xref: /linux/security/selinux/include/audit.h (revision a619fe35ab41fded440d3762d4fbad84ff86a4d4) 
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * SELinux support for the Audit LSM hooks
4  *
5  * Author: James Morris <jmorris@redhat.com>
6  *
7  * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
8  * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9  * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
10  */
11 
12 #ifndef _SELINUX_AUDIT_H
13 #define _SELINUX_AUDIT_H
14 
15 #include <linux/audit.h>
16 #include <linux/types.h>
17 
18 /**
19  * selinux_audit_rule_avc_callback - update the audit LSM rules on AVC events.
20  * @event: the AVC event
21  *
22  * Update any audit LSM rules based on the AVC event specified in @event.
23  * Returns 0 on success, negative values otherwise.
24  */
25 int selinux_audit_rule_avc_callback(u32 event);
26 
27 /**
28  * selinux_audit_rule_init - alloc/init an selinux audit rule structure.
29  * @field: the field this rule refers to
30  * @op: the operator the rule uses
31  * @rulestr: the text "target" of the rule
32  * @rule: pointer to the new rule structure returned via this
33  * @gfp: GFP flag used for kmalloc
34  *
35  * Returns 0 if successful, -errno if not.  On success, the rule structure
36  * will be allocated internally.  The caller must free this structure with
37  * selinux_audit_rule_free() after use.
38  */
39 int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule,
40 			    gfp_t gfp);
41 
42 /**
43  * selinux_audit_rule_free - free an selinux audit rule structure.
44  * @rule: pointer to the audit rule to be freed
45  *
46  * This will free all memory associated with the given rule.
47  * If @rule is NULL, no operation is performed.
48  */
49 void selinux_audit_rule_free(void *rule);
50 
51 /**
52  * selinux_audit_rule_match - determine if a context ID matches a rule.
53  * @prop: includes the context ID to check
54  * @field: the field this rule refers to
55  * @op: the operator the rule uses
56  * @rule: pointer to the audit rule to check against
57  *
58  * Returns 1 if the context id matches the rule, 0 if it does not, and
59  * -errno on failure.
60  */
61 int selinux_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,
62 			     void *rule);
63 
64 /**
65  * selinux_audit_rule_known - check to see if rule contains selinux fields.
66  * @rule: rule to be checked
67  * Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
68  */
69 int selinux_audit_rule_known(struct audit_krule *rule);
70 
71 #endif /* _SELINUX_AUDIT_H */
72