~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/apparmor/include/audit.h

Version: ~ [ linux-5.13-rc7 ] ~ [ linux-5.12.12 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.45 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.127 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.195 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.237 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.273 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.273 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* SPDX-License-Identifier: GPL-2.0-only */
  2 /*
  3  * AppArmor security module
  4  *
  5  * This file contains AppArmor auditing function definitions.
  6  *
  7  * Copyright (C) 1998-2008 Novell/SUSE
  8  * Copyright 2009-2010 Canonical Ltd.
  9  */
 10 
 11 #ifndef __AA_AUDIT_H
 12 #define __AA_AUDIT_H
 13 
 14 #include <linux/audit.h>
 15 #include <linux/fs.h>
 16 #include <linux/lsm_audit.h>
 17 #include <linux/sched.h>
 18 #include <linux/slab.h>
 19 
 20 #include "file.h"
 21 #include "label.h"
 22 
 23 extern const char *const audit_mode_names[];
 24 #define AUDIT_MAX_INDEX 5
 25 enum audit_mode {
 26         AUDIT_NORMAL,           /* follow normal auditing of accesses */
 27         AUDIT_QUIET_DENIED,     /* quiet all denied access messages */
 28         AUDIT_QUIET,            /* quiet all messages */
 29         AUDIT_NOQUIET,          /* do not quiet audit messages */
 30         AUDIT_ALL               /* audit all accesses */
 31 };
 32 
 33 enum audit_type {
 34         AUDIT_APPARMOR_AUDIT,
 35         AUDIT_APPARMOR_ALLOWED,
 36         AUDIT_APPARMOR_DENIED,
 37         AUDIT_APPARMOR_HINT,
 38         AUDIT_APPARMOR_STATUS,
 39         AUDIT_APPARMOR_ERROR,
 40         AUDIT_APPARMOR_KILL,
 41         AUDIT_APPARMOR_AUTO
 42 };
 43 
 44 #define OP_NULL NULL
 45 
 46 #define OP_SYSCTL "sysctl"
 47 #define OP_CAPABLE "capable"
 48 
 49 #define OP_UNLINK "unlink"
 50 #define OP_MKDIR "mkdir"
 51 #define OP_RMDIR "rmdir"
 52 #define OP_MKNOD "mknod"
 53 #define OP_TRUNC "truncate"
 54 #define OP_LINK "link"
 55 #define OP_SYMLINK "symlink"
 56 #define OP_RENAME_SRC "rename_src"
 57 #define OP_RENAME_DEST "rename_dest"
 58 #define OP_CHMOD "chmod"
 59 #define OP_CHOWN "chown"
 60 #define OP_GETATTR "getattr"
 61 #define OP_OPEN "open"
 62 
 63 #define OP_FRECEIVE "file_receive"
 64 #define OP_FPERM "file_perm"
 65 #define OP_FLOCK "file_lock"
 66 #define OP_FMMAP "file_mmap"
 67 #define OP_FMPROT "file_mprotect"
 68 #define OP_INHERIT "file_inherit"
 69 
 70 #define OP_PIVOTROOT "pivotroot"
 71 #define OP_MOUNT "mount"
 72 #define OP_UMOUNT "umount"
 73 
 74 #define OP_CREATE "create"
 75 #define OP_POST_CREATE "post_create"
 76 #define OP_BIND "bind"
 77 #define OP_CONNECT "connect"
 78 #define OP_LISTEN "listen"
 79 #define OP_ACCEPT "accept"
 80 #define OP_SENDMSG "sendmsg"
 81 #define OP_RECVMSG "recvmsg"
 82 #define OP_GETSOCKNAME "getsockname"
 83 #define OP_GETPEERNAME "getpeername"
 84 #define OP_GETSOCKOPT "getsockopt"
 85 #define OP_SETSOCKOPT "setsockopt"
 86 #define OP_SHUTDOWN "socket_shutdown"
 87 
 88 #define OP_PTRACE "ptrace"
 89 #define OP_SIGNAL "signal"
 90 
 91 #define OP_EXEC "exec"
 92 
 93 #define OP_CHANGE_HAT "change_hat"
 94 #define OP_CHANGE_PROFILE "change_profile"
 95 #define OP_CHANGE_ONEXEC "change_onexec"
 96 #define OP_STACK "stack"
 97 #define OP_STACK_ONEXEC "stack_onexec"
 98 
 99 #define OP_SETPROCATTR "setprocattr"
100 #define OP_SETRLIMIT "setrlimit"
101 
102 #define OP_PROF_REPL "profile_replace"
103 #define OP_PROF_LOAD "profile_load"
104 #define OP_PROF_RM "profile_remove"
105 
106 
107 struct apparmor_audit_data {
108         int error;
109         int type;
110         const char *op;
111         struct aa_label *label;
112         const char *name;
113         const char *info;
114         u32 request;
115         u32 denied;
116         union {
117                 /* these entries require a custom callback fn */
118                 struct {
119                         struct aa_label *peer;
120                         union {
121                                 struct {
122                                         const char *target;
123                                         kuid_t ouid;
124                                 } fs;
125                                 struct {
126                                         int rlim;
127                                         unsigned long max;
128                                 } rlim;
129                                 struct {
130                                         int signal;
131                                         int unmappedsig;
132                                 };
133                                 struct {
134                                         int type, protocol;
135                                         struct sock *peer_sk;
136                                         void *addr;
137                                         int addrlen;
138                                 } net;
139                         };
140                 };
141                 struct {
142                         struct aa_profile *profile;
143                         const char *ns;
144                         long pos;
145                 } iface;
146                 struct {
147                         const char *src_name;
148                         const char *type;
149                         const char *trans;
150                         const char *data;
151                         unsigned long flags;
152                 } mnt;
153         };
154 };
155 
156 /* macros for dealing with  apparmor_audit_data structure */
157 #define aad(SA) ((SA)->apparmor_audit_data)
158 #define DEFINE_AUDIT_DATA(NAME, T, X)                                   \
159         /* TODO: cleanup audit init so we don't need _aad = {0,} */     \
160         struct apparmor_audit_data NAME ## _aad = { .op = (X), };       \
161         struct common_audit_data NAME =                                 \
162         {                                                               \
163         .type = (T),                                                    \
164         .u.tsk = NULL,                                                  \
165         };                                                              \
166         NAME.apparmor_audit_data = &(NAME ## _aad)
167 
168 void aa_audit_msg(int type, struct common_audit_data *sa,
169                   void (*cb) (struct audit_buffer *, void *));
170 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
171              void (*cb) (struct audit_buffer *, void *));
172 
173 #define aa_audit_error(ERROR, SA, CB)                           \
174 ({                                                              \
175         aad((SA))->error = (ERROR);                             \
176         aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB));         \
177         aad((SA))->error;                                       \
178 })
179 
180 
181 static inline int complain_error(int error)
182 {
183         if (error == -EPERM || error == -EACCES)
184                 return 0;
185         return error;
186 }
187 
188 void aa_audit_rule_free(void *vrule);
189 int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
190 int aa_audit_rule_known(struct audit_krule *rule);
191 int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule);
192 
193 #endif /* __AA_AUDIT_H */
194 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp