1/*-
2 * Copyright (c) 2008-2009 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 *
29 */
30
31#include <sys/param.h>
32#include <sys/socket.h>
33
34#include <security/audit/audit.h>
35
36#include <bsm/audit_domain.h>
37#include <bsm/audit_record.h>
38
39#if CONFIG_AUDIT
40struct bsm_domain {
41 u_short bd_bsm_domain;
42 int bd_local_domain;
43};
44
45#define PF_NO_LOCAL_MAPPING -600
46
47static const struct bsm_domain bsm_domains[] = {
48 { BSM_PF_UNSPEC, PF_UNSPEC },
49 { BSM_PF_LOCAL, PF_LOCAL },
50 { BSM_PF_INET, PF_INET },
51 { BSM_PF_IMPLINK,
52#ifdef PF_IMPLINK
53 PF_IMPLINK
54#else
55 PF_NO_LOCAL_MAPPING
56#endif
57 },
58 { BSM_PF_PUP,
59#ifdef PF_PUP
60 PF_PUP
61#else
62 PF_NO_LOCAL_MAPPING
63#endif
64 },
65 { BSM_PF_CHAOS,
66#ifdef PF_CHAOS
67 PF_CHAOS
68#else
69 PF_NO_LOCAL_MAPPING
70#endif
71 },
72 { BSM_PF_NS,
73#ifdef PF_NS
74 PF_NS
75#else
76 PF_NO_LOCAL_MAPPING
77#endif
78 },
79 { BSM_PF_NBS,
80#ifdef PF_NBS
81 PF_NBS
82#else
83 PF_NO_LOCAL_MAPPING
84#endif
85 },
86 { BSM_PF_ECMA,
87#ifdef PF_ECMA
88 PF_ECMA
89#else
90 PF_NO_LOCAL_MAPPING
91#endif
92 },
93 { BSM_PF_DATAKIT,
94#ifdef PF_DATAKIT
95 PF_DATAKIT
96#else
97 PF_NO_LOCAL_MAPPING
98#endif
99 },
100 { BSM_PF_CCITT,
101#ifdef PF_CCITT
102 PF_CCITT
103#else
104 PF_NO_LOCAL_MAPPING
105#endif
106 },
107 { BSM_PF_SNA, PF_SNA },
108 { BSM_PF_DECnet, PF_DECnet },
109 { BSM_PF_DLI,
110#ifdef PF_DLI
111 PF_DLI
112#else
113 PF_NO_LOCAL_MAPPING
114#endif
115 },
116 { BSM_PF_LAT,
117#ifdef PF_LAT
118 PF_LAT
119#else
120 PF_NO_LOCAL_MAPPING
121#endif
122 },
123 { BSM_PF_HYLINK,
124#ifdef PF_HYLINK
125 PF_HYLINK
126#else
127 PF_NO_LOCAL_MAPPING
128#endif
129 },
130 { BSM_PF_APPLETALK, PF_APPLETALK },
131 { BSM_PF_NIT,
132#ifdef PF_NIT
133 PF_NIT
134#else
135 PF_NO_LOCAL_MAPPING
136#endif
137 },
138 { BSM_PF_802,
139#ifdef PF_802
140 PF_802
141#else
142 PF_NO_LOCAL_MAPPING
143#endif
144 },
145 { BSM_PF_OSI,
146#ifdef PF_OSI
147 PF_OSI
148#else
149 PF_NO_LOCAL_MAPPING
150#endif
151 },
152 { BSM_PF_X25,
153#ifdef PF_X25
154 PF_X25
155#else
156 PF_NO_LOCAL_MAPPING
157#endif
158 },
159 { BSM_PF_OSINET,
160#ifdef PF_OSINET
161 PF_OSINET
162#else
163 PF_NO_LOCAL_MAPPING
164#endif
165 },
166 { BSM_PF_GOSIP,
167#ifdef PF_GOSIP
168 PF_GOSIP
169#else
170 PF_NO_LOCAL_MAPPING
171#endif
172 },
173 { BSM_PF_IPX, PF_IPX },
174 { BSM_PF_ROUTE, PF_ROUTE },
175 { BSM_PF_LINK,
176#ifdef PF_LINK
177 PF_LINK
178#else
179 PF_NO_LOCAL_MAPPING
180#endif
181 },
182 { BSM_PF_INET6, PF_INET6 },
183 { BSM_PF_KEY, PF_KEY },
184 { BSM_PF_NCA,
