] = "CLONE_CHILD_CLEARTID\0CLONE_CHILD_SETTID\0CLONE_DETACHED\0CLONE_FILES\0CLONE_FS\0CLONE_IO\0CLONE_NEWIPC\0CLONE_NEWNET\0CLONE_NEWNS\0CLONE_NEWPID\0"
3 | "CLONE_NEWUSER\0CLONE_NEWUTS\0CLONE_PARENT\0CLONE_PARENT_SETTID\0CLONE_PTRACE\0CLONE_SETTLS\0CLONE_SIGHAND\0CLONE_STOPPED\0CLONE_SYSVSEM\0CLONE_THREAD\0"
4 | "CLONE_UNTRACED\0CLONE_VFORK\0CLONE_VM";
5 | static const struct transtab clone_flag_table[] = {
6 | {256,304},{512,67},{1024,55},{2048,222},{8192,196},{16384,292},{32768,163},{65536,264},{131072,111},{262144,250},
7 | {524288,209},{1048576,176},{2097152,0},{4194304,40},{8388608,277},{16777216,21},{33554432,236},{67108864,150},{134217728,85},{268435456,136},
8 | {536870912,123},{1073741824,98},{-2147483648,76},
9 | };
10 | #define CLONE_FLAG_NUM_ENTRIES (sizeof(clone_flag_table) / sizeof(*clone_flag_table))
11 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/epoll_ctls.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char epoll_ctl_strings[] = "EPOLL_CTL_ADD\0EPOLL_CTL_DEL\0EPOLL_CTL_MOD";
3 | static const unsigned epoll_ctl_i2s_direct[] = {
4 | 0,14,28,
5 | };
6 | static const char *epoll_ctl_i2s(int v) {
7 | return i2s_direct__(epoll_ctl_strings, epoll_ctl_i2s_direct, 1, 3, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/famtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char fam_strings[] = "alg\0appletalk\0ash\0atmpvc\0atmsvc\0ax25\0bluetooth\0bridge\0caif\0can\0"
3 | "decnet\0econet\0ieee802154\0inet\0inet6\0ipx\0irda\0isdn\0iucv\0kcm\0"
4 | "key\0llc\0local\0netbeui\0netlink\0netrom\0nfc\0packet\0phonet\0pppox\0"
5 | "qipcrtr\0rds\0rose\0rxrpc\0security\0smc\0sna\0tipc\0vsock\0wanpipe\0"
6 | "x25";
7 | static const unsigned fam_i2s_direct[] = {
8 | 130,88,32,99,4,152,47,18,242,93,
9 | 195,63,136,206,122,144,163,14,70,25,
10 | 191,219,103,177,234,126,-1u,-1u,59,223,
11 | 37,113,200,108,170,77,54,0,159,228,
12 | 118,183,215,
13 | };
14 | static const char *fam_i2s(int v) {
15 | return i2s_direct__(fam_strings, fam_i2s_direct, 1, 43, v);
16 | }
17 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/fcntl-cmdtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char fcntl_strings[] = "F_ADD_SEALS\0F_CANCELLK\0F_DUPFD\0F_DUPFD_CLOEXEC\0F_GETFD\0F_GETFL\0F_GETLEASE\0F_GETLK\0F_GETLK64\0F_GETOWN\0"
3 | "F_GETOWNER_UIDS\0F_GETOWN_EX\0F_GETPIPE_SZ\0F_GETSIG\0F_GET_FILE_RW_HINT\0F_GET_RW_HINT\0F_GET_SEALS\0F_NOTIFY\0F_SETFD\0F_SETFL\0"
4 | "F_SETLEASE\0F_SETLK\0F_SETLK64\0F_SETLKW\0F_SETLKW64\0F_SETOWN\0F_SETOWN_EX\0F_SETPIPE_SZ\0F_SETSIG\0F_SET_FILE_RW_HINT\0"
5 | "F_SET_RW_HINT";
6 | static const int fcntl_i2s_i[] = {
7 | 0,1,2,3,4,5,6,7,8,9,
8 | 10,11,12,13,14,15,16,17,1024,1025,
9 | 1026,1029,1030,1031,1032,1033,1034,1035,1036,1037,
10 | 1038,
11 | };
12 | static const unsigned fcntl_i2s_s[] = {
13 | 23,47,205,55,213,74,232,250,270,92,
14 | 304,142,82,240,259,279,117,101,221,63,
15 | 196,12,31,291,129,0,184,170,332,151,
16 | 313,
17 | };
18 | static const char *fcntl_i2s(int v) {
19 | return i2s_bsearch__(fcntl_strings, fcntl_i2s_i, fcntl_i2s_s, 31, v);
20 | }
21 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/flagtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char flag_strings[] = "access\0atomic\0continue\0create\0directory\0follow\0noalt\0open\0parent";
3 | static const struct transtab flag_table[] = {
4 | {1,40},{2,30},{4,14},{16,58},{32,47},{64,7},{256,53},{512,23},{1024,0},
5 | };
6 | #define FLAG_NUM_ENTRIES (sizeof(flag_table) / sizeof(*flag_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/icmptypetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char icmptype_strings[] = "address-mask-reply\0address-mask-request\0destination-unreachable\0echo\0echo-reply\0info-reply\0info-request\0parameter-problem\0redirect\0source-quench\0"
3 | "time-exceeded\0timestamp-reply\0timestamp-request";
4 | static const unsigned icmptype_i2s_direct[] = {
5 | 69,-1u,-1u,40,131,122,-1u,-1u,64,-1u,
6 | -1u,145,104,175,159,91,80,19,0,
7 | };
8 | static const char *icmptype_i2s(int v) {
9 | return i2s_direct__(icmptype_strings, icmptype_i2s_direct, 0, 18, v);
10 | }
11 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/inethooktabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char inethook_strings[] = "BROUTING\0FORWARD\0INPUT\0OUTPUT\0POSTROUTING\0PREROUTING";
3 | static const unsigned inethook_i2s_direct[] = {
4 | 42,17,9,23,30,0,
5 | };
6 | static const char *inethook_i2s(int v) {
7 | return i2s_direct__(inethook_strings, inethook_i2s_direct, 0, 5, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/ioctlreqtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ioctlreq_strings[] = "CDROMEJECT\0CDROMEJECT_SW\0CDROMSEEK\0CDROM_GET_UPC\0DRM_IOCTL_MODE_CURSOR\0DRM_IOCTL_MODE_DIRTYFB\0DRM_IOCTL_MODE_PAGE_FLIP\0FIOGETOWN\0FIONBIO\0FIOSETOWN\0"
3 | "KDGETMODE\0KDSETMODE\0SIOCBRADDIF\0SIOCGIFHWADDR\0SIOCGIFINDEX\0SIOCGIFNAME\0TCFLSH\0TCGETS\0TCSBRK\0TCSETS\0"
4 | "TCSETSF\0TCSETSW\0TIOCGPGRP\0TIOCGPTN\0TIOCGWINSZ\0TIOCINQ\0TIOCNOTTY\0TIOCSCTTY\0TIOCSPGRP\0TIOCSPTLCK\0"
5 | "TIOCSPTLCK\0TIOCSWINSZ";
6 | static const int ioctlreq_i2s_i[] = {
7 | -2147199952,-2147199951,-1072143184,-1072143183,-1071881053,19258,19259,21257,21263,21265,
8 | 21270,21505,21506,21507,21508,21513,21515,21518,21519,21520,
9 | 21523,21524,21531,21537,21538,35073,35075,35088,35111,35123,
10 | 35234,1074025521,
11 | };
12 | static const unsigned ioctlreq_i2s_s[] = {
13 | 272,341,94,71,49,157,147,0,11,35,
14 | 25,225,239,254,246,232,218,310,262,320,
15 | 281,352,292,129,300,137,119,206,179,193,
16 | 167,330,
17 | };
18 | static const char *ioctlreq_i2s(int v) {
19 | return i2s_bsearch__(ioctlreq_strings, ioctlreq_i2s_i, ioctlreq_i2s_s, 32, v);
20 | }
21 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/ipccmdtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ipccmd_strings[] = "IPC_CREAT\0IPC_EXCL\0IPC_NOWAIT";
3 | static const struct transtab ipccmd_table[] = {
4 | {512,0},{1024,10},{2048,19},
5 | };
6 | #define IPCCMD_NUM_ENTRIES (sizeof(ipccmd_table) / sizeof(*ipccmd_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/ipctabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ipc_strings[] = "msgctl\0msgget\0msgrcv\0msgsnd\0semctl\0semget\0semop\0semtimedop\0shmat\0shmctl\0"
3 | "shmdt\0shmget";
4 | static const unsigned ipc_i2s_direct[] = {
5 | 42,35,28,48,-1u,-1u,-1u,-1u,-1u,-1u,
6 | 21,14,7,0,-1u,-1u,-1u,-1u,-1u,-1u,
7 | 59,72,78,65,
8 | };
9 | static const char *ipc_i2s(int v) {
10 | return i2s_direct__(ipc_strings, ipc_i2s_direct, 1, 24, v);
11 | }
12 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/ipoptnametabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ipoptname_strings[] = "IPT_SO_GET_REVISION_TARGET\0IPT_SO_SET_ADD_COUNTERS\0IPT_SO_SET_REPLACE\0IP_ADD_MEMBERSHIP\0IP_ADD_SOURCE_MEMBERSHIP\0IP_BLOCK_SOURCE\0IP_CHECKSUM\0IP_DROP_MEMBERSHIP\0IP_DROP_SOURCE_MEMBERSHIP\0IP_FREEBIND\0"
3 | "IP_HDRINCL\0IP_IPSEC_POLICY\0IP_MINTTL\0IP_MSFILTER\0IP_MTU\0IP_MTU_DISCOVER\0IP_MULTICAST_ALL\0IP_MULTICAST_IF\0IP_MULTICAST_LOOP\0IP_MULTICAST_TTL\0"
