]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame_incremental - include/linux/audit.h
projects / mirror_ubuntu-bionic-kernel.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
audit: invalid op= values for rules
[mirror_ubuntu-bionic-kernel.git] / include / linux / audit.h
... / ...
CommitLineData
1/* audit.h -- Auditing support
2 *
3 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina.
4 * All Rights Reserved.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 * Written by Rickard E. (Rik) Faith <faith@redhat.com>
21 *
22 */
23#ifndef _LINUX_AUDIT_H_
24#define _LINUX_AUDIT_H_
25
26#include <linux/sched.h>
27#include <linux/ptrace.h>
28#include <uapi/linux/audit.h>
29
30struct audit_sig_info {
31 uid_t uid;
32 pid_t pid;
33 char ctx[0];
34};
35
36struct audit_buffer;
37struct audit_context;
38struct inode;
39struct netlink_skb_parms;
40struct path;
41struct linux_binprm;
42struct mq_attr;
43struct mqstat;
44struct audit_watch;
45struct audit_tree;
46struct sk_buff;
47
48struct audit_krule {
49 int vers_ops;
50 u32 flags;
51 u32 listnr;
52 u32 action;
53 u32 mask[AUDIT_BITMASK_SIZE];
54 u32 buflen; /* for data alloc on list rules */
55 u32 field_count;
56 char *filterkey; /* ties events to rules */
57 struct audit_field *fields;
58 struct audit_field *arch_f; /* quick access to arch field */
59 struct audit_field *inode_f; /* quick access to an inode field */
60 struct audit_watch *watch; /* associated watch */
61 struct audit_tree *tree; /* associated watched tree */
62 struct list_head rlist; /* entry in audit_{watch,tree}.rules list */
63 struct list_head list; /* for AUDIT_LIST* purposes only */
64 u64 prio;
65};
66
67struct audit_field {
68 u32 type;
69 u32 val;
70 kuid_t uid;
71 kgid_t gid;
72 u32 op;
73 char *lsm_str;
74 void *lsm_rule;
75};
76
77extern int is_audit_feature_set(int which);
78
79extern int __init audit_register_class(int class, unsigned *list);
80extern int audit_classify_syscall(int abi, unsigned syscall);
81extern int audit_classify_arch(int arch);
82/* only for compat system calls */
83extern unsigned compat_write_class[];
84extern unsigned compat_read_class[];
85extern unsigned compat_dir_class[];
86extern unsigned compat_chattr_class[];
87extern unsigned compat_signal_class[];
88
89extern int __weak audit_classify_compat_syscall(int abi, unsigned syscall);
90
91/* audit_names->type values */
92#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */
93#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */
94#define AUDIT_TYPE_PARENT 2 /* a parent audit record */
95#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */
96#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */
97
98/* maximized args number that audit_socketcall can process */
99#define AUDITSC_ARGS 6
100
101struct filename;
102
103extern void audit_log_session_info(struct audit_buffer *ab);
104
105#ifdef CONFIG_AUDIT_COMPAT_GENERIC
106#define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT))
107#else
108#define audit_is_compat(arch) false
109#endif
110
111#ifdef CONFIG_AUDITSYSCALL
112#include <asm/syscall.h> /* for syscall_get_arch() */
113
114/* These are defined in auditsc.c */
115 /* Public API */
116extern int audit_alloc(struct task_struct *task);
117extern void __audit_free(struct task_struct *task);
118extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1,
119 unsigned long a2, unsigned long a3);
120extern void __audit_syscall_exit(int ret_success, long ret_value);
121extern struct filename *__audit_reusename(const __user char *uptr);
122extern void __audit_getname(struct filename *name);
123extern void audit_putname(struct filename *name);
124
125#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */
126#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
127extern void __audit_inode(struct filename *name, const struct dentry *dentry,
128 unsigned int flags);
129extern void __audit_inode_child(const struct inode *parent,
130 const struct dentry *dentry,
131 const unsigned char type);
132extern void __audit_seccomp(unsigned long syscall, long signr, int code);
133extern void __audit_ptrace(struct task_struct *t);
134
135static inline int audit_dummy_context(void)
136{
137 void *p = current->audit_context;
