1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23#ifndef _LINUX_AUDIT_H_
24#define _LINUX_AUDIT_H_
25
26#include <linux/sched.h>
27#include <linux/ptrace.h>
28#include <uapi/linux/audit.h>
29
30struct audit_sig_info {
31 uid_t uid;
32 pid_t pid;
33 char ctx[0];
34};
35
36struct audit_buffer;
37struct audit_context;
38struct inode;
39struct netlink_skb_parms;
40struct path;
41struct linux_binprm;
42struct mq_attr;
43struct mqstat;
44struct audit_watch;
45struct audit_tree;
46
47struct audit_krule {
48 int vers_ops;
49 u32 flags;
50 u32 listnr;
51 u32 action;
52 u32 mask[AUDIT_BITMASK_SIZE];
53 u32 buflen;
54 u32 field_count;
55 char *filterkey;
56 struct audit_field *fields;
57 struct audit_field *arch_f;
58 struct audit_field *inode_f;
59 struct audit_watch *watch;
60 struct audit_tree *tree;
61 struct list_head rlist;
62 struct list_head list;
63 u64 prio;
64};
65
66struct audit_field {
67 u32 type;
68 u32 val;
69 kuid_t uid;
70 kgid_t gid;
71 u32 op;
72 char *lsm_str;
73 void *lsm_rule;
74};
75
76extern int __init audit_register_class(int class, unsigned *list);
77extern int audit_classify_syscall(int abi, unsigned syscall);
78extern int audit_classify_arch(int arch);
79
80
81#define AUDIT_TYPE_UNKNOWN 0
82#define AUDIT_TYPE_NORMAL 1
83#define AUDIT_TYPE_PARENT 2
84#define AUDIT_TYPE_CHILD_DELETE 3
85#define AUDIT_TYPE_CHILD_CREATE 4
86
87
88#define AUDITSC_ARGS 6
89
90struct filename;
91
92extern void audit_log_session_info(struct audit_buffer *ab);
93
94#ifdef CONFIG_AUDITSYSCALL
95
96
97extern int audit_alloc(struct task_struct *task);
98extern void __audit_free(struct task_struct *task);
99extern void __audit_syscall_entry(int arch,
100 int major, unsigned long a0, unsigned long a1,
101 unsigned long a2, unsigned long a3);
102extern void __audit_syscall_exit(int ret_success, long ret_value);
103extern struct filename *__audit_reusename(const __user char *uptr);
104extern void __audit_getname(struct filename *name);
105extern void audit_putname(struct filename *name);
106extern void __audit_inode(struct filename *name, const struct dentry *dentry,
107 unsigned int parent);
108extern void __audit_inode_child(const struct inode *parent,
109 const struct dentry *dentry,
110 const unsigned char type);
111extern void __audit_seccomp(unsigned long syscall, long signr, int code);
112extern void __audit_ptrace(struct task_struct *t);
113
114static inline int audit_dummy_context(void)
115{
116 void *p = current->audit_context;
117 return !p || *(int *)p;
118}
119static inline void audit_free(struct task_struct *task)
120{
121 if (unlikely(task->audit_context))
122 __audit_free(task);
123}
124static inline void audit_syscall_entry(int arch, int major, unsigned long a0,
125 unsigned long a1, unsigned long a2,
126 unsigned long a3)
127{
128 if (unlikely(current->audit_context))
129 __audit_syscall_entry(arch, major, a0, a1, a2, a3);
130}
131static inline void audit_syscall_exit(void *pt_regs)
132{
133 if (unlikely(current->audit_context)) {
134 int success = is_syscall_success(pt_regs);
135 int return_code = regs_return_value(pt_regs);
136
137 __audit_syscall_exit(success, return_code);
138 }
139}
140static inline struct filename *audit_reusename(const __user char *name)
141{
142 if (unlikely(!audit_dummy_context()))
143 return __audit_reusename(name);
144 return NULL;
145}
146static inline void audit_getname(struct filename *name)
147{
148 if (unlikely(!audit_dummy_context()))
149 __audit_getname(name);
150}
151static inline void audit_inode(struct filename *name, const struct dentry *dentry,
152 unsigned int parent) {
153 if (unlikely(!audit_dummy_context()))
154 __audit_inode(name, dentry, parent);
155}
156static inline void audit_inode_child(const struct inode *parent,
157 const struct dentry *dentry,
158 const unsigned char type) {
159 if (unlikely(!audit_dummy_context()))
160 __audit_inode_child(parent, dentry, type);
161}
162void audit_core_dumps(long signr);
163
164static inline void audit_seccomp(unsigned long syscall, long signr, int code)
165{
166
167 if (signr || unlikely(!audit_dummy_context()))
168 __audit_seccomp(syscall, signr, code);
169}
170
171static inline void audit_ptrace(struct task_struct *t)
172{
173 if (unlikely(!audit_dummy_context()))
174 __audit_ptrace(t);
175}
176
177
178extern unsigned int audit_serial(void);
179extern int auditsc_get_stamp(struct audit_context *ctx,
180 struct timespec *t, unsigned int *serial);
181extern int audit_set_loginuid(kuid_t loginuid);
182
183static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
184{
185 return tsk->loginuid;
186}
187
188static inline int audit_get_sessionid(struct task_struct *tsk)
189{
190 return tsk->sessionid;
191}
192
193extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
194extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