4 | "IP_NODEFRAG\0IP_OPTIONS\0IP_ORIGDSTADDR\0IP_PASSSEC\0IP_PKTINFO\0IP_PKTOPTIONS\0IP_RECVERR\0IP_RECVOPTS\0IP_RECVTTL\0IP_RETOPTS\0"
5 | "IP_ROUTER_ALERT\0IP_TOS\0IP_TRANSPARENT\0IP_TTL\0IP_UNBLOCK_SOURCE\0IP_UNICAST_IF\0IP_XFRM_POLICY\0MCAST_BLOCK_SOURCE\0MCAST_JOIN_GROUP\0MCAST_JOIN_SOURCE_GROUP\0"
6 | "MCAST_LEAVE_GROUP\0MCAST_LEAVE_SOURCE_GROUP\0MCAST_MSFILTER\0MCAST_UNBLOCK_SOURCE";
7 | static const unsigned ipoptname_i2s_direct[] = {
8 | 473,495,198,350,457,423,446,387,398,254,
9 | 412,435,-1u,247,186,209,534,376,480,361,
10 | 225,338,129,-1u,-1u,-1u,-1u,-1u,-1u,-1u,
11 | -1u,287,321,303,70,141,502,113,88,160,
12 | 235,568,549,667,609,585,627,652,270,520,
13 | -1u,-1u,-1u,-1u,-1u,-1u,-1u,-1u,-1u,-1u,
14 | -1u,-1u,-1u,51,27,0,
15 | };
16 | static const char *ipoptname_i2s(int v) {
17 | return i2s_direct__(ipoptname_strings, ipoptname_i2s_direct, 1, 66, v);
18 | }
19 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/lib/actiontabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char action_strings[] = "always\0never\0possible";
3 | static const unsigned action_s2i_s[] = {
4 | 0,7,13,
5 | };
6 | static const int action_s2i_i[] = {
7 | 2,0,1,
8 | };
9 | static int action_s2i(const char *s, int *value) {
10 | size_t len, i;
11 | len = strlen(s);
12 | { char copy[len + 1];
13 | for (i = 0; i < len; i++) {
14 | char c = s[i];
15 | copy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c;
16 | }
17 | copy[i] = 0;
18 | return s2i__(action_strings, action_s2i_s, action_s2i_i, 3, copy, value);
19 | }
20 | }
21 | static const unsigned action_i2s_direct[] = {
22 | 7,13,0,
23 | };
24 | static const char *action_i2s(int v) {
25 | return i2s_direct__(action_strings, action_i2s_direct, 0, 2, v);
26 | }
27 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/lib/dso.h:
--------------------------------------------------------------------------------
1 | /* dso.h --
2 | * Copyright 2005,2006,2009 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | */
22 | #ifndef _DSO_H_
23 | #define _DSO_H_
24 |
25 | /*
26 | * This is to mark functions as internal to the API
27 | */
28 | #ifndef AUDIT_HIDDEN_START
29 | #define AUDIT_HIDDEN_START _Pragma("GCC visibility push(hidden)")
30 | #endif
31 |
32 | /*
33 | * This ends the section that is internal to the API.
34 | */
35 | #ifndef AUDIT_HIDDEN_END
36 | #define AUDIT_HIDDEN_END _Pragma("GCC visibility pop")
37 | #endif
38 |
39 | #endif
40 |
41 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/lib/flagtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char flag_strings[] = "entry\0exclude\0exit\0task\0user";
3 | static const unsigned flag_s2i_s[] = {
4 | 0,6,14,19,24,
5 | };
6 | static const int flag_s2i_i[] = {
7 | 2,5,4,1,0,
8 | };
9 | static int flag_s2i(const char *s, int *value) {
10 | size_t len, i;
11 | len = strlen(s);
12 | { char copy[len + 1];
13 | for (i = 0; i < len; i++) {
14 | char c = s[i];
15 | copy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c;
16 | }
17 | copy[i] = 0;
18 | return s2i__(flag_strings, flag_s2i_s, flag_s2i_i, 5, copy, value);
19 | }
20 | }
21 | static const unsigned flag_i2s_direct[] = {
22 | 24,19,0,-1u,14,6,
23 | };
24 | static const char *flag_i2s(int v) {
25 | return i2s_direct__(flag_strings, flag_i2s_direct, 0, 5, v);
26 | }
27 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/lib/ftypetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ftype_strings[] = "block\0character\0dir\0fifo\0file\0link\0socket";
3 | static const unsigned ftype_s2i_s[] = {
4 | 0,6,16,20,25,30,35,
5 | };
6 | static const int ftype_s2i_i[] = {
7 | 24576,8192,16384,4096,32768,40960,49152,
8 | };
9 | static int ftype_s2i(const char *s, int *value) {
10 | size_t len, i;
11 | len = strlen(s);
12 | { char copy[len + 1];
13 | for (i = 0; i < len; i++) {
14 | char c = s[i];
15 | copy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c;
16 | }
17 | copy[i] = 0;
18 | return s2i__(ftype_strings, ftype_s2i_s, ftype_s2i_i, 7, copy, value);
19 | }
20 | }
21 | static const int ftype_i2s_i[] = {
22 | 4096,8192,16384,24576,32768,40960,49152,
23 | };
24 | static const unsigned ftype_i2s_s[] = {
25 | 20,6,16,0,25,30,35,
26 | };
27 | static const char *ftype_i2s(int v) {
28 | return i2s_bsearch__(ftype_strings, ftype_i2s_i, ftype_i2s_s, 7, v);
29 | }
30 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/lib/machinetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char machine_strings[] = "armeb\0armv5tejl\0armv7l\0i386\0i486\0i586\0i686\0ia64\0ppc\0ppc64\0"
3 | "s390\0s390x\0x86_64";
4 | static const unsigned machine_s2i_s[] = {
5 | 0,6,16,23,28,33,38,43,48,52,
6 | 58,63,69,
7 | };
8 | static const int machine_s2i_i[] = {
9 | 8,8,8,0,0,0,0,2,4,3,
10 | 6,5,1,
11 | };
12 | static int machine_s2i(const char *s, int *value) {
13 | size_t len, i;
14 | len = strlen(s);
15 | { char copy[len + 1];
16 | for (i = 0; i < len; i++) {
17 | char c = s[i];
18 | copy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c;
19 | }
20 | copy[i] = 0;
21 | return s2i__(machine_strings, machine_s2i_s, machine_s2i_i, 13, copy, value);
22 | }
23 | }
24 | static const unsigned machine_i2s_direct[] = {
25 | 23,69,43,52,48,63,58,-1u,0,
26 | };
27 | static const char *machine_i2s(int v) {
28 | return i2s_direct__(machine_strings, machine_i2s_direct, 0, 8, v);
29 | }
30 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/lib/optabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char op_strings[] = "!=\0&\0&=\0<\0<=\0=\0>\0>=";
3 | static const int op_i2s_i[] = {
4 | 134217728,268435456,536870912,805306368,1073741824,1207959552,1342177280,1610612736,
5 | };
6 | static const unsigned op_i2s_s[] = {
7 | 3,8,15,0,13,5,10,17,
8 | };
9 | static const char *op_i2s(int v) {
10 | return i2s_bsearch__(op_strings, op_i2s_i, op_i2s_s, 8, v);
11 | }
12 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/libc.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/auditd_port/ausearch/libc.so
--------------------------------------------------------------------------------
/auditd_port/ausearch/libc/stpcpy.c:
--------------------------------------------------------------------------------
1 | /* stpcpy.c --
2 | * Copyright 2004-2012 SRI International
3 | * All Rights Reserved.
4 | *
5 | * This program is free software; you can redistribute it and/or modify
6 | * it under the terms of the GNU General Public License as published by
7 | * the Free Software Foundation; either version 2 of the License, or
8 | * (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | * GNU General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU General Public License
16 | * along with this program; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Nathaniel Husted
21 | */
22 |
23 | #include
24 |
25 | char *stpcpy(register char * __restrict s1, const char * __restrict s2)
26 | {
27 | do {
28 | *s1++ = *s2++;
29 | } while (*s2 != '\0');
30 |
31 | return s1;
32 | }
33 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/libc/stpcpy.h:
--------------------------------------------------------------------------------
1 | /* stpcpy.h --
2 | * Copyright 2004-2012 SRI International
3 | * All Rights Reserved.