185#ifdef PF_NCA
186 PF_NCA
187#else
188 PF_NO_LOCAL_MAPPING
189#endif
190 },
191 { BSM_PF_POLICY,
192#ifdef PF_POLICY
193 PF_POLICY
194#else
195 PF_NO_LOCAL_MAPPING
196#endif
197 },
198 { BSM_PF_INET_OFFLOAD,
199#ifdef PF_INET_OFFLOAD
200 PF_INET_OFFLOAD
201#else
202 PF_NO_LOCAL_MAPPING
203#endif
204 },
205 { BSM_PF_NETBIOS,
206#ifdef PF_NETBIOS
207 PF_NETBIOS
208#else
209 PF_NO_LOCAL_MAPPING
210#endif
211 },
212 { BSM_PF_ISO,
213#ifdef PF_ISO
214 PF_ISO
215#else
216 PF_NO_LOCAL_MAPPING
217#endif
218 },
219 { BSM_PF_XTP,
220#ifdef PF_XTP
221 PF_XTP
222#else
223 PF_NO_LOCAL_MAPPING
224#endif
225 },
226 { BSM_PF_COIP,
227#ifdef PF_COIP
228 PF_COIP
229#else
230 PF_NO_LOCAL_MAPPING
231#endif
232 },
233 { BSM_PF_CNT,
234#ifdef PF_CNT
235 PF_CNT
236#else
237 PF_NO_LOCAL_MAPPING
238#endif
239 },
240 { BSM_PF_RTIP,
241#ifdef PF_RTIP
242 PF_RTIP
243#else
244 PF_NO_LOCAL_MAPPING
245#endif
246 },
247 { BSM_PF_SIP,
248#ifdef PF_SIP
249 PF_SIP
250#else
251 PF_NO_LOCAL_MAPPING
252#endif
253 },
254 { BSM_PF_PIP,
255#ifdef PF_PIP
256 PF_PIP
257#else
258 PF_NO_LOCAL_MAPPING
259#endif
260 },
261 { BSM_PF_ISDN,
262#ifdef PF_ISDN
263 PF_ISDN
264#else
265 PF_NO_LOCAL_MAPPING
266#endif
267 },
268 { BSM_PF_E164,
269#ifdef PF_E164
270 PF_E164
271#else
272 PF_NO_LOCAL_MAPPING
273#endif
274 },
275 { BSM_PF_NATM,
276#ifdef PF_NATM
277 PF_NATM
278#else
279 PF_NO_LOCAL_MAPPING
280#endif
281 },
282 { BSM_PF_ATM,
283#ifdef PF_ATM
284 PF_ATM
285#else
286 PF_NO_LOCAL_MAPPING
287#endif
288 },
289 { BSM_PF_NETGRAPH,
290#ifdef PF_NETGRAPH
291 PF_NETGRAPH
292#else
293 PF_NO_LOCAL_MAPPING
294#endif
295 },
296 { BSM_PF_SLOW,
297#ifdef PF_SLOW
298 PF_SLOW
299#else
300 PF_NO_LOCAL_MAPPING
301#endif
302 },
303 { BSM_PF_SCLUSTER,
304#ifdef PF_SCLUSTER
305 PF_SCLUSTER
306#else
307 PF_NO_LOCAL_MAPPING
308#endif
309 },
310 { BSM_PF_ARP,
311#ifdef PF_ARP
312 PF_ARP
313#else
314 PF_NO_LOCAL_MAPPING
315#endif
316 },
317 { BSM_PF_BLUETOOTH,
318#ifdef PF_BLUETOOTH
319 PF_BLUETOOTH
320#else
321 PF_NO_LOCAL_MAPPING
322#endif
323 },
324 { BSM_PF_IEEE80211,
325#ifdef PF_IEEE80211
326 PF_IEEE80211
327#else
328 PF_NO_LOCAL_MAPPING
329#endif
330 },
331 { BSM_PF_AX25,
332#ifdef PF_AX25
333 PF_AX25
334#else
335 PF_NO_LOCAL_MAPPING
336#endif
337 },
338 { BSM_PF_ROSE,
339#ifdef PF_ROSE
340 PF_ROSE
341#else
342 PF_NO_LOCAL_MAPPING
343#endif
344 },
345 { BSM_PF_NETBEUI,
346#ifdef PF_NETBEUI
347 PF_NETBEUI
348#else
349 PF_NO_LOCAL_MAPPING
350#endif
351 },
352 { BSM_PF_SECURITY,
353#ifdef PF_SECURITY
354 PF_SECURITY
355#else
356 PF_NO_LOCAL_MAPPING
