--- a/usr/src/uts/common/c2/audit.c	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/c2/audit.c	Mon Jun 14 02:08:23 2010 -0700
@@ -86,6 +86,7 @@
 audit_savepath(
 	struct pathname *pnp,		/* pathname to lookup */
 	struct vnode *vp,		/* vnode of the last component */
+	struct vnode *pvp,		/* vnode of the last parent component */
 	int    flag,			/* status of the last access */
 	cred_t *cr)			/* cred of requestor */
 {
@@ -96,33 +97,53 @@
 	tad = U2A(u);
 
 	/*
+	 * Noise elimination in audit trails - this event will be discarded if:
+	 * - the public policy is not active AND
+	 * - the system call is a public operation AND
+	 * - the file was not found: VFS lookup failed with ENOENT error AND
+	 * - the missing file would have been located in the public directory
+	 *   owned by root if it had existed
+	 */
+	if (tad->tad_flag != 0 && flag == ENOENT && pvp != NULL &&
+	    (tad->tad_ctrl & TAD_PUBLIC_EV) &&
+	    !(kctx->auk_policy & AUDIT_PUBLIC)) {
+		struct vattr attr;
+
+		attr.va_mask = AT_ALL;
+		if (VOP_GETATTR(pvp, &attr, 0, CRED(), NULL) == 0) {
+			if (object_is_public(&attr)) {
+				tad->tad_ctrl |= TAD_NOAUDIT;
+			}
+		}
+	}
+
+	/*
 	 * this event being audited or do we need path information
 	 * later? This might be for a chdir/chroot or open (add path
 	 * to file pointer. If the path has already been found for an
 	 * open/creat then we don't need to process the path.
 	 *
-	 * S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
+	 * S2E_SP (TAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
 	 *	chroot, chdir, open, creat system call processing. It determines
 	 *	if audit_savepath() will discard the path or we need it later.
-	 * PAD_PATHFND means path already included in this audit record. It
+	 * TAD_PATHFND means path already included in this audit record. It
 	 *	is used in cases where multiple path lookups are done per
 	 *	system call. The policy flag, AUDIT_PATH, controls if multiple
 	 *	paths are allowed.
-	 * S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
+	 * S2E_NPT (TAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
 	 *	exit processing to inhibit any paths that may be added due to
 	 *	closes.
 	 */
-	if ((tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) ||
-	    ((tad->tad_ctrl & PAD_PATHFND) &&
+	if ((tad->tad_flag == 0 && !(tad->tad_ctrl & TAD_SAVPATH)) ||
+	    ((tad->tad_ctrl & TAD_PATHFND) &&
 	    !(kctx->auk_policy & AUDIT_PATH)) ||
-	    (tad->tad_ctrl & PAD_NOPATH)) {
+	    (tad->tad_ctrl & TAD_NOPATH)) {
 		return (0);
 	}
 
-	tad->tad_ctrl |= PAD_NOPATH;		/* prevent possible reentry */
+	tad->tad_ctrl |= TAD_NOPATH;		/* prevent possible reentry */
 
 	audit_pathbuild(pnp);
-	tad->tad_vn = vp;
 
 	/*
 	 * are we auditing only if error, or if it is not open or create
@@ -135,7 +156,7 @@
 		    tad->tad_scid == SYS_open64 ||
 		    tad->tad_scid == SYS_openat ||
 		    tad->tad_scid == SYS_openat64)) {
-			tad->tad_ctrl |= PAD_TRUE_CREATE;
+			tad->tad_ctrl |= TAD_TRUE_CREATE;
 		}
 
 		/* add token to audit record for this name */
@@ -153,23 +174,22 @@
 			 * then don't add attribute,
 			 * it will be added at end of vn_create().
 			 */
-			if (!flag && !(tad->tad_ctrl & PAD_NOATTRB))
+			if (!flag && !(tad->tad_ctrl & TAD_NOATTRB))
 				audit_attributes(vp);
 		}
 	}
 
 	/* free up space if we're not going to save path (open, creat) */
-	if ((tad->tad_ctrl & PAD_SAVPATH) == 0) {
+	if ((tad->tad_ctrl & TAD_SAVPATH) == 0) {
 		if (tad->tad_aupath != NULL) {
 			au_pathrele(tad->tad_aupath);
 			tad->tad_aupath = NULL;
-			tad->tad_vn = NULL;
 		}
 	}
-	if (tad->tad_ctrl & PAD_MLD)
-		tad->tad_ctrl |= PAD_PATHFND;
+	if (tad->tad_ctrl & TAD_MLD)
+		tad->tad_ctrl |= TAD_PATHFND;
 
-	tad->tad_ctrl &= ~PAD_NOPATH;		/* restore */
+	tad->tad_ctrl &= ~TAD_NOPATH;		/* restore */
 	return (0);
 }
 
@@ -196,10 +216,10 @@
 	mutex_enter(&pad->pad_lock);
 	if (tad->tad_aupath != NULL) {
 		pfxapp = tad->tad_aupath;
-	} else if ((tad->tad_ctrl & PAD_ATCALL) && pnp->pn_buf[0] != '/') {
+	} else if ((tad->tad_ctrl & TAD_ATCALL) && pnp->pn_buf[0] != '/') {
 		ASSERT(tad->tad_atpath != NULL);
 		pfxapp = tad->tad_atpath;
-	} else if (tad->tad_ctrl & PAD_ABSPATH) {
+	} else if (tad->tad_ctrl & TAD_ABSPATH) {
 		pfxapp = pad->pad_root;
 	} else {
 		pfxapp = pad->pad_cwd;
@@ -208,7 +228,7 @@
 	mutex_exit(&pad->pad_lock);
 