4 | *
5 | * This program is free software; you can redistribute it and/or modify
6 | * it under the terms of the GNU General Public License as published by
7 | * the Free Software Foundation; either version 2 of the License, or
8 | * (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | * GNU General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU General Public License
16 | * along with this program; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Nathaniel Husted
21 | */
22 |
23 | char *stpcpy(register char * __restrict s1, const char * __restrict s2);
24 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/libc/stpcpytest.c:
--------------------------------------------------------------------------------
1 | /* stpcpytest.c --
2 | * Copyright 2004-2012 SRI International
3 | * All Rights Reserved.
4 | *
5 | * This program is free software; you can redistribute it and/or modify
6 | * it under the terms of the GNU General Public License as published by
7 | * the Free Software Foundation; either version 2 of the License, or
8 | * (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | * GNU General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU General Public License
16 | * along with this program; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Nathaniel Husted
21 | */
22 |
23 | #include "stpcpy.h"
24 | #include
25 | #include
26 | int main (void)
27 | {
28 | char buffer[256];
29 | bzero(buffer,256);
30 | char *to = buffer;
31 | to = stpcpy (to, "foo");
32 | to = stpcpy (to, "bar");
33 | printf ("%s\n", buffer);
34 | }
35 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/libcutils.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/auditd_port/ausearch/libcutils.so
--------------------------------------------------------------------------------
/auditd_port/ausearch/libev/Makefile.am:
--------------------------------------------------------------------------------
1 | # Makefile.am--
2 | # Copyright 2008,2011-12 Red Hat Inc., Durham, North Carolina.
3 | # All Rights Reserved.
4 | #
5 | # This program is free software; you can redistribute it and/or modify
6 | # it under the terms of the GNU General Public License as published by
7 | # the Free Software Foundation; either version 2 of the License, or
8 | # (at your option) any later version.
9 | #
10 | # This program is distributed in the hope that it will be useful,
11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | # GNU General Public License for more details.
14 | #
15 | # You should have received a copy of the GNU General Public License
16 | # along with this program; if not, write to the Free Software
17 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | #
19 | # Authors:
20 | # Steve Grubb
21 | #
22 | VERSION_INFO = 4:0:0
23 | EXTRA_DIST = README ev_epoll.c ev_poll.c ev_select.c libev.m4
24 | AM_CFLAGS = -fPIC -DPIC -g -fno-strict-aliasing ${DEBUG}
25 |
26 | noinst_HEADERS = ev.h ev_vars.h ev_wrap.h event.h
27 | noinst_LIBRARIES = libev.a
28 |
29 | libev_a_SOURCES = ev.c event.c
30 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/libev/ev.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/auditd_port/ausearch/libev/ev.o
--------------------------------------------------------------------------------
/auditd_port/ausearch/libev/event.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/auditd_port/ausearch/libev/event.o
--------------------------------------------------------------------------------
/auditd_port/ausearch/libev/libev.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/auditd_port/ausearch/libev/libev.a
--------------------------------------------------------------------------------
/auditd_port/ausearch/libs/x86/ausearch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/auditd_port/ausearch/libs/x86/ausearch
--------------------------------------------------------------------------------
/auditd_port/ausearch/libs/x86/libcutils.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/auditd_port/ausearch/libs/x86/libcutils.so
--------------------------------------------------------------------------------
/auditd_port/ausearch/libs/x86/liblog.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/auditd_port/ausearch/libs/x86/liblog.so
--------------------------------------------------------------------------------
/auditd_port/ausearch/mmaptabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char mmap_strings[] = "MAP_32BIT\0MAP_ANONYMOUS\0MAP_DENYWRITE\0MAP_EXECUTABLE\0MAP_FIXED\0MAP_GROWSDOWN\0MAP_HUGETLB\0MAP_LOCKED\0MAP_NONBLOCK\0MAP_NORESERVE\0"
3 | "MAP_POPULATE\0MAP_PRIVATE\0MAP_SHARED\0MAP_STACK";
4 | static const struct transtab mmap_table[] = {
5 | {1,152},{2,140},{16,53},{32,10},{64,0},{256,63},{2048,24},{4096,38},{8192,89},{16384,113},
6 | {32768,127},{65536,100},{131072,163},{262144,77},
7 | };
8 | #define MMAP_NUM_ENTRIES (sizeof(mmap_table) / sizeof(*mmap_table))
9 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/mounttabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char mount_strings[] = "MS_ACTIVE\0MS_BIND\0MS_BORN\0MS_DIRSYNC\0MS_I_VERSION\0MS_KERNMOUNT\0MS_MANDLOCK\0MS_MOVE\0MS_NOATIME\0MS_NODEV\0"
3 | "MS_NODIRATIME\0MS_NOEXEC\0MS_NOSEC\0MS_NOSUID\0MS_NOUSER\0MS_POSIXACL\0MS_PRIVATE\0MS_RDONLY\0MS_REC\0MS_RELATIME\0"
4 | "MS_REMOUNT\0MS_SHARED\0MS_SILENT\0MS_SLAVE\0MS_SNAP_STABLE\0MS_STRICTATIME\0MS_SYNCHRONOUS\0MS_UNBINDABLE";
5 | static const struct transtab mount_table[] = {
6 | {1,179},{2,136},{4,94},{8,117},{16,278},{32,208},{64,63},{128,26},{1024,83},{2048,103},
7 | {4096,10},{8192,75},{16384,189},{32768,229},{65536,156},{131072,293},{262144,168},{524288,239},{1048576,219},{2097152,196},
8 | {4194304,50},{8388608,37},{16777216,263},{134217728,248},{268435456,127},{536870912,18},{1073741824,0},{-2147483648,146},
9 | };
10 | #define MOUNT_NUM_ENTRIES (sizeof(mount_table) / sizeof(*mount_table))
11 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/netactiontabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char netaction_strings[] = "ACCEPT\0DROP\0REJECT";
3 | static const unsigned netaction_i2s_direct[] = {
4 | 0,7,12,
5 | };
6 | static const char *netaction_i2s(int v) {
7 | return i2s_direct__(netaction_strings, netaction_i2s_direct, 0, 2, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/nfprototabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char nfproto_strings[] = "arp\0bridge\0decnet\0inet\0ipv4\0ipv6\0unspecified";
3 | static const unsigned nfproto_i2s_direct[] = {
4 | 33,18,23,0,-1u,-1u,-1u,4,-1u,-1u,
5 | 28,-1u,11,
6 | };
7 | static const char *nfproto_i2s(int v) {
8 | return i2s_direct__(nfproto_strings, nfproto_i2s_direct, 0, 12, v);
9 | }
10 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/normalize_evtypetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char evtype_strings[] = "TTY\0anomaly\0anomaly-response\0audit-daemon\0audit-rule\0av-decision\0configuration\0crypto\0dac-decision\0group-change\0"
3 | "integrity\0mac\0mac-decision\0system-services\0unknown\0user-account\0user-login\0user-space\0virt";
4 | static const unsigned evtype_i2s_direct[] = {
5 | 155,187,139,65,0,163,176,29,126,4,
