xref: /linux/security/selinux/include/audit.h (revision 4b132aacb0768ac1e652cf517097ea6f237214b9)
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * SELinux support for the Audit LSM hooks
4  *
5  * Author: James Morris <jmorris@redhat.com>
6  *
7  * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
8  * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9  * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
10  */
11 
12 #ifndef _SELINUX_AUDIT_H
13 #define _SELINUX_AUDIT_H
14 
15 #include <linux/audit.h>
16 #include <linux/types.h>
17 
18 /**
19  *	selinux_audit_rule_init - alloc/init an selinux audit rule structure.
20  *	@field: the field this rule refers to
21  *	@op: the operator the rule uses
22  *	@rulestr: the text "target" of the rule
23  *	@rule: pointer to the new rule structure returned via this
24  *	@gfp: GFP flag used for kmalloc
25  *
26  *	Returns 0 if successful, -errno if not.  On success, the rule structure
27  *	will be allocated internally.  The caller must free this structure with
28  *	selinux_audit_rule_free() after use.
29  */
30 int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule,
31 			    gfp_t gfp);
32 
33 /**
34  *	selinux_audit_rule_free - free an selinux audit rule structure.
35  *	@rule: pointer to the audit rule to be freed
36  *
37  *	This will free all memory associated with the given rule.
38  *	If @rule is NULL, no operation is performed.
39  */
40 void selinux_audit_rule_free(void *rule);
41 
42 /**
43  *	selinux_audit_rule_match - determine if a context ID matches a rule.
44  *	@sid: the context ID to check
45  *	@field: the field this rule refers to
46  *	@op: the operator the rule uses
47  *	@rule: pointer to the audit rule to check against
48  *
49  *	Returns 1 if the context id matches the rule, 0 if it does not, and
50  *	-errno on failure.
51  */
52 int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule);
53 
54 /**
55  *	selinux_audit_rule_known - check to see if rule contains selinux fields.
56  *	@rule: rule to be checked
57  *	Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
58  */
59 int selinux_audit_rule_known(struct audit_krule *rule);
60 
61 #endif /* _SELINUX_AUDIT_H */
62