 	/* get an expanded buffer to hold the anchored path */
-	newsect = tad->tad_ctrl & PAD_ATTPATH;
+	newsect = tad->tad_ctrl & TAD_ATTPATH;
 	newapp = au_pathdup(pfxapp, newsect, len);
 	au_pathrele(pfxapp);
 
@@ -230,54 +250,10 @@
 	tad->tad_aupath = newapp;
 
 	/* for case where multiple lookups in one syscall (rename) */
-	tad->tad_ctrl &= ~(PAD_ABSPATH | PAD_ATTPATH);
+	tad->tad_ctrl &= ~(TAD_ABSPATH | TAD_ATTPATH);
 }
 
 
-
-/*ARGSUSED*/
-
-/*
- * ROUTINE:	AUDIT_ADDCOMPONENT
- * PURPOSE:	extend the path by the component accepted
- * CALLBY:	LOOKUPPN
- * NOTE:	This function is called only when there is an error in
- *		parsing a path component
- * TODO:	Add the error component to audit record
- * QUESTION:	what is this for
- */
-
-void
-audit_addcomponent(struct pathname *pnp)
-{
-	au_kcontext_t	*kctx = GET_KCTX_PZ;
-	t_audit_data_t *tad;
-
-	tad = U2A(u);
-	/*
-	 * S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
-	 *	chroot, chdir, open, creat system call processing. It determines
-	 *	if audit_savepath() will discard the path or we need it later.
-	 * PAD_PATHFND means path already included in this audit record. It
-	 *	is used in cases where multiple path lookups are done per
-	 *	system call. The policy flag, AUDIT_PATH, controls if multiple
-	 *	paths are allowed.
-	 * S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
-	 *	exit processing to inhibit any paths that may be added due to
-	 *	closes.
-	 */
-	if ((tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) ||
-	    ((tad->tad_ctrl & PAD_PATHFND) &&
-	    !(kctx->auk_policy & AUDIT_PATH)) ||
-	    (tad->tad_ctrl & PAD_NOPATH)) {
-		return;
-	}
-
-	return;
-
-}	/* AUDIT_ADDCOMPONENT */
-
-
 /*
  * ROUTINE:	AUDIT_ANCHORPATH
  * PURPOSE:
@@ -287,7 +263,7 @@
  * first time we will throw away any saved path if path is anchored.
  *
  * flag = 0, path is relative.
- * flag = 1, path is absolute. Free any saved path and set flag to PAD_ABSPATH.
+ * flag = 1, path is absolute. Free any saved path and set flag to TAD_ABSPATH.
  *
  * If the (new) path is absolute, then we have to throw away whatever we have
  * already accumulated since it is being superseded by new path which is
@@ -311,30 +287,29 @@
 	 * to file pointer. If the path has already been found for an
 	 * open/creat then we don't need to process the path.
 	 *
-	 * S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
+	 * S2E_SP (TAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
 	 *	chroot, chdir, open, creat system call processing. It determines
 	 *	if audit_savepath() will discard the path or we need it later.
-	 * PAD_PATHFND means path already included in this audit record. It
+	 * TAD_PATHFND means path already included in this audit record. It
 	 *	is used in cases where multiple path lookups are done per
 	 *	system call. The policy flag, AUDIT_PATH, controls if multiple
 	 *	paths are allowed.
-	 * S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
+	 * S2E_NPT (TAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
 	 *	exit processing to inhibit any paths that may be added due to
 	 *	closes.
 	 */
-	if ((tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) ||
-	    ((tad->tad_ctrl & PAD_PATHFND) &&
+	if ((tad->tad_flag == 0 && !(tad->tad_ctrl & TAD_SAVPATH)) ||
+	    ((tad->tad_ctrl & TAD_PATHFND) &&
 	    !(kctx->auk_policy & AUDIT_PATH)) ||
-	    (tad->tad_ctrl & PAD_NOPATH)) {
+	    (tad->tad_ctrl & TAD_NOPATH)) {
 		return;
 	}
 
 	if (flag) {
-		tad->tad_ctrl |= PAD_ABSPATH;
+		tad->tad_ctrl |= TAD_ABSPATH;
 		if (tad->tad_aupath != NULL) {
 			au_pathrele(tad->tad_aupath);
 			tad->tad_aupath = NULL;
-			tad->tad_vn = NULL;
 		}
 	}
 }
@@ -382,22 +357,22 @@
 	 * to file pointer. If the path has already been found for an
 	 * open/creat then we don't need to process the path.
 	 *
-	 * S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
+	 * S2E_SP (TAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
 	 *	chroot, chdir, open, creat system call processing. It determines
 	 *	if audit_savepath() will discard the path or we need it later.
-	 * PAD_PATHFND means path already included in this audit record. It
+	 * TAD_PATHFND means path already included in this audit record. It
 	 *	is used in cases where multiple path lookups are done per
 	 *	system call. The policy flag, AUDIT_PATH, controls if multiple
 	 *	paths are allowed.
-	 * S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
+	 * S2E_NPT (TAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
 	 *	exit processing to inhibit any paths that may be added due to
 	 *	closes.
 	 */
 	if ((tad->tad_flag == 0 &&
-	    !(tad->tad_ctrl & PAD_SAVPATH)) ||
-	    ((tad->tad_ctrl & PAD_PATHFND) &&
+	    !(tad->tad_ctrl & TAD_SAVPATH)) ||
+	    ((tad->tad_ctrl & TAD_PATHFND) &&
 	    !(kctx->auk_policy & AUDIT_PATH)) ||
-	    (tad->tad_ctrl & PAD_NOPATH)) {
+	    (tad->tad_ctrl & TAD_NOPATH)) {
 		return;
 	}
 
