1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor auditing function definitions.
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15#ifndef __AA_AUDIT_H
16#define __AA_AUDIT_H
17
18#include <linux/audit.h>
19#include <linux/fs.h>
20#include <linux/lsm_audit.h>
21#include <linux/sched.h>
22#include <linux/slab.h>
23
24#include "file.h"
25
26struct aa_profile;
27
28extern const char *const audit_mode_names[];
29#define AUDIT_MAX_INDEX 5
30enum audit_mode {
31	AUDIT_NORMAL,		/* follow normal auditing of accesses */
32	AUDIT_QUIET_DENIED,	/* quiet all denied access messages */
33	AUDIT_QUIET,		/* quiet all messages */
34	AUDIT_NOQUIET,		/* do not quiet audit messages */
35	AUDIT_ALL		/* audit all accesses */
36};
37
38enum audit_type {
39	AUDIT_APPARMOR_AUDIT,
40	AUDIT_APPARMOR_ALLOWED,
41	AUDIT_APPARMOR_DENIED,
42	AUDIT_APPARMOR_HINT,
43	AUDIT_APPARMOR_STATUS,
44	AUDIT_APPARMOR_ERROR,
45	AUDIT_APPARMOR_KILL,
46	AUDIT_APPARMOR_AUTO
47};
48
49extern const char *const op_table[];
50enum aa_ops {
51	OP_NULL,
52
53	OP_SYSCTL,
54	OP_CAPABLE,
55
56	OP_UNLINK,
57	OP_MKDIR,
58	OP_RMDIR,
59	OP_MKNOD,
60	OP_TRUNC,
61	OP_LINK,
62	OP_SYMLINK,
63	OP_RENAME_SRC,
64	OP_RENAME_DEST,
65	OP_CHMOD,
66	OP_CHOWN,
67	OP_GETATTR,
68	OP_OPEN,
69
70	OP_FPERM,
71	OP_FLOCK,
72	OP_FMMAP,
73	OP_FMPROT,
74
75	OP_CREATE,
76	OP_POST_CREATE,
77	OP_BIND,
78	OP_CONNECT,
79	OP_LISTEN,
80	OP_ACCEPT,
81	OP_SENDMSG,
82	OP_RECVMSG,
83	OP_GETSOCKNAME,
84	OP_GETPEERNAME,
85	OP_GETSOCKOPT,
86	OP_SETSOCKOPT,
87	OP_SOCK_SHUTDOWN,
88
89	OP_PTRACE,
90
91	OP_EXEC,
92	OP_CHANGE_HAT,
93	OP_CHANGE_PROFILE,
94	OP_CHANGE_ONEXEC,
95
96	OP_SETPROCATTR,
97	OP_SETRLIMIT,
98
99	OP_PROF_REPL,
100	OP_PROF_LOAD,
101	OP_PROF_RM,
102};
103
104
105struct apparmor_audit_data {
106	int error;
107	int op;
108	int type;
109	void *profile;
110	const char *name;
111	const char *info;
112	union {
113		void *target;
114		struct {
115			long pos;
116			void *target;
117		} iface;
118		struct {
119			int rlim;
120			unsigned long max;
121		} rlim;
122		struct {
123			const char *target;
124			u32 request;
125			u32 denied;
126			kuid_t ouid;
127		} fs;
128	};
129};
130
131/* define a short hand for apparmor_audit_data structure */
132#define aad apparmor_audit_data
133
134void aa_audit_msg(int type, struct common_audit_data *sa,
135		  void (*cb) (struct audit_buffer *, void *));
136int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
137	     struct common_audit_data *sa,
138	     void (*cb) (struct audit_buffer *, void *));
139
140static inline int complain_error(int error)
141{
142	if (error == -EPERM || error == -EACCES)
143		return 0;
144	return error;
145}
146
147#endif /* __AA_AUDIT_H */
148