xref: /xnu-11215.41.3/bsd/security/audit/audit_bsm_domain.c (revision 33de042d024d46de5ff4e89f2471de6608e37fa4) 
1 /*-
2  * Copyright (c) 2008-2019 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1.  Redistributions of source code must retain the above copyright
8  *     notice, this list of conditions and the following disclaimer.
9  * 2.  Redistributions in binary form must reproduce the above copyright
10  *     notice, this list of conditions and the following disclaimer in the
11  *     documentation and/or other materials provided with the distribution.
12  * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
13  *     its contributors may be used to endorse or promote products derived
14  *     from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
20  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26  * POSSIBILITY OF SUCH DAMAGE.
27  *
28  */
29 
30 #include <sys/param.h>
31 #include <sys/socket.h>
32 
33 #include <security/audit/audit.h>
34 
35 #include <bsm/audit_domain.h>
36 #include <bsm/audit_record.h>
37 
38 #if CONFIG_AUDIT
39 struct bsm_domain {
40 	u_short bd_bsm_domain;
41 	int     bd_local_domain;
42 };
43 
44 #define PF_NO_LOCAL_MAPPING     -600
45 
46 static const struct bsm_domain bsm_domains[] = {
47 	{ .bd_bsm_domain = BSM_PF_UNSPEC, .bd_local_domain = PF_UNSPEC },
48 	{ .bd_bsm_domain = BSM_PF_LOCAL, .bd_local_domain = PF_LOCAL },
49 	{ .bd_bsm_domain = BSM_PF_INET, .bd_local_domain = PF_INET },
50 	{ .bd_bsm_domain = BSM_PF_IMPLINK,
51 #ifdef PF_IMPLINK
52 	  .bd_local_domain = PF_IMPLINK
53 #else
54 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
55 #endif
56 	},
57 	{ .bd_bsm_domain = BSM_PF_PUP,
58 #ifdef PF_PUP
59 	  .bd_local_domain = PF_PUP
60 #else
61 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
62 #endif
63 	},
64 	{ .bd_bsm_domain = BSM_PF_CHAOS,
65 #ifdef PF_CHAOS
66 	  .bd_local_domain = PF_CHAOS
67 #else
68 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
69 #endif
70 	},
71 	{ .bd_bsm_domain = BSM_PF_NS,
72 #ifdef PF_NS
73 	  .bd_local_domain = PF_NS
74 #else
75 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
76 #endif
77 	},
78 	{ .bd_bsm_domain = BSM_PF_NBS,
79 #ifdef PF_NBS
80 	  .bd_local_domain = PF_NBS
81 #else
82 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
83 #endif
84 	},
85 	{ .bd_bsm_domain = BSM_PF_ECMA,
86 #ifdef PF_ECMA
87 	  .bd_local_domain = PF_ECMA
88 #else
89 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
90 #endif
91 	},
92 	{ .bd_bsm_domain = BSM_PF_DATAKIT,
93 #ifdef PF_DATAKIT
94 	  .bd_local_domain = PF_DATAKIT
95 #else
96 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
97 #endif
98 	},
99 	{ .bd_bsm_domain = BSM_PF_CCITT,
100 #ifdef PF_CCITT
101 	  .bd_local_domain = PF_CCITT
102 #else
103 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
104 #endif
105 	},
106 	{ .bd_bsm_domain = BSM_PF_SNA, .bd_local_domain = PF_SNA },
107 	{ .bd_bsm_domain = BSM_PF_DECnet, .bd_local_domain = PF_DECnet },
108 	{ .bd_bsm_domain = BSM_PF_DLI,
109 #ifdef PF_DLI
110 	  .bd_local_domain = PF_DLI
111 #else
112 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
113 #endif
114 	},
115 	{ .bd_bsm_domain = BSM_PF_LAT,
116 #ifdef PF_LAT
117 	  .bd_local_domain = PF_LAT
118 #else
119 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
120 #endif
121 	},
