1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
/**
* @file
* Public interface for a single seaudit log message. Note that this
* is an abstract class.
*
* @author Jeremy A. Mowery jmowery@tresys.com
* @author Jason Tang jtang@tresys.com
*
* Copyright (C) 2006-2007 Tresys Technology, LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef SEAUDIT_MESSAGE_H
#define SEAUDIT_MESSAGE_H
#ifdef __cplusplus
extern "C"
{
#endif
#include <time.h>
typedef struct seaudit_message seaudit_message_t;
/**
* This enum defines the different types of audit messages this
* library will handle. Message types are put in alphabetical order
* to make msg_field_compare() in sort.c easier.
*/
typedef enum seaudit_message_type
{
SEAUDIT_MESSAGE_TYPE_INVALID = 0,
/** BOOL is the message that results when changing
booleans in a conditional policy. */
SEAUDIT_MESSAGE_TYPE_BOOL,
/** AVC is a standard 'allowed' or 'denied' type
message. */
SEAUDIT_MESSAGE_TYPE_AVC,
/** LOAD is the message that results when a policy is
loaded into the system. */
SEAUDIT_MESSAGE_TYPE_LOAD
} seaudit_message_type_e;
/**
* Get a pointer to a message's specific data. This returns a void
* pointer; the caller must cast it to one of seaudit_avc_message_t,
* seaudit_bool_message_t, or seaudit_load_message_t. Use the
* returned value from the second parameter to determine which type
* this message really is.
*
* @param msg Message from which to get data.
* @param type Reference to the message specific type.
*
* @return Pointer to message's specific type, or NULL upon error.
*/
extern void *seaudit_message_get_data(const seaudit_message_t * msg, seaudit_message_type_e * type);
/**
* Return the time that this audit message was generated.
*
* @param msg Message from which to get its time.
*
* @return Time of the message. Treat the contents of this struct as
* const.
*
* @see localtime(3)
*/
extern const struct tm *seaudit_message_get_time(const seaudit_message_t * msg);
/**
* Return the name of the host that generated this audit message.
*
* @param msg Message from which to get its time.
*
* @return Host of the message. Do not modify this string.
*/
extern const char *seaudit_message_get_host(const seaudit_message_t * msg);
/**
* Given a message, allocate and return a string that approximates the
* message as it had appeared within the original log file.
*
* @param msg Message to convert.
*
* @return String representation for message, or NULL upon error. The
* caller is responsible for free()ing the string afterwards.
*/
extern char *seaudit_message_to_string(const seaudit_message_t * msg);
/**
* Given a message, allocate and return a string, formatted in HTML,
* that approximates the message as it had appeared within the
* original log file.
*
* @param msg Message to convert.
*
* @return HTML String representation for message, or NULL upon error.
* The caller is responsible for free()ing the string afterwards.
*/
extern char *seaudit_message_to_string_html(const seaudit_message_t * msg);
/**
* Given a message, allocate and return a string that gives
* miscellaneous (i.e., uncategorized) information about the message.
* To get the more important values you will need to use more specific
* accessor methods.
*
* @param msg Message from which to get miscellaneous information.
*
* @return Miscellaneous message string representation, or NULL upon
* error. The caller is responsible for free()ing the string
* afterwards.
*/
extern char *seaudit_message_to_misc_string(const seaudit_message_t * msg);
#ifdef __cplusplus
}
#endif
#endif
|
