xref: /linux/security/apparmor/include/audit.h (revision 26b0d14106954ae46d2f4f7eec3481828a210f7d)
1 /*
2  * AppArmor security module
3  *
4  * This file contains AppArmor auditing function definitions.
5  *
6  * Copyright (C) 1998-2008 Novell/SUSE
7  * Copyright 2009-2010 Canonical Ltd.
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as
11  * published by the Free Software Foundation, version 2 of the
12  * License.
13  */
14 
15 #ifndef __AA_AUDIT_H
16 #define __AA_AUDIT_H
17 
18 #include <linux/audit.h>
19 #include <linux/fs.h>
20 #include <linux/lsm_audit.h>
21 #include <linux/sched.h>
22 #include <linux/slab.h>
23 
24 #include "file.h"
25 
26 struct aa_profile;
27 
28 extern const char *const audit_mode_names[];
29 #define AUDIT_MAX_INDEX 5
30 
31 enum audit_mode {
32 	AUDIT_NORMAL,		/* follow normal auditing of accesses */
33 	AUDIT_QUIET_DENIED,	/* quiet all denied access messages */
34 	AUDIT_QUIET,		/* quiet all messages */
35 	AUDIT_NOQUIET,		/* do not quiet audit messages */
36 	AUDIT_ALL		/* audit all accesses */
37 };
38 
39 enum audit_type {
40 	AUDIT_APPARMOR_AUDIT,
41 	AUDIT_APPARMOR_ALLOWED,
42 	AUDIT_APPARMOR_DENIED,
43 	AUDIT_APPARMOR_HINT,
44 	AUDIT_APPARMOR_STATUS,
45 	AUDIT_APPARMOR_ERROR,
46 	AUDIT_APPARMOR_KILL,
47 	AUDIT_APPARMOR_AUTO
48 };
49 
50 extern const char *const op_table[];
51 enum aa_ops {
52 	OP_NULL,
53 
54 	OP_SYSCTL,
55 	OP_CAPABLE,
56 
57 	OP_UNLINK,
58 	OP_MKDIR,
59 	OP_RMDIR,
60 	OP_MKNOD,
61 	OP_TRUNC,
62 	OP_LINK,
63 	OP_SYMLINK,
64 	OP_RENAME_SRC,
65 	OP_RENAME_DEST,
66 	OP_CHMOD,
67 	OP_CHOWN,
68 	OP_GETATTR,
69 	OP_OPEN,
70 
71 	OP_FPERM,
72 	OP_FLOCK,
73 	OP_FMMAP,
74 	OP_FMPROT,
75 
76 	OP_CREATE,
77 	OP_POST_CREATE,
78 	OP_BIND,
79 	OP_CONNECT,
80 	OP_LISTEN,
81 	OP_ACCEPT,
82 	OP_SENDMSG,
83 	OP_RECVMSG,
84 	OP_GETSOCKNAME,
85 	OP_GETPEERNAME,
86 	OP_GETSOCKOPT,
87 	OP_SETSOCKOPT,
88 	OP_SOCK_SHUTDOWN,
89 
90 	OP_PTRACE,
91 
92 	OP_EXEC,
93 	OP_CHANGE_HAT,
94 	OP_CHANGE_PROFILE,
95 	OP_CHANGE_ONEXEC,
96 
97 	OP_SETPROCATTR,
98 	OP_SETRLIMIT,
99 
100 	OP_PROF_REPL,
101 	OP_PROF_LOAD,
102 	OP_PROF_RM,
103 };
104 
105 
106 struct apparmor_audit_data {
107 	int error;
108 	int op;
109 	int type;
110 	void *profile;
111 	const char *name;
112 	const char *info;
113 	struct task_struct *tsk;
114 	union {
115 		void *target;
116 		struct {
117 			long pos;
118 			void *target;
119 		} iface;
120 		struct {
121 			int rlim;
122 			unsigned long max;
123 		} rlim;
124 		struct {
125 			const char *target;
126 			u32 request;
127 			u32 denied;
128 			uid_t ouid;
129 		} fs;
130 	};
131 };
132 
133 /* define a short hand for apparmor_audit_data structure */
134 #define aad apparmor_audit_data
135 
136 void aa_audit_msg(int type, struct common_audit_data *sa,
137 		  void (*cb) (struct audit_buffer *, void *));
138 int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
139 	     struct common_audit_data *sa,
140 	     void (*cb) (struct audit_buffer *, void *));
141 
142 static inline int complain_error(int error)
143 {
144 	if (error == -EPERM || error == -EACCES)
145 		return 0;
146 	return error;
147 }
148 
149 #endif /* __AA_AUDIT_H */
150