122 	{ .bd_bsm_domain = BSM_PF_HYLINK,
123 #ifdef PF_HYLINK
124 	  .bd_local_domain = PF_HYLINK
125 #else
126 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
127 #endif
128 	},
129 	{ .bd_bsm_domain = BSM_PF_APPLETALK, .bd_local_domain = PF_APPLETALK },
130 	{ .bd_bsm_domain = BSM_PF_NIT,
131 #ifdef PF_NIT
132 	  .bd_local_domain = PF_NIT
133 #else
134 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
135 #endif
136 	},
137 	{ .bd_bsm_domain = BSM_PF_802,
138 #ifdef PF_802
139 	  .bd_local_domain = PF_802
140 #else
141 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
142 #endif
143 	},
144 	{ .bd_bsm_domain = BSM_PF_OSI,
145 #ifdef PF_OSI
146 	  .bd_local_domain = PF_OSI
147 #else
148 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
149 #endif
150 	},
151 	{ .bd_bsm_domain = BSM_PF_X25,
152 #ifdef PF_X25
153 	  .bd_local_domain = PF_X25
154 #else
155 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
156 #endif
157 	},
158 	{ .bd_bsm_domain = BSM_PF_OSINET,
159 #ifdef PF_OSINET
160 	  .bd_local_domain = PF_OSINET
161 #else
162 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
163 #endif
164 	},
165 	{ .bd_bsm_domain = BSM_PF_GOSIP,
166 #ifdef PF_GOSIP
167 	  .bd_local_domain = PF_GOSIP
168 #else
169 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
170 #endif
171 	},
172 	{ .bd_bsm_domain = BSM_PF_IPX, .bd_local_domain = PF_IPX },
173 	{ .bd_bsm_domain = BSM_PF_ROUTE, .bd_local_domain = PF_ROUTE },
174 	{ .bd_bsm_domain = BSM_PF_LINK,
175 #ifdef PF_LINK
176 	  .bd_local_domain = PF_LINK
177 #else
178 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
179 #endif
180 	},
181 	{ .bd_bsm_domain = BSM_PF_INET6, .bd_local_domain = PF_INET6 },
182 	{ .bd_bsm_domain = BSM_PF_KEY, .bd_local_domain = PF_KEY },
183 	{ .bd_bsm_domain = BSM_PF_NCA,
184 #ifdef PF_NCA
185 	  .bd_local_domain = PF_NCA
186 #else
187 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
188 #endif
189 	},
190 	{ .bd_bsm_domain = BSM_PF_POLICY,
191 #ifdef PF_POLICY
192 	  .bd_local_domain = PF_POLICY
193 #else
194 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
195 #endif
196 	},
197 	{ .bd_bsm_domain = BSM_PF_INET_OFFLOAD,
198 #ifdef PF_INET_OFFLOAD
199 	  .bd_local_domain = PF_INET_OFFLOAD
200 #else
201 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
202 #endif
203 	},
204 	{ .bd_bsm_domain = BSM_PF_NETBIOS,
205 #ifdef PF_NETBIOS
206 	  .bd_local_domain = PF_NETBIOS
207 #else
208 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
209 #endif
210 	},
211 	{ .bd_bsm_domain = BSM_PF_ISO,
212 #ifdef PF_ISO
213 	  .bd_local_domain = PF_ISO
214 #else
215 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
216 #endif
217 	},
218 	{ .bd_bsm_domain = BSM_PF_XTP,
219 #ifdef PF_XTP
220 	  .bd_local_domain = PF_XTP
221 #else
222 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
223 #endif
224 	},
225 	{ .bd_bsm_domain = BSM_PF_COIP,
226 #ifdef PF_COIP
227 	  .bd_local_domain = PF_COIP
228 #else
229 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
230 #endif
231 	},
232 	{ .bd_bsm_domain = BSM_PF_CNT,
233 #ifdef PF_CNT
234 	  .bd_local_domain = PF_CNT
235 #else
236 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
237 #endif
238 	},
239 	{ .bd_bsm_domain = BSM_PF_RTIP,
240 #ifdef PF_RTIP
241 	  .bd_local_domain = PF_RTIP
242 #else
243 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
