1 /* 2 * AppArmor security module 3 * 4 * This file contains AppArmor auditing function definitions. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15 #ifndef __AA_AUDIT_H 16 #define __AA_AUDIT_H 17 18 #include <linux/audit.h> 19 #include <linux/fs.h> 20 #include <linux/lsm_audit.h> 21 #include <linux/sched.h> 22 #include <linux/slab.h> 23 24 #include "file.h" 25 26 struct aa_profile; 27 28 extern const char *const audit_mode_names[]; 29 #define AUDIT_MAX_INDEX 5 30 enum audit_mode { 31 AUDIT_NORMAL, /* follow normal auditing of accesses */ 32 AUDIT_QUIET_DENIED, /* quiet all denied access messages */ 33 AUDIT_QUIET, /* quiet all messages */ 34 AUDIT_NOQUIET, /* do not quiet audit messages */ 35 AUDIT_ALL /* audit all accesses */ 36 }; 37 38 enum audit_type { 39 AUDIT_APPARMOR_AUDIT, 40 AUDIT_APPARMOR_ALLOWED, 41 AUDIT_APPARMOR_DENIED, 42 AUDIT_APPARMOR_HINT, 43 AUDIT_APPARMOR_STATUS, 44 AUDIT_APPARMOR_ERROR, 45 AUDIT_APPARMOR_KILL, 46 AUDIT_APPARMOR_AUTO 47 }; 48 49 #define OP_NULL NULL 50 51 #define OP_SYSCTL "sysctl" 52 #define OP_CAPABLE "capable" 53 54 #define OP_UNLINK "unlink" 55 #define OP_MKDIR "mkdir" 56 #define OP_RMDIR "rmdir" 57 #define OP_MKNOD "mknod" 58 #define OP_TRUNC "truncate" 59 #define OP_LINK "link" 60 #define OP_SYMLINK "symlink" 61 #define OP_RENAME_SRC "rename_src" 62 #define OP_RENAME_DEST "rename_dest" 63 #define OP_CHMOD "chmod" 64 #define OP_CHOWN "chown" 65 #define OP_GETATTR "getattr" 66 #define OP_OPEN "open" 67 68 #define OP_FPERM "file_perm" 69 #define OP_FLOCK "file_lock" 70 #define OP_FMMAP "file_mmap" 71 #define OP_FMPROT "file_mprotect" 72 73 #define OP_CREATE "create" 74 #define OP_POST_CREATE "post_create" 75 #define OP_BIND "bind" 76 #define OP_CONNECT "connect" 77 #define OP_LISTEN "listen" 78 #define OP_ACCEPT "accept" 79 #define OP_SENDMSG "sendmsg" 80 #define OP_RECVMSG "recvmsg" 81 #define OP_GETSOCKNAME "getsockname" 82 #define OP_GETPEERNAME "getpeername" 83 #define OP_GETSOCKOPT "getsockopt" 84 #define OP_SETSOCKOPT "setsockopt" 85 #define OP_SHUTDOWN "socket_shutdown" 86 87 #define OP_PTRACE "ptrace" 88 89 #define OP_EXEC "exec" 90 91 #define OP_CHANGE_HAT "change_hat" 92 #define OP_CHANGE_PROFILE "change_profile" 93 #define OP_CHANGE_ONEXEC "change_onexec" 94 95 #define OP_SETPROCATTR "setprocattr" 96 #define OP_SETRLIMIT "setrlimit" 97 98 #define OP_PROF_REPL "profile_replace" 99 #define OP_PROF_LOAD "profile_load" 100 #define OP_PROF_RM "profile_remove" 101 102 103 struct apparmor_audit_data { 104 int error; 105 const char *op; 106 int type; 107 void *profile; 108 const char *name; 109 const char *info; 110 union { 111 void *target; 112 struct { 113 long pos; 114 const char *ns; 115 void *target; 116 } iface; 117 struct { 118 int rlim; 119 unsigned long max; 120 } rlim; 121 struct { 122 const char *target; 123 u32 request; 124 u32 denied; 125 kuid_t ouid; 126 } fs; 127 }; 128 }; 129 130 /* define a short hand for apparmor_audit_data structure */ 131 #define aad apparmor_audit_data 132 133 void aa_audit_msg(int type, struct common_audit_data *sa, 134 void (*cb) (struct audit_buffer *, void *)); 135 int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, 136 struct common_audit_data *sa, 137 void (*cb) (struct audit_buffer *, void *)); 138 139 static inline int complain_error(int error) 140 { 141 if (error == -EPERM || error == -EACCES) 142 return 0; 143 return error; 144 } 145 146 #endif /* __AA_AUDIT_H */ 147