6 | 112,12,122,79,198,42,86,99,53,
7 | };
8 | static const char *evtype_i2s(int v) {
9 | return i2s_direct__(evtype_strings, evtype_i2s_direct, 0, 18, v);
10 | }
11 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/open-flagtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char open_flag_strings[] = "O_APPEND\0O_ASYNC\0O_CLOEXEC\0O_CREAT\0O_DIRECT\0O_DIRECTORY\0O_DSYNC\0O_EXCL\0O_NOATIME\0O_NOCTTY\0"
3 | "O_NOFOLLOW\0O_NONBLOCK\0O_PATH\0O_RDWR\0O_TRUNC\0O_WRONLY\0__O_SYNC\0__O_TMPFILE";
4 | static const struct transtab open_flag_table[] = {
5 | {1,134},{2,119},{64,27},{128,64},{256,81},{512,126},{1024,0},{2048,101},{4096,56},{8192,9},
6 | {16384,35},{65536,44},{131072,90},{262144,71},{524288,17},{1048576,143},{2097152,112},{4194304,152},
7 | };
8 | #define OPEN_FLAG_NUM_ENTRIES (sizeof(open_flag_table) / sizeof(*open_flag_table))
9 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/persontabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char person_strings[] = "PER_BSD\0PER_HPUX\0PER_IRIX32\0PER_IRIX64\0PER_IRIXN32\0PER_ISCR4\0PER_LINUX\0PER_LINUX32\0PER_LINUX32_3GB\0PER_LINUX_32BIT\0"
3 | "PER_OSF4\0PER_OSR5\0PER_RISCOS\0PER_SCOSVR3\0PER_SOLARIS\0PER_SUNOS\0PER_SVR3\0PER_SVR4\0PER_UW7\0PER_WYSEV386\0"
4 | "PER_XENIX";
5 | static const int person_i2s_i[] = {
6 | 0,6,8,12,15,16,8388608,67108869,67108870,67108873,
7 | 67108874,67108875,67108877,68157441,68157454,83886082,83886084,83886087,100663299,117440515,
8 | 134217736,
9 | };
10 | static const unsigned person_i2s_s[] = {
11 | 61,0,71,133,115,8,99,51,168,17,
12 | 39,28,156,187,196,178,204,217,124,144,
13 | 83,
14 | };
15 | static const char *person_i2s(int v) {
16 | return i2s_bsearch__(person_strings, person_i2s_i, person_i2s_s, 21, v);
17 | }
18 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/pktoptnametabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char pktoptname_strings[] = "PACKET_ADD_MEMBERSHIP\0PACKET_AUXDATA\0PACKET_COPY_THRESH\0PACKET_DROP_MEMBERSHIP\0PACKET_FANOUT\0PACKET_FANOUT_DATA\0PACKET_HDRLEN\0PACKET_LOSS\0PACKET_ORIGDEV\0PACKET_QDISC_BYPASS\0"
3 | "PACKET_RECV_OUTPUT\0PACKET_RESERVE\0PACKET_ROLLOVER_STATS\0PACKET_RX_RING\0PACKET_STATISTICS\0PACKET_TIMESTAMP\0PACKET_TX_HAS_OFF\0PACKET_TX_RING\0PACKET_TX_TIMESTAMP\0PACKET_VERSION\0"
4 | "PACKET_VNET_HDR";
5 | static const unsigned pktoptname_i2s_direct[] = {
6 | 0,56,173,-1u,229,244,37,22,138,332,
7 | 112,192,297,126,347,312,262,79,279,153,
8 | 207,93,
9 | };
10 | static const char *pktoptname_i2s(int v) {
11 | return i2s_direct__(pktoptname_strings, pktoptname_i2s_direct, 1, 22, v);
12 | }
13 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/prctl_opttabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char prctl_opt_strings[] = "PR_CAPBSET_DROP\0PR_CAPBSET_READ\0PR_CAP_AMBIENT\0PR_GET_CHILD_SUBREAPER\0PR_GET_DUMPABLE\0PR_GET_ENDIAN\0PR_GET_FPEMU\0PR_GET_FPEXC\0PR_GET_FP_MODE\0PR_GET_KEEPCAPS\0"
3 | "PR_GET_NAME\0PR_GET_NO_NEW_PRIVS\0PR_GET_PDEATHSIG\0PR_GET_SECCOMP\0PR_GET_SECUREBITS\0PR_GET_THP_DISABLE\0PR_GET_TID_ADDRESS\0PR_GET_TIMERSLACK\0PR_GET_TIMING\0PR_GET_TSC\0"
4 | "PR_GET_UNALIGN\0PR_MCE_KILL\0PR_MCE_KILL_GET\0PR_MPX_DISABLE_MANAGEMENT\0PR_MPX_ENABLE_MANAGEMENT\0PR_SET_CHILD_SUBREAPER\0PR_SET_DUMPABLE\0PR_SET_ENDIAN\0PR_SET_FPEMU\0PR_SET_FPEXC\0"
5 | "PR_SET_FP_MODE\0PR_SET_KEEPCAPS\0PR_SET_MM\0PR_SET_NAME\0PR_SET_NO_NEW_PRIVS\0PR_SET_PDEATHSIG\0PR_SET_SECCOMP\0PR_SET_SECUREBITS\0PR_SET_THP_DISABLE\0PR_SET_TIMERSLACK\0"
6 | "PR_SET_TIMING\0PR_SET_TSC\0PR_SET_UNALIGN\0PR_TASK_PERF_EVENTS_DISABLE\0PR_TASK_PERF_EVENTS_ENABLE";
7 | static const unsigned prctl_opt_i2s_direct[] = {
8 | 566,189,70,437,320,678,141,508,100,467,
9 | 113,480,295,653,534,157,-1u,-1u,86,453,
10 | 206,583,16,0,309,667,221,598,635,277,
11 | 693,721,335,347,524,414,47,546,169,258,
12 | 616,239,389,363,493,126,32,
13 | };
14 | static const char *prctl_opt_i2s(int v) {
15 | return i2s_direct__(prctl_opt_strings, prctl_opt_i2s_direct, 1, 47, v);
16 | }
17 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/prottabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char prot_strings[] = "PROT_EXEC\0PROT_READ\0PROT_SEM\0PROT_WRITE";
3 | static const struct transtab prot_table[] = {
4 | {1,10},{2,29},{4,0},{8,20},
5 | };
6 | #define PROT_NUM_ENTRIES (sizeof(prot_table) / sizeof(*prot_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/ptracetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ptrace_strings[] = "PTRACE_ARCH_PRCTL\0PTRACE_ATTACH\0PTRACE_CONT\0PTRACE_DETACH\0PTRACE_GETEVENTMSG\0PTRACE_GETFPREGS\0PTRACE_GETFPXREGS\0PTRACE_GETREGS\0PTRACE_GETREGSET\0PTRACE_GETSIGINFO\0"
3 | "PTRACE_GETSIGMASK\0PTRACE_GET_THREAD_AREA\0PTRACE_INTERRUPT\0PTRACE_KILL\0PTRACE_LISTEN\0PTRACE_PEEKDATA\0PTRACE_PEEKSIGINFO\0PTRACE_PEEKTEXT\0PTRACE_PEEKUSER\0PTRACE_POKEDATA\0"
4 | "PTRACE_POKETEXT\0PTRACE_POKEUSER\0PTRACE_SECCOMP_GET_FILTER\0PTRACE_SEIZE\0PTRACE_SETFPREGS\0PTRACE_SETFPXREGS\0PTRACE_SETOPTIONS\0PTRACE_SETREGS\0PTRACE_SETREGSET\0PTRACE_SETSIGINFO\0"
5 | "PTRACE_SETSIGMASK\0PTRACE_SET_THREAD_AREA\0PTRACE_SINGLEBLOCK\0PTRACE_SINGLESTEP\0PTRACE_SYSCALL\0PTRACE_SYSEMU\0PTRACE_SYSEMU_SINGLESTEP\0PTRACE_TRACEME";
6 | static const int ptrace_i2s_i[] = {
7 | 0,1,2,3,4,5,6,7,8,9,
8 | 12,13,14,15,16,17,18,19,24,25,
9 | 26,30,31,32,33,16896,16897,16898,16899,16900,
10 | 16901,16902,16903,16904,16905,16906,16907,16908,
11 | };
12 | static const unsigned ptrace_i2s_s[] = {
13 | 635,281,246,297,329,313,345,32,220,563,
14 | 112,453,77,400,18,44,94,417,581,180,
15 | 521,0,596,610,544,435,58,144,485,127,
16 | 468,387,203,232,262,162,503,361,
17 | };
18 | static const char *ptrace_i2s(int v) {
19 | return i2s_bsearch__(ptrace_strings, ptrace_i2s_i, ptrace_i2s_s, 38, v);
20 | }
21 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/recvtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char recv_strings[] = "MSG_BATCH\0MSG_CMSG_CLOEXEC\0MSG_CMSG_COMPAT\0MSG_CONFIRM\0MSG_CTRUNC\0MSG_DONTROUTE\0MSG_DONTWAIT\0MSG_EOR\0MSG_ERRQUEUE\0MSG_FASTOPEN\0"
3 | "MSG_FIN\0MSG_MORE\0MSG_NOSIGNAL\0MSG_OOB\0MSG_PEEK\0MSG_PROXY\0MSG_RST\0MSG_SENDPAGE_NOTLAST\0MSG_SYN\0MSG_TRUNC\0"
4 | "MSG_WAITALL\0MSG_WAITFORONE";
5 | static const struct transtab recv_table[] = {
6 | {1,157},{2,165},{4,66},{8,55},{16,174},{32,221},{64,80},{128,93},{256,231},{512,127},
7 | {1024,213},{2048,43},{4096,184},{8192,101},{16384,144},{32768,135},{65536,243},{131072,192},{262144,0},{536870912,114},
8 | {1073741824,10},{-2147483648,27},
9 | };
10 | #define RECV_NUM_ENTRIES (sizeof(recv_table) / sizeof(*recv_table))
11 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/rlimittabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char rlimit_strings[] = "RLIMIT_AS\0RLIMIT_CORE\0RLIMIT_CPU\0RLIMIT_DATA\0RLIMIT_FSIZE\0RLIMIT_LOCKS\0RLIMIT_MEMLOCK\0RLIMIT_MSGQUEUE\0RLIMIT_NICE\0RLIMIT_NOFILE\0"
3 | "RLIMIT_NPROC\0RLIMIT_RSS\0RLIMIT_RTPRIO\0RLIMIT_RTTIME\0RLIMIT_SIGPENDING\0RLIMIT_STACK";
4 | static const unsigned rlimit_i2s_direct[] = {
5 | 22,45,33,198,10,141,128,114,71,0,
6 | 58,180,86,102,152,166,
7 | };
8 | static const char *rlimit_i2s(int v) {
9 | return i2s_direct__(rlimit_strings, rlimit_i2s_direct, 0, 15, v);