138 return !p || *(int *)p;
139}
140static inline void audit_free(struct task_struct *task)
141{
142 if (unlikely(task->audit_context))
143 __audit_free(task);
144}
145static inline void audit_syscall_entry(int major, unsigned long a0,
146 unsigned long a1, unsigned long a2,
147 unsigned long a3)
148{
149 if (unlikely(current->audit_context))
150 __audit_syscall_entry(major, a0, a1, a2, a3);
151}
152static inline void audit_syscall_exit(void *pt_regs)
153{
154 if (unlikely(current->audit_context)) {
155 int success = is_syscall_success(pt_regs);
156 long return_code = regs_return_value(pt_regs);
157
158 __audit_syscall_exit(success, return_code);
159 }
160}
161static inline struct filename *audit_reusename(const __user char *name)
162{
163 if (unlikely(!audit_dummy_context()))
164 return __audit_reusename(name);
165 return NULL;
166}
167static inline void audit_getname(struct filename *name)
168{
169 if (unlikely(!audit_dummy_context()))
170 __audit_getname(name);
171}
172static inline void audit_inode(struct filename *name,
173 const struct dentry *dentry,
174 unsigned int parent) {
175 if (unlikely(!audit_dummy_context())) {
176 unsigned int flags = 0;
177 if (parent)
178 flags |= AUDIT_INODE_PARENT;
179 __audit_inode(name, dentry, flags);
180 }
181}
182static inline void audit_inode_parent_hidden(struct filename *name,
183 const struct dentry *dentry)
184{
185 if (unlikely(!audit_dummy_context()))
186 __audit_inode(name, dentry,
187 AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN);
188}
189static inline void audit_inode_child(const struct inode *parent,
190 const struct dentry *dentry,
191 const unsigned char type) {
192 if (unlikely(!audit_dummy_context()))
193 __audit_inode_child(parent, dentry, type);
194}
195void audit_core_dumps(long signr);
196
197static inline void audit_seccomp(unsigned long syscall, long signr, int code)
198{
199 /* Force a record to be reported if a signal was delivered. */
200 if (signr || unlikely(!audit_dummy_context()))
201 __audit_seccomp(syscall, signr, code);
202}
203
204static inline void audit_ptrace(struct task_struct *t)
205{
206 if (unlikely(!audit_dummy_context()))
207 __audit_ptrace(t);
208}
209
210 /* Private API (for audit.c only) */
211extern unsigned int audit_serial(void);
212extern int auditsc_get_stamp(struct audit_context *ctx,
213 struct timespec *t, unsigned int *serial);
214extern int audit_set_loginuid(kuid_t loginuid);
215
216static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
217{
218 return tsk->loginuid;
219}
220
221static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
222{
223 return tsk->sessionid;
224}
225
226extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
227extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
228extern void __audit_bprm(struct linux_binprm *bprm);
229extern int __audit_socketcall(int nargs, unsigned long *args);
230extern int __audit_sockaddr(int len, void *addr);
231extern void __audit_fd_pair(int fd1, int fd2);
232extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr);
233extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout);
234extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification);
235extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
236extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
237 const struct cred *new,
238 const struct cred *old);
239extern void __audit_log_capset(const struct cred *new, const struct cred *old);
240extern void __audit_mmap_fd(int fd, int flags);
241
242static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
243{
244 if (unlikely(!audit_dummy_context()))
245 __audit_ipc_obj(ipcp);
246}
247static inline void audit_fd_pair(int fd1, int fd2)
248{
249 if (unlikely(!audit_dummy_context()))
250 __audit_fd_pair(fd1, fd2);
251}
252static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode)
253{
254 if (unlikely(!audit_dummy_context()))
255 __audit_ipc_set_perm(qbytes, uid, gid, mode);
256}
257static inline void audit_bprm(struct linux_binprm *bprm)
258{
259 if (unlikely(!audit_dummy_context()))
260 __audit_bprm(bprm);
261}
262static inline int audit_socketcall(int nargs, unsigned long *args)
263{
264 if (unlikely(!audit_dummy_context()))
