/* SPDX-License-Identifier: GPL-2.0-only */1/*2* SELinux support for the Audit LSM hooks3*4* Author: James Morris <[email protected]>5*6* Copyright (C) 2005 Red Hat, Inc., James Morris <[email protected]>7* Copyright (C) 2006 Trusted Computer Solutions, Inc. <[email protected]>8* Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <[email protected]>9*/1011#ifndef _SELINUX_AUDIT_H12#define _SELINUX_AUDIT_H1314#include <linux/audit.h>15#include <linux/types.h>1617/**18* selinux_audit_rule_init - alloc/init an selinux audit rule structure.19* @field: the field this rule refers to20* @op: the operator the rule uses21* @rulestr: the text "target" of the rule22* @rule: pointer to the new rule structure returned via this23* @gfp: GFP flag used for kmalloc24*25* Returns 0 if successful, -errno if not. On success, the rule structure26* will be allocated internally. The caller must free this structure with27* selinux_audit_rule_free() after use.28*/29int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule,30gfp_t gfp);3132/**33* selinux_audit_rule_free - free an selinux audit rule structure.34* @rule: pointer to the audit rule to be freed35*36* This will free all memory associated with the given rule.37* If @rule is NULL, no operation is performed.38*/39void selinux_audit_rule_free(void *rule);4041/**42* selinux_audit_rule_match - determine if a context ID matches a rule.43* @prop: includes the context ID to check44* @field: the field this rule refers to45* @op: the operator the rule uses46* @rule: pointer to the audit rule to check against47*48* Returns 1 if the context id matches the rule, 0 if it does not, and49* -errno on failure.50*/51int selinux_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,52void *rule);5354/**55* selinux_audit_rule_known - check to see if rule contains selinux fields.56* @rule: rule to be checked57* Returns 1 if there are selinux fields specified in the rule, 0 otherwise.58*/59int selinux_audit_rule_known(struct audit_krule *rule);6061#endif /* _SELINUX_AUDIT_H */626364