security/apparmor/include/audit.h

   1 /*
   2  * AppArmor security module
   3  *
   4  * This file contains AppArmor auditing function definitions.
   5  *
   6  * Copyright (C) 1998-2008 Novell/SUSE
   7  * Copyright 2009-2010 Canonical Ltd.
   8  *
   9  * This program is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU General Public License as
  11  * published by the Free Software Foundation, version 2 of the
  12  * License.
  13  */
  14
  15 #ifndef __AA_AUDIT_H
  16 #define __AA_AUDIT_H
  17
  18 #include <linux/audit.h>
  19 #include <linux/fs.h>
  20 #include <linux/lsm_audit.h>
  21 #include <linux/sched.h>
  22 #include <linux/slab.h>
  23
  24 #include "file.h"
  25 #include "label.h"
  26
  27 extern const char *const audit_mode_names[];
  28 #define AUDIT_MAX_INDEX 5
  29 enum audit_mode {
  30         AUDIT_NORMAL,           /* follow normal auditing of accesses */
  31         AUDIT_QUIET_DENIED,     /* quiet all denied access messages */
  32         AUDIT_QUIET,            /* quiet all messages */
  33         AUDIT_NOQUIET,          /* do not quiet audit messages */
  34         AUDIT_ALL               /* audit all accesses */
  35 };
  36
  37 enum audit_type {
  38         AUDIT_APPARMOR_AUDIT,
  39         AUDIT_APPARMOR_ALLOWED,
  40         AUDIT_APPARMOR_DENIED,
  41         AUDIT_APPARMOR_HINT,
  42         AUDIT_APPARMOR_STATUS,
  43         AUDIT_APPARMOR_ERROR,
  44         AUDIT_APPARMOR_KILL,
  45         AUDIT_APPARMOR_AUTO
  46 };
  47
  48 #define OP_NULL NULL
  49
  50 #define OP_SYSCTL "sysctl"
  51 #define OP_CAPABLE "capable"
  52
  53 #define OP_UNLINK "unlink"
  54 #define OP_MKDIR "mkdir"
  55 #define OP_RMDIR "rmdir"
  56 #define OP_MKNOD "mknod"
  57 #define OP_TRUNC "truncate"
  58 #define OP_LINK "link"
  59 #define OP_SYMLINK "symlink"
  60 #define OP_RENAME_SRC "rename_src"
  61 #define OP_RENAME_DEST "rename_dest"
  62 #define OP_CHMOD "chmod"
  63 #define OP_CHOWN "chown"
  64 #define OP_GETATTR "getattr"
  65 #define OP_OPEN "open"
  66
  67 #define OP_FRECEIVE "file_receive"
  68 #define OP_FPERM "file_perm"
  69 #define OP_FLOCK "file_lock"
  70 #define OP_FMMAP "file_mmap"
  71 #define OP_FMPROT "file_mprotect"
  72 #define OP_INHERIT "file_inherit"
  73
  74 #define OP_PIVOTROOT "pivotroot"
  75 #define OP_MOUNT "mount"
  76 #define OP_UMOUNT "umount"
  77
  78 #define OP_CREATE "create"
  79 #define OP_POST_CREATE "post_create"
  80 #define OP_BIND "bind"
  81 #define OP_CONNECT "connect"
  82 #define OP_LISTEN "listen"
  83 #define OP_ACCEPT "accept"
  84 #define OP_SENDMSG "sendmsg"
  85 #define OP_RECVMSG "recvmsg"
  86 #define OP_GETSOCKNAME "getsockname"
  87 #define OP_GETPEERNAME "getpeername"
  88 #define OP_GETSOCKOPT "getsockopt"
  89 #define OP_SETSOCKOPT "setsockopt"
  90 #define OP_SHUTDOWN "socket_shutdown"
  91
  92 #define OP_PTRACE "ptrace"
  93 #define OP_SIGNAL "signal"
  94
  95 #define OP_EXEC "exec"
  96
  97 #define OP_CHANGE_HAT "change_hat"
  98 #define OP_CHANGE_PROFILE "change_profile"
  99 #define OP_CHANGE_ONEXEC "change_onexec"
 100 #define OP_STACK "stack"
 101 #define OP_STACK_ONEXEC "stack_onexec"
 102
 103 #define OP_SETPROCATTR "setprocattr"
 104 #define OP_SETRLIMIT "setrlimit"
 105
 106 #define OP_PROF_REPL "profile_replace"
 107 #define OP_PROF_LOAD "profile_load"
 108 #define OP_PROF_RM "profile_remove"
 109
 110
 111 struct apparmor_audit_data {
 112         int error;
 113         int type;
 114         const char *op;
 115         struct aa_label *label;
 116         const char *name;
 117         const char *info;
 118         u32 request;
 119         u32 denied;
 120         union {
 121                 /* these entries require a custom callback fn */
 122                 struct {
 123                         struct aa_label *peer;
 124                         union {
 125                                 struct {
 126                                         const char *target;
 127                                         kuid_t ouid;
 128                                 } fs;
 129                                 struct {
 130                                         int rlim;
 131                                         unsigned long max;
 132                                 } rlim;
 133                                 struct {
 134                                         int signal;
 135                                         int unmappedsig;
 136                                 };
 137                                 struct {
 138                                         int type, protocol;
 139                                         struct sock *peer_sk;
 140                                         void *addr;
 141                                         int addrlen;
 142                                 } net;
 143                         };
 144                 };
 145                 struct {
 146                         struct aa_profile *profile;
 147                         const char *ns;
 148                         long pos;
 149                 } iface;
 150                 struct {
 151                         const char *src_name;
 152                         const char *type;
 153                         const char *trans;
 154                         const char *data;
 155                         unsigned long flags;
 156                 } mnt;
 157         };
 158 };
 159
 160 /* macros for dealing with  apparmor_audit_data structure */
 161 #define aad(SA) ((SA)->apparmor_audit_data)
 162 #define DEFINE_AUDIT_DATA(NAME, T, X)                                   \
 163         /* TODO: cleanup audit init so we don't need _aad = {0,} */     \
 164         struct apparmor_audit_data NAME ## _aad = { .op = (X), };       \
 165         struct common_audit_data NAME =                                 \
 166         {                                                               \
 167         .type = (T),                                                    \
 168         .u.tsk = NULL,                                                  \
 169         };                                                              \
 170         NAME.apparmor_audit_data = &(NAME ## _aad)
 171
 172 void aa_audit_msg(int type, struct common_audit_data *sa,
 173                   void (*cb) (struct audit_buffer *, void *));
 174 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
 175              void (*cb) (struct audit_buffer *, void *));
 176
 177 #define aa_audit_error(ERROR, SA, CB)                           \
 178 ({                                                              \
 179         aad((SA))->error = (ERROR);                             \
 180         aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB));         \
 181         aad((SA))->error;                                       \
 182 })
 183
 184
 185 static inline int complain_error(int error)
 186 {
 187         if (error == -EPERM || error == -EACCES)
 188                 return 0;
 189         return error;
 190 }
 191
 192 void aa_audit_rule_free(void *vrule);
 193 int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
 194 int aa_audit_rule_known(struct audit_krule *rule);
 195 int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
 196                         struct audit_context *actx);
 197
 198 #endif /* __AA_AUDIT_H */