security/apparmor/include/audit.h at v4.13-rc7 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / security / apparmor / include / audit.h
at v4.13-rc7 168 lines 4.0 kB view raw
  1/*
  2 * AppArmor security module
  3 *
  4 * This file contains AppArmor auditing function definitions.
  5 *
  6 * Copyright (C) 1998-2008 Novell/SUSE
  7 * Copyright 2009-2010 Canonical Ltd.
  8 *
  9 * This program is free software; you can redistribute it and/or
 10 * modify it under the terms of the GNU General Public License as
 11 * published by the Free Software Foundation, version 2 of the
 12 * License.
 13 */
 14
 15#ifndef __AA_AUDIT_H
 16#define __AA_AUDIT_H
 17
 18#include <linux/audit.h>
 19#include <linux/fs.h>
 20#include <linux/lsm_audit.h>
 21#include <linux/sched.h>
 22#include <linux/slab.h>
 23
 24#include "file.h"
 25#include "label.h"
 26
 27extern const char *const audit_mode_names[];
 28#define AUDIT_MAX_INDEX 5
 29enum audit_mode {
 30	AUDIT_NORMAL,		/* follow normal auditing of accesses */
 31	AUDIT_QUIET_DENIED,	/* quiet all denied access messages */
 32	AUDIT_QUIET,		/* quiet all messages */
 33	AUDIT_NOQUIET,		/* do not quiet audit messages */
 34	AUDIT_ALL		/* audit all accesses */
 35};
 36
 37enum audit_type {
 38	AUDIT_APPARMOR_AUDIT,
 39	AUDIT_APPARMOR_ALLOWED,
 40	AUDIT_APPARMOR_DENIED,
 41	AUDIT_APPARMOR_HINT,
 42	AUDIT_APPARMOR_STATUS,
 43	AUDIT_APPARMOR_ERROR,
 44	AUDIT_APPARMOR_KILL,
 45	AUDIT_APPARMOR_AUTO
 46};
 47
 48#define OP_NULL NULL
 49
 50#define OP_SYSCTL "sysctl"
 51#define OP_CAPABLE "capable"
 52
 53#define OP_UNLINK "unlink"
 54#define OP_MKDIR "mkdir"
 55#define OP_RMDIR "rmdir"
 56#define OP_MKNOD "mknod"
 57#define OP_TRUNC "truncate"
 58#define OP_LINK "link"
 59#define OP_SYMLINK "symlink"
 60#define OP_RENAME_SRC "rename_src"
 61#define OP_RENAME_DEST "rename_dest"
 62#define OP_CHMOD "chmod"
 63#define OP_CHOWN "chown"
 64#define OP_GETATTR "getattr"
 65#define OP_OPEN "open"
 66
 67#define OP_FRECEIVE "file_receive"
 68#define OP_FPERM "file_perm"
 69#define OP_FLOCK "file_lock"
 70#define OP_FMMAP "file_mmap"
 71#define OP_FMPROT "file_mprotect"
 72#define OP_INHERIT "file_inherit"
 73
 74#define OP_CREATE "create"
 75#define OP_POST_CREATE "post_create"
 76#define OP_BIND "bind"
 77#define OP_CONNECT "connect"
 78#define OP_LISTEN "listen"
 79#define OP_ACCEPT "accept"
 80#define OP_SENDMSG "sendmsg"
 81#define OP_RECVMSG "recvmsg"
 82#define OP_GETSOCKNAME "getsockname"
 83#define OP_GETPEERNAME "getpeername"
 84#define OP_GETSOCKOPT "getsockopt"
 85#define OP_SETSOCKOPT "setsockopt"
 86#define OP_SHUTDOWN "socket_shutdown"
 87
 88#define OP_PTRACE "ptrace"
 89
 90#define OP_EXEC "exec"
 91
 92#define OP_CHANGE_HAT "change_hat"
 93#define OP_CHANGE_PROFILE "change_profile"
 94#define OP_CHANGE_ONEXEC "change_onexec"
 95#define OP_STACK "stack"
 96#define OP_STACK_ONEXEC "stack_onexec"
 97
 98#define OP_SETPROCATTR "setprocattr"
 99#define OP_SETRLIMIT "setrlimit"
100
101#define OP_PROF_REPL "profile_replace"
102#define OP_PROF_LOAD "profile_load"
103#define OP_PROF_RM "profile_remove"
104
105
106struct apparmor_audit_data {
107	int error;
108	int type;
109	const char *op;
110	struct aa_label *label;
111	const char *name;
112	const char *info;
113	u32 request;
114	u32 denied;
115	union {
116		/* these entries require a custom callback fn */
117		struct {
118			struct aa_label *peer;
119			struct {
120				const char *target;
121				kuid_t ouid;
122			} fs;
123		};
124		struct {
125			const char *name;
126			long pos;
127			const char *ns;
128		} iface;
129		struct {
130			int rlim;
131			unsigned long max;
132		} rlim;
133	};
134};
135
136/* macros for dealing with  apparmor_audit_data structure */
137#define aad(SA) ((SA)->apparmor_audit_data)
138#define DEFINE_AUDIT_DATA(NAME, T, X)					\
139	/* TODO: cleanup audit init so we don't need _aad = {0,} */	\
140	struct apparmor_audit_data NAME ## _aad = { .op = (X), };	\
141	struct common_audit_data NAME =					\
142	{								\
143	.type = (T),							\
144	.u.tsk = NULL,							\
145	};								\
146	NAME.apparmor_audit_data = &(NAME ## _aad)
147
148void aa_audit_msg(int type, struct common_audit_data *sa,
149		  void (*cb) (struct audit_buffer *, void *));
150int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
151	     void (*cb) (struct audit_buffer *, void *));
152
153#define aa_audit_error(ERROR, SA, CB)				\
154({								\
155	aad((SA))->error = (ERROR);				\
156	aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB));		\
157	aad((SA))->error;					\
158})
159
160
161static inline int complain_error(int error)
162{
163	if (error == -EPERM || error == -EACCES)
164		return 0;
165	return error;
166}
167
168#endif /* __AA_AUDIT_H */