10 | }
11 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/schedtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char sched_strings[] = "SCHED_BATCH\0SCHED_DEADLINE\0SCHED_FIFO\0SCHED_IDLE\0SCHED_OTHER\0SCHED_RR";
3 | static const unsigned sched_i2s_direct[] = {
4 | 49,27,61,0,-1u,38,12,
5 | };
6 | static const char *sched_i2s(int v) {
7 | return i2s_direct__(sched_strings, sched_i2s_direct, 0, 6, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/seccomptabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char seccomp_strings[] = "allow\0errno\0kill\0log\0trace\0trap";
3 | static const int seccomp_i2s_i[] = {
4 | 0,196608,327680,2146435072,2147221504,2147418112,
5 | };
6 | static const unsigned seccomp_i2s_s[] = {
7 | 12,27,6,21,17,0,
8 | };
9 | static const char *seccomp_i2s(int v) {
10 | return i2s_bsearch__(seccomp_strings, seccomp_i2s_i, seccomp_i2s_s, 6, v);
11 | }
12 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/seektabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char seek_strings[] = "SEEK_CUR\0SEEK_DATA\0SEEK_END\0SEEK_HOLE\0SEEK_SET";
3 | static const unsigned seek_i2s_direct[] = {
4 | 38,0,19,9,28,
5 | };
6 | static const char *seek_i2s(int v) {
7 | return i2s_direct__(seek_strings, seek_i2s_direct, 0, 4, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/shm_modetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char shm_mode_strings[] = "SHM_DEST\0SHM_HUGETLB\0SHM_LOCKED\0SHM_NORESERVE";
3 | static const struct transtab shm_mode_table[] = {
4 | {512,0},{1024,21},{2048,9},{4096,32},
5 | };
6 | #define SHM_MODE_NUM_ENTRIES (sizeof(shm_mode_table) / sizeof(*shm_mode_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/signaltabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char signal_strings[] = "IGPWR\0SIG0\0SIGABRT\0SIGALRM\0SIGBUS\0SIGCHLD\0SIGCONT\0SIGFPE\0SIGHUP\0SIGILL\0"
3 | "SIGINT\0SIGIO\0SIGKILL\0SIGPIPE\0SIGPROF\0SIGQUIT\0SIGSEGV\0SIGSTKFLT\0SIGSTOP\0SIGSYS\0"
4 | "SIGTERM\0SIGTRAP\0SIGTSTP\0SIGTTIN\0SIGTTOU\0SIGURG\0SIGUSR1\0SIGUSR2\0SIGVTALRM\0SIGWINCH\0"
5 | "SIGXCPU\0SIGXFSZ";
6 | static const unsigned signal_i2s_direct[] = {
7 | 6,57,71,108,64,157,11,27,50,84,
8 | 196,116,204,92,19,149,124,34,42,134,
9 | 165,173,181,189,231,239,212,100,222,78,
10 | 0,142,
11 | };
12 | static const char *signal_i2s(int v) {
13 | return i2s_direct__(signal_strings, signal_i2s_direct, 0, 31, v);
14 | }
15 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/sockleveltabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char socklevel_strings[] = "SOL_AAL\0SOL_ALG\0SOL_ATALK\0SOL_ATM\0SOL_AX25\0SOL_BLUETOOTH\0SOL_CAIF\0SOL_DCCP\0SOL_DECNET\0SOL_ICMPV6\0"
3 | "SOL_IP\0SOL_IPV6\0SOL_IPX\0SOL_IRDA\0SOL_IUCV\0SOL_KCM\0SOL_LLC\0SOL_NETBEUI\0SOL_NETLINK\0SOL_NETROM\0"
4 | "SOL_NFC\0SOL_PACKET\0SOL_PNPIPE\0SOL_PPPOL2TP\0SOL_RAW\0SOL_RDS\0SOL_ROSE\0SOL_RXRPC\0SOL_SCTP\0SOL_TCP\0"
5 | "SOL_TIPC\0SOL_TLS\0SOL_UDP\0SOL_UDPLITE";
6 | static const int socklevel_i2s_i[] = {
7 | 0,6,17,41,58,132,136,255,256,257,
8 | 258,259,260,261,263,264,265,266,267,268,
9 | 269,270,271,272,273,274,275,276,277,278,
10 | 279,280,281,282,
11 | };
12 | static const unsigned socklevel_i2s_s[] = {
13 | 97,277,302,104,86,268,310,233,113,34,
14 | 16,179,249,75,198,26,0,121,155,147,
15 | 66,167,285,258,220,43,209,241,130,57,
16 | 8,190,139,294,
17 | };
18 | static const char *socklevel_i2s(int v) {
19 | return i2s_bsearch__(socklevel_strings, socklevel_i2s_i, socklevel_i2s_s, 34, v);
20 | }
21 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/socktabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char sock_strings[] = "accept\0accept4\0bind\0connect\0getpeername\0getsockname\0getsockopt\0listen\0recv\0recvfrom\0"
3 | "recvmmsg\0recvmsg\0send\0sendmmsg\0sendmsg\0sendto\0setsockopt\0shutdown\0socket\0socketpair";
4 | static const unsigned sock_i2s_direct[] = {
5 | 150,15,20,63,0,40,28,157,101,70,
6 | 123,75,141,130,52,115,93,7,84,106,
7 | };
8 | static const char *sock_i2s(int v) {
9 | return i2s_direct__(sock_strings, sock_i2s_direct, 1, 20, v);
10 | }
11 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/socktypetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char sock_type_strings[] = "SOCK_DCCP\0SOCK_DGRAM\0SOCK_PACKET\0SOCK_RAW\0SOCK_RDM\0SOCK_SEQPACKET\0SOCK_STREAM";
3 | static const unsigned sock_type_i2s_direct[] = {
4 | 66,10,33,42,51,0,-1u,-1u,-1u,21,
5 | };
6 | static const char *sock_type_i2s(int v) {
7 | return i2s_direct__(sock_type_strings, sock_type_i2s_direct, 1, 10, v);
8 | }
9 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/src/accesstab.h:
--------------------------------------------------------------------------------
1 | /* accesstab.h --
2 | * Copyright 2013 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | */
22 |
23 |
24 | _S(0x1U, "X_OK" )
25 | _S(0x2U, "W_OK" )
26 | _S(0x4U, "R_OK" )
27 |
28 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/src/auditd-listen.h:
--------------------------------------------------------------------------------
1 | /* auditd-config.h --
2 | * Copyright 2004-2007 Red Hat Inc., Durham, North Carolina.
3 | * Copyright 2012 Nathaniel Husted
4 | * All Rights Reserved.
5 | *
6 | * This program is free software; you can redistribute it and/or modify
7 | * it under the terms of the GNU General Public License as published by
8 | * the Free Software Foundation; either version 2 of the License, or
9 | * (at your option) any later version.
10 | *
11 | * This program is distributed in the hope that it will be useful,
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | * GNU General Public License for more details.
15 | *
16 | * You should have received a copy of the GNU General Public License
17 | * along with this program; if not, write to the Free Software
18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 | *
20 | * Authors:
21 | * DJ Delorie
22 | * Nathaniel Husted
23 | *
24 | */
25 |
26 | #ifndef AUDITD_LISTEN_H
27 | #define AUDITD_LISTEN_H
28 |
29 | #include "ev.h"
30 | void auditd_set_ports(int minp, int maxp, int max_p_addr);
31 | int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config );
32 | void auditd_tcp_listen_uninit ( struct ev_loop *loop );
33 | void auditd_tcp_listen_check_idle ( struct ev_loop *loop );
34 | int dispatch_event_to_socket(const struct audit_reply *rep);
35 |
36 | #endif
37 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/src/auditd-parse.h:
--------------------------------------------------------------------------------
1 | /* auditd-parse.h --
2 | * Copyright 2007,08 Red Hat Inc., Durham, North Carolina.
3 | * COpyright 2012 Nathaniel Husted
4 | * All Rights Reserved.
5 | *
6 | * This library is free software; you can redistribute it and/or
7 | * modify it under the terms of the GNU Lesser General Public
8 | * License as published by the Free Software Foundation; either
9 | * version 2.1 of the License, or (at your option) any later version.
10 | *
11 | * This library is distributed in the hope that it will be useful,
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 | * Lesser General Public License for more details.
