xref: /linux/security/selinux/include/audit.h (revision ca55b2fef3a9373fcfc30f82fd26bc7fccbda732)
1 /*
2  * SELinux support for the Audit LSM hooks
3  *
4  * Most of below header was moved from include/linux/selinux.h which
5  * is released under below copyrights:
6  *
7  * Author: James Morris <jmorris@redhat.com>
8  *
9  * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
10  * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
11  * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
12  *
13  * This program is free software; you can redistribute it and/or modify
14  * it under the terms of the GNU General Public License version 2,
15  * as published by the Free Software Foundation.
16  */
17 
18 #ifndef _SELINUX_AUDIT_H
19 #define _SELINUX_AUDIT_H
20 
21 /**
22  *	selinux_audit_rule_init - alloc/init an selinux audit rule structure.
23  *	@field: the field this rule refers to
24  *	@op: the operater the rule uses
25  *	@rulestr: the text "target" of the rule
26  *	@rule: pointer to the new rule structure returned via this
27  *
28  *	Returns 0 if successful, -errno if not.  On success, the rule structure
29  *	will be allocated internally.  The caller must free this structure with
30  *	selinux_audit_rule_free() after use.
31  */
32 int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule);
33 
34 /**
35  *	selinux_audit_rule_free - free an selinux audit rule structure.
36  *	@rule: pointer to the audit rule to be freed
37  *
38  *	This will free all memory associated with the given rule.
39  *	If @rule is NULL, no operation is performed.
40  */
41 void selinux_audit_rule_free(void *rule);
42 
43 /**
44  *	selinux_audit_rule_match - determine if a context ID matches a rule.
45  *	@sid: the context ID to check
46  *	@field: the field this rule refers to
47  *	@op: the operater the rule uses
48  *	@rule: pointer to the audit rule to check against
49  *	@actx: the audit context (can be NULL) associated with the check
50  *
51  *	Returns 1 if the context id matches the rule, 0 if it does not, and
52  *	-errno on failure.
53  */
54 int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,
55 			     struct audit_context *actx);
56 
57 /**
58  *	selinux_audit_rule_known - check to see if rule contains selinux fields.
59  *	@rule: rule to be checked
60  *	Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
61  */
62 int selinux_audit_rule_known(struct audit_krule *krule);
63 
64 #endif /* _SELINUX_AUDIT_H */
65 
66