2010-07-30 01:47:58 +04:00
|
|
|
/*
|
|
|
|
* AppArmor security module
|
|
|
|
*
|
|
|
|
* This file contains AppArmor auditing function definitions.
|
|
|
|
*
|
|
|
|
* Copyright (C) 1998-2008 Novell/SUSE
|
|
|
|
* Copyright 2009-2010 Canonical Ltd.
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License as
|
|
|
|
* published by the Free Software Foundation, version 2 of the
|
|
|
|
* License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __AA_AUDIT_H
|
|
|
|
#define __AA_AUDIT_H
|
|
|
|
|
|
|
|
#include <linux/audit.h>
|
|
|
|
#include <linux/fs.h>
|
|
|
|
#include <linux/lsm_audit.h>
|
|
|
|
#include <linux/sched.h>
|
|
|
|
#include <linux/slab.h>
|
|
|
|
|
|
|
|
#include "file.h"
|
|
|
|
|
|
|
|
struct aa_profile;
|
|
|
|
|
2012-03-14 16:30:36 +04:00
|
|
|
extern const char *const audit_mode_names[];
|
2010-07-30 01:47:58 +04:00
|
|
|
#define AUDIT_MAX_INDEX 5
|
|
|
|
|
|
|
|
enum audit_mode {
|
|
|
|
AUDIT_NORMAL, /* follow normal auditing of accesses */
|
|
|
|
AUDIT_QUIET_DENIED, /* quiet all denied access messages */
|
|
|
|
AUDIT_QUIET, /* quiet all messages */
|
|
|
|
AUDIT_NOQUIET, /* do not quiet audit messages */
|
|
|
|
AUDIT_ALL /* audit all accesses */
|
|
|
|
};
|
|
|
|
|
|
|
|
enum audit_type {
|
|
|
|
AUDIT_APPARMOR_AUDIT,
|
|
|
|
AUDIT_APPARMOR_ALLOWED,
|
|
|
|
AUDIT_APPARMOR_DENIED,
|
|
|
|
AUDIT_APPARMOR_HINT,
|
|
|
|
AUDIT_APPARMOR_STATUS,
|
|
|
|
AUDIT_APPARMOR_ERROR,
|
2012-02-22 12:20:26 +04:00
|
|
|
AUDIT_APPARMOR_KILL,
|
|
|
|
AUDIT_APPARMOR_AUTO
|
2010-07-30 01:47:58 +04:00
|
|
|
};
|
|
|
|
|
2012-03-14 16:30:36 +04:00
|
|
|
extern const char *const op_table[];
|
2010-07-30 01:47:58 +04:00
|
|
|
enum aa_ops {
|
|
|
|
OP_NULL,
|
|
|
|
|
|
|
|
OP_SYSCTL,
|
|
|
|
OP_CAPABLE,
|
|
|
|
|
|
|
|
OP_UNLINK,
|
|
|
|
OP_MKDIR,
|
|
|
|
OP_RMDIR,
|
|
|
|
OP_MKNOD,
|
|
|
|
OP_TRUNC,
|
|
|
|
OP_LINK,
|
|
|
|
OP_SYMLINK,
|
|
|
|
OP_RENAME_SRC,
|
|
|
|
OP_RENAME_DEST,
|
|
|
|
OP_CHMOD,
|
|
|
|
OP_CHOWN,
|
|
|
|
OP_GETATTR,
|
|
|
|
OP_OPEN,
|
|
|
|
|
|
|
|
OP_FPERM,
|
|
|
|
OP_FLOCK,
|
|
|
|
OP_FMMAP,
|
|
|
|
OP_FMPROT,
|
|
|
|
|
|
|
|
OP_CREATE,
|
|
|
|
OP_POST_CREATE,
|
|
|
|
OP_BIND,
|
|
|
|
OP_CONNECT,
|
|
|
|
OP_LISTEN,
|
|
|
|
OP_ACCEPT,
|
|
|
|
OP_SENDMSG,
|
|
|
|
OP_RECVMSG,
|
|
|
|
OP_GETSOCKNAME,
|
|
|
|
OP_GETPEERNAME,
|
|
|
|
OP_GETSOCKOPT,
|
|
|
|
OP_SETSOCKOPT,
|
|
|
|
OP_SOCK_SHUTDOWN,
|
|
|
|
|
|
|
|
OP_PTRACE,
|
|
|
|
|
|
|
|
OP_EXEC,
|
|
|
|
OP_CHANGE_HAT,
|
|
|
|
OP_CHANGE_PROFILE,
|
|
|
|
OP_CHANGE_ONEXEC,
|
|
|
|
|
|
|
|
OP_SETPROCATTR,
|
|
|
|
OP_SETRLIMIT,
|
|
|
|
|
|
|
|
OP_PROF_REPL,
|
|
|
|
OP_PROF_LOAD,
|
|
|
|
OP_PROF_RM,
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2012-04-03 20:37:02 +04:00
|
|
|
struct apparmor_audit_data {
|
|
|
|
int error;
|
|
|
|
int op;
|
|
|
|
int type;
|
|
|
|
void *profile;
|
|
|
|
const char *name;
|
|
|
|
const char *info;
|
2012-04-04 23:01:42 +04:00
|
|
|
struct task_struct *tsk;
|
2012-04-03 20:37:02 +04:00
|
|
|
union {
|
|
|
|
void *target;
|
|
|
|
struct {
|
|
|
|
long pos;
|
|
|
|
void *target;
|
|
|
|
} iface;
|
|
|
|
struct {
|
|
|
|
int rlim;
|
|
|
|
unsigned long max;
|
|
|
|
} rlim;
|
|
|
|
struct {
|
|
|
|
const char *target;
|
|
|
|
u32 request;
|
|
|
|
u32 denied;
|
2012-02-08 04:33:13 +04:00
|
|
|
kuid_t ouid;
|
2012-04-03 20:37:02 +04:00
|
|
|
} fs;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
/* define a short hand for apparmor_audit_data structure */
|
2010-07-30 01:47:58 +04:00
|
|
|
#define aad apparmor_audit_data
|
|
|
|
|
|
|
|
void aa_audit_msg(int type, struct common_audit_data *sa,
|
|
|
|
void (*cb) (struct audit_buffer *, void *));
|
|
|
|
int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
|
|
|
|
struct common_audit_data *sa,
|
|
|
|
void (*cb) (struct audit_buffer *, void *));
|
|
|
|
|
|
|
|
static inline int complain_error(int error)
|
|
|
|
{
|
|
|
|
if (error == -EPERM || error == -EACCES)
|
|
|
|
return 0;
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* __AA_AUDIT_H */
|