195extern int __audit_bprm(struct linux_binprm *bprm);
196extern int __audit_socketcall(int nargs, unsigned long *args);
197extern int __audit_sockaddr(int len, void *addr);
198extern void __audit_fd_pair(int fd1, int fd2);
199extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr);
200extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout);
201extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification);
202extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
203extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
204 const struct cred *new,
205 const struct cred *old);
206extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old);
207extern void __audit_mmap_fd(int fd, int flags);
208
209static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
210{
211 if (unlikely(!audit_dummy_context()))
212 __audit_ipc_obj(ipcp);
213}
214static inline void audit_fd_pair(int fd1, int fd2)
215{
216 if (unlikely(!audit_dummy_context()))
217 __audit_fd_pair(fd1, fd2);
218}
219static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode)
220{
221 if (unlikely(!audit_dummy_context()))
222 __audit_ipc_set_perm(qbytes, uid, gid, mode);
223}
224static inline int audit_bprm(struct linux_binprm *bprm)
225{
226 if (unlikely(!audit_dummy_context()))
227 return __audit_bprm(bprm);
228 return 0;
229}
230static inline int audit_socketcall(int nargs, unsigned long *args)
231{
232 if (unlikely(!audit_dummy_context()))
233 return __audit_socketcall(nargs, args);
234 return 0;
235}
236static inline int audit_sockaddr(int len, void *addr)
237{
238 if (unlikely(!audit_dummy_context()))
239 return __audit_sockaddr(len, addr);
240 return 0;
241}
242static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
243{
244 if (unlikely(!audit_dummy_context()))
245 __audit_mq_open(oflag, mode, attr);
246}
247static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout)
248{
249 if (unlikely(!audit_dummy_context()))
250 __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout);
251}
252static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification)
253{
254 if (unlikely(!audit_dummy_context()))
255 __audit_mq_notify(mqdes, notification);
256}
257static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
258{
259 if (unlikely(!audit_dummy_context()))
260 __audit_mq_getsetattr(mqdes, mqstat);
261}
262
263static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
264 const struct cred *new,
265 const struct cred *old)
266{
267 if (unlikely(!audit_dummy_context()))
268 return __audit_log_bprm_fcaps(bprm, new, old);
269 return 0;
270}
271
272static inline void audit_log_capset(pid_t pid, const struct cred *new,
273 const struct cred *old)
274{
275 if (unlikely(!audit_dummy_context()))
276 __audit_log_capset(pid, new, old);
277}
278
279static inline void audit_mmap_fd(int fd, int flags)
280{
281 if (unlikely(!audit_dummy_context()))
282 __audit_mmap_fd(fd, flags);
283}
284
285extern int audit_n_rules;
286extern int audit_signals;
287#else
288static inline int audit_alloc(struct task_struct *task)
289{
290 return 0;
291}
292static inline void audit_free(struct task_struct *task)
293{ }
294static inline void audit_syscall_entry(int arch, int major, unsigned long a0,
295 unsigned long a1, unsigned long a2,
296 unsigned long a3)
297{ }
298static inline void audit_syscall_exit(void *pt_regs)
299{ }
300static inline int audit_dummy_context(void)
301{
302 return 1;
303}
304static inline struct filename *audit_reusename(const __user char *name)
305{
306 return NULL;
307}
308static inline void audit_getname(struct filename *name)
309{ }
310static inline void audit_putname(struct filename *name)
311{ }
312static inline void __audit_inode(struct filename *name,
313 const struct dentry *dentry,
314 unsigned int parent)
315{ }
316static inline void __audit_inode_child(const struct inode *parent,
317 const struct dentry *dentry,
318 const unsigned char type)
319{ }
320static inline void audit_inode(struct filename *name,
321 const struct dentry *dentry,
322 unsigned int parent)
323{ }
324static inline void audit_inode_child(const struct inode *parent,
325 const struct dentry *dentry,
326 const unsigned char type)
327{ }
328static inline void audit_core_dumps(long signr)
329{ }
330static inline void __audit_seccomp(unsigned long syscall, long signr, int code)
331{ }
332static inline void audit_seccomp(unsigned long syscall, long signr, int code)
333{ }
334static inline int auditsc_get_stamp(struct audit_context *ctx,
335 struct timespec *t, unsigned int *serial)
336{
337 return 0;
338}
339static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
340{
341 return INVALID_UID;
342}
343static inline int audit_get_sessionid(struct task_struct *tsk)
344{
345 return -1;
346}
347static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
