228 audit_record_ctor(proc_t p, struct kaudit_record *ar)  in audit_record_ctor()  argument
232 	bzero(ar, sizeof(*ar));  in audit_record_ctor()
233 	ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC;  in audit_record_ctor()
234 	nanotime(&ar->k_ar.ar_starttime);  in audit_record_ctor()
242 		cru2x(cred, &ar->k_ar.ar_subj_cred);  in audit_record_ctor()
243 		ar->k_ar.ar_subj_ruid = kauth_cred_getruid(cred);  in audit_record_ctor()
244 		ar->k_ar.ar_subj_rgid = kauth_cred_getrgid(cred);  in audit_record_ctor()
245 		ar->k_ar.ar_subj_egid = kauth_cred_getgid(cred);  in audit_record_ctor()
246 		ar->k_ar.ar_subj_pid = proc_getpid(p);  in audit_record_ctor()
247 		ar->k_ar.ar_subj_auid = cred->cr_audit.as_aia_p->ai_auid;  in audit_record_ctor()
248 		ar->k_ar.ar_subj_asid = cred->cr_audit.as_aia_p->ai_asid;  in audit_record_ctor()
249 		bcopy(&cred->cr_audit.as_mask, &ar->k_ar.ar_subj_amask,  in audit_record_ctor()
252 		    &ar->k_ar.ar_subj_term_addr, sizeof(struct au_tid_addr));  in audit_record_ctor()
258 audit_record_dtor(struct kaudit_record *ar)  in audit_record_dtor()  argument
260 	if (ar->k_ar.ar_arg_upath1 != NULL) {  in audit_record_dtor()
261 		zfree(ZV_NAMEI, ar->k_ar.ar_arg_upath1);  in audit_record_dtor()
263 	if (ar->k_ar.ar_arg_upath2 != NULL) {  in audit_record_dtor()
264 		zfree(ZV_NAMEI, ar->k_ar.ar_arg_upath2);  in audit_record_dtor()
266 	if (ar->k_ar.ar_arg_kpath1 != NULL) {  in audit_record_dtor()
267 		zfree(ZV_NAMEI, ar->k_ar.ar_arg_kpath1);  in audit_record_dtor()
269 	if (ar->k_ar.ar_arg_kpath2 != NULL) {  in audit_record_dtor()
270 		zfree(ZV_NAMEI, ar->k_ar.ar_arg_kpath2);  in audit_record_dtor()
272 	if (ar->k_ar.ar_arg_text != NULL) {  in audit_record_dtor()
273 		zfree(ZV_NAMEI, ar->k_ar.ar_arg_text);  in audit_record_dtor()
275 	if (ar->k_ar.ar_arg_opaque != NULL) {  in audit_record_dtor()
276 		kfree_data(ar->k_ar.ar_arg_opaque, ar->k_ar.ar_arg_opq_size);  in audit_record_dtor()
278 	if (ar->k_ar.ar_arg_data != NULL) {  in audit_record_dtor()
279 		kfree_data_addr(ar->k_ar.ar_arg_data);  in audit_record_dtor()
281 	if (ar->k_udata != NULL) {  in audit_record_dtor()
282 		kfree_data_addr(ar->k_udata);  in audit_record_dtor()
284 	if (ar->k_ar.ar_arg_argv != NULL) {  in audit_record_dtor()
285 		kfree_data_addr(ar->k_ar.ar_arg_argv);  in audit_record_dtor()
287 	if (ar->k_ar.ar_arg_envv != NULL) {  in audit_record_dtor()
288 		kfree_data_addr(ar->k_ar.ar_arg_envv);  in audit_record_dtor()
290 	audit_identity_info_destruct(&ar->k_ar.ar_arg_identity);  in audit_record_dtor()
384 	struct kaudit_record *ar;  in audit_new()  local
415 	ar = zalloc_flags(audit_record_zone, Z_WAITOK | Z_NOFAIL);  in audit_new()
416 	audit_record_ctor(p, ar);  in audit_new()
417 	ar->k_ar.ar_event = event;  in audit_new()
421 		if (audit_mac_new(p, ar) != 0) {  in audit_new()
422 			zfree(audit_record_zone, ar);  in audit_new()
