1 /* 2 * AppArmor security module 3 * 4 * This file contains AppArmor auditing function definitions. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15 #ifndef __AA_AUDIT_H 16 #define __AA_AUDIT_H 17 18 #include <linux/audit.h> 19 #include <linux/fs.h> 20 #include <linux/lsm_audit.h> 21 #include <linux/sched.h> 22 #include <linux/slab.h> 23 24 #include "file.h" 25 26 struct aa_profile; 27 28 extern const char *const audit_mode_names[]; 29 #define AUDIT_MAX_INDEX 5 30 enum audit_mode { 31 AUDIT_NORMAL, /* follow normal auditing of accesses */ 32 AUDIT_QUIET_DENIED, /* quiet all denied access messages */ 33 AUDIT_QUIET, /* quiet all messages */ 34 AUDIT_NOQUIET, /* do not quiet audit messages */ 35 AUDIT_ALL /* audit all accesses */ 36 }; 37 38 enum audit_type { 39 AUDIT_APPARMOR_AUDIT, 40 AUDIT_APPARMOR_ALLOWED, 41 AUDIT_APPARMOR_DENIED, 42 AUDIT_APPARMOR_HINT, 43 AUDIT_APPARMOR_STATUS, 44 AUDIT_APPARMOR_ERROR, 45 AUDIT_APPARMOR_KILL, 46 AUDIT_APPARMOR_AUTO 47 }; 48 49 extern const char *const op_table[]; 50 enum aa_ops { 51 OP_NULL, 52 53 OP_SYSCTL, 54 OP_CAPABLE, 55 56 OP_UNLINK, 57 OP_MKDIR, 58 OP_RMDIR, 59 OP_MKNOD, 60 OP_TRUNC, 61 OP_LINK, 62 OP_SYMLINK, 63 OP_RENAME_SRC, 64 OP_RENAME_DEST, 65 OP_CHMOD, 66 OP_CHOWN, 67 OP_GETATTR, 68 OP_OPEN, 69 70 OP_FPERM, 71 OP_FLOCK, 72 OP_FMMAP, 73 OP_FMPROT, 74 75 OP_CREATE, 76 OP_POST_CREATE, 77 OP_BIND, 78 OP_CONNECT, 79 OP_LISTEN, 80 OP_ACCEPT, 81 OP_SENDMSG, 82 OP_RECVMSG, 83 OP_GETSOCKNAME, 84 OP_GETPEERNAME, 85 OP_GETSOCKOPT, 86 OP_SETSOCKOPT, 87 OP_SOCK_SHUTDOWN, 88 89 OP_PTRACE, 90 91 OP_EXEC, 92 OP_CHANGE_HAT, 93 OP_CHANGE_PROFILE, 94 OP_CHANGE_ONEXEC, 95 96 OP_SETPROCATTR, 97 OP_SETRLIMIT, 98 99 OP_PROF_REPL, 100 OP_PROF_LOAD, 101 OP_PROF_RM, 102 }; 103 104 105 struct apparmor_audit_data { 106 int error; 107 int op; 108 int type; 109 void *profile; 110 const char *name; 111 const char *info; 112 struct task_struct *tsk; 113 union { 114 void *target; 115 struct { 116 long pos; 117 void *target; 118 } iface; 119 struct { 120 int rlim; 121 unsigned long max; 122 } rlim; 123 struct { 124 const char *target; 125 u32 request; 126 u32 denied; 127 kuid_t ouid; 128 } fs; 129 }; 130 }; 131 132 /* define a short hand for apparmor_audit_data structure */ 133 #define aad apparmor_audit_data 134 135 void aa_audit_msg(int type, struct common_audit_data *sa, 136 void (*cb) (struct audit_buffer *, void *)); 137 int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, 138 struct common_audit_data *sa, 139 void (*cb) (struct audit_buffer *, void *)); 140 141 static inline int complain_error(int error) 142 { 143 if (error == -EPERM || error == -EACCES) 144 return 0; 145 return error; 146 } 147 148 #endif /* __AA_AUDIT_H */ 149