265 return __audit_socketcall(nargs, args);
266 return 0;
267}
268static inline int audit_sockaddr(int len, void *addr)
269{
270 if (unlikely(!audit_dummy_context()))
271 return __audit_sockaddr(len, addr);
272 return 0;
273}
274static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
275{
276 if (unlikely(!audit_dummy_context()))
277 __audit_mq_open(oflag, mode, attr);
278}
279static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout)
280{
281 if (unlikely(!audit_dummy_context()))
282 __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout);
283}
284static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification)
285{
286 if (unlikely(!audit_dummy_context()))
287 __audit_mq_notify(mqdes, notification);
288}
289static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
290{
291 if (unlikely(!audit_dummy_context()))
292 __audit_mq_getsetattr(mqdes, mqstat);
293}
294
295static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
296 const struct cred *new,
297 const struct cred *old)
298{
299 if (unlikely(!audit_dummy_context()))
300 return __audit_log_bprm_fcaps(bprm, new, old);
301 return 0;
302}
303
304static inline void audit_log_capset(const struct cred *new,
305 const struct cred *old)
306{
307 if (unlikely(!audit_dummy_context()))
308 __audit_log_capset(new, old);
309}
310
311static inline void audit_mmap_fd(int fd, int flags)
312{
313 if (unlikely(!audit_dummy_context()))
314 __audit_mmap_fd(fd, flags);
315}
316
317extern int audit_n_rules;
318extern int audit_signals;
319#else /* CONFIG_AUDITSYSCALL */
320static inline int audit_alloc(struct task_struct *task)
321{
322 return 0;
323}
324static inline void audit_free(struct task_struct *task)
325{ }
326static inline void audit_syscall_entry(int major, unsigned long a0,
327 unsigned long a1, unsigned long a2,
328 unsigned long a3)
329{ }
330static inline void audit_syscall_exit(void *pt_regs)
331{ }
332static inline int audit_dummy_context(void)
333{
334 return 1;
335}
336static inline struct filename *audit_reusename(const __user char *name)
337{
338 return NULL;
339}
340static inline void audit_getname(struct filename *name)
341{ }
342static inline void audit_putname(struct filename *name)
343{ }
344static inline void __audit_inode(struct filename *name,
345 const struct dentry *dentry,
346 unsigned int flags)
347{ }
348static inline void __audit_inode_child(const struct inode *parent,
349 const struct dentry *dentry,
350 const unsigned char type)
351{ }
352static inline void audit_inode(struct filename *name,
353 const struct dentry *dentry,
354 unsigned int parent)
355{ }
356static inline void audit_inode_parent_hidden(struct filename *name,
357 const struct dentry *dentry)
358{ }
359static inline void audit_inode_child(const struct inode *parent,
360 const struct dentry *dentry,
361 const unsigned char type)
362{ }
363static inline void audit_core_dumps(long signr)
364{ }
365static inline void __audit_seccomp(unsigned long syscall, long signr, int code)
366{ }
367static inline void audit_seccomp(unsigned long syscall, long signr, int code)
368{ }
369static inline int auditsc_get_stamp(struct audit_context *ctx,
370 struct timespec *t, unsigned int *serial)
371{
372 return 0;
373}
374static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
375{
376 return INVALID_UID;
377}
378static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
379{
380 return -1;
381}
382static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
383{ }
384static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
385 gid_t gid, umode_t mode)
386{ }
387static inline void audit_bprm(struct linux_binprm *bprm)
388{ }
389static inline int audit_socketcall(int nargs, unsigned long *args)
390{
391 return 0;
392}
393static inline void audit_fd_pair(int fd1, int fd2)
394{ }
395static inline int audit_sockaddr(int len, void *addr)
396{
397 return 0;
398}
399static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
400{ }
401static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len,
402 unsigned int msg_prio,
403 const struct timespec *abs_timeout)
404{ }
405static inline void audit_mq_notify(mqd_t mqdes,
406 const struct sigevent *notification)
407{ }
408static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