244 #endif
245 	},
246 	{ .bd_bsm_domain = BSM_PF_SIP,
247 #ifdef PF_SIP
248 	  .bd_local_domain = PF_SIP
249 #else
250 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
251 #endif
252 	},
253 	{ .bd_bsm_domain = BSM_PF_PIP,
254 #ifdef PF_PIP
255 	  .bd_local_domain = PF_PIP
256 #else
257 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
258 #endif
259 	},
260 	{ .bd_bsm_domain = BSM_PF_ISDN,
261 #ifdef PF_ISDN
262 	  .bd_local_domain = PF_ISDN
263 #else
264 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
265 #endif
266 	},
267 	{ .bd_bsm_domain = BSM_PF_E164,
268 #ifdef PF_E164
269 	  .bd_local_domain = PF_E164
270 #else
271 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
272 #endif
273 	},
274 	{ .bd_bsm_domain = BSM_PF_NATM,
275 #ifdef PF_NATM
276 	  .bd_local_domain = PF_NATM
277 #else
278 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
279 #endif
280 	},
281 	{ .bd_bsm_domain = BSM_PF_ATM,
282 #ifdef PF_ATM
283 	  .bd_local_domain = PF_ATM
284 #else
285 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
286 #endif
287 	},
288 	{ .bd_bsm_domain = BSM_PF_NETGRAPH,
289 #ifdef PF_NETGRAPH
290 	  .bd_local_domain = PF_NETGRAPH
291 #else
292 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
293 #endif
294 	},
295 	{ .bd_bsm_domain = BSM_PF_SLOW,
296 #ifdef PF_SLOW
297 	  .bd_local_domain = PF_SLOW
298 #else
299 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
300 #endif
301 	},
302 	{ .bd_bsm_domain = BSM_PF_SCLUSTER,
303 #ifdef PF_SCLUSTER
304 	  .bd_local_domain = PF_SCLUSTER
305 #else
306 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
307 #endif
308 	},
309 	{ .bd_bsm_domain = BSM_PF_ARP,
310 #ifdef PF_ARP
311 	  .bd_local_domain = PF_ARP
312 #else
313 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
314 #endif
315 	},
316 	{ .bd_bsm_domain = BSM_PF_BLUETOOTH,
317 #ifdef PF_BLUETOOTH
318 	  .bd_local_domain = PF_BLUETOOTH
319 #else
320 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
321 #endif
322 	},
323 	{ .bd_bsm_domain = BSM_PF_IEEE80211,
324 #ifdef PF_IEEE80211
325 	  .bd_local_domain = PF_IEEE80211
326 #else
327 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
328 #endif
329 	},
330 	{ .bd_bsm_domain = BSM_PF_AX25,
331 #ifdef PF_AX25
332 	  .bd_local_domain = PF_AX25
333 #else
334 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
335 #endif
336 	},
337 	{ .bd_bsm_domain = BSM_PF_ROSE,
338 #ifdef PF_ROSE
339 	  .bd_local_domain = PF_ROSE
340 #else
341 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
342 #endif
343 	},
344 	{ .bd_bsm_domain = BSM_PF_NETBEUI,
345 #ifdef PF_NETBEUI
346 	  .bd_local_domain = PF_NETBEUI
347 #else
348 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
349 #endif
350 	},
351 	{ .bd_bsm_domain = BSM_PF_SECURITY,
352 #ifdef PF_SECURITY
353 	  .bd_local_domain = PF_SECURITY
354 #else
355 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
356 #endif
357 	},
358 	{ .bd_bsm_domain = BSM_PF_PACKET,
359 #ifdef PF_PACKET
360 	  .bd_local_domain = PF_PACKET
361 #else
362 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
363 #endif
364 	},
365 	{ .bd_bsm_domain = BSM_PF_ASH,
366 #ifdef PF_ASH
367 	  .bd_local_domain = PF_ASH
368 #else
369 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
370 #endif
371 	},
372 	{ .bd_bsm_domain = BSM_PF_ECONET,
373 #ifdef PF_ECONET
