security/apparmor/include/audit.h

   1 /*
   2  * AppArmor security module
   3  *
   4  * This file contains AppArmor auditing function definitions.
   5  *
   6  * Copyright (C) 1998-2008 Novell/SUSE
   7  * Copyright 2009-2010 Canonical Ltd.
   8  *
   9  * This program is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU General Public License as
  11  * published by the Free Software Foundation, version 2 of the
  12  * License.
  13  */
  14
  15 #ifndef __AA_AUDIT_H
  16 #define __AA_AUDIT_H
  17
  18 #include <linux/audit.h>
  19 #include <linux/fs.h>
  20 #include <linux/lsm_audit.h>
  21 #include <linux/sched.h>
  22 #include <linux/slab.h>
  23
  24 #include "file.h"
  25 #include "label.h"
  26
  27 extern const char *const audit_mode_names[];
  28 #define AUDIT_MAX_INDEX 5
  29 enum audit_mode {
  30         AUDIT_NORMAL,           /* follow normal auditing of accesses */
  31         AUDIT_QUIET_DENIED,     /* quiet all denied access messages */
  32         AUDIT_QUIET,            /* quiet all messages */
  33         AUDIT_NOQUIET,          /* do not quiet audit messages */
  34         AUDIT_ALL               /* audit all accesses */
  35 };
  36
  37 enum audit_type {
  38         AUDIT_APPARMOR_AUDIT,
  39         AUDIT_APPARMOR_ALLOWED,
  40         AUDIT_APPARMOR_DENIED,
  41         AUDIT_APPARMOR_HINT,
  42         AUDIT_APPARMOR_STATUS,
  43         AUDIT_APPARMOR_ERROR,
  44         AUDIT_APPARMOR_KILL,
  45         AUDIT_APPARMOR_AUTO
  46 };
  47
  48 #define OP_NULL NULL
  49
  50 #define OP_SYSCTL "sysctl"
  51 #define OP_CAPABLE "capable"
  52
  53 #define OP_UNLINK "unlink"
  54 #define OP_MKDIR "mkdir"
  55 #define OP_RMDIR "rmdir"
  56 #define OP_MKNOD "mknod"
  57 #define OP_TRUNC "truncate"
  58 #define OP_LINK "link"
  59 #define OP_SYMLINK "symlink"
  60 #define OP_RENAME_SRC "rename_src"
  61 #define OP_RENAME_DEST "rename_dest"
  62 #define OP_CHMOD "chmod"
  63 #define OP_CHOWN "chown"
  64 #define OP_GETATTR "getattr"
  65 #define OP_OPEN "open"
  66
  67 #define OP_FRECEIVE "file_receive"
  68 #define OP_FPERM "file_perm"
  69 #define OP_FLOCK "file_lock"
  70 #define OP_FMMAP "file_mmap"
  71 #define OP_FMPROT "file_mprotect"
  72 #define OP_INHERIT "file_inherit"
  73
  74 #define OP_PIVOTROOT "pivotroot"
  75 #define OP_MOUNT "mount"
  76 #define OP_UMOUNT "umount"
  77
  78 #define OP_CREATE "create"
  79 #define OP_POST_CREATE "post_create"
  80 #define OP_BIND "bind"
  81 #define OP_CONNECT "connect"
  82 #define OP_LISTEN "listen"
  83 #define OP_ACCEPT "accept"
  84 #define OP_SENDMSG "sendmsg"
  85 #define OP_RECVMSG "recvmsg"
  86 #define OP_GETSOCKNAME "getsockname"
  87 #define OP_GETPEERNAME "getpeername"
  88 #define OP_GETSOCKOPT "getsockopt"
  89 #define OP_SETSOCKOPT "setsockopt"
  90 #define OP_SHUTDOWN "socket_shutdown"
  91
  92 #define OP_PTRACE "ptrace"
  93 #define OP_SIGNAL "signal"
  94
  95 #define OP_EXEC "exec"
  96
  97 #define OP_CHANGE_HAT "change_hat"
  98 #define OP_CHANGE_PROFILE "change_profile"
  99 #define OP_CHANGE_ONEXEC "change_onexec"
 100 #define OP_STACK "stack"
 101 #define OP_STACK_ONEXEC "stack_onexec"
 102
 103 #define OP_SETPROCATTR "setprocattr"
 104 #define OP_SETRLIMIT "setrlimit"
 105
 106 #define OP_PROF_REPL "profile_replace"
 107 #define OP_PROF_LOAD "profile_load"
 108 #define OP_PROF_RM "profile_remove"
 109
 110
 111 struct apparmor_audit_data {
 112         int error;
 113         int type;
 114         const char *op;
 115         struct aa_label *label;
 116         const char *name;
 117         const char *info;
 118         u32 request;
 119         u32 denied;
 120         union {
 121                 /* these entries require a custom callback fn */
 122                 struct {
 123                         struct aa_label *peer;
 124                         union {
 125                                 struct {
 126                                         const char *target;
 127                                         kuid_t ouid;
 128                                 } fs;
 129                                 int signal;
 130                         };
 131                 };
 132                 struct {
 133                         struct aa_profile *profile;
 134                         const char *ns;
 135                         long pos;
 136                 } iface;
 137                 struct {
 138                         int rlim;
 139                         unsigned long max;
 140                 } rlim;
 141                 struct {
 142                         const char *src_name;
 143                         const char *type;
 144                         const char *trans;
 145                         const char *data;
 146                         unsigned long flags;
 147                 } mnt;
 148         };
 149 };
 150
 151 /* macros for dealing with  apparmor_audit_data structure */
 152 #define aad(SA) ((SA)->apparmor_audit_data)
 153 #define DEFINE_AUDIT_DATA(NAME, T, X)                                   \
 154         /* TODO: cleanup audit init so we don't need _aad = {0,} */     \
 155         struct apparmor_audit_data NAME ## _aad = { .op = (X), };       \
 156         struct common_audit_data NAME =                                 \
 157         {                                                               \
 158         .type = (T),                                                    \
 159         .u.tsk = NULL,                                                  \
 160         };                                                              \
 161         NAME.apparmor_audit_data = &(NAME ## _aad)
 162
 163 void aa_audit_msg(int type, struct common_audit_data *sa,
 164                   void (*cb) (struct audit_buffer *, void *));
 165 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
 166              void (*cb) (struct audit_buffer *, void *));
 167
 168 #define aa_audit_error(ERROR, SA, CB)                           \
 169 ({                                                              \
 170         aad((SA))->error = (ERROR);                             \
 171         aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB));         \
 172         aad((SA))->error;                                       \
 173 })
 174
 175
 176 static inline int complain_error(int error)
 177 {
 178         if (error == -EPERM || error == -EACCES)
 179                 return 0;
 180         return error;
 181 }
 182
 183 #endif /* __AA_AUDIT_H */