133e65b0dSMickaël Salaün /* SPDX-License-Identifier: GPL-2.0-only */ 233e65b0dSMickaël Salaün /* 333e65b0dSMickaël Salaün * Landlock - Audit helpers 433e65b0dSMickaël Salaün * 533e65b0dSMickaël Salaün * Copyright © 2023-2025 Microsoft Corporation 633e65b0dSMickaël Salaün */ 733e65b0dSMickaël Salaün 833e65b0dSMickaël Salaün #ifndef _SECURITY_LANDLOCK_AUDIT_H 933e65b0dSMickaël Salaün #define _SECURITY_LANDLOCK_AUDIT_H 1033e65b0dSMickaël Salaün 1133e65b0dSMickaël Salaün #include <linux/audit.h> 1233e65b0dSMickaël Salaün #include <linux/lsm_audit.h> 1333e65b0dSMickaël Salaün 14*2fc80c69SMickaël Salaün #include "access.h" 1533e65b0dSMickaël Salaün #include "cred.h" 1633e65b0dSMickaël Salaün 1733e65b0dSMickaël Salaün enum landlock_request_type { 1833e65b0dSMickaël Salaün LANDLOCK_REQUEST_PTRACE = 1, 19c56f6496SMickaël Salaün LANDLOCK_REQUEST_FS_CHANGE_TOPOLOGY, 20*2fc80c69SMickaël Salaün LANDLOCK_REQUEST_FS_ACCESS, 2133e65b0dSMickaël Salaün }; 2233e65b0dSMickaël Salaün 2333e65b0dSMickaël Salaün /* 2433e65b0dSMickaël Salaün * We should be careful to only use a variable of this type for 2533e65b0dSMickaël Salaün * landlock_log_denial(). This way, the compiler can remove it entirely if 2633e65b0dSMickaël Salaün * CONFIG_AUDIT is not set. 2733e65b0dSMickaël Salaün */ 2833e65b0dSMickaël Salaün struct landlock_request { 2933e65b0dSMickaël Salaün /* Mandatory fields. */ 3033e65b0dSMickaël Salaün enum landlock_request_type type; 3133e65b0dSMickaël Salaün struct common_audit_data audit; 3233e65b0dSMickaël Salaün 3333e65b0dSMickaël Salaün /** 3433e65b0dSMickaël Salaün * layer_plus_one: First layer level that denies the request + 1. The 3533e65b0dSMickaël Salaün * extra one is useful to detect uninitialized field. 3633e65b0dSMickaël Salaün */ 3733e65b0dSMickaël Salaün size_t layer_plus_one; 38*2fc80c69SMickaël Salaün 39*2fc80c69SMickaël Salaün /* Required field for configurable access control. */ 40*2fc80c69SMickaël Salaün access_mask_t access; 41*2fc80c69SMickaël Salaün 42*2fc80c69SMickaël Salaün /* Required fields for requests with layer masks. */ 43*2fc80c69SMickaël Salaün const layer_mask_t (*layer_masks)[]; 44*2fc80c69SMickaël Salaün size_t layer_masks_size; 4533e65b0dSMickaël Salaün }; 4633e65b0dSMickaël Salaün 4733e65b0dSMickaël Salaün #ifdef CONFIG_AUDIT 4833e65b0dSMickaël Salaün 491d636984SMickaël Salaün void landlock_log_drop_domain(const struct landlock_hierarchy *const hierarchy); 501d636984SMickaël Salaün 5133e65b0dSMickaël Salaün void landlock_log_denial(const struct landlock_cred_security *const subject, 5233e65b0dSMickaël Salaün const struct landlock_request *const request); 5333e65b0dSMickaël Salaün 5433e65b0dSMickaël Salaün #else /* CONFIG_AUDIT */ 5533e65b0dSMickaël Salaün 5633e65b0dSMickaël Salaün static inline void 571d636984SMickaël Salaün landlock_log_drop_domain(const struct landlock_hierarchy *const hierarchy) 581d636984SMickaël Salaün { 591d636984SMickaël Salaün } 601d636984SMickaël Salaün 611d636984SMickaël Salaün static inline void 6233e65b0dSMickaël Salaün landlock_log_denial(const struct landlock_cred_security *const subject, 6333e65b0dSMickaël Salaün const struct landlock_request *const request) 6433e65b0dSMickaël Salaün { 6533e65b0dSMickaël Salaün } 6633e65b0dSMickaël Salaün 6733e65b0dSMickaël Salaün #endif /* CONFIG_AUDIT */ 6833e65b0dSMickaël Salaün 6933e65b0dSMickaël Salaün #endif /* _SECURITY_LANDLOCK_AUDIT_H */ 70