@@ -431,11 +406,12 @@
 }
 
 /*
- * file_is_public : determine whether events for the file (corresponding to
- * 			the specified file attr) should be audited or ignored.
+ * object_is_public : determine whether events for the object (corresponding to
+ *			the specified file/directory attr) should be audited or
+ *			ignored.
  *
- * returns: 	1 - if audit policy and file attributes indicate that
- *			file is effectively public. read events for
+ * returns: 	1 - if audit policy and object attributes indicate that
+ *			file/directory is effectively public. read events for
  *			the file should not be audited.
  *		0 - otherwise
  *
@@ -447,7 +423,7 @@
  *   (mode doesn't need to be checked for symlinks)
  */
 int
-file_is_public(struct vattr *attr)
+object_is_public(struct vattr *attr)
 {
 	au_kcontext_t	*kctx = GET_KCTX_PZ;
 
@@ -484,7 +460,8 @@
 		if (VOP_GETATTR(vp, &attr, 0, CRED(), NULL) != 0)
 			return;
 
-		if (file_is_public(&attr) && (tad->tad_ctrl & PAD_PUBLIC_EV)) {
+		if (object_is_public(&attr) &&
+		    (tad->tad_ctrl & TAD_PUBLIC_EV)) {
 			/*
 			 * This is a public object and a "public" event
 			 * (i.e., read only) -- either by definition
@@ -492,7 +469,7 @@
 			 * not being requested (e.g. mmap).
 			 * Flag it in the tad to prevent this audit at the end.
 			 */
-			tad->tad_ctrl |= PAD_NOAUDIT;
+			tad->tad_ctrl |= TAD_NOAUDIT;
 		} else {
 			au_uwrite(au_to_attr(&attr));
 			audit_sec_attributes(&(u_ad), vp);
@@ -581,7 +558,7 @@
 		return;
 
 	/* reset the flags for non-user attributable events */
-	tad->tad_ctrl   = PAD_CORE;
+	tad->tad_ctrl   = TAD_CORE;
 	tad->tad_scid   = 0;
 
 	/* if auditing not enabled, then don't generate an audit record */
@@ -661,32 +638,12 @@
 	if (tad->tad_aupath != NULL) {
 		au_pathrele(tad->tad_aupath);
 		tad->tad_aupath = NULL;
-		tad->tad_vn = NULL;
 	}
 	tad->tad_event = 0;
 	tad->tad_evmod = 0;
 	tad->tad_ctrl  = 0;
 }
 
-/*ARGSUSED*/
-void
-audit_stropen(struct vnode *vp, dev_t *devp, int flag, cred_t *crp)
-{
-}
-
-/*ARGSUSED*/
-void
-audit_strclose(struct vnode *vp, int flag, cred_t *crp)
-{
-}
-
-/*ARGSUSED*/
-void
-audit_strioctl(struct vnode *vp, int cmd, intptr_t arg, int flag,
-    int copyflag, cred_t *crp, int *rvalp)
-{
-}
-
 
 /*ARGSUSED*/
 void
@@ -826,7 +783,7 @@
 	 * then skip the audit.
 	 */
 	if ((getattr_ret == 0) && ((fp->f_flag & FWRITE) == 0)) {
-		if (file_is_public(&attr)) {
+		if (object_is_public(&attr)) {
 			return;
 		}
 	}
@@ -909,14 +866,13 @@
 	 */
 	fad->fad_aupath = tad->tad_aupath;
 	tad->tad_aupath = NULL;
-	tad->tad_vn = NULL;
 
-	if (!(tad->tad_ctrl & PAD_TRUE_CREATE)) {
+	if (!(tad->tad_ctrl & TAD_TRUE_CREATE)) {
 		/* adjust event type by dropping the 'creat' part */
 		switch (tad->tad_event) {
 		case AUE_OPEN_RC:
 			tad->tad_event = AUE_OPEN_R;
-			tad->tad_ctrl |= PAD_PUBLIC_EV;
+			tad->tad_ctrl |= TAD_PUBLIC_EV;
 			break;
 		case AUE_OPEN_RTC:
 			tad->tad_event = AUE_OPEN_RT;
@@ -940,20 +896,6 @@
 }
 
 
-/*
- * ROUTINE:	AUDIT_COPEN
- * PURPOSE:
- * CALLBY:	COPEN
- * NOTE:
- * TODO:
- * QUESTION:
- */
-/*ARGSUSED*/
-void
-audit_copen(int fd, file_t *fp, vnode_t *vp)
-{
-}
-
 void
 audit_ipc(int type, int id, void *vp)
 {
@@ -1110,13 +1052,13 @@
 	}
 	if (fd != AT_FDCWD) {
 		if ((fp = getf(fd)) == NULL) {
-			tad->tad_ctrl |= PAD_NOPATH;
+			tad->tad_ctrl |= TAD_NOPATH;
 			return;
 		}
 		fad = F2A(fp);
 		ASSERT(fad);
 		if (fad->fad_aupath == NULL) {
-			tad->tad_ctrl |= PAD_NOPATH;
+			tad->tad_ctrl |= TAD_NOPATH;
 			releasef(fd);
 			return;
 		}
@@ -1172,7 +1114,7 @@
 	t_audit_data_t *tad;
 
 	tad = U2A(u);
-	tad->tad_ctrl |= PAD_NOATTRB;
+	tad->tad_ctrl |= TAD_NOATTRB;
 }
 
 /*
@@ -1197,13 +1139,13 @@
 	if (tad->tad_flag == 0)
 		return;
 