15 | *
16 | * You should have received a copy of the GNU Lesser General Public
17 | * License along with this library; if not, write to the Free Software
18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 | *
20 | * Authors:
21 | * Steve Grubb
22 | * Nathaniel Husted
23 | */
24 |
25 | #ifndef INTERPRET_HEADER
26 | #define INTERPRET_HEADER
27 |
28 | #include "config.h"
29 | #include "private.h"
30 |
31 | #include
32 |
33 | #ifdef __cplusplus
34 | extern "C" {
35 | #endif
36 |
37 |
38 | char *parse_unescape(char *buf, int length);
39 | const char *interpret_reply( char *msg, int length, int reply_type);
40 |
41 | /* Make these hidden to prevent conflicts */
42 | //hidden_proto(lookup_type);
43 | //hidden_proto(parse_unescape);
44 |
45 | #ifdef __cplusplus
46 | }
47 | #endif
48 |
49 | #endif
50 |
51 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/src/ausearch-parse.h:
--------------------------------------------------------------------------------
1 | /*
2 | * ausearch-parse.h - Header file for ausearch-llist.c
3 | * Copyright (c) 2005 Red Hat Inc., Durham, North Carolina.
4 | * All Rights Reserved.
5 | *
6 | * This software may be freely redistributed and/or modified under the
7 | * terms of the GNU General Public License as published by the Free
8 | * Software Foundation; either version 2, or (at your option) any
9 | * later version.
10 | *
11 | * This program is distributed in the hope that it will be useful,
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | * GNU General Public License for more details.
15 | *
16 | * You should have received a copy of the GNU General Public License
17 | * along with this program; see the file COPYING. If not, write to the
18 | * Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 | *
20 | * Authors:
21 | * Steve Grubb
22 | */
23 |
24 | #ifndef AUSEARCH_PARSE_HEADER
25 | #define AUSEARCH_PARSE_HEADER
26 |
27 | #include
28 | #include "config.h"
29 | #include "ausearch-llist.h"
30 |
31 | int extract_search_items(llist *l);
32 |
33 | #endif
34 |
35 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/src/ausearch-time.h:
--------------------------------------------------------------------------------
1 | /* ausearch-time.h - header file for ausearch-time.c
2 | * Copyright 2006-07,2016-17 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This program is free software; you can redistribute it and/or modify
6 | * it under the terms of the GNU General Public License as published by
7 | * the Free Software Foundation; either version 2 of the License, or
8 | * (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | * GNU General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU General Public License
16 | * along with this program; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | */
22 |
23 | #ifndef AUSEARCH_TIME_HEADERS
24 | #define AUSEARCH_TIME_HEADERS
25 |
26 | #include "ausearch-common.h"
27 |
28 | enum { T_NOW, T_RECENT, T_BOOT, T_TODAY, T_YESTERDAY, T_THIS_WEEK, T_WEEK_AGO,
29 | T_THIS_MONTH, T_THIS_YEAR };
30 |
31 | int lookup_time(const char *name);
32 | int ausearch_time_start(const char *da, const char *ti);
33 | int ausearch_time_end(const char *da, const char *ti);
34 |
35 | #endif
36 |
37 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/tcpoptnametabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char tcpoptname_strings[] = "TCP_CC_INFO\0TCP_CONGESTION\0TCP_COOKIE_TRANSACTIONS\0TCP_CORK\0TCP_DEFER_ACCEPT\0TCP_FASTOPEN\0TCP_FASTOPEN_CONNECT\0TCP_INFO\0TCP_KEEPCNT\0TCP_KEEPIDLE\0"
3 | "TCP_KEEPINTVL\0TCP_LINGER2\0TCP_MAXSEG\0TCP_MD5SIG\0TCP_MD5SIG_EXT\0TCP_NODELAY\0TCP_NOTSENT_LOWAT\0TCP_QUEUE_SEQ\0TCP_QUICKACK\0TCP_REPAIR\0"
4 | "TCP_REPAIR_OPTIONS\0TCP_REPAIR_QUEUE\0TCP_REPAIR_WINDOW\0TCP_SAVED_SYN\0TCP_SAVE_SYN\0TCP_SYNCNT\0TCP_THIN_DUPACK\0TCP_THIN_LINEAR_TIMEOUTS\0TCP_TIMESTAMP\0TCP_ULP\0"
5 | "TCP_USER_TIMEOUT\0TCP_WINDOW_CLAMP";
6 | static const unsigned tcpoptname_i2s_direct[] = {
7 | 208,171,51,132,145,120,357,159,60,448,
8 | 111,252,12,182,27,384,368,431,265,295,
9 | 238,276,77,409,220,0,344,330,312,90,
10 | 423,193,
11 | };
12 | static const char *tcpoptname_i2s(int v) {
13 | return i2s_direct__(tcpoptname_strings, tcpoptname_i2s_direct, 1, 32, v);
14 | }
15 |
--------------------------------------------------------------------------------
/auditd_port/ausearch/umounttabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char umount_strings[] = "MNT_DETACH\0MNT_EXPIRE\0MNT_FORCE\0UMOUNT_NOFOLLOW\0UMOUNT_UNUSED";
3 | static const struct transtab umount_table[] = {
4 | {1,22},{2,0},{4,11},{8,32},{-2147483648,48},
5 | };
6 | #define UMOUNT_NUM_ENTRIES (sizeof(umount_table) / sizeof(*umount_table))
7 |
--------------------------------------------------------------------------------
/auditd_port/build.sh:
--------------------------------------------------------------------------------
1 | ndk-build V=1 NDK_PROJECT_PATH=. NDK_APPLICATION_MK=Application.mk
2 |
--------------------------------------------------------------------------------
/auditd_port/lib/actiontab.h:
--------------------------------------------------------------------------------
1 | /* actiontab.h --
2 | * Copyright 2005,2006 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | */
22 |
23 | _S(AUDIT_NEVER, "never" )
24 | _S(AUDIT_POSSIBLE, "possible" )
25 | _S(AUDIT_ALWAYS, "always" )
26 |
--------------------------------------------------------------------------------
/auditd_port/lib/actiontabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char action_strings[] = "always\0never\0possible";
3 | static const unsigned action_s2i_s[] = {
4 | 0,7,13,
5 | };
6 | static const int action_s2i_i[] = {
7 | 2,0,1,
8 | };
9 | static int action_s2i(const char *s, int *value) {
10 | size_t len, i;
11 | if (s == NULL || value == NULL)
12 | return 0;
13 | len = strlen(s);
14 | { char copy[len + 1];
15 | for (i = 0; i < len; i++) {
16 | char c = s[i];
17 | copy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c;
18 | }
19 | copy[i] = 0;
20 | return s2i__(action_strings, action_s2i_s, action_s2i_i, 3, copy, value);
21 | }
22 | }
23 | static const unsigned action_i2s_direct[] = {
24 | 7,13,0,
25 | };
26 | static const char *action_i2s(int v) {
27 | return i2s_direct__(action_strings, action_i2s_direct, 0, 2, v);
28 | }
29 |
--------------------------------------------------------------------------------
/auditd_port/lib/audit.pc.in:
--------------------------------------------------------------------------------
1 | prefix=@prefix@
2 | exec_prefix=@exec_prefix@
3 | libdir=@libdir@
4 | includedir=@includedir@
5 |
6 | Name: libaudit
7 | Description: Libraries needed for apps that use the kernel audit framework
8 | Version: @VERSION@
9 | Libs: -L${libdir} -laudit
10 | Libs.private: @CAPNG_LDADD@
11 | Cflags: -I${includedir}
12 |
--------------------------------------------------------------------------------
/auditd_port/lib/dso.h:
--------------------------------------------------------------------------------
1 | /* dso.h --
2 | * Copyright 2005,2006,2009 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | */
22 | #ifndef _DSO_H_
23 | #define _DSO_H_
24 |
25 | /*
26 | * This is to mark functions as internal to the API
27 | */
28 | #ifndef AUDIT_HIDDEN_START
29 | #define AUDIT_HIDDEN_START _Pragma("GCC visibility push(hidden)")
30 | #endif
31 |
32 | /*
33 | * This ends the section that is internal to the API.
