Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/security/selinux/include/audit.h
49753 views
1
/* SPDX-License-Identifier: GPL-2.0-only */

2
/*

3
 * SELinux support for the Audit LSM hooks

4
 *

5
 * Author: James Morris <[email protected]>

6
 *

7
 * Copyright (C) 2005 Red Hat, Inc., James Morris <[email protected]>

8
 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <[email protected]>

9
 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <[email protected]>

10
 */

11


12
#ifndef _SELINUX_AUDIT_H

13
#define _SELINUX_AUDIT_H

14


15
#include <linux/audit.h>

16
#include <linux/types.h>

17


18
/**

19
 * selinux_audit_rule_avc_callback - update the audit LSM rules on AVC events.

20
 * @event: the AVC event

21
 *

22
 * Update any audit LSM rules based on the AVC event specified in @event.

23
 * Returns 0 on success, negative values otherwise.

24
 */

25
int selinux_audit_rule_avc_callback(u32 event);

26


27
/**

28
 * selinux_audit_rule_init - alloc/init an selinux audit rule structure.

29
 * @field: the field this rule refers to

30
 * @op: the operator the rule uses

31
 * @rulestr: the text "target" of the rule

32
 * @rule: pointer to the new rule structure returned via this

33
 * @gfp: GFP flag used for kmalloc

34
 *

35
 * Returns 0 if successful, -errno if not.  On success, the rule structure

36
 * will be allocated internally.  The caller must free this structure with

37
 * selinux_audit_rule_free() after use.

38
 */

39
int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule,

40
			    gfp_t gfp);

41


42
/**

43
 * selinux_audit_rule_free - free an selinux audit rule structure.

44
 * @rule: pointer to the audit rule to be freed

45
 *

46
 * This will free all memory associated with the given rule.

47
 * If @rule is NULL, no operation is performed.

48
 */

49
void selinux_audit_rule_free(void *rule);

50


51
/**

52
 * selinux_audit_rule_match - determine if a context ID matches a rule.

53
 * @prop: includes the context ID to check

54
 * @field: the field this rule refers to

55
 * @op: the operator the rule uses

56
 * @rule: pointer to the audit rule to check against

57
 *

58
 * Returns 1 if the context id matches the rule, 0 if it does not, and

59
 * -errno on failure.

60
 */

61
int selinux_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,

62
			     void *rule);

63


64
/**

65
 * selinux_audit_rule_known - check to see if rule contains selinux fields.

66
 * @rule: rule to be checked

67
 * Returns 1 if there are selinux fields specified in the rule, 0 otherwise.

68
 */

69
int selinux_audit_rule_known(struct audit_krule *rule);

70


71
#endif /* _SELINUX_AUDIT_H */

72


73