-	if (tad->tad_ctrl & PAD_TRUE_CREATE) {
+	if (tad->tad_ctrl & TAD_TRUE_CREATE) {
 		audit_attributes(vp);
 	}
 
-	if (tad->tad_ctrl & PAD_CORE) {
+	if (tad->tad_ctrl & TAD_CORE) {
 		audit_attributes(vp);
-		tad->tad_ctrl &= ~PAD_CORE;
+		tad->tad_ctrl &= ~TAD_CORE;
 	}
 
 	if (!error && ((tad->tad_event == AUE_MKNOD) ||
@@ -1212,7 +1154,7 @@
 	}
 
 	/* for case where multiple lookups in one syscall (rename) */
-	tad->tad_ctrl &= ~PAD_NOATTRB;
+	tad->tad_ctrl &= ~TAD_NOATTRB;
 }
 
 
@@ -1367,22 +1309,6 @@
 	intptr_t arg;
 };
 
-/*
- * ROUTINE:	AUDIT_C2_REVOKE
- * PURPOSE:
- * CALLBY:	FCNTL
- * NOTE:
- * TODO:
- * QUESTION:	are we keeping this func
- */
-
-/*ARGSUSED*/
-int
-audit_c2_revoke(struct fcntla *uap, rval_t *rvp)
-{
-	return (0);
-}
-
 
 /*
  * ROUTINE:	AUDIT_CHDIREC
@@ -1448,38 +1374,6 @@
 	}
 }
 
-/*
- * ROUTINE:	AUDIT_GETF
- * PURPOSE:
- * CALLBY:	GETF_INTERNAL
- * NOTE:	The main function of GETF_INTERNAL is to associate a given
- *		file descriptor with a file structure and increment the
- *		file pointer reference count.
- * TODO:	remove pass in of fpp.
- * increment a reference count so that even if a thread with same process delete
- * the same object, it will not panic our system
- * QUESTION:
- * where to decrement the f_count?????????????????
- * seems like I need to set a flag if f_count incremented through audit_getf
- */
-
-/*ARGSUSED*/
-int
-audit_getf(int fd)
-{
-#ifdef NOTYET
-	t_audit_data_t *tad;
-
-	tad = T2A(curthread);
-
-	if (!(tad->tad_scid == SYS_openat ||
-	    tad->tad_scid == SYS_openat64 ||
-	    tad->tad_scid == SYS_open ||
-	    tad->tad_scid == SYS_open64))
-		return (0);
-#endif
-	return (0);
-}
 
 /*
  *	Audit hook for stream based socket and tli request.
@@ -1643,17 +1537,6 @@
 	}
 }
 
-void
-audit_lookupname()
-{
-}
-
-/*ARGSUSED*/
-int
-audit_pathcomp(struct pathname *pnp, vnode_t *cvp, cred_t *cr)
-{
-	return (0);
-}
 
 static void
 add_return_token(caddr_t *ad, unsigned int scid, int err, int rval)

--- a/usr/src/uts/common/c2/audit.h	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/c2/audit.h	Mon Jun 14 02:08:23 2010 -0700
@@ -501,30 +501,24 @@
 void	audit_pfree(struct proc *);
 void	audit_thread_create(kthread_id_t);
 void	audit_thread_free(kthread_id_t);
-int	audit_savepath(struct pathname *, struct vnode *, int, cred_t *);
-void	audit_addcomponent(struct pathname *);
+int	audit_savepath(struct pathname *, struct vnode *, struct vnode *,
+		int, cred_t *);
 void	audit_anchorpath(struct pathname *, int);
 void	audit_symlink(struct pathname *, struct pathname *);
 void	audit_symlink_create(struct vnode *, char *, char *, int);
-int	file_is_public(struct vattr *);
+int	object_is_public(struct vattr *);
 void	audit_attributes(struct vnode *);
 void	audit_falloc(struct file *);
 void	audit_unfalloc(struct file *);
 void	audit_exit(int, int);
 void	audit_core_start(int);
 void	audit_core_finish(int);
-void	audit_stropen(struct vnode *, dev_t *, int, struct cred *);
-void	audit_strclose(struct vnode *, int, struct cred *);
-void	audit_strioctl(struct vnode *, int, intptr_t, int, int, struct cred *,
-		int *);
 void	audit_strgetmsg(struct vnode *, struct strbuf *, struct strbuf *,
 		unsigned char *, int *, int);
 void	audit_strputmsg(struct vnode *, struct strbuf *, struct strbuf *,
 		unsigned char, int, int);
 void	audit_closef(struct file *);
-int	audit_getf(int);
 void	audit_setf(struct file *, int);
-void	audit_copen(int, struct file *, struct vnode *);
 void	audit_reboot(void);
 void	audit_vncreate_start(void);
 void	audit_setfsat_path(int argnum);
@@ -567,8 +561,8 @@
  * Get the given zone audit status. zcontext != NULL serves
  * as a protection when c2audit module is not loaded.
  */
-#define	AU_ZONE_AUDITING(zcontext)   \
-	(audit_active == C2AUDIT_LOADED && \
+#define	AU_ZONE_AUDITING(zcontext)	    \
+	(audit_active == C2AUDIT_LOADED &&  \
 	    ((AU_AUDIT_MASK) & au_zone_getstate((zcontext))))
 
