WIP FPC-III support
[linux/fpc-iii.git] / security / apparmor / include / audit.h
blob18519a4eb67e3cc46c729dd4baba2571fac42cba
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3 * AppArmor security module
5 * This file contains AppArmor auditing function definitions.
7 * Copyright (C) 1998-2008 Novell/SUSE
8 * Copyright 2009-2010 Canonical Ltd.
9 */
11 #ifndef __AA_AUDIT_H
12 #define __AA_AUDIT_H
14 #include <linux/audit.h>
15 #include <linux/fs.h>
16 #include <linux/lsm_audit.h>
17 #include <linux/sched.h>
18 #include <linux/slab.h>
20 #include "file.h"
21 #include "label.h"
23 extern const char *const audit_mode_names[];
24 #define AUDIT_MAX_INDEX 5
25 enum audit_mode {
26 AUDIT_NORMAL, /* follow normal auditing of accesses */
27 AUDIT_QUIET_DENIED, /* quiet all denied access messages */
28 AUDIT_QUIET, /* quiet all messages */
29 AUDIT_NOQUIET, /* do not quiet audit messages */
30 AUDIT_ALL /* audit all accesses */
33 enum audit_type {
34 AUDIT_APPARMOR_AUDIT,
35 AUDIT_APPARMOR_ALLOWED,
36 AUDIT_APPARMOR_DENIED,
37 AUDIT_APPARMOR_HINT,
38 AUDIT_APPARMOR_STATUS,
39 AUDIT_APPARMOR_ERROR,
40 AUDIT_APPARMOR_KILL,
41 AUDIT_APPARMOR_AUTO
44 #define OP_NULL NULL
46 #define OP_SYSCTL "sysctl"
47 #define OP_CAPABLE "capable"
49 #define OP_UNLINK "unlink"
50 #define OP_MKDIR "mkdir"
51 #define OP_RMDIR "rmdir"
52 #define OP_MKNOD "mknod"
53 #define OP_TRUNC "truncate"
54 #define OP_LINK "link"
55 #define OP_SYMLINK "symlink"
56 #define OP_RENAME_SRC "rename_src"
57 #define OP_RENAME_DEST "rename_dest"
58 #define OP_CHMOD "chmod"
59 #define OP_CHOWN "chown"
60 #define OP_GETATTR "getattr"
61 #define OP_OPEN "open"
63 #define OP_FRECEIVE "file_receive"
64 #define OP_FPERM "file_perm"
65 #define OP_FLOCK "file_lock"
66 #define OP_FMMAP "file_mmap"
67 #define OP_FMPROT "file_mprotect"
68 #define OP_INHERIT "file_inherit"
70 #define OP_PIVOTROOT "pivotroot"
71 #define OP_MOUNT "mount"
72 #define OP_UMOUNT "umount"
74 #define OP_CREATE "create"
75 #define OP_POST_CREATE "post_create"
76 #define OP_BIND "bind"
77 #define OP_CONNECT "connect"
78 #define OP_LISTEN "listen"
79 #define OP_ACCEPT "accept"
80 #define OP_SENDMSG "sendmsg"
81 #define OP_RECVMSG "recvmsg"
82 #define OP_GETSOCKNAME "getsockname"
83 #define OP_GETPEERNAME "getpeername"
84 #define OP_GETSOCKOPT "getsockopt"
85 #define OP_SETSOCKOPT "setsockopt"
86 #define OP_SHUTDOWN "socket_shutdown"
88 #define OP_PTRACE "ptrace"
89 #define OP_SIGNAL "signal"
91 #define OP_EXEC "exec"
93 #define OP_CHANGE_HAT "change_hat"
94 #define OP_CHANGE_PROFILE "change_profile"
95 #define OP_CHANGE_ONEXEC "change_onexec"
96 #define OP_STACK "stack"
97 #define OP_STACK_ONEXEC "stack_onexec"
99 #define OP_SETPROCATTR "setprocattr"
100 #define OP_SETRLIMIT "setrlimit"
102 #define OP_PROF_REPL "profile_replace"
103 #define OP_PROF_LOAD "profile_load"
104 #define OP_PROF_RM "profile_remove"
107 struct apparmor_audit_data {
108 int error;
109 int type;
110 const char *op;
111 struct aa_label *label;
112 const char *name;
113 const char *info;
114 u32 request;
115 u32 denied;
116 union {
117 /* these entries require a custom callback fn */
118 struct {
119 struct aa_label *peer;
120 union {
121 struct {
122 const char *target;
123 kuid_t ouid;
124 } fs;
125 struct {
126 int rlim;
127 unsigned long max;
128 } rlim;
129 struct {
130 int signal;
131 int unmappedsig;
133 struct {
134 int type, protocol;
135 struct sock *peer_sk;
136 void *addr;
137 int addrlen;
138 } net;
141 struct {
142 struct aa_profile *profile;
143 const char *ns;
144 long pos;
145 } iface;
146 struct {
147 const char *src_name;
148 const char *type;
149 const char *trans;
150 const char *data;
151 unsigned long flags;
152 } mnt;
156 /* macros for dealing with apparmor_audit_data structure */
157 #define aad(SA) ((SA)->apparmor_audit_data)
158 #define DEFINE_AUDIT_DATA(NAME, T, X) \
159 /* TODO: cleanup audit init so we don't need _aad = {0,} */ \
160 struct apparmor_audit_data NAME ## _aad = { .op = (X), }; \
161 struct common_audit_data NAME = \
163 .type = (T), \
164 .u.tsk = NULL, \
165 }; \
166 NAME.apparmor_audit_data = &(NAME ## _aad)
168 void aa_audit_msg(int type, struct common_audit_data *sa,
169 void (*cb) (struct audit_buffer *, void *));
170 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
171 void (*cb) (struct audit_buffer *, void *));
173 #define aa_audit_error(ERROR, SA, CB) \
174 ({ \
175 aad((SA))->error = (ERROR); \
176 aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB)); \
177 aad((SA))->error; \
181 static inline int complain_error(int error)
183 if (error == -EPERM || error == -EACCES)
184 return 0;
185 return error;
188 void aa_audit_rule_free(void *vrule);
189 int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
190 int aa_audit_rule_known(struct audit_krule *rule);
191 int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule);
193 #endif /* __AA_AUDIT_H */