summaryrefslogtreecommitdiffstats
path: root/security/apparmor/include
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2010-07-29 23:47:58 +0200
committerJames Morris <jmorris@namei.org>2010-08-02 07:35:11 +0200
commit67012e8209df95a8290d135753ff5145431a666e (patch)
treefc95b2c33d2e2d206500d7ec7e78dd855d4b3d2c /security/apparmor/include
parentAppArmor: misc. base functions and defines (diff)
downloadlinux-67012e8209df95a8290d135753ff5145431a666e.tar.xz
linux-67012e8209df95a8290d135753ff5145431a666e.zip
AppArmor: basic auditing infrastructure.
Update lsm_audit for AppArmor specific data, and add the core routines for AppArmor uses for auditing. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/apparmor/include')
-rw-r--r--security/apparmor/include/audit.h123
1 files changed, 123 insertions, 0 deletions
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
new file mode 100644
index 000000000000..1951786d32e9
--- /dev/null
+++ b/security/apparmor/include/audit.h
@@ -0,0 +1,123 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor auditing function definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#ifndef __AA_AUDIT_H
+#define __AA_AUDIT_H
+
+#include <linux/audit.h>
+#include <linux/fs.h>
+#include <linux/lsm_audit.h>
+#include <linux/sched.h>
+#include <linux/slab.h>
+
+#include "file.h"
+
+struct aa_profile;
+
+extern const char *audit_mode_names[];
+#define AUDIT_MAX_INDEX 5
+
+#define AUDIT_APPARMOR_AUTO 0 /* auto choose audit message type */
+
+enum audit_mode {
+ AUDIT_NORMAL, /* follow normal auditing of accesses */
+ AUDIT_QUIET_DENIED, /* quiet all denied access messages */
+ AUDIT_QUIET, /* quiet all messages */
+ AUDIT_NOQUIET, /* do not quiet audit messages */
+ AUDIT_ALL /* audit all accesses */
+};
+
+enum audit_type {
+ AUDIT_APPARMOR_AUDIT,
+ AUDIT_APPARMOR_ALLOWED,
+ AUDIT_APPARMOR_DENIED,
+ AUDIT_APPARMOR_HINT,
+ AUDIT_APPARMOR_STATUS,
+ AUDIT_APPARMOR_ERROR,
+ AUDIT_APPARMOR_KILL
+};
+
+extern const char *op_table[];
+enum aa_ops {
+ OP_NULL,
+
+ OP_SYSCTL,
+ OP_CAPABLE,
+
+ OP_UNLINK,
+ OP_MKDIR,
+ OP_RMDIR,
+ OP_MKNOD,
+ OP_TRUNC,
+ OP_LINK,
+ OP_SYMLINK,
+ OP_RENAME_SRC,
+ OP_RENAME_DEST,
+ OP_CHMOD,
+ OP_CHOWN,
+ OP_GETATTR,
+ OP_OPEN,
+
+ OP_FPERM,
+ OP_FLOCK,
+ OP_FMMAP,
+ OP_FMPROT,
+
+ OP_CREATE,
+ OP_POST_CREATE,
+ OP_BIND,
+ OP_CONNECT,
+ OP_LISTEN,
+ OP_ACCEPT,
+ OP_SENDMSG,
+ OP_RECVMSG,
+ OP_GETSOCKNAME,
+ OP_GETPEERNAME,
+ OP_GETSOCKOPT,
+ OP_SETSOCKOPT,
+ OP_SOCK_SHUTDOWN,
+
+ OP_PTRACE,
+
+ OP_EXEC,
+ OP_CHANGE_HAT,
+ OP_CHANGE_PROFILE,
+ OP_CHANGE_ONEXEC,
+
+ OP_SETPROCATTR,
+ OP_SETRLIMIT,
+
+ OP_PROF_REPL,
+ OP_PROF_LOAD,
+ OP_PROF_RM,
+};
+
+
+/* define a short hand for apparmor_audit_data portion of common_audit_data */
+#define aad apparmor_audit_data
+
+void aa_audit_msg(int type, struct common_audit_data *sa,
+ void (*cb) (struct audit_buffer *, void *));
+int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
+ struct common_audit_data *sa,
+ void (*cb) (struct audit_buffer *, void *));
+
+static inline int complain_error(int error)
+{
+ if (error == -EPERM || error == -EACCES)
+ return 0;
+ return error;
+}
+
+#endif /* __AA_AUDIT_H */