348{ }
349static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
350 gid_t gid, umode_t mode)
351{ }
352static inline int audit_bprm(struct linux_binprm *bprm)
353{
354 return 0;
355}
356static inline int audit_socketcall(int nargs, unsigned long *args)
357{
358 return 0;
359}
360static inline void audit_fd_pair(int fd1, int fd2)
361{ }
362static inline int audit_sockaddr(int len, void *addr)
363{
364 return 0;
365}
366static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
367{ }
368static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len,
369 unsigned int msg_prio,
370 const struct timespec *abs_timeout)
371{ }
372static inline void audit_mq_notify(mqd_t mqdes,
373 const struct sigevent *notification)
374{ }
375static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
376{ }
377static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
378 const struct cred *new,
379 const struct cred *old)
380{
381 return 0;
382}
383static inline void audit_log_capset(pid_t pid, const struct cred *new,
384 const struct cred *old)
385{ }
386static inline void audit_mmap_fd(int fd, int flags)
387{ }
388static inline void audit_ptrace(struct task_struct *t)
389{ }
390#define audit_n_rules 0
391#define audit_signals 0
392#endif
393
394static inline bool audit_loginuid_set(struct task_struct *tsk)
395{
396 return uid_valid(audit_get_loginuid(tsk));
397}
398
399#ifdef CONFIG_AUDIT
400
401
402extern __printf(4, 5)
403void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
404 const char *fmt, ...);
405
406extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
407extern __printf(2, 3)
408void audit_log_format(struct audit_buffer *ab, const char *fmt, ...);
409extern void audit_log_end(struct audit_buffer *ab);
410extern int audit_string_contains_control(const char *string,
411 size_t len);
412extern void audit_log_n_hex(struct audit_buffer *ab,
413 const unsigned char *buf,
414 size_t len);
415extern void audit_log_n_string(struct audit_buffer *ab,
416 const char *buf,
417 size_t n);
418extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
419 const char *string,
420 size_t n);
421extern void audit_log_untrustedstring(struct audit_buffer *ab,
422 const char *string);
423extern void audit_log_d_path(struct audit_buffer *ab,
424 const char *prefix,
425 const struct path *path);
426extern void audit_log_key(struct audit_buffer *ab,
427 char *key);
428extern void audit_log_link_denied(const char *operation,
429 struct path *link);
430extern void audit_log_lost(const char *message);
431#ifdef CONFIG_SECURITY
432extern void audit_log_secctx(struct audit_buffer *ab, u32 secid);
433#else
434static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)
435{ }
436#endif
437
438extern int audit_log_task_context(struct audit_buffer *ab);
439extern void audit_log_task_info(struct audit_buffer *ab,
440 struct task_struct *tsk);
441
442extern int audit_update_lsm_rules(void);
443
444
445extern int audit_filter_user(int type);
446extern int audit_filter_type(int type);
447extern int audit_receive_filter(int type, int pid, int seq,
448 void *data, size_t datasz);
449extern int audit_enabled;
450#else
451static inline __printf(4, 5)
452void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
453 const char *fmt, ...)
454{ }
455static inline struct audit_buffer *audit_log_start(struct audit_context *ctx,
456 gfp_t gfp_mask, int type)
457{
458 return NULL;
459}
460static inline __printf(2, 3)
461void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
462{ }
463static inline void audit_log_end(struct audit_buffer *ab)
464{ }
465static inline void audit_log_n_hex(struct audit_buffer *ab,
466 const unsigned char *buf, size_t len)
467{ }
468static inline void audit_log_n_string(struct audit_buffer *ab,
469 const char *buf, size_t n)
470{ }
471static inline void audit_log_n_untrustedstring(struct audit_buffer *ab,
472 const char *string, size_t n)
473{ }
474static inline void audit_log_untrustedstring(struct audit_buffer *ab,
475 const char *string)
476{ }
477static inline void audit_log_d_path(struct audit_buffer *ab,
478 const char *prefix,
479 const struct path *path)
480{ }
481static inline void audit_log_key(struct audit_buffer *ab, char *key)
482{ }
483static inline void audit_log_link_denied(const char *string,
484 const struct path *link)
485{ }
486static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)
487{ }
488static inline int audit_log_task_context(struct audit_buffer *ab)
489{
490 return 0;
491}
492static inline void audit_log_task_info(struct audit_buffer *ab,
493 struct task_struct *tsk)
494{ }
495#define audit_enabled 0
496#endif
497static inline void audit_log_string(struct audit_buffer *ab, const char *buf)
498{
499 audit_log_n_string(ab, buf, strlen(buf));
500}
501
502#endif
503