 /*
@@ -581,11 +575,8 @@
 void	audit_fixpath(struct audit_path *, int);
 void	audit_ipc(int, int, void *);
 void	audit_ipcget(int, void *);
-void	audit_lookupname();
-int	audit_pathcomp(struct pathname *, vnode_t *, cred_t *);
 void	audit_fdsend(int, struct file *, int);
 void	audit_fdrecv(int, struct file *);
-int	audit_c2_revoke(struct fcntla *, rval_t *);
 void	audit_priv(int, const struct priv_set *, int);
 void	audit_setppriv(int, int, const struct priv_set *, const cred_t *);
 void	audit_devpolicy(int, const struct devplcysys *);

--- a/usr/src/uts/common/c2/audit_event.c	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/c2/audit_event.c	Mon Jun 14 02:08:23 2010 -0700
@@ -18,10 +18,8 @@
  *
  * CDDL HEADER END
  */
-
 /*
- * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*
@@ -1024,7 +1022,7 @@
 
 	/* convert to appropriate au_ctrl */
 	if (fm & (FXATTR | FXATTRDIROPEN))
-		tad->tad_ctrl |= PAD_ATTPATH;
+		tad->tad_ctrl |= TAD_ATTPATH;
 
 	return (open_event(fm));
 }
@@ -1045,7 +1043,7 @@
 
 	/* If no write, create, or trunc modes, mark as a public op */
 	if ((fm & (O_RDONLY|O_WRONLY|O_RDWR|O_CREAT|O_TRUNC)) == O_RDONLY)
-		tad->tad_ctrl |= PAD_PUBLIC_EV;
+		tad->tad_ctrl |= TAD_PUBLIC_EV;
 }
 
 /* ARGSUSED */
@@ -1067,7 +1065,7 @@
 
 	/* convert to appropriate au_ctrl */
 	if (fm & (FXATTR | FXATTRDIROPEN))
-		tad->tad_ctrl |= PAD_ATTPATH;
+		tad->tad_ctrl |= TAD_ATTPATH;
 
 	return (open_event(fm));
 }
@@ -1089,7 +1087,7 @@
 
 	/* If no write, create, or trunc modes, mark as a public op */
 	if ((fm & (O_RDONLY|O_WRONLY|O_RDWR|O_CREAT|O_TRUNC)) == O_RDONLY)
-		tad->tad_ctrl |= PAD_PUBLIC_EV;
+		tad->tad_ctrl |= TAD_PUBLIC_EV;
 }
 
 static au_event_t
@@ -1552,7 +1550,7 @@
 
 	/* do the lookup to force generation of path token */
 	pnamep = (caddr_t)uap->pnamep;
-	tad->tad_ctrl |= PAD_NOATTRB;
+	tad->tad_ctrl |= TAD_NOATTRB;
 	error = lookupname(pnamep, UIO_USERSPACE, NO_FOLLOW, &dvp, NULLVPP);
 	if (error == 0)
 		VN_RELE(dvp);
@@ -1839,7 +1837,7 @@
 				 * considered public, skip the audit.
 				 */
 				if (((fp->f_flag & FWRITE) == 0) &&
-				    file_is_public(&attr)) {
+				    object_is_public(&attr)) {
 					tad->tad_flag = 0;
 					tad->tad_evmod = 0;
 					/* free any residual audit data */
@@ -2318,7 +2316,7 @@
 	 * public object, the mmap event may be discarded.
 	 */
 	if (((uap->prot) & PROT_WRITE) == 0) {
-		tad->tad_ctrl |= PAD_PUBLIC_EV;
+		tad->tad_ctrl |= TAD_PUBLIC_EV;
 	}
 
 	fad = F2A(fp);

--- a/usr/src/uts/common/c2/audit_io.c	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/c2/audit_io.c	Mon Jun 14 02:08:23 2010 -0700
@@ -19,12 +19,12 @@
  * CDDL HEADER END
  */
 /*
- * Routines for writing audit records.
- *
- * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
+/*
+ * Routines for writing audit records.
+ */
 
 #include <sys/door.h>
 #include <sys/param.h>
@@ -736,9 +736,9 @@
 	/* clean up the tad unless called from softcall backend */
 	if (!(flags & AU_BACKEND)) {
 		ASSERT(tad != NULL);
-		ASSERT(tad->tad_ctrl & PAD_ERRJMP);
+		ASSERT(tad->tad_ctrl & TAD_ERRJMP);
 
-		tad->tad_ctrl &= ~PAD_ERRJMP;
+		tad->tad_ctrl &= ~TAD_ERRJMP;
 		tad->tad_errjmp = NULL;
 	}
 
@@ -817,7 +817,7 @@
 
 	ASSERT(tad->tad_errjmp == NULL);
 	tad->tad_errjmp = (void *)jb;
-	tad->tad_ctrl |= PAD_ERRJMP;
+	tad->tad_ctrl |= TAD_ERRJMP;
 
 	return (0);
 }

--- a/usr/src/uts/common/c2/audit_kernel.h	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/c2/audit_kernel.h	Mon Jun 14 02:08:23 2010 -0700
@@ -79,11 +79,11 @@
 /*
  * Defines for au_ctrl
  */
-#define	S2E_SP  PAD_SAVPATH	/* save path for later use */
-#define	S2E_MLD PAD_MLD		/* only one lookup per system call */
-#define	S2E_NPT PAD_NOPATH	/* force no path in audit record */
-#define	S2E_PUB PAD_PUBLIC_EV	/* syscall is defined as a public op */
-#define	S2E_ATC	PAD_ATCALL	/* syscall is one of the *at() family */
+#define	S2E_SP  TAD_SAVPATH	/* save path for later use */
+#define	S2E_MLD TAD_MLD		/* only one lookup per system call */
+#define	S2E_NPT TAD_NOPATH	/* force no path in audit record */
+#define	S2E_PUB TAD_PUBLIC_EV	/* syscall is defined as a public op */
+#define	S2E_ATC	TAD_ATCALL	/* syscall is one of the *at() family */
 