34 | */
35 | #ifndef AUDIT_HIDDEN_END
36 | #define AUDIT_HIDDEN_END _Pragma("GCC visibility pop")
37 | #endif
38 |
39 | #endif
40 |
41 |
--------------------------------------------------------------------------------
/auditd_port/lib/flagtab.h:
--------------------------------------------------------------------------------
1 | /* flagtab.h --
2 | * Copyright 2005,2006, 2016 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | * Richard Guy Briggs
22 | */
23 | _S(AUDIT_FILTER_TASK, "task" )
24 | _S(AUDIT_FILTER_EXIT, "exit" )
25 | _S(AUDIT_FILTER_USER, "user" )
26 | _S(AUDIT_FILTER_EXCLUDE, "exclude" )
27 | _S(AUDIT_FILTER_FS, "filesystem")
28 |
--------------------------------------------------------------------------------
/auditd_port/lib/flagtabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char flag_strings[] = "exclude\0exit\0filesystem\0task\0user";
3 | static const unsigned flag_s2i_s[] = {
4 | 0,8,13,24,29,
5 | };
6 | static const int flag_s2i_i[] = {
7 | 5,4,6,1,0,
8 | };
9 | static int flag_s2i(const char *s, int *value) {
10 | size_t len, i;
11 | if (s == NULL || value == NULL)
12 | return 0;
13 | len = strlen(s);
14 | { char copy[len + 1];
15 | for (i = 0; i < len; i++) {
16 | char c = s[i];
17 | copy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c;
18 | }
19 | copy[i] = 0;
20 | return s2i__(flag_strings, flag_s2i_s, flag_s2i_i, 5, copy, value);
21 | }
22 | }
23 | static const unsigned flag_i2s_direct[] = {
24 | 29,24,-1u,-1u,8,0,13,
25 | };
26 | static const char *flag_i2s(int v) {
27 | return i2s_direct__(flag_strings, flag_i2s_direct, 0, 6, v);
28 | }
29 |
--------------------------------------------------------------------------------
/auditd_port/lib/fstypetab.h:
--------------------------------------------------------------------------------
1 | /* fstypetab.h --
2 | * Copyright 2017 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | *
22 | * Source of info: /usr/include/linux/magic.h
23 | *
24 | */
25 | _S(0x74726163, "tracefs" )
26 | _S(0x64626720, "debugfs" )
27 |
--------------------------------------------------------------------------------
/auditd_port/lib/fstypetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char fstype_strings[] = "debugfs\0tracefs";
3 | static const unsigned fstype_s2i_s[] = {
4 | 0,8,
5 | };
6 | static const int fstype_s2i_i[] = {
7 | 1684170528,1953653091,
8 | };
9 | static int fstype_s2i(const char *s, int *value) {
10 | size_t len, i;
11 | if (s == NULL || value == NULL)
12 | return 0;
13 | len = strlen(s);
14 | { char copy[len + 1];
15 | for (i = 0; i < len; i++) {
16 | char c = s[i];
17 | copy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c;
18 | }
19 | copy[i] = 0;
20 | return s2i__(fstype_strings, fstype_s2i_s, fstype_s2i_i, 2, copy, value);
21 | }
22 | }
23 | static const int fstype_i2s_i[] = {
24 | 1684170528,1953653091,
25 | };
26 | static const unsigned fstype_i2s_s[] = {
27 | 0,8,
28 | };
29 | static const char *fstype_i2s(int v) {
30 | return i2s_bsearch__(fstype_strings, fstype_i2s_i, fstype_i2s_s, 2, v);
31 | }
32 |
--------------------------------------------------------------------------------
/auditd_port/lib/ftypetab.h:
--------------------------------------------------------------------------------
1 | /* actiontab.h --
2 | * Copyright 2008 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | */
22 |
23 | _S(S_IFSOCK, "socket" )
24 | _S(S_IFLNK, "link" )
25 | _S(S_IFREG, "file" )
26 | _S(S_IFBLK, "block" )
27 | _S(S_IFDIR, "dir" )
28 | _S(S_IFCHR, "character" )
29 | _S(S_IFIFO, "fifo" )
30 |
31 |
--------------------------------------------------------------------------------
/auditd_port/lib/ftypetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char ftype_strings[] = "block\0character\0dir\0fifo\0file\0link\0socket";
3 | static const unsigned ftype_s2i_s[] = {
4 | 0,6,16,20,25,30,35,
5 | };
6 | static const int ftype_s2i_i[] = {
7 | 24576,8192,16384,4096,32768,40960,49152,
8 | };
9 | static int ftype_s2i(const char *s, int *value) {
10 | size_t len, i;
11 | if (s == NULL || value == NULL)
12 | return 0;
13 | len = strlen(s);
14 | { char copy[len + 1];
15 | for (i = 0; i < len; i++) {
16 | char c = s[i];
17 | copy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c;
18 | }
19 | copy[i] = 0;
20 | return s2i__(ftype_strings, ftype_s2i_s, ftype_s2i_i, 7, copy, value);
21 | }
22 | }
23 | static const int ftype_i2s_i[] = {
24 | 4096,8192,16384,24576,32768,40960,49152,
25 | };
26 | static const unsigned ftype_i2s_s[] = {
27 | 20,6,16,0,25,30,35,
28 | };
29 | static const char *ftype_i2s(int v) {
30 | return i2s_bsearch__(ftype_strings, ftype_i2s_i, ftype_i2s_s, 7, v);
31 | }
32 |
--------------------------------------------------------------------------------
/auditd_port/lib/machinetabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char machine_strings[] = "arm\0armeb\0armv5tejl\0armv5tel\0armv6l\0armv7l\0i386\0i486\0i586\0i686\0"
3 | "ia64\0ppc\0ppc64\0ppc64le\0s390\0s390x\0x86_64";
4 | static const unsigned machine_s2i_s[] = {
5 | 0,4,10,20,29,36,43,48,53,58,
6 | 63,68,72,78,86,91,97,
7 | };
8 | static const int machine_s2i_i[] = {
9 | 8,8,8,8,8,8,0,0,0,0,
10 | 2,4,3,10,6,5,1,
11 | };
12 | static int machine_s2i(const char *s, int *value) {
13 | size_t len, i;
14 | if (s == NULL || value == NULL)
15 | return 0;
16 | len = strlen(s);
17 | { char copy[len + 1];
18 | for (i = 0; i < len; i++) {
19 | char c = s[i];
20 | copy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c;
21 | }
22 | copy[i] = 0;
23 | return s2i__(machine_strings, machine_s2i_s, machine_s2i_i, 17, copy, value);
24 | }
25 | }
26 | static const unsigned machine_i2s_direct[] = {
27 | 43,97,63,72,68,91,86,-1u,4,-1u,
28 | 78,
29 | };
30 | static const char *machine_i2s(int v) {
31 | return i2s_direct__(machine_strings, machine_i2s_direct, 0, 10, v);
32 | }
33 |
--------------------------------------------------------------------------------
/auditd_port/lib/optab.h:
--------------------------------------------------------------------------------
1 | /* optab.h --
2 | * Copyright 2005-07 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This library is free software; you can redistribute it and/or
6 | * modify it under the terms of the GNU Lesser General Public
7 | * License as published by the Free Software Foundation; either
8 | * version 2.1 of the License, or (at your option) any later version.
9 | *
10 | * This library is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | * Lesser General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU Lesser General Public
16 | * License along with this library; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | */
22 |
23 | _S(AUDIT_EQUAL, "=" )
24 | _S(AUDIT_NOT_EQUAL, "!=" )
25 | _S(AUDIT_GREATER_THAN, ">" )
26 | _S(AUDIT_GREATER_THAN_OR_EQUAL, ">=" )
27 | _S(AUDIT_LESS_THAN, "<" )
28 | _S(AUDIT_LESS_THAN_OR_EQUAL, "<=" )
29 | _S(AUDIT_BIT_MASK, "&" )
30 | _S(AUDIT_BIT_TEST, "&=" )
31 |
32 |
--------------------------------------------------------------------------------
/auditd_port/lib/optabs.h:
--------------------------------------------------------------------------------
1 | /* This is a generated file, see Makefile.am for its inputs. */
2 | static const char op_strings[] = "!=\0&\0&=\0<\0<=\0=\0>\0>=";
3 | static const int op_i2s_i[] = {
4 | 134217728,268435456,536870912,805306368,1073741824,1207959552,1342177280,1610612736,
5 | };
6 | static const unsigned op_i2s_s[] = {
7 | 3,8,15,0,13,5,10,17,
8 | };
9 | static const char *op_i2s(int v) {
10 | return i2s_bsearch__(op_strings, op_i2s_i, op_i2s_s, 8, v);
11 | }
12 |
--------------------------------------------------------------------------------
/auditd_port/lib/syscall-update.txt:
--------------------------------------------------------------------------------
1 | The place where syscall information is gathered is:
2 |
3 | arch/arm/tools/syscall.tbl
4 | arch/arm/include/uapi/asm/unistd.h
5 | arch/ia64/include/uapi/asm/unistd.h
6 | arch/powerpc/include/uapi/asm/unistd.h
7 | arch/s390/include/uapi/asm/unistd.h
8 | arch/x86/entry/syscalls/syscall_32.tbl
9 | arch/x86/entry/syscalls/syscall_64.tbl
10 | include/uapi/asm-generic/unistd.h (aarch64)
11 |
12 | For src/ausearch-lookup.c:
13 | Inspect include/linux/net.h for socketcall updates
14 | Inspect include/linux/ipc.h for ipccall updates
15 |
16 | For adding new arches, the following might be useful to get a first pass file:
17 |
18 | cat unistd.h | grep '^#define __NR_' | tr -d ')' | tr 'NR+' ' ' | awk '{ printf "_S(%s, \"%s\")\n", $6, $3 }; '
19 |
20 | it will still need hand editing
21 |
--------------------------------------------------------------------------------
/auditd_port/lib/test/Makefile.am:
--------------------------------------------------------------------------------
1 | # Copyright 2008 Red Hat Inc., Durham, North Carolina.
