1 /* 2 * AppArmor security module 3 * 4 * This file contains AppArmor auditing function definitions. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15 #ifndef __AA_AUDIT_H 16 #define __AA_AUDIT_H 17 18 #include <linux/audit.h> 19 #include <linux/fs.h> 20 #include <linux/lsm_audit.h> 21 #include <linux/sched.h> 22 #include <linux/slab.h> 23 24 #include "file.h" 25 26 struct aa_profile; 27 28 extern const char *const audit_mode_names[]; 29 #define AUDIT_MAX_INDEX 5 30 31 enum audit_mode { 32 AUDIT_NORMAL, /* follow normal auditing of accesses */ 33 AUDIT_QUIET_DENIED, /* quiet all denied access messages */ 34 AUDIT_QUIET, /* quiet all messages */ 35 AUDIT_NOQUIET, /* do not quiet audit messages */ 36 AUDIT_ALL /* audit all accesses */ 37 }; 38 39 enum audit_type { 40 AUDIT_APPARMOR_AUDIT, 41 AUDIT_APPARMOR_ALLOWED, 42 AUDIT_APPARMOR_DENIED, 43 AUDIT_APPARMOR_HINT, 44 AUDIT_APPARMOR_STATUS, 45 AUDIT_APPARMOR_ERROR, 46 AUDIT_APPARMOR_KILL, 47 AUDIT_APPARMOR_AUTO 48 }; 49 50 extern const char *const op_table[]; 51 enum aa_ops { 52 OP_NULL, 53 54 OP_SYSCTL, 55 OP_CAPABLE, 56 57 OP_UNLINK, 58 OP_MKDIR, 59 OP_RMDIR, 60 OP_MKNOD, 61 OP_TRUNC, 62 OP_LINK, 63 OP_SYMLINK, 64 OP_RENAME_SRC, 65 OP_RENAME_DEST, 66 OP_CHMOD, 67 OP_CHOWN, 68 OP_GETATTR, 69 OP_OPEN, 70 71 OP_FPERM, 72 OP_FLOCK, 73 OP_FMMAP, 74 OP_FMPROT, 75 76 OP_CREATE, 77 OP_POST_CREATE, 78 OP_BIND, 79 OP_CONNECT, 80 OP_LISTEN, 81 OP_ACCEPT, 82 OP_SENDMSG, 83 OP_RECVMSG, 84 OP_GETSOCKNAME, 85 OP_GETPEERNAME, 86 OP_GETSOCKOPT, 87 OP_SETSOCKOPT, 88 OP_SOCK_SHUTDOWN, 89 90 OP_PTRACE, 91 92 OP_EXEC, 93 OP_CHANGE_HAT, 94 OP_CHANGE_PROFILE, 95 OP_CHANGE_ONEXEC, 96 97 OP_SETPROCATTR, 98 OP_SETRLIMIT, 99 100 OP_PROF_REPL, 101 OP_PROF_LOAD, 102 OP_PROF_RM, 103 }; 104 105 106 struct apparmor_audit_data { 107 int error; 108 int op; 109 int type; 110 void *profile; 111 const char *name; 112 const char *info; 113 struct task_struct *tsk; 114 union { 115 void *target; 116 struct { 117 long pos; 118 void *target; 119 } iface; 120 struct { 121 int rlim; 122 unsigned long max; 123 } rlim; 124 struct { 125 const char *target; 126 u32 request; 127 u32 denied; 128 uid_t ouid; 129 } fs; 130 }; 131 }; 132 133 /* define a short hand for apparmor_audit_data structure */ 134 #define aad apparmor_audit_data 135 136 void aa_audit_msg(int type, struct common_audit_data *sa, 137 void (*cb) (struct audit_buffer *, void *)); 138 int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, 139 struct common_audit_data *sa, 140 void (*cb) (struct audit_buffer *, void *)); 141 142 static inline int complain_error(int error) 143 { 144 if (error == -EPERM || error == -EACCES) 145 return 0; 146 return error; 147 } 148 149 #endif /* __AA_AUDIT_H */ 150