374 	  .bd_local_domain = PF_ECONET
375 #else
376 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
377 #endif
378 	},
379 	{ .bd_bsm_domain = BSM_PF_ATMSVC,
380 #ifdef PF_ATMSVC
381 	  .bd_local_domain = PF_ATMSVC
382 #else
383 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
384 #endif
385 	},
386 	{ .bd_bsm_domain = BSM_PF_IRDA,
387 #ifdef PF_IRDA
388 	  .bd_local_domain = PF_IRDA
389 #else
390 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
391 #endif
392 	},
393 	{ .bd_bsm_domain = BSM_PF_PPPOX,
394 #ifdef PF_PPPOX
395 	  .bd_local_domain = PF_PPPOX
396 #else
397 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
398 #endif
399 	},
400 	{ .bd_bsm_domain = BSM_PF_WANPIPE,
401 #ifdef PF_WANPIPE
402 	  .bd_local_domain = PF_WANPIPE
403 #else
404 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
405 #endif
406 	},
407 	{ .bd_bsm_domain = BSM_PF_LLC,
408 #ifdef PF_LLC
409 	  .bd_local_domain = PF_LLC
410 #else
411 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
412 #endif
413 	},
414 	{ .bd_bsm_domain = BSM_PF_CAN,
415 #ifdef PF_CAN
416 	  .bd_local_domain = PF_CAN
417 #else
418 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
419 #endif
420 	},
421 	{ .bd_bsm_domain = BSM_PF_TIPC,
422 #ifdef PF_TIPC
423 	  .bd_local_domain = PF_TIPC
424 #else
425 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
426 #endif
427 	},
428 	{ .bd_bsm_domain = BSM_PF_IUCV,
429 #ifdef PF_IUCV
430 	  .bd_local_domain = PF_IUCV
431 #else
432 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
433 #endif
434 	},
435 	{ .bd_bsm_domain = BSM_PF_RXRPC,
436 #ifdef PF_RXRPC
437 	  .bd_local_domain = PF_RXRPC
438 #else
439 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
440 #endif
441 	},
442 	{ .bd_bsm_domain = BSM_PF_PHONET,
443 #ifdef PF_PHONET
444 	  .bd_local_domain = PF_PHONET
445 #else
446 	  .bd_local_domain = PF_NO_LOCAL_MAPPING
447 #endif
448 	},
449 };
450 static const int bsm_domains_count = sizeof(bsm_domains) /
451     sizeof(bsm_domains[0]);
452 
453 static const struct bsm_domain *
bsm_lookup_local_domain(int local_domain)454 bsm_lookup_local_domain(int local_domain)
455 {
456 	int i;
457 
458 	for (i = 0; i < bsm_domains_count; i++) {
459 		if (bsm_domains[i].bd_local_domain == local_domain) {
460 			return &bsm_domains[i];
461 		}
462 	}
463 	return NULL;
464 }
465 
466 u_short
au_domain_to_bsm(int local_domain)467 au_domain_to_bsm(int local_domain)
468 {
469 	const struct bsm_domain *bstp;
470 
471 	bstp = bsm_lookup_local_domain(local_domain);
472 	if (bstp == NULL) {
473 		return BSM_PF_UNKNOWN;
474 	}
475 	return bstp->bd_bsm_domain;
476 }
477 
478 static const struct bsm_domain *
bsm_lookup_bsm_domain(u_short bsm_domain)479 bsm_lookup_bsm_domain(u_short bsm_domain)
480 {
481 	int i;
482 
483 	for (i = 0; i < bsm_domains_count; i++) {
484 		if (bsm_domains[i].bd_bsm_domain == bsm_domain) {
485 			return &bsm_domains[i];
486 		}
487 	}
488 	return NULL;
489 }
490 
491 int
au_bsm_to_domain(u_short bsm_domain,int * local_domainp)492 au_bsm_to_domain(u_short bsm_domain, int *local_domainp)
493 {
494 	const struct bsm_domain *bstp;
495 
496 	bstp = bsm_lookup_bsm_domain(bsm_domain);
497 	if (bstp == NULL || bstp->bd_local_domain) {
498 		return -1;
499 	}
500 	*local_domainp = bstp->bd_local_domain;
501 	return 0;
502 }
503 #endif /* CONFIG_AUDIT */
504