2 | # All Rights Reserved.
3 | #
4 | # This library is free software; you can redistribute it and/or
5 | # modify it under the terms of the GNU Lesser General Public
6 | # License as published by the Free Software Foundation; either
7 | # version 2.1 of the License, or (at your option) any later version.
8 | #
9 | # This library is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | # Lesser General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU Lesser General Public
15 | # License along with this library; if not, write to the Free Software
16 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 | #
18 | # Authors:
19 | # Miloslav Trmač
20 | #
21 |
22 | check_PROGRAMS = lookup_test
23 | TESTS = $(check_PROGRAMS)
24 |
25 | lookup_test_LDADD = ${top_builddir}/lib/libaudit.la
26 |
--------------------------------------------------------------------------------
/auditd_port/src/auditd-dispatch.h:
--------------------------------------------------------------------------------
1 | /* auditd-dispatch.h --
2 | * Copyright 2005,2007,2013,2017 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This program is free software; you can redistribute it and/or modify
6 | * it under the terms of the GNU General Public License as published by
7 | * the Free Software Foundation; either version 2 of the License, or
8 | * (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | * GNU General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU General Public License
16 | * along with this program; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | *
22 | */
23 |
24 | #ifndef AUDITD_DISPATCH_H
25 | #define AUDITD_DISPATCH_H
26 |
27 | #include "auditd-config.h"
28 |
29 | int dispatcher_pid(void);
30 | void dispatcher_reaped(void);
31 | int make_dispatcher_fd_private(void);
32 | int init_dispatcher(const struct daemon_conf *config, int config_dir_set);
33 | void shutdown_dispatcher(void);
34 | void reconfigure_dispatcher(const struct daemon_conf *config);
35 | int dispatch_event(const struct audit_reply *rep, int is_err, int protocol_ver);
36 |
37 | #endif
38 |
39 |
--------------------------------------------------------------------------------
/auditd_port/src/ausearch-parse.h:
--------------------------------------------------------------------------------
1 | /*
2 | * ausearch-parse.h - Header file for ausearch-llist.c
3 | * Copyright (c) 2005 Red Hat Inc., Durham, North Carolina.
4 | * All Rights Reserved.
5 | *
6 | * This software may be freely redistributed and/or modified under the
7 | * terms of the GNU General Public License as published by the Free
8 | * Software Foundation; either version 2, or (at your option) any
9 | * later version.
10 | *
11 | * This program is distributed in the hope that it will be useful,
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | * GNU General Public License for more details.
15 | *
16 | * You should have received a copy of the GNU General Public License
17 | * along with this program; see the file COPYING. If not, write to the
18 | * Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 | *
20 | * Authors:
21 | * Steve Grubb
22 | */
23 |
24 | #ifndef AUSEARCH_PARSE_HEADER
25 | #define AUSEARCH_PARSE_HEADER
26 |
27 | #include "config.h"
28 | #include "ausearch-llist.h"
29 |
30 | int extract_search_items(llist *l);
31 |
32 | #endif
33 |
34 |
--------------------------------------------------------------------------------
/auditd_port/src/ausearch-time.h:
--------------------------------------------------------------------------------
1 | /* ausearch-time.h - header file for ausearch-time.c
2 | * Copyright 2006-07,2016-17 Red Hat Inc., Durham, North Carolina.
3 | * All Rights Reserved.
4 | *
5 | * This program is free software; you can redistribute it and/or modify
6 | * it under the terms of the GNU General Public License as published by
7 | * the Free Software Foundation; either version 2 of the License, or
8 | * (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | * GNU General Public License for more details.
14 | *
15 | * You should have received a copy of the GNU General Public License
16 | * along with this program; if not, write to the Free Software
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | *
19 | * Authors:
20 | * Steve Grubb
21 | */
22 |
23 | #ifndef AUSEARCH_TIME_HEADERS
24 | #define AUSEARCH_TIME_HEADERS
25 |
26 | #include "ausearch-common.h"
27 |
28 | enum { T_NOW, T_RECENT, T_BOOT, T_TODAY, T_YESTERDAY, T_THIS_WEEK, T_WEEK_AGO,
29 | T_THIS_MONTH, T_THIS_YEAR };
30 |
31 | int lookup_time(const char *name);
32 | int ausearch_time_start(const char *da, const char *ti);
33 | int ausearch_time_end(const char *da, const char *ti);
34 |
35 | #endif
36 |
37 |
--------------------------------------------------------------------------------
/auditd_port/src/bionic_port.h:
--------------------------------------------------------------------------------
1 | #ifndef BIONIC_PORT_H
2 | #define BIONIC_PORT_H
3 | // Funktionen wie fd_set sind in bionic unter
4 | // anstatt in
5 | // zu finden
6 | #include
7 |
8 | // Android bionic besitzt die Funktion fgets_unlocked nicht,
9 | // daher wird diese hier definiert.
10 | #ifdef ANDROID
11 | #define fgets_unlocked(buf, size, fp) fgets(buf, size, fp)
12 | #endif
13 |
14 | #ifndef strndupa
15 | # include
16 | # include
17 | # define strndupa(s, n) \
18 | ({ \
19 | const char *__old = (s); \
20 | size_t __len = strnlen(__old, (n)); \
21 | char *__new = (char *) alloca(__len + 1); \
22 | __new[__len] = '\0'; \
23 | (char *) memcpy(__new, __old, __len); \
24 | })
25 | #endif
26 |
27 | /* fflush_unlocked ist ebenfalls nicht in
28 | * bionic verfügbar. Daher wird ein Alias
29 | * auf fflush() erstellt. */
30 | # if HAVE_DECL_FFLUSH_UNLOCKED
31 | # undef fflush
32 | # define fflush(x) fflush_unlocked (x)
33 | # else
34 | # define fflush_unlocked(x) fflush (x)
35 | # endif
36 |
37 | /* endprotoend() wird nicht unterstützt von bionic
38 | * und muss mit einem Dummy ersetzt werden */
39 | void endprotoent(void);
40 |
41 | /* Die Implementation von rawmemchr()
42 | * wurde aus der glibc kopiert */
43 | void *rawmemchr (const void *s, int c_in);
44 | #endif
45 |
--------------------------------------------------------------------------------
/auditd_port/src/libev/Makefile.am:
--------------------------------------------------------------------------------
1 | # Makefile.am--
2 | # Copyright 2008,2011-12 Red Hat Inc., Durham, North Carolina.
3 | # All Rights Reserved.
4 | #
5 | # This program is free software; you can redistribute it and/or modify
6 | # it under the terms of the GNU General Public License as published by
7 | # the Free Software Foundation; either version 2 of the License, or
8 | # (at your option) any later version.
9 | #
10 | # This program is distributed in the hope that it will be useful,
11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | # GNU General Public License for more details.
14 | #
15 | # You should have received a copy of the GNU General Public License
16 | # along with this program; if not, write to the Free Software
17 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 | #
19 | # Authors:
20 | # Steve Grubb
21 | #
22 | VERSION_INFO = 4:0:0
23 | EXTRA_DIST = README ev_epoll.c ev_poll.c ev_select.c libev.m4
24 | AM_CFLAGS = -fPIC -DPIC -g -fno-strict-aliasing ${DEBUG}
25 |
26 | noinst_HEADERS = ev.h ev_vars.h ev_wrap.h event.h
27 | noinst_LIBRARIES = libev.a
28 |
29 | libev_a_SOURCES = ev.c event.c
30 |
--------------------------------------------------------------------------------
/auditd_port/src/test/Makefile.am:
--------------------------------------------------------------------------------
1 | # Copyright 2008,2014,2015 Red Hat Inc., Durham, North Carolina.
2 | # All Rights Reserved.
3 | #
4 | # This library is free software; you can redistribute it and/or
5 | # modify it under the terms of the GNU Lesser General Public
6 | # License as published by the Free Software Foundation; either
7 | # version 2.1 of the License, or (at your option) any later version.
8 | #
9 | # This library is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | # Lesser General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU Lesser General Public
15 | # License along with this library; if not, write to the Free Software
16 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 | #
18 | # Authors:
19 | # Steve Grubb
20 | #
21 |
22 | AM_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src
23 | check_PROGRAMS = ilist_test slist_test
24 | TESTS = $(check_PROGRAMS)
25 | ilist_test_LDADD = ${top_builddir}/src/ausearch-int.o
26 | slist_test_LDADD = ${top_builddir}/src/ausearch-string.o
27 |
--------------------------------------------------------------------------------
/doc/img/all_arch_en.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/doc/img/all_arch_en.png
--------------------------------------------------------------------------------
/doc/img/auditd_app_network.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skyun1314/auditd_for_android/eacd33f111924dd46fca7a8b98c541597620b4ec/doc/img/auditd_app_network.png
--------------------------------------------------------------------------------