LXR linux/security/apparmor/include/audit.h

   1/* SPDX-License-Identifier: GPL-2.0-only */
   2/*
   3 * AppArmor security module
   4 *
   5 * This file contains AppArmor auditing function definitions.
   6 *
   7 * Copyright (C) 1998-2008 Novell/SUSE
   8 * Copyright 2009-2010 Canonical Ltd.
   9 */
  10
  11#ifndef __AA_AUDIT_H
  12#define __AA_AUDIT_H
  13
  14#include <linux/audit.h>
  15#include <linux/fs.h>
  16#include <linux/lsm_audit.h>
  17#include <linux/sched.h>
  18#include <linux/slab.h>
  19
  20#include "file.h"
  21#include "label.h"
  22
  23extern const char *const audit_mode_names[];
  24#define AUDIT_MAX_INDEX 5
  25enum audit_mode {
  26        AUDIT_NORMAL,           /* follow normal auditing of accesses */
  27        AUDIT_QUIET_DENIED,     /* quiet all denied access messages */
  28        AUDIT_QUIET,            /* quiet all messages */
  29        AUDIT_NOQUIET,          /* do not quiet audit messages */
  30        AUDIT_ALL               /* audit all accesses */
  31};
  32
  33enum audit_type {
  34        AUDIT_APPARMOR_AUDIT,
  35        AUDIT_APPARMOR_ALLOWED,
  36        AUDIT_APPARMOR_DENIED,
  37        AUDIT_APPARMOR_HINT,
  38        AUDIT_APPARMOR_STATUS,
  39        AUDIT_APPARMOR_ERROR,
  40        AUDIT_APPARMOR_KILL,
  41        AUDIT_APPARMOR_AUTO
  42};
  43
  44#define OP_NULL NULL
  45
  46#define OP_SYSCTL "sysctl"
  47#define OP_CAPABLE "capable"
  48
  49#define OP_UNLINK "unlink"
  50#define OP_MKDIR "mkdir"
  51#define OP_RMDIR "rmdir"
  52#define OP_MKNOD "mknod"
  53#define OP_TRUNC "truncate"
  54#define OP_LINK "link"
  55#define OP_SYMLINK "symlink"
  56#define OP_RENAME_SRC "rename_src"
  57#define OP_RENAME_DEST "rename_dest"
  58#define OP_CHMOD "chmod"
  59#define OP_CHOWN "chown"
  60#define OP_GETATTR "getattr"
  61#define OP_OPEN "open"
  62
  63#define OP_FRECEIVE "file_receive"
  64#define OP_FPERM "file_perm"
  65#define OP_FLOCK "file_lock"
  66#define OP_FMMAP "file_mmap"
  67#define OP_FMPROT "file_mprotect"
  68#define OP_INHERIT "file_inherit"
  69
  70#define OP_PIVOTROOT "pivotroot"
  71#define OP_MOUNT "mount"
  72#define OP_UMOUNT "umount"
  73
  74#define OP_CREATE "create"
  75#define OP_POST_CREATE "post_create"
  76#define OP_BIND "bind"
  77#define OP_CONNECT "connect"
  78#define OP_LISTEN "listen"
  79#define OP_ACCEPT "accept"
  80#define OP_SENDMSG "sendmsg"
  81#define OP_RECVMSG "recvmsg"
  82#define OP_GETSOCKNAME "getsockname"
  83#define OP_GETPEERNAME "getpeername"
  84#define OP_GETSOCKOPT "getsockopt"
  85#define OP_SETSOCKOPT "setsockopt"
  86#define OP_SHUTDOWN "socket_shutdown"
  87
  88#define OP_PTRACE "ptrace"
  89#define OP_SIGNAL "signal"
  90
  91#define OP_EXEC "exec"
  92
  93#define OP_CHANGE_HAT "change_hat"
  94#define OP_CHANGE_PROFILE "change_profile"
  95#define OP_CHANGE_ONEXEC "change_onexec"
  96#define OP_STACK "stack"
  97#define OP_STACK_ONEXEC "stack_onexec"
  98
  99#define OP_SETPROCATTR "setprocattr"
 100#define OP_SETRLIMIT "setrlimit"
 101
 102#define OP_PROF_REPL "profile_replace"
 103#define OP_PROF_LOAD "profile_load"
 104#define OP_PROF_RM "profile_remove"
 105
 106
 107struct apparmor_audit_data {
 108        int error;
 109        int type;
 110        const char *op;
 111        struct aa_label *label;
 112        const char *name;
 113        const char *info;
 114        u32 request;
 115        u32 denied;
 116        union {
 117                /* these entries require a custom callback fn */
 118                struct {
 119                        struct aa_label *peer;
 120                        union {
 121                                struct {
 122                                        const char *target;
 123                                        kuid_t ouid;
 124                                } fs;
 125                                struct {
 126                                        int rlim;
 127                                        unsigned long max;
 128                                } rlim;
 129                                struct {
 130                                        int signal;
 131                                        int unmappedsig;
 132                                };
 133                                struct {
 134                                        int type, protocol;
 135                                        struct sock *peer_sk;
 136                                        void *addr;
 137                                        int addrlen;
 138                                } net;
 139                        };
 140                };
 141                struct {
 142                        struct aa_profile *profile;
 143                        const char *ns;
 144                        long pos;
 145                } iface;
 146                struct {
 147                        const char *src_name;
 148                        const char *type;
 149                        const char *trans;
 150                        const char *data;
 151                        unsigned long flags;
 152                } mnt;
 153        };
 154};
 155
 156/* macros for dealing with  apparmor_audit_data structure */
 157#define aad(SA) ((SA)->apparmor_audit_data)
 158#define DEFINE_AUDIT_DATA(NAME, T, X)                                   \
 159        /* TODO: cleanup audit init so we don't need _aad = {0,} */     \
 160        struct apparmor_audit_data NAME ## _aad = { .op = (X), };       \
 161        struct common_audit_data NAME =                                 \
 162        {                                                               \
 163        .type = (T),                                                    \
 164        .u.tsk = NULL,                                                  \
 165        };                                                              \
 166        NAME.apparmor_audit_data = &(NAME ## _aad)
 167
 168void aa_audit_msg(int type, struct common_audit_data *sa,
 169                  void (*cb) (struct audit_buffer *, void *));
 170int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
 171             void (*cb) (struct audit_buffer *, void *));
 172
 173#define aa_audit_error(ERROR, SA, CB)                           \
 174({                                                              \
 175        aad((SA))->error = (ERROR);                             \
 176        aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB));         \
 177        aad((SA))->error;                                       \
 178})
 179
 180
 181static inline int complain_error(int error)
 182{
 183        if (error == -EPERM || error == -EACCES)
 184                return 0;
 185        return error;
 186}
 187
 188void aa_audit_rule_free(void *vrule);
 189int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
 190int aa_audit_rule_known(struct audit_krule *rule);
 191int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule);
 192
 193#endif /* __AA_AUDIT_H */
 194