]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - security/apparmor/include/audit.h
Merge tag 'fbdev-v4.13' of git://github.com/bzolnier/linux
[mirror_ubuntu-artful-kernel.git] / security / apparmor / include / audit.h
1 /*
2 * AppArmor security module
3 *
4 * This file contains AppArmor auditing function definitions.
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15 #ifndef __AA_AUDIT_H
16 #define __AA_AUDIT_H
17
18 #include <linux/audit.h>
19 #include <linux/fs.h>
20 #include <linux/lsm_audit.h>
21 #include <linux/sched.h>
22 #include <linux/slab.h>
23
24 #include "file.h"
25 #include "label.h"
26
27 extern const char *const audit_mode_names[];
28 #define AUDIT_MAX_INDEX 5
29 enum audit_mode {
30 AUDIT_NORMAL, /* follow normal auditing of accesses */
31 AUDIT_QUIET_DENIED, /* quiet all denied access messages */
32 AUDIT_QUIET, /* quiet all messages */
33 AUDIT_NOQUIET, /* do not quiet audit messages */
34 AUDIT_ALL /* audit all accesses */
35 };
36
37 enum audit_type {
38 AUDIT_APPARMOR_AUDIT,
39 AUDIT_APPARMOR_ALLOWED,
40 AUDIT_APPARMOR_DENIED,
41 AUDIT_APPARMOR_HINT,
42 AUDIT_APPARMOR_STATUS,
43 AUDIT_APPARMOR_ERROR,
44 AUDIT_APPARMOR_KILL,
45 AUDIT_APPARMOR_AUTO
46 };
47
48 #define OP_NULL NULL
49
50 #define OP_SYSCTL "sysctl"
51 #define OP_CAPABLE "capable"
52
53 #define OP_UNLINK "unlink"
54 #define OP_MKDIR "mkdir"
55 #define OP_RMDIR "rmdir"
56 #define OP_MKNOD "mknod"
57 #define OP_TRUNC "truncate"
58 #define OP_LINK "link"
59 #define OP_SYMLINK "symlink"
60 #define OP_RENAME_SRC "rename_src"
61 #define OP_RENAME_DEST "rename_dest"
62 #define OP_CHMOD "chmod"
63 #define OP_CHOWN "chown"
64 #define OP_GETATTR "getattr"
65 #define OP_OPEN "open"
66
67 #define OP_FRECEIVE "file_receive"
68 #define OP_FPERM "file_perm"
69 #define OP_FLOCK "file_lock"
70 #define OP_FMMAP "file_mmap"
71 #define OP_FMPROT "file_mprotect"
72 #define OP_INHERIT "file_inherit"
73
74 #define OP_CREATE "create"
75 #define OP_POST_CREATE "post_create"
76 #define OP_BIND "bind"
77 #define OP_CONNECT "connect"
78 #define OP_LISTEN "listen"
79 #define OP_ACCEPT "accept"
80 #define OP_SENDMSG "sendmsg"
81 #define OP_RECVMSG "recvmsg"
82 #define OP_GETSOCKNAME "getsockname"
83 #define OP_GETPEERNAME "getpeername"
84 #define OP_GETSOCKOPT "getsockopt"
85 #define OP_SETSOCKOPT "setsockopt"
86 #define OP_SHUTDOWN "socket_shutdown"
87
88 #define OP_PTRACE "ptrace"
89
90 #define OP_EXEC "exec"
91
92 #define OP_CHANGE_HAT "change_hat"
93 #define OP_CHANGE_PROFILE "change_profile"
94 #define OP_CHANGE_ONEXEC "change_onexec"
95 #define OP_STACK "stack"
96 #define OP_STACK_ONEXEC "stack_onexec"
97
98 #define OP_SETPROCATTR "setprocattr"
99 #define OP_SETRLIMIT "setrlimit"
100
101 #define OP_PROF_REPL "profile_replace"
102 #define OP_PROF_LOAD "profile_load"
103 #define OP_PROF_RM "profile_remove"
104
105
106 struct apparmor_audit_data {
107 int error;
108 int type;
109 const char *op;
110 struct aa_label *label;
111 const char *name;
112 const char *info;
113 u32 request;
114 u32 denied;
115 union {
116 /* these entries require a custom callback fn */
117 struct {
118 struct aa_label *peer;
119 struct {
120 const char *target;
121 kuid_t ouid;
122 } fs;
123 };
124 struct {
125 const char *name;
126 long pos;
127 const char *ns;
128 } iface;
129 struct {
130 int rlim;
131 unsigned long max;
132 } rlim;
133 };
134 };
135
136 /* macros for dealing with apparmor_audit_data structure */
137 #define aad(SA) ((SA)->apparmor_audit_data)
138 #define DEFINE_AUDIT_DATA(NAME, T, X) \
139 /* TODO: cleanup audit init so we don't need _aad = {0,} */ \
140 struct apparmor_audit_data NAME ## _aad = { .op = (X), }; \
141 struct common_audit_data NAME = \
142 { \
143 .type = (T), \
144 .u.tsk = NULL, \
145 }; \
146 NAME.apparmor_audit_data = &(NAME ## _aad)
147
148 void aa_audit_msg(int type, struct common_audit_data *sa,
149 void (*cb) (struct audit_buffer *, void *));
150 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
151 void (*cb) (struct audit_buffer *, void *));
152
153 #define aa_audit_error(ERROR, SA, CB) \
154 ({ \
155 aad((SA))->error = (ERROR); \
156 aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB)); \
157 aad((SA))->error; \
158 })
159
160
161 static inline int complain_error(int error)
162 {
163 if (error == -EPERM || error == -EACCES)
164 return 0;
165 return error;
166 }
167
168 #endif /* __AA_AUDIT_H */