 /*
  * At present, we are using the audit classes imbedded with in the kernel. Each
@@ -162,35 +162,28 @@
 #define	pad_flags	pad_data.pad_flags
 
 /*
- * Defines for pad_flags
+ * Defines for process audit flags (pad_flags)
  */
 #define	PAD_SETMASK 	0x00000001	/* need to complete pending setmask */
 
 extern kmem_cache_t *au_pad_cache;
 
 /*
- * Defines for tad_ctrl
+ * Defines for thread audit control/status flags (tad_ctrl)
  */
-#define	PAD_SAVPATH 	0x00000001	/* save path for further processing */
-#define	PAD_MLD		0x00000002	/* system call involves MLD */
-#define	PAD_NOPATH  	0x00000004	/* force no paths in audit record */
-#define	PAD_ABSPATH 	0x00000008	/* path from lookup is absolute */
-#define	PAD_NOATTRB 	0x00000010	/* do not automatically add attribute */
-					/* 0x20 unused */
-#define	PAD_ATCALL	0x00000040	/* *at() syscall, like openat() */
-#define	PAD_LFLOAT  	0x00000080	/* Label float */
-#define	PAD_NOAUDIT 	0x00000100	/* discard audit record */
-#define	PAD_PATHFND 	0x00000200	/* found path, don't retry lookup */
-#define	PAD_SPRIV   	0x00000400	/* succ priv use. extra audit_finish */
-#define	PAD_FPRIV   	0x00000800	/* fail priv use. extra audit_finish */
-#define	PAD_SMAC    	0x00001000	/* succ mac use. extra audit_finish */
-#define	PAD_FMAC    	0x00002000	/* fail mac use. extra audit_finish */
-#define	PAD_AUDITME 	0x00004000	/* audit me because of NFS operation */
-#define	PAD_ATTPATH  	0x00008000	/* attribute file lookup */
-#define	PAD_TRUE_CREATE 0x00010000	/* true create, file not found */
-#define	PAD_CORE	0x00020000	/* save attribute during core dump */
-#define	PAD_ERRJMP	0x00040000	/* abort record generation on error */
-#define	PAD_PUBLIC_EV	0x00080000	/* syscall is defined as a public op */
+#define	TAD_ABSPATH 	0x00000001	/* path from lookup is absolute */
+#define	TAD_ATCALL	0x00000002	/* *at() syscall, like openat() */
+#define	TAD_ATTPATH  	0x00000004	/* attribute file lookup */
+#define	TAD_CORE	0x00000008	/* save attribute during core dump */
+#define	TAD_ERRJMP	0x00000010	/* abort record generation on error */
+#define	TAD_MLD		0x00000020	/* system call involves MLD */
+#define	TAD_NOATTRB 	0x00000040	/* do not automatically add attribute */
+#define	TAD_NOAUDIT 	0x00000080	/* discard audit record */
+#define	TAD_NOPATH  	0x00000100	/* force no paths in audit record */
+#define	TAD_PATHFND 	0x00000200	/* found path, don't retry lookup */
+#define	TAD_PUBLIC_EV	0x00000400	/* syscall is defined as a public op */
+#define	TAD_SAVPATH 	0x00000800	/* save path for further processing */
+#define	TAD_TRUE_CREATE 0x00001000	/* true create, file not found */
 
 /*
  * The structure t_audit_data hangs off of the thread structure. It contains
@@ -210,7 +203,6 @@
 	uint32_t tad_audit;	/* auditing enabled/disabled */
 	struct audit_path	*tad_aupath;	/* captured at vfs_lookup */
 	struct audit_path	*tad_atpath;	/* openat prefix, path of fd */
-	struct vnode *tad_vn;	/* saved inode from vfs_lookup */
 	caddr_t tad_ad;		/* base of accumulated audit data */
 	au_defer_info_t	*tad_defer_head;	/* queue of records to defer */
 						/* until syscall end: */

--- a/usr/src/uts/common/c2/audit_mem.c	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/c2/audit_mem.c	Mon Jun 14 02:08:23 2010 -0700
@@ -19,8 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 #include <sys/param.h>
@@ -57,7 +56,7 @@
 	 * If asynchronous (interrupt) thread, then we can't sleep
 	 * (the tad ERRJMP flag is set at the start of async processing).
 	 */
-	if (tad->tad_ctrl & PAD_ERRJMP) {
+	if (tad->tad_ctrl & TAD_ERRJMP) {
 		buffer = kmem_cache_alloc(au_buf_cache, KM_NOSLEEP);
 		if (buffer == NULL) {
 			/* return to top of stack & report an error */
@@ -89,7 +88,7 @@
 	 * If asynchronous (interrupt) thread, schedule the release
 	 * (the tad ERRJMP flag is set at the start of async processing).
 	 */
-	if (tad->tad_ctrl & PAD_ERRJMP) {
+	if (tad->tad_ctrl & TAD_ERRJMP) {
 		/* Discard async events via softcall. */
 		softcall(audit_async_discard_backend, buf);
 	}

