Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
dingyu
/
CooCenter-System-kernel
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Branch: master
Branchit Tagit
CooCenter-Sy...
/
security
/
apparmor
/
include
/
audit.h

audit.h 2.6 KB
Pysyvä linkki Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147 
  1. /*
    2. 

  2.  * AppArmor security module
    3. 

  3.  *
    4. 

  4.  * This file contains AppArmor auditing function definitions.
    5. 

  5.  *
    6. 

  6.  * Copyright (C) 1998-2008 Novell/SUSE
    7. 

  7.  * Copyright 2009-2010 Canonical Ltd.
    8. 

  8.  *
    9. 

  9.  * This program is free software; you can redistribute it and/or
    10. 

  10.  * modify it under the terms of the GNU General Public License as
    11. 

  11.  * published by the Free Software Foundation, version 2 of the
    12. 

  12.  * License.
    13. 

  13.  */
    14. 

  14. 

  15. #ifndef __AA_AUDIT_H
    16. 

  16. #define __AA_AUDIT_H
    17. 

  17. 

  18. #include <linux/audit.h>
    19. 

  19. #include <linux/fs.h>
    20. 

  20. #include <linux/lsm_audit.h>
    21. 

  21. #include <linux/sched.h>
    22. 

  22. #include <linux/slab.h>
    23. 

  23. 

  24. #include "file.h"
    25. 

  25. 

  26. struct aa_profile;
    27. 

  27. 

  28. extern const char *const audit_mode_names[];
    29. 

  29. #define AUDIT_MAX_INDEX 5
    30. 

  30. enum audit_mode {
    31. 

  31. 	AUDIT_NORMAL,		/* follow normal auditing of accesses */
    32. 

  32. 	AUDIT_QUIET_DENIED,	/* quiet all denied access messages */
    33. 

  33. 	AUDIT_QUIET,		/* quiet all messages */
    34. 

  34. 	AUDIT_NOQUIET,		/* do not quiet audit messages */
    35. 

  35. 	AUDIT_ALL		/* audit all accesses */
    36. 

  36. };
    37. 

  37. 

  38. enum audit_type {
    39. 

  39. 	AUDIT_APPARMOR_AUDIT,
    40. 

  40. 	AUDIT_APPARMOR_ALLOWED,
    41. 

  41. 	AUDIT_APPARMOR_DENIED,
    42. 

  42. 	AUDIT_APPARMOR_HINT,
    43. 

  43. 	AUDIT_APPARMOR_STATUS,
    44. 

  44. 	AUDIT_APPARMOR_ERROR,
    45. 

  45. 	AUDIT_APPARMOR_KILL,
    46. 

  46. 	AUDIT_APPARMOR_AUTO
    47. 

  47. };
    48. 

  48. 

  49. extern const char *const op_table[];
    50. 

  50. enum aa_ops {
    51. 

  51. 	OP_NULL,
    52. 

  52. 

  53. 	OP_SYSCTL,
    54. 

  54. 	OP_CAPABLE,
    55. 

  55. 

  56. 	OP_UNLINK,
    57. 

  57. 	OP_MKDIR,
    58. 

  58. 	OP_RMDIR,
    59. 

  59. 	OP_MKNOD,
    60. 

  60. 	OP_TRUNC,
    61. 

  61. 	OP_LINK,
    62. 

  62. 	OP_SYMLINK,
    63. 

  63. 	OP_RENAME_SRC,
    64. 

  64. 	OP_RENAME_DEST,
    65. 

  65. 	OP_CHMOD,
    66. 

  66. 	OP_CHOWN,
    67. 

  67. 	OP_GETATTR,
    68. 

  68. 	OP_OPEN,
    69. 

  69. 

  70. 	OP_FPERM,
    71. 

  71. 	OP_FLOCK,
    72. 

  72. 	OP_FMMAP,
    73. 

  73. 	OP_FMPROT,
    74. 

  74. 

  75. 	OP_CREATE,
    76. 

  76. 	OP_POST_CREATE,
    77. 

  77. 	OP_BIND,
    78. 

  78. 	OP_CONNECT,
    79. 

  79. 	OP_LISTEN,
    80. 

  80. 	OP_ACCEPT,
    81. 

  81. 	OP_SENDMSG,
    82. 

  82. 	OP_RECVMSG,
    83. 

  83. 	OP_GETSOCKNAME,
    84. 

  84. 	OP_GETPEERNAME,
    85. 

  85. 	OP_GETSOCKOPT,
    86. 

  86. 	OP_SETSOCKOPT,
    87. 

  87. 	OP_SOCK_SHUTDOWN,
    88. 

  88. 

  89. 	OP_PTRACE,
    90. 

  90. 

  91. 	OP_EXEC,
    92. 

  92. 	OP_CHANGE_HAT,
    93. 

  93. 	OP_CHANGE_PROFILE,
    94. 

  94. 	OP_CHANGE_ONEXEC,
    95. 

  95. 

  96. 	OP_SETPROCATTR,
    97. 

  97. 	OP_SETRLIMIT,
    98. 

  98. 

  99. 	OP_PROF_REPL,
    100. 

  100. 	OP_PROF_LOAD,
    101. 

  101. 	OP_PROF_RM,
    102. 

  102. };
    103. 

  103. 

  104. 

  105. struct apparmor_audit_data {
    106. 

  106. 	int error;
    107. 

  107. 	int op;
    108. 

  108. 	int type;
    109. 

  109. 	void *profile;
    110. 

  110. 	const char *name;
    111. 

  111. 	const char *info;
    112. 

  112. 	union {
    113. 

  113. 		void *target;
    114. 

  114. 		struct {
    115. 

  115. 			long pos;
    116. 

  116. 			void *target;
    117. 

  117. 		} iface;
    118. 

  118. 		struct {
    119. 

  119. 			int rlim;
    120. 

  120. 			unsigned long max;
    121. 

  121. 		} rlim;
    122. 

  122. 		struct {
    123. 

  123. 			const char *target;
    124. 

  124. 			u32 request;
    125. 

  125. 			u32 denied;
    126. 

  126. 			kuid_t ouid;
    127. 

  127. 		} fs;
    128. 

  128. 	};
    129. 

  129. };
    130. 

  130. 

  131. /* define a short hand for apparmor_audit_data structure */
    132. 

  132. #define aad apparmor_audit_data
    133. 

  133. 

  134. void aa_audit_msg(int type, struct common_audit_data *sa,
    135. 

  135. 		  void (*cb) (struct audit_buffer *, void *));
    136. 

  136. int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
    137. 

  137. 	     struct common_audit_data *sa,
    138. 

  138. 	     void (*cb) (struct audit_buffer *, void *));
    139. 

  139. 

  140. static inline int complain_error(int error)
    141. 

  141. {
    142. 

  142. 	if (error == -EPERM || error == -EACCES)
    143. 

  143. 		return 0;
    144. 

  144. 	return error;
    145. 

  145. }
    146. 

  146. 

  147. #endif /* __AA_AUDIT_H */
    148.