357#endif
358 },
359 { BSM_PF_PACKET,
360#ifdef PF_PACKET
361 PF_PACKET
362#else
363 PF_NO_LOCAL_MAPPING
364#endif
365 },
366 { BSM_PF_ASH,
367#ifdef PF_ASH
368 PF_ASH
369#else
370 PF_NO_LOCAL_MAPPING
371#endif
372 },
373 { BSM_PF_ECONET,
374#ifdef PF_ECONET
375 PF_ECONET
376#else
377 PF_NO_LOCAL_MAPPING
378#endif
379 },
380 { BSM_PF_ATMSVC,
381#ifdef PF_ATMSVC
382 PF_ATMSVC
383#else
384 PF_NO_LOCAL_MAPPING
385#endif
386 },
387 { BSM_PF_IRDA,
388#ifdef PF_IRDA
389 PF_IRDA
390#else
391 PF_NO_LOCAL_MAPPING
392#endif
393 },
394 { BSM_PF_PPPOX,
395#ifdef PF_PPPOX
396 PF_PPPOX
397#else
398 PF_NO_LOCAL_MAPPING
399#endif
400 },
401 { BSM_PF_WANPIPE,
402#ifdef PF_WANPIPE
403 PF_WANPIPE
404#else
405 PF_NO_LOCAL_MAPPING
406#endif
407 },
408 { BSM_PF_LLC,
409#ifdef PF_LLC
410 PF_LLC
411#else
412 PF_NO_LOCAL_MAPPING
413#endif
414 },
415 { BSM_PF_CAN,
416#ifdef PF_CAN
417 PF_CAN
418#else
419 PF_NO_LOCAL_MAPPING
420#endif
421 },
422 { BSM_PF_TIPC,
423#ifdef PF_TIPC
424 PF_TIPC
425#else
426 PF_NO_LOCAL_MAPPING
427#endif
428 },
429 { BSM_PF_IUCV,
430#ifdef PF_IUCV
431 PF_IUCV
432#else
433 PF_NO_LOCAL_MAPPING
434#endif
435 },
436 { BSM_PF_RXRPC,
437#ifdef PF_RXRPC
438 PF_RXRPC
439#else
440 PF_NO_LOCAL_MAPPING
441#endif
442 },
443 { BSM_PF_PHONET,
444#ifdef PF_PHONET
445 PF_PHONET
446#else
447 PF_NO_LOCAL_MAPPING
448#endif
449 },
450};
451static const int bsm_domains_count = sizeof(bsm_domains) /
452 sizeof(bsm_domains[0]);
453
454static const struct bsm_domain *
455bsm_lookup_local_domain(int local_domain)
456{
457 int i;
458
459 for (i = 0; i < bsm_domains_count; i++) {
460 if (bsm_domains[i].bd_local_domain == local_domain)
461 return (&bsm_domains[i]);
462 }
463 return (NULL);
464}
465
466u_short
467au_domain_to_bsm(int local_domain)
468{
469 const struct bsm_domain *bstp;
470
471 bstp = bsm_lookup_local_domain(local_domain);
472 if (bstp == NULL)
473 return (BSM_PF_UNKNOWN);
474 return (bstp->bd_bsm_domain);
475}
476
477static const struct bsm_domain *
478bsm_lookup_bsm_domain(u_short bsm_domain)
479{
480 int i;
481
482 for (i = 0; i < bsm_domains_count; i++) {
483 if (bsm_domains[i].bd_bsm_domain == bsm_domain)
484 return (&bsm_domains[i]);
485 }
486 return (NULL);
487}
488
489int
490au_bsm_to_domain(u_short bsm_domain, int *local_domainp)
491{
492 const struct bsm_domain *bstp;
493
494 bstp = bsm_lookup_bsm_domain(bsm_domain);
495 if (bstp == NULL || bstp->bd_local_domain)
496 return (-1);
497 *local_domainp = bstp->bd_local_domain;
498 return (0);
499}
500#endif /* CONFIG_AUDIT */
501