--- a/usr/src/uts/common/c2/audit_start.c	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/c2/audit_start.c	Mon Jun 14 02:08:23 2010 -0700
@@ -102,7 +102,7 @@
 
 	ASSERT(tad->tad_errjmp == NULL);
 	tad->tad_errjmp = (void *)&jb;
-	tad->tad_ctrl |= PAD_ERRJMP;
+	tad->tad_ctrl |= TAD_ERRJMP;
 
 	/* generate a system-booted audit record */
 	au_write((caddr_t *)&rp, au_to_text("booting kernel"));
@@ -265,7 +265,7 @@
 	}
 	tad->tad_defer_head = tad->tad_defer_tail = NULL;
 
-	if (tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) {
+	if (tad->tad_flag == 0 && !(tad->tad_ctrl & TAD_SAVPATH)) {
 		/*
 		 * clear the ctrl flag so that we don't have spurious
 		 * collection of audit information.
@@ -375,7 +375,6 @@
 	if (tad->tad_aupath != NULL) {
 		au_pathrele(tad->tad_aupath);
 		tad->tad_aupath = NULL;
-		tad->tad_vn = NULL;
 	}
 
 	/* free up any space remaining with openat path's */
@@ -410,18 +409,10 @@
 		tad->tad_evmod |= PAD_FAILURE;
 
 	/* see if we really want to generate an audit record */
-	if (tad->tad_ctrl & PAD_NOAUDIT)
+	if (tad->tad_ctrl & TAD_NOAUDIT)
 		return (0);
 
 	/*
-	 * nfs operation and we're auditing privilege or MAC. This
-	 * is so we have a client audit record to match a nfs server
-	 * audit record.
-	 */
-	if (tad->tad_ctrl & PAD_AUDITME)
-		return (AU_OK);
-
-	/*
 	 * Used passed cred if available, otherwise use cred from kernel thread
 	 */
 	if (cr == NULL)

--- a/usr/src/uts/common/fs/lookup.c	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/fs/lookup.c	Mon Jun 14 02:08:23 2010 -0700
@@ -91,8 +91,6 @@
 
 	error = pn_get_buf(fnamep, seg, &lookpn, namebuf, sizeof (namebuf));
 	if (error == 0) {
-		if (AU_AUDITING())
-			audit_lookupname();
 		error = lookuppnatcred(&lookpn, NULL, followlink,
 		    dirvpp, compvpp, startvp, cr);
 	}
@@ -276,8 +274,6 @@
 	 * Process the next component of the pathname.
 	 */
 	if (error = pn_getcomponent(pnp, component)) {
-		if (auditing)
-			audit_addcomponent(pnp);
 		goto bad;
 	}
 
@@ -409,9 +405,10 @@
 		if (pn_pathleft(pnp) || dirvpp == NULL || error != ENOENT)
 			goto bad;
 		if (auditing) {	/* directory access */
-			if (error = audit_savepath(pnp, vp, error, cr))
+			if (error = audit_savepath(pnp, vp, vp, error, cr))
 				goto bad_noaudit;
 		}
+
 		pn_setlast(pnp);
 		/*
 		 * We inform the caller that the desired entry must be
@@ -466,10 +463,6 @@
 	 */
 	if (cvp->v_type == VLNK && ((flags & FOLLOW) || pn_pathleft(pnp))) {
 		struct pathname linkpath;
-		if (auditing) {
-			if (error = audit_pathcomp(pnp, cvp, cr))
-				goto bad;
-		}
 
 		if (++nlink > MAXSYMLINKS) {
 			error = ELOOP;
@@ -579,7 +572,7 @@
 			 */
 			if (vn_compare(vp, cvp)) {
 				if (auditing)
-					(void) audit_savepath(pnp, cvp,
+					(void) audit_savepath(pnp, cvp, vp,
 					    EINVAL, cr);
 				pn_setlast(pnp);
 				VN_RELE(vp);
@@ -590,15 +583,11 @@
 					pn_free(pp);
 				return (EINVAL);
 			}
-			if (auditing) {
-				if (error = audit_pathcomp(pnp, vp, cr))
-					goto bad;
-			}
 			*dirvpp = vp;
 		} else
 			VN_RELE(vp);
 		if (auditing)
-			(void) audit_savepath(pnp, cvp, 0, cr);
+			(void) audit_savepath(pnp, cvp, vp, 0, cr);
 		if (pnp->pn_path == pnp->pn_buf)
 			(void) pn_set(pnp, ".");
 		else
@@ -621,11 +610,6 @@
 		return (0);
 	}
 
-	if (auditing) {
-		if (error = audit_pathcomp(pnp, cvp, cr))
-			goto bad;
-	}
-
 	/*
 	 * Skip over slashes from end of last component.
 	 */
@@ -646,7 +630,7 @@
 
 bad:
 	if (auditing)	/* reached end of path */
-		(void) audit_savepath(pnp, cvp, error, cr);
+		(void) audit_savepath(pnp, cvp, vp, error, cr);
 bad_noaudit:
 	/*
 	 * Error.  Release vnodes and return.

