CoCalc -- audit.h

GitHub Repository: torvalds/linux
Path: blob/master/security/apparmor/include/audit.h
²⁶⁴³⁹ views
1
/* SPDX-License-Identifier: GPL-2.0-only */
2
/*
3
 * AppArmor security module
4
 *
5
 * This file contains AppArmor auditing function definitions.
6
 *
7
 * Copyright (C) 1998-2008 Novell/SUSE
8
 * Copyright 2009-2010 Canonical Ltd.
9
 */
10

11
#ifndef __AA_AUDIT_H
12
#define __AA_AUDIT_H
13

14
#include <linux/audit.h>
15
#include <linux/fs.h>
16
#include <linux/lsm_audit.h>
17
#include <linux/sched.h>
18
#include <linux/slab.h>
19

20
#include "file.h"
21
#include "label.h"
22

23
extern const char *const audit_mode_names[];
24
#define AUDIT_MAX_INDEX 5
25
enum audit_mode {
26
	AUDIT_NORMAL,		/* follow normal auditing of accesses */
27
	AUDIT_QUIET_DENIED,	/* quiet all denied access messages */
28
	AUDIT_QUIET,		/* quiet all messages */
29
	AUDIT_NOQUIET,		/* do not quiet audit messages */
30
	AUDIT_ALL		/* audit all accesses */
31
};
32

33
enum audit_type {
34
	AUDIT_APPARMOR_AUDIT,
35
	AUDIT_APPARMOR_ALLOWED,
36
	AUDIT_APPARMOR_DENIED,
37
	AUDIT_APPARMOR_HINT,
38
	AUDIT_APPARMOR_STATUS,
39
	AUDIT_APPARMOR_ERROR,
40
	AUDIT_APPARMOR_KILL,
41
	AUDIT_APPARMOR_AUTO
42
};
43

44
#define OP_NULL NULL
45

46
#define OP_SYSCTL "sysctl"
47
#define OP_CAPABLE "capable"
48

49
#define OP_UNLINK "unlink"
50
#define OP_MKDIR "mkdir"
51
#define OP_RMDIR "rmdir"
52
#define OP_MKNOD "mknod"
53
#define OP_TRUNC "truncate"
54
#define OP_LINK "link"
55
#define OP_SYMLINK "symlink"
56
#define OP_RENAME_SRC "rename_src"
57
#define OP_RENAME_DEST "rename_dest"
58
#define OP_CHMOD "chmod"
59
#define OP_CHOWN "chown"
60
#define OP_GETATTR "getattr"
61
#define OP_OPEN "open"
62

63
#define OP_FRECEIVE "file_receive"
64
#define OP_FPERM "file_perm"
65
#define OP_FLOCK "file_lock"
66
#define OP_FMMAP "file_mmap"
67
#define OP_FMPROT "file_mprotect"
68
#define OP_INHERIT "file_inherit"
69

70
#define OP_PIVOTROOT "pivotroot"
71
#define OP_MOUNT "mount"
72
#define OP_UMOUNT "umount"
73

74
#define OP_CREATE "create"
75
#define OP_POST_CREATE "post_create"
76
#define OP_BIND "bind"
77
#define OP_CONNECT "connect"
78
#define OP_LISTEN "listen"
79
#define OP_ACCEPT "accept"
80
#define OP_SENDMSG "sendmsg"
81
#define OP_RECVMSG "recvmsg"
82
#define OP_GETSOCKNAME "getsockname"
83
#define OP_GETPEERNAME "getpeername"
84
#define OP_GETSOCKOPT "getsockopt"
85
#define OP_SETSOCKOPT "setsockopt"
86
#define OP_SHUTDOWN "socket_shutdown"
87

88
#define OP_PTRACE "ptrace"
89
#define OP_SIGNAL "signal"
90

91
#define OP_EXEC "exec"
92

93
#define OP_CHANGE_HAT "change_hat"
94
#define OP_CHANGE_PROFILE "change_profile"
95
#define OP_CHANGE_ONEXEC "change_onexec"
96
#define OP_STACK "stack"
97
#define OP_STACK_ONEXEC "stack_onexec"
98

99
#define OP_SETPROCATTR "setprocattr"
100
#define OP_SETRLIMIT "setrlimit"
101

102
#define OP_PROF_REPL "profile_replace"
103
#define OP_PROF_LOAD "profile_load"
104
#define OP_PROF_RM "profile_remove"
105

106
#define OP_USERNS_CREATE "userns_create"
107

108
#define OP_URING_OVERRIDE "uring_override"
109
#define OP_URING_SQPOLL "uring_sqpoll"
110

111
struct apparmor_audit_data {
112
	int error;
113
	int type;
114
	u16 class;
115
	const char *op;
116
	const struct cred *subj_cred;
117
	struct aa_label *subj_label;
118
	const char *name;
119
	const char *info;
120
	u32 request;
121
	u32 denied;
122
	union {
123
		/* these entries require a custom callback fn */
124
		struct {
125
			struct aa_label *peer;
126
			union {
127
				struct {
128
					const char *target;
129
					kuid_t ouid;
130
				} fs;
131
				struct {
132
					int rlim;
133
					unsigned long max;
134
				} rlim;
135
				struct {
136
					int signal;
137
					int unmappedsig;
138
				};
139
				struct {
140
					int type, protocol;
141
					void *addr;
142
					int addrlen;
143
					struct {
144
						void *addr;
145
						int addrlen;
146
					} peer;
147
				} net;
148
			};
149
		};
150
		struct {
151
			struct aa_profile *profile;
152
			const char *ns;
153
			long pos;
154
		} iface;
155
		struct {
156
			const char *src_name;
157
			const char *type;
158
			const char *trans;
159
			const char *data;
160
			unsigned long flags;
161
		} mnt;
162
		struct {
163
			struct aa_label *target;
164
		} uring;
165
	};
166

167
	struct common_audit_data common;
168
};
169

170
/* macros for dealing with  apparmor_audit_data structure */
171
#define aad(SA) (container_of(SA, struct apparmor_audit_data, common))
172
#define aad_of_va(VA) aad((struct common_audit_data *)(VA))
173

174
#define DEFINE_AUDIT_DATA(NAME, T, C, X)				\
175
	/* TODO: cleanup audit init so we don't need _aad = {0,} */	\
176
	struct apparmor_audit_data NAME = {				\
177
		.class = (C),						\
178
		.op = (X),                                              \
179
		.common.type = (T),					\
180
		.common.u.tsk = NULL,					\
181
		.common.apparmor_audit_data = &NAME,			\
182
	};
183

184
void aa_audit_msg(int type, struct apparmor_audit_data *ad,
185
		  void (*cb) (struct audit_buffer *, void *));
186
int aa_audit(int type, struct aa_profile *profile,
187
	     struct apparmor_audit_data *ad,
188
	     void (*cb) (struct audit_buffer *, void *));
189

190
#define aa_audit_error(ERROR, AD, CB)				\
191
({								\
192
	(AD)->error = (ERROR);					\
193
	aa_audit_msg(AUDIT_APPARMOR_ERROR, (AD), (CB));		\
194
	(AD)->error;					\
195
})
196

197

198
static inline int complain_error(int error)
199
{
200
	if (error == -EPERM || error == -EACCES)
201
		return 0;
202
	return error;
203
}
204

205
void aa_audit_rule_free(void *vrule);
206
int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, gfp_t gfp);
207
int aa_audit_rule_known(struct audit_krule *rule);
208
int aa_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op, void *vrule);
209

210
#endif /* __AA_AUDIT_H */
211

212
Product

Resources

Company
