1 /*
2  * AppArmor security module
3  *
4  * This file contains AppArmor auditing function definitions.
5  *
6  * Copyright (C) 1998-2008 Novell/SUSE
7  * Copyright 2009-2010 Canonical Ltd.
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as
11  * published by the Free Software Foundation, version 2 of the
12  * License.
13  */
14 
15 #ifndef __AA_AUDIT_H
16 #define __AA_AUDIT_H
17 
18 #include <linux/audit.h>
19 #include <linux/fs.h>
20 #include <linux/lsm_audit.h>
21 #include <linux/sched.h>
22 #include <linux/slab.h>
23 
24 #include "file.h"
25 
26 struct aa_profile;
27 
28 extern const char *const audit_mode_names[];
29 #define AUDIT_MAX_INDEX 5
30 enum audit_mode {
31 	AUDIT_NORMAL,		/* follow normal auditing of accesses */
32 	AUDIT_QUIET_DENIED,	/* quiet all denied access messages */
33 	AUDIT_QUIET,		/* quiet all messages */
34 	AUDIT_NOQUIET,		/* do not quiet audit messages */
35 	AUDIT_ALL		/* audit all accesses */
36 };
37 
38 enum audit_type {
39 	AUDIT_APPARMOR_AUDIT,
40 	AUDIT_APPARMOR_ALLOWED,
41 	AUDIT_APPARMOR_DENIED,
42 	AUDIT_APPARMOR_HINT,
43 	AUDIT_APPARMOR_STATUS,
44 	AUDIT_APPARMOR_ERROR,
45 	AUDIT_APPARMOR_KILL,
46 	AUDIT_APPARMOR_AUTO
47 };
48 
49 extern const char *const op_table[];
50 enum aa_ops {
51 	OP_NULL,
52 
53 	OP_SYSCTL,
54 	OP_CAPABLE,
55 
56 	OP_UNLINK,
57 	OP_MKDIR,
58 	OP_RMDIR,
59 	OP_MKNOD,
60 	OP_TRUNC,
61 	OP_LINK,
62 	OP_SYMLINK,
63 	OP_RENAME_SRC,
64 	OP_RENAME_DEST,
65 	OP_CHMOD,
66 	OP_CHOWN,
67 	OP_GETATTR,
68 	OP_OPEN,
69 
70 	OP_FPERM,
71 	OP_FLOCK,
72 	OP_FMMAP,
73 	OP_FMPROT,
74 
75 	OP_CREATE,
76 	OP_POST_CREATE,
77 	OP_BIND,
78 	OP_CONNECT,
79 	OP_LISTEN,
80 	OP_ACCEPT,
81 	OP_SENDMSG,
82 	OP_RECVMSG,
83 	OP_GETSOCKNAME,
84 	OP_GETPEERNAME,
85 	OP_GETSOCKOPT,
86 	OP_SETSOCKOPT,
87 	OP_SOCK_SHUTDOWN,
88 
89 	OP_PTRACE,
90 
91 	OP_EXEC,
92 	OP_CHANGE_HAT,
93 	OP_CHANGE_PROFILE,
94 	OP_CHANGE_ONEXEC,
95 
96 	OP_SETPROCATTR,
97 	OP_SETRLIMIT,
98 
99 	OP_PROF_REPL,
100 	OP_PROF_LOAD,
101 	OP_PROF_RM,
102 };
103 
104 
105 struct apparmor_audit_data {
106 	int error;
107 	int op;
108 	int type;
109 	void *profile;
110 	const char *name;
111 	const char *info;
112 	struct task_struct *tsk;
113 	union {
114 		void *target;
115 		struct {
116 			long pos;
117 			void *target;
118 		} iface;
119 		struct {
120 			int rlim;
121 			unsigned long max;
122 		} rlim;
123 		struct {
124 			const char *target;
125 			u32 request;
126 			u32 denied;
127 			kuid_t ouid;
128 		} fs;
129 	};
130 };
131 
132 /* define a short hand for apparmor_audit_data structure */
133 #define aad apparmor_audit_data
134 
135 void aa_audit_msg(int type, struct common_audit_data *sa,
136 		  void (*cb) (struct audit_buffer *, void *));
137 int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
138 	     struct common_audit_data *sa,
139 	     void (*cb) (struct audit_buffer *, void *));
140 
141 static inline int complain_error(int error)
142 {
143 	if (error == -EPERM || error == -EACCES)
144 		return 0;
145 	return error;
146 }
147 
148 #endif /* __AA_AUDIT_H */
149