67012e8209
Update lsm_audit for AppArmor specific data, and add the core routines for AppArmor uses for auditing. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
123 lines
2.3 KiB
C
123 lines
2.3 KiB
C
/*
|
|
* AppArmor security module
|
|
*
|
|
* This file contains AppArmor auditing function definitions.
|
|
*
|
|
* Copyright (C) 1998-2008 Novell/SUSE
|
|
* Copyright 2009-2010 Canonical Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as
|
|
* published by the Free Software Foundation, version 2 of the
|
|
* License.
|
|
*/
|
|
|
|
#ifndef __AA_AUDIT_H
|
|
#define __AA_AUDIT_H
|
|
|
|
#include <linux/audit.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/lsm_audit.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/slab.h>
|
|
|
|
#include "file.h"
|
|
|
|
struct aa_profile;
|
|
|
|
extern const char *audit_mode_names[];
|
|
#define AUDIT_MAX_INDEX 5
|
|
|
|
#define AUDIT_APPARMOR_AUTO 0 /* auto choose audit message type */
|
|
|
|
enum audit_mode {
|
|
AUDIT_NORMAL, /* follow normal auditing of accesses */
|
|
AUDIT_QUIET_DENIED, /* quiet all denied access messages */
|
|
AUDIT_QUIET, /* quiet all messages */
|
|
AUDIT_NOQUIET, /* do not quiet audit messages */
|
|
AUDIT_ALL /* audit all accesses */
|
|
};
|
|
|
|
enum audit_type {
|
|
AUDIT_APPARMOR_AUDIT,
|
|
AUDIT_APPARMOR_ALLOWED,
|
|
AUDIT_APPARMOR_DENIED,
|
|
AUDIT_APPARMOR_HINT,
|
|
AUDIT_APPARMOR_STATUS,
|
|
AUDIT_APPARMOR_ERROR,
|
|
AUDIT_APPARMOR_KILL
|
|
};
|
|
|
|
extern const char *op_table[];
|
|
enum aa_ops {
|
|
OP_NULL,
|
|
|
|
OP_SYSCTL,
|
|
OP_CAPABLE,
|
|
|
|
OP_UNLINK,
|
|
OP_MKDIR,
|
|
OP_RMDIR,
|
|
OP_MKNOD,
|
|
OP_TRUNC,
|
|
OP_LINK,
|
|
OP_SYMLINK,
|
|
OP_RENAME_SRC,
|
|
OP_RENAME_DEST,
|
|
OP_CHMOD,
|
|
OP_CHOWN,
|
|
OP_GETATTR,
|
|
OP_OPEN,
|
|
|
|
OP_FPERM,
|
|
OP_FLOCK,
|
|
OP_FMMAP,
|
|
OP_FMPROT,
|
|
|
|
OP_CREATE,
|
|
OP_POST_CREATE,
|
|
OP_BIND,
|
|
OP_CONNECT,
|
|
OP_LISTEN,
|
|
OP_ACCEPT,
|
|
OP_SENDMSG,
|
|
OP_RECVMSG,
|
|
OP_GETSOCKNAME,
|
|
OP_GETPEERNAME,
|
|
OP_GETSOCKOPT,
|
|
OP_SETSOCKOPT,
|
|
OP_SOCK_SHUTDOWN,
|
|
|
|
OP_PTRACE,
|
|
|
|
OP_EXEC,
|
|
OP_CHANGE_HAT,
|
|
OP_CHANGE_PROFILE,
|
|
OP_CHANGE_ONEXEC,
|
|
|
|
OP_SETPROCATTR,
|
|
OP_SETRLIMIT,
|
|
|
|
OP_PROF_REPL,
|
|
OP_PROF_LOAD,
|
|
OP_PROF_RM,
|
|
};
|
|
|
|
|
|
/* define a short hand for apparmor_audit_data portion of common_audit_data */
|
|
#define aad apparmor_audit_data
|
|
|
|
void aa_audit_msg(int type, struct common_audit_data *sa,
|
|
void (*cb) (struct audit_buffer *, void *));
|
|
int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
|
|
struct common_audit_data *sa,
|
|
void (*cb) (struct audit_buffer *, void *));
|
|
|
|
static inline int complain_error(int error)
|
|
{
|
|
if (error == -EPERM || error == -EACCES)
|
|
return 0;
|
|
return error;
|
|
}
|
|
|
|
#endif /* __AA_AUDIT_H */
|