linux/security/apparmor/include/audit.h
<<
>>
Prefs 
   1/*
   2 * AppArmor security module
   3 *
   4 * This file contains AppArmor auditing function definitions.
   5 *
   6 * Copyright (C) 1998-2008 Novell/SUSE
   7 * Copyright 2009-2010 Canonical Ltd.
   8 *
   9 * This program is free software; you can redistribute it and/or
  10 * modify it under the terms of the GNU General Public License as
  11 * published by the Free Software Foundation, version 2 of the
  12 * License.
  13 */
  14
  15#ifndef __AA_AUDIT_H
  16#define __AA_AUDIT_H
  17
  18#include <linux/audit.h>
  19#include <linux/fs.h>
  20#include <linux/lsm_audit.h>
  21#include <linux/sched.h>
  22#include <linux/slab.h>
  23
  24#include "file.h"
  25
  26struct aa_profile;
  27
  28extern const char *const audit_mode_names[];
  29#define AUDIT_MAX_INDEX 5
  30enum audit_mode {
  31        AUDIT_NORMAL,           /* follow normal auditing of accesses */
  32        AUDIT_QUIET_DENIED,     /* quiet all denied access messages */
  33        AUDIT_QUIET,            /* quiet all messages */
  34        AUDIT_NOQUIET,          /* do not quiet audit messages */
  35        AUDIT_ALL               /* audit all accesses */
  36};
  37
  38enum audit_type {
  39        AUDIT_APPARMOR_AUDIT,
  40        AUDIT_APPARMOR_ALLOWED,
  41        AUDIT_APPARMOR_DENIED,
  42        AUDIT_APPARMOR_HINT,
  43        AUDIT_APPARMOR_STATUS,
  44        AUDIT_APPARMOR_ERROR,
  45        AUDIT_APPARMOR_KILL,
  46        AUDIT_APPARMOR_AUTO
  47};
  48
  49#define OP_NULL NULL
  50
  51#define OP_SYSCTL "sysctl"
  52#define OP_CAPABLE "capable"
  53
  54#define OP_UNLINK "unlink"
  55#define OP_MKDIR "mkdir"
  56#define OP_RMDIR "rmdir"
  57#define OP_MKNOD "mknod"
  58#define OP_TRUNC "truncate"
  59#define OP_LINK "link"
  60#define OP_SYMLINK "symlink"
  61#define OP_RENAME_SRC "rename_src"
  62#define OP_RENAME_DEST "rename_dest"
  63#define OP_CHMOD "chmod"
  64#define OP_CHOWN "chown"
  65#define OP_GETATTR "getattr"
  66#define OP_OPEN "open"
  67
  68#define OP_FPERM "file_perm"
  69#define OP_FLOCK "file_lock"
  70#define OP_FMMAP "file_mmap"
  71#define OP_FMPROT "file_mprotect"
  72
  73#define OP_CREATE "create"
  74#define OP_POST_CREATE "post_create"
  75#define OP_BIND "bind"
  76#define OP_CONNECT "connect"
  77#define OP_LISTEN "listen"
  78#define OP_ACCEPT "accept"
  79#define OP_SENDMSG "sendmsg"
  80#define OP_RECVMSG "recvmsg"
  81#define OP_GETSOCKNAME "getsockname"
  82#define OP_GETPEERNAME "getpeername"
  83#define OP_GETSOCKOPT "getsockopt"
  84#define OP_SETSOCKOPT "setsockopt"
  85#define OP_SHUTDOWN "socket_shutdown"
  86
  87#define OP_PTRACE "ptrace"
  88
  89#define OP_EXEC "exec"
  90
  91#define OP_CHANGE_HAT "change_hat"
  92#define OP_CHANGE_PROFILE "change_profile"
  93#define OP_CHANGE_ONEXEC "change_onexec"
  94
  95#define OP_SETPROCATTR "setprocattr"
  96#define OP_SETRLIMIT "setrlimit"
  97
  98#define OP_PROF_REPL "profile_replace"
  99#define OP_PROF_LOAD "profile_load"
 100#define OP_PROF_RM "profile_remove"
 101
 102
 103struct apparmor_audit_data {
 104        int error;
 105        const char *op;
 106        int type;
 107        void *profile;
 108        const char *name;
 109        const char *info;
 110        union {
 111                /* these entries require a custom callback fn */
 112                struct {
 113                        struct aa_profile *peer;
 114                        struct {
 115                                const char *target;
 116                                u32 request;
 117                                u32 denied;
 118                                kuid_t ouid;
 119                        } fs;
 120                };
 121                struct {
 122                        const char *name;
 123                        long pos;
 124                        const char *ns;
 125                } iface;
 126                struct {
 127                        int rlim;
 128                        unsigned long max;
 129                } rlim;
 130        };
 131};
 132
 133/* macros for dealing with  apparmor_audit_data structure */
 134#define aad(SA) ((SA)->apparmor_audit_data)
 135#define DEFINE_AUDIT_DATA(NAME, T, X)                                   \
 136        /* TODO: cleanup audit init so we don't need _aad = {0,} */     \
 137        struct apparmor_audit_data NAME ## _aad = { .op = (X), };       \
 138        struct common_audit_data NAME =                                 \
 139        {                                                               \
 140        .type = (T),                                                    \
 141        .u.tsk = NULL,                                                  \
 142        };                                                              \
 143        NAME.apparmor_audit_data = &(NAME ## _aad)
 144
 145void aa_audit_msg(int type, struct common_audit_data *sa,
 146                  void (*cb) (struct audit_buffer *, void *));
 147int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
 148             void (*cb) (struct audit_buffer *, void *));
 149
 150#define aa_audit_error(ERROR, SA, CB)                           \
 151({                                                              \
 152        aad((SA))->error = (ERROR);                             \
 153        aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB));         \
 154        aad((SA))->error;                                       \
 155})
 156
 157
 158static inline int complain_error(int error)
 159{
 160        if (error == -EPERM || error == -EACCES)
 161                return 0;
 162        return error;
 163}
 164
 165#endif /* __AA_AUDIT_H */
 166
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.