409{ }
410static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
411 const struct cred *new,
412 const struct cred *old)
413{
414 return 0;
415}
416static inline void audit_log_capset(const struct cred *new,
417 const struct cred *old)
418{ }
419static inline void audit_mmap_fd(int fd, int flags)
420{ }
421static inline void audit_ptrace(struct task_struct *t)
422{ }
423#define audit_n_rules 0
424#define audit_signals 0
425#endif /* CONFIG_AUDITSYSCALL */
426
427static inline bool audit_loginuid_set(struct task_struct *tsk)
428{
429 return uid_valid(audit_get_loginuid(tsk));
430}
431
432#ifdef CONFIG_AUDIT
433/* These are defined in audit.c */
434 /* Public API */
435extern __printf(4, 5)
436void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
437 const char *fmt, ...);
438
439extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
440extern __printf(2, 3)
441void audit_log_format(struct audit_buffer *ab, const char *fmt, ...);
442extern void audit_log_end(struct audit_buffer *ab);
443extern int audit_string_contains_control(const char *string,
444 size_t len);
445extern void audit_log_n_hex(struct audit_buffer *ab,
446 const unsigned char *buf,
447 size_t len);
448extern void audit_log_n_string(struct audit_buffer *ab,
449 const char *buf,
450 size_t n);
451extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
452 const char *string,
453 size_t n);
454extern void audit_log_untrustedstring(struct audit_buffer *ab,
455 const char *string);
456extern void audit_log_d_path(struct audit_buffer *ab,
457 const char *prefix,
458 const struct path *path);
459extern void audit_log_key(struct audit_buffer *ab,
460 char *key);
461extern void audit_log_link_denied(const char *operation,
462 struct path *link);
463extern void audit_log_lost(const char *message);
464#ifdef CONFIG_SECURITY
465extern void audit_log_secctx(struct audit_buffer *ab, u32 secid);
466#else
467static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)
468{ }
469#endif
470
471extern int audit_log_task_context(struct audit_buffer *ab);
472extern void audit_log_task_info(struct audit_buffer *ab,
473 struct task_struct *tsk);
474
475extern int audit_update_lsm_rules(void);
476
477 /* Private API (for audit.c only) */
478extern int audit_filter_user(int type);
479extern int audit_filter_type(int type);
480extern int audit_rule_change(int type, __u32 portid, int seq,
481 void *data, size_t datasz);
482extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);
483
484extern u32 audit_enabled;
485#else /* CONFIG_AUDIT */
486static inline __printf(4, 5)
487void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
488 const char *fmt, ...)
489{ }
490static inline struct audit_buffer *audit_log_start(struct audit_context *ctx,
491 gfp_t gfp_mask, int type)
492{
493 return NULL;
494}
495static inline __printf(2, 3)
496void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
497{ }
498static inline void audit_log_end(struct audit_buffer *ab)
499{ }
500static inline void audit_log_n_hex(struct audit_buffer *ab,
501 const unsigned char *buf, size_t len)
502{ }
503static inline void audit_log_n_string(struct audit_buffer *ab,
504 const char *buf, size_t n)
505{ }
506static inline void audit_log_n_untrustedstring(struct audit_buffer *ab,
507 const char *string, size_t n)
508{ }
509static inline void audit_log_untrustedstring(struct audit_buffer *ab,
510 const char *string)
511{ }
512static inline void audit_log_d_path(struct audit_buffer *ab,
513 const char *prefix,
514 const struct path *path)
515{ }
516static inline void audit_log_key(struct audit_buffer *ab, char *key)
517{ }
518static inline void audit_log_link_denied(const char *string,
519 const struct path *link)
520{ }
521static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)
522{ }
523static inline int audit_log_task_context(struct audit_buffer *ab)
524{
525 return 0;
526}
527static inline void audit_log_task_info(struct audit_buffer *ab,
528 struct task_struct *tsk)
529{ }
530#define audit_enabled 0
531#endif /* CONFIG_AUDIT */
532static inline void audit_log_string(struct audit_buffer *ab, const char *buf)
533{
534 audit_log_n_string(ab, buf, strlen(buf));
535}
536
537#endif
ubuntu-bionic-kernel mirror