xref: /linux/kernel/audit.h (revision de2fe5e07d58424bc286fff3fd3c1b0bf933cd58) 
1 /* audit -- definition of audit_context structure and supporting types
2  *
3  * Copyright 2003-2004 Red Hat, Inc.
4  * Copyright 2005 Hewlett-Packard Development Company, L.P.
5  * Copyright 2005 IBM Corporation
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
20  */
21 
22 #include <linux/mutex.h>
23 #include <linux/fs.h>
24 #include <linux/audit.h>
25 
26 /* 0 = no checking
27    1 = put_count checking
28    2 = verbose put_count checking
29 */
30 #define AUDIT_DEBUG 0
31 
32 /* At task start time, the audit_state is set in the audit_context using
33    a per-task filter.  At syscall entry, the audit_state is augmented by
34    the syscall filter. */
35 enum audit_state {
36 	AUDIT_DISABLED,		/* Do not create per-task audit_context.
37 				 * No syscall-specific audit records can
38 				 * be generated. */
39 	AUDIT_SETUP_CONTEXT,	/* Create the per-task audit_context,
40 				 * but don't necessarily fill it in at
41 				 * syscall entry time (i.e., filter
42 				 * instead). */
43 	AUDIT_BUILD_CONTEXT,	/* Create the per-task audit_context,
44 				 * and always fill it in at syscall
45 				 * entry time.  This makes a full
46 				 * syscall record available if some
47 				 * other part of the kernel decides it
48 				 * should be recorded. */
49 	AUDIT_RECORD_CONTEXT	/* Create the per-task audit_context,
50 				 * always fill it in at syscall entry
51 				 * time, and always write out the audit
52 				 * record at syscall exit time.  */
53 };
54 
55 /* Rule lists */
56 struct audit_field {
57 	u32			type;
58 	u32			val;
59 	u32			op;
60 };
61 
62 struct audit_krule {
63 	int			vers_ops;
64 	u32			flags;
65 	u32			listnr;
66 	u32			action;
67 	u32			mask[AUDIT_BITMASK_SIZE];
68 	u32			buflen; /* for data alloc on list rules */
69 	u32			field_count;
70 	struct audit_field	*fields;
71 };
72 
73 struct audit_entry {
74 	struct list_head	list;
75 	struct rcu_head		rcu;
76 	struct audit_krule	rule;
77 };
78 
79 
80 extern int audit_pid;
81 extern int audit_comparator(const u32 left, const u32 op, const u32 right);
82 
83 extern void		    audit_send_reply(int pid, int seq, int type,
84 					     int done, int multi,
85 					     void *payload, int size);
86 extern void		    audit_log_lost(const char *message);
87 extern void		    audit_panic(const char *message);
88 extern struct mutex audit_netlink_mutex;
89