426 		ar->k_ar.ar_mac_records = NULL;  in audit_new()
434 	return ar;  in audit_new()
438 audit_free(struct kaudit_record *ar)  in audit_free()  argument
440 	audit_record_dtor(ar);  in audit_free()
442 	if (NULL != ar->k_ar.ar_mac_records) {  in audit_free()
443 		audit_mac_free(ar);  in audit_free()
446 	zfree(audit_record_zone, ar);  in audit_free()
450 audit_commit(struct kaudit_record *ar, int error, int retval)  in audit_commit()  argument
459 	if (ar == NULL) {  in audit_commit()
467 	if (ar->k_ar.ar_subj_auid == AU_DEFAUDITID) {  in audit_commit()
470 		aumask = &ar->k_ar.ar_subj_amask;  in audit_commit()
479 	switch (ar->k_ar.ar_event) {  in audit_commit()
486 		ar->k_ar.ar_event = audit_flags_and_error_to_openevent(  in audit_commit()
487 			ar->k_ar.ar_arg_fflags, error);  in audit_commit()
496 		ar->k_ar.ar_event = audit_flags_and_error_to_openextendedevent(  in audit_commit()
497 			ar->k_ar.ar_arg_fflags, error);  in audit_commit()
506 		ar->k_ar.ar_event = audit_flags_and_error_to_openatevent(  in audit_commit()
507 			ar->k_ar.ar_arg_fflags, error);  in audit_commit()
516 		ar->k_ar.ar_event = audit_flags_and_error_to_openbyidevent(  in audit_commit()
517 			ar->k_ar.ar_arg_fflags, error);  in audit_commit()
521 		ar->k_ar.ar_event = audit_ctlname_to_sysctlevent(  in audit_commit()
522 			ar->k_ar.ar_arg_ctlname, ar->k_ar.ar_valid_arg);  in audit_commit()
527 		ar->k_ar.ar_event = auditon_command_event(ar->k_ar.ar_arg_cmd);  in audit_commit()
532 		ar->k_ar.ar_event = audit_fcntl_command_event(  in audit_commit()
533 			ar->k_ar.ar_arg_cmd, ar->k_ar.ar_arg_fflags, error);  in audit_commit()
537 	auid = ar->k_ar.ar_subj_auid;  in audit_commit()
538 	event = ar->k_ar.ar_event;  in audit_commit()
552 	ar->k_ar_commit |= AR_COMMIT_KERNEL;  in audit_commit()
554 		ar->k_ar_commit |= AR_PRESELECT_TRAIL;  in audit_commit()
557 	    ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0) {  in audit_commit()
558 		ar->k_ar_commit |= AR_PRESELECT_PIPE;  in audit_commit()
560 	if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE |  in audit_commit()
566 		audit_free(ar);  in audit_commit()
570 	ar->k_ar.ar_errno = error;  in audit_commit()
571 	ar->k_ar.ar_retval = retval;  in audit_commit()
572 	nanotime(&ar->k_ar.ar_endtime);  in audit_commit()
582 		audit_free(ar);  in audit_commit()
594 	TAILQ_INSERT_TAIL(&audit_q, ar, k_q);  in audit_commit()
905 	struct kaudit_record *ar;  in audit_proc_coredump()  local
947 	ar = audit_new(AUE_CORE, proc, uthread);  in audit_proc_coredump()
948 	if (ar == NULL) {  in audit_proc_coredump()
952 		pathp = &ar->k_ar.ar_arg_upath1;  in audit_proc_coredump()
958 			ARG_SET_VALID(ar, ARG_UPATH1);  in audit_proc_coredump()
961 	ar->k_ar.ar_arg_signum = proc->p_sigacts.ps_sig;  in audit_proc_coredump()
962 	ARG_SET_VALID(ar, ARG_SIGNUM);  in audit_proc_coredump()
966 	audit_commit(ar, errcode, ret);  in audit_proc_coredump()