--- a/usr/src/uts/common/os/fio.c	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/os/fio.c	Mon Jun 14 02:08:23 2010 -0700
@@ -606,12 +606,6 @@
 	}
 	ufp->uf_refcnt++;
 
-	/*
-	 * archive per file audit data
-	 */
-	if (AU_AUDITING())
-		(void) audit_getf(fd);
-
 	set_active_fd(fd);	/* record the active file descriptor */
 
 	UF_EXIT(ufp);
@@ -684,11 +678,6 @@
 		}
 	}
 
-	/*
-	 * archive per file audit data
-	 */
-	if (AU_AUDITING())
-		(void) audit_getf(fd);
 	ASSERT(ufp->uf_busy);
 	ufp->uf_file = NULL;
 	ufp->uf_flag = 0;

--- a/usr/src/uts/common/os/streamio.c	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/os/streamio.c	Mon Jun 14 02:08:23 2010 -0700
@@ -250,9 +250,6 @@
 	zoneid_t zoneid;
 	uint_t anchor;
 
-	if (AU_AUDITING())
-		audit_stropen(vp, devp, flag, crp);
-
 	/*
 	 * If the stream already exists, wait for any open in progress
 	 * to complete, then call the open function of each module and
@@ -619,9 +616,6 @@
 	int freestp = 1;
 	queue_t *rmq;
 
-	if (AU_AUDITING())
-		audit_strclose(vp, flag, crp);
-
 	TRACE_1(TR_FAC_STREAMS_FR,
 	    TR_STRCLOSE, "strclose:%p", vp);
 	ASSERT(vp->v_stream);
@@ -3222,9 +3216,6 @@
 	TRACE_3(TR_FAC_STREAMS_FR, TR_IOCTL_ENTER,
 	    "strioctl:stp %p cmd %X arg %lX", stp, cmd, arg);
 
-	if (auditing)
-		audit_strioctl(vp, cmd, arg, flag, copyflag, crp, rvalp);
-
 	/*
 	 * If the copy is kernel to kernel, make sure that the FNATIVE
 	 * flag is set.  After this it would be a serious error to have

--- a/usr/src/uts/common/sys/sad.h	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/sys/sad.h	Mon Jun 14 02:08:23 2010 -0700
@@ -19,8 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
@@ -30,8 +29,6 @@
 #ifndef _SYS_SAD_H
 #define	_SYS_SAD_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"	/* SVr4.0 1.5 */
-
 #include <sys/types.h>
 #ifdef	_KERNEL
 #include <sys/strsubr.h>
@@ -208,9 +205,6 @@
 /*
  * function prototypes
  */
-void audit_stropen(struct vnode *, dev_t *, int, cred_t *);
-void audit_strclose(struct vnode *, int, cred_t *);
-void audit_strioctl(struct vnode *, int, intptr_t, int, int, cred_t *, int *);
 struct strbuf;
 void audit_strputmsg(struct vnode *, struct strbuf *, struct strbuf *,
 						unsigned char, int, int);

--- a/usr/src/uts/common/syscall/open.c	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/common/syscall/open.c	Mon Jun 14 02:08:23 2010 -0700
@@ -20,8 +20,7 @@
  */
 
 /*
- * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
@@ -200,8 +199,6 @@
 			if (startvp != NULL)
 				VN_RELE(startvp);
 			if (error == 0) {
-				if (auditing)
-					audit_copen(fd, fp, vp);
 				if ((vp->v_flag & VDUP) == 0) {
 					fp->f_vnode = vp;
 					mutex_exit(&fp->f_tlock);

--- a/usr/src/uts/intel/ia32/ml/modstubs.s	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/intel/ia32/ml/modstubs.s	Mon Jun 14 02:08:23 2010 -0700
@@ -958,17 +958,11 @@
 	NO_UNLOAD_STUB(c2audit, audit,			nomod_zero);
 	NO_UNLOAD_STUB(c2audit, auditdoor,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_closef,		nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_copen,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_core_start,	nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_core_finish,	nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_stropen,		nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_strclose,		nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_strioctl,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_strputmsg,	nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_c2_revoke,	nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_savepath,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_anchorpath,	nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_addcomponent,	nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_exit,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_exec,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_symlink,		nomod_zero);
@@ -978,14 +972,11 @@
 	NO_UNLOAD_STUB(c2audit, audit_enterprom,	nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_exitprom,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_chdirec,		nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_getf,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_setf,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_sock,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_strgetmsg,	nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_ipc,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_ipcget,		nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_lookupname,	nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_pathcomp,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_fdsend,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_fdrecv,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_priv,		nomod_zero);

--- a/usr/src/uts/sparc/ml/modstubs.s	Sat Jun 12 23:20:18 2010 -0700
+++ b/usr/src/uts/sparc/ml/modstubs.s	Mon Jun 14 02:08:23 2010 -0700
@@ -878,17 +878,11 @@
 	NO_UNLOAD_STUB(c2audit, audit,			nomod_zero);
 	NO_UNLOAD_STUB(c2audit, auditdoor,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_closef,		nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_copen,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_core_start,	nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_core_finish,	nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_stropen,		nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_strclose,		nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_strioctl,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_strputmsg,	nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_c2_revoke,	nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_savepath,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_anchorpath,	nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_addcomponent,	nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_exit,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_exec,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_symlink,		nomod_zero);
@@ -898,14 +892,11 @@
 	NO_UNLOAD_STUB(c2audit, audit_enterprom,	nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_exitprom,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_chdirec,		nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_getf,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_setf,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_sock,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_strgetmsg,	nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_ipc,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_ipcget,		nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_lookupname,	nomod_zero);
-	NO_UNLOAD_STUB(c2audit, audit_pathcomp,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_fdsend,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_fdrecv,		nomod_zero);
 	NO_UNLOAD_STUB(c2audit, audit_priv,		nomod_zero);