linux/security/apparmor/include/audit.h
<<
>>
Prefs 
   1/*
   2 * AppArmor security module
   3 *
   4 * This file contains AppArmor auditing function definitions.
   5 *
   6 * Copyright (C) 1998-2008 Novell/SUSE
   7 * Copyright 2009-2010 Canonical Ltd.
   8 *
   9 * This program is free software; you can redistribute it and/or
  10 * modify it under the terms of the GNU General Public License as
  11 * published by the Free Software Foundation, version 2 of the
  12 * License.
  13 */
  14
  15#ifndef __AA_AUDIT_H
  16#define __AA_AUDIT_H
  17
  18#include <linux/audit.h>
  19#include <linux/fs.h>
  20#include <linux/lsm_audit.h>
  21#include <linux/sched.h>
  22#include <linux/slab.h>
  23
  24#include "file.h"
  25#include "label.h"
  26
  27extern const char *const audit_mode_names[];
  28#define AUDIT_MAX_INDEX 5
  29enum audit_mode {
  30        AUDIT_NORMAL,           /* follow normal auditing of accesses */
  31        AUDIT_QUIET_DENIED,     /* quiet all denied access messages */
  32        AUDIT_QUIET,            /* quiet all messages */
  33        AUDIT_NOQUIET,          /* do not quiet audit messages */
  34        AUDIT_ALL               /* audit all accesses */
  35};
  36
  37enum audit_type {
  38        AUDIT_APPARMOR_AUDIT,
  39        AUDIT_APPARMOR_ALLOWED,
  40        AUDIT_APPARMOR_DENIED,
  41        AUDIT_APPARMOR_HINT,
  42        AUDIT_APPARMOR_STATUS,
  43        AUDIT_APPARMOR_ERROR,
  44        AUDIT_APPARMOR_KILL,
  45        AUDIT_APPARMOR_AUTO
  46};
  47
  48#define OP_NULL NULL
  49
  50#define OP_SYSCTL "sysctl"
  51#define OP_CAPABLE "capable"
  52
  53#define OP_UNLINK "unlink"
  54#define OP_MKDIR "mkdir"
  55#define OP_RMDIR "rmdir"
  56#define OP_MKNOD "mknod"
  57#define OP_TRUNC "truncate"
  58#define OP_LINK "link"
  59#define OP_SYMLINK "symlink"
  60#define OP_RENAME_SRC "rename_src"
  61#define OP_RENAME_DEST "rename_dest"
  62#define OP_CHMOD "chmod"
  63#define OP_CHOWN "chown"
  64#define OP_GETATTR "getattr"
  65#define OP_OPEN "open"
  66
  67#define OP_FRECEIVE "file_receive"
  68#define OP_FPERM "file_perm"
  69#define OP_FLOCK "file_lock"
  70#define OP_FMMAP "file_mmap"
  71#define OP_FMPROT "file_mprotect"
  72#define OP_INHERIT "file_inherit"
  73
  74#define OP_PIVOTROOT "pivotroot"
  75#define OP_MOUNT "mount"
  76#define OP_UMOUNT "umount"
  77
  78#define OP_CREATE "create"
  79#define OP_POST_CREATE "post_create"
  80#define OP_BIND "bind"
  81#define OP_CONNECT "connect"
  82#define OP_LISTEN "listen"
  83#define OP_ACCEPT "accept"
  84#define OP_SENDMSG "sendmsg"
  85#define OP_RECVMSG "recvmsg"
  86#define OP_GETSOCKNAME "getsockname"
  87#define OP_GETPEERNAME "getpeername"
  88#define OP_GETSOCKOPT "getsockopt"
  89#define OP_SETSOCKOPT "setsockopt"
  90#define OP_SHUTDOWN "socket_shutdown"
  91
  92#define OP_PTRACE "ptrace"
  93#define OP_SIGNAL "signal"
  94
  95#define OP_EXEC "exec"
  96
  97#define OP_CHANGE_HAT "change_hat"
  98#define OP_CHANGE_PROFILE "change_profile"
  99#define OP_CHANGE_ONEXEC "change_onexec"
 100#define OP_STACK "stack"
 101#define OP_STACK_ONEXEC "stack_onexec"
 102
 103#define OP_SETPROCATTR "setprocattr"
 104#define OP_SETRLIMIT "setrlimit"
 105
 106#define OP_PROF_REPL "profile_replace"
 107#define OP_PROF_LOAD "profile_load"
 108#define OP_PROF_RM "profile_remove"
 109
 110
 111struct apparmor_audit_data {
 112        int error;
 113        int type;
 114        const char *op;
 115        struct aa_label *label;
 116        const char *name;
 117        const char *info;
 118        u32 request;
 119        u32 denied;
 120        union {
 121                /* these entries require a custom callback fn */
 122                struct {
 123                        struct aa_label *peer;
 124                        union {
 125                                struct {
 126                                        const char *target;
 127                                        kuid_t ouid;
 128                                } fs;
 129                                struct {
 130                                        int rlim;
 131                                        unsigned long max;
 132                                } rlim;
 133                                struct {
 134                                        int signal;
 135                                        int unmappedsig;
 136                                };
 137                                struct {
 138                                        int type, protocol;
 139                                        struct sock *peer_sk;
 140                                        void *addr;
 141                                        int addrlen;
 142                                } net;
 143                        };
 144                };
 145                struct {
 146                        struct aa_profile *profile;
 147                        const char *ns;
 148                        long pos;
 149                } iface;
 150                struct {
 151                        const char *src_name;
 152                        const char *type;
 153                        const char *trans;
 154                        const char *data;
 155                        unsigned long flags;
 156                } mnt;
 157        };
 158};
 159
 160/* macros for dealing with  apparmor_audit_data structure */
 161#define aad(SA) ((SA)->apparmor_audit_data)
 162#define DEFINE_AUDIT_DATA(NAME, T, X)                                   \
 163        /* TODO: cleanup audit init so we don't need _aad = {0,} */     \
 164        struct apparmor_audit_data NAME ## _aad = { .op = (X), };       \
 165        struct common_audit_data NAME =                                 \
 166        {                                                               \
 167        .type = (T),                                                    \
 168        .u.tsk = NULL,                                                  \
 169        };                                                              \
 170        NAME.apparmor_audit_data = &(NAME ## _aad)
 171
 172void aa_audit_msg(int type, struct common_audit_data *sa,
 173                  void (*cb) (struct audit_buffer *, void *));
 174int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
 175             void (*cb) (struct audit_buffer *, void *));
 176
 177#define aa_audit_error(ERROR, SA, CB)                           \
 178({                                                              \
 179        aad((SA))->error = (ERROR);                             \
 180        aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB));         \
 181        aad((SA))->error;                                       \
 182})
 183
 184
 185static inline int complain_error(int error)
 186{
 187        if (error == -EPERM || error == -EACCES)
 188                return 0;
 189        return error;
 190}
 191
 192void aa_audit_rule_free(void *vrule);
 193int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
 194int aa_audit_rule_known(struct audit_krule *rule);
 195int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
 196                        struct audit_context *actx);
 197
 198#endif /* __AA_AUDIT_H */
 199
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.