133e65b0dSMickaël Salaün /* SPDX-License-Identifier: GPL-2.0-only */ 233e65b0dSMickaël Salaün /* 333e65b0dSMickaël Salaün * Landlock - Audit helpers 433e65b0dSMickaël Salaün * 533e65b0dSMickaël Salaün * Copyright © 2023-2025 Microsoft Corporation 633e65b0dSMickaël Salaün */ 733e65b0dSMickaël Salaün 833e65b0dSMickaël Salaün #ifndef _SECURITY_LANDLOCK_AUDIT_H 933e65b0dSMickaël Salaün #define _SECURITY_LANDLOCK_AUDIT_H 1033e65b0dSMickaël Salaün 1133e65b0dSMickaël Salaün #include <linux/audit.h> 1233e65b0dSMickaël Salaün #include <linux/lsm_audit.h> 1333e65b0dSMickaël Salaün 142fc80c69SMickaël Salaün #include "access.h" 1533e65b0dSMickaël Salaün #include "cred.h" 1633e65b0dSMickaël Salaün 1733e65b0dSMickaël Salaün enum landlock_request_type { 1833e65b0dSMickaël Salaün LANDLOCK_REQUEST_PTRACE = 1, 19c56f6496SMickaël Salaün LANDLOCK_REQUEST_FS_CHANGE_TOPOLOGY, 202fc80c69SMickaël Salaün LANDLOCK_REQUEST_FS_ACCESS, 219f74411aSMickaël Salaün LANDLOCK_REQUEST_NET_ACCESS, 22*1176a15bSMickaël Salaün LANDLOCK_REQUEST_SCOPE_ABSTRACT_UNIX_SOCKET, 23*1176a15bSMickaël Salaün LANDLOCK_REQUEST_SCOPE_SIGNAL, 2433e65b0dSMickaël Salaün }; 2533e65b0dSMickaël Salaün 2633e65b0dSMickaël Salaün /* 2733e65b0dSMickaël Salaün * We should be careful to only use a variable of this type for 2833e65b0dSMickaël Salaün * landlock_log_denial(). This way, the compiler can remove it entirely if 2933e65b0dSMickaël Salaün * CONFIG_AUDIT is not set. 3033e65b0dSMickaël Salaün */ 3133e65b0dSMickaël Salaün struct landlock_request { 3233e65b0dSMickaël Salaün /* Mandatory fields. */ 3333e65b0dSMickaël Salaün enum landlock_request_type type; 3433e65b0dSMickaël Salaün struct common_audit_data audit; 3533e65b0dSMickaël Salaün 3633e65b0dSMickaël Salaün /** 3733e65b0dSMickaël Salaün * layer_plus_one: First layer level that denies the request + 1. The 3833e65b0dSMickaël Salaün * extra one is useful to detect uninitialized field. 3933e65b0dSMickaël Salaün */ 4033e65b0dSMickaël Salaün size_t layer_plus_one; 412fc80c69SMickaël Salaün 422fc80c69SMickaël Salaün /* Required field for configurable access control. */ 432fc80c69SMickaël Salaün access_mask_t access; 442fc80c69SMickaël Salaün 452fc80c69SMickaël Salaün /* Required fields for requests with layer masks. */ 462fc80c69SMickaël Salaün const layer_mask_t (*layer_masks)[]; 472fc80c69SMickaël Salaün size_t layer_masks_size; 4820fd2954SMickaël Salaün 4920fd2954SMickaël Salaün /* Required fields for requests with deny masks. */ 5020fd2954SMickaël Salaün const access_mask_t all_existing_optional_access; 5120fd2954SMickaël Salaün deny_masks_t deny_masks; 5233e65b0dSMickaël Salaün }; 5333e65b0dSMickaël Salaün 5433e65b0dSMickaël Salaün #ifdef CONFIG_AUDIT 5533e65b0dSMickaël Salaün 561d636984SMickaël Salaün void landlock_log_drop_domain(const struct landlock_hierarchy *const hierarchy); 571d636984SMickaël Salaün 5833e65b0dSMickaël Salaün void landlock_log_denial(const struct landlock_cred_security *const subject, 5933e65b0dSMickaël Salaün const struct landlock_request *const request); 6033e65b0dSMickaël Salaün 6133e65b0dSMickaël Salaün #else /* CONFIG_AUDIT */ 6233e65b0dSMickaël Salaün 6333e65b0dSMickaël Salaün static inline void 641d636984SMickaël Salaün landlock_log_drop_domain(const struct landlock_hierarchy *const hierarchy) 651d636984SMickaël Salaün { 661d636984SMickaël Salaün } 671d636984SMickaël Salaün 681d636984SMickaël Salaün static inline void 6933e65b0dSMickaël Salaün landlock_log_denial(const struct landlock_cred_security *const subject, 7033e65b0dSMickaël Salaün const struct landlock_request *const request) 7133e65b0dSMickaël Salaün { 7233e65b0dSMickaël Salaün } 7333e65b0dSMickaël Salaün 7433e65b0dSMickaël Salaün #endif /* CONFIG_AUDIT */ 7533e65b0dSMickaël Salaün 7633e65b0dSMickaël Salaün #endif /* _SECURITY_LANDLOCK_AUDIT_H */ 77