Blame - security/apparmor/include/audit.h - SHIFTPHONES/mainline/linux

blob: 18519a4eb67e3cc46c729dd4baba2571fac42cba [file] [log] [blame]

Thomas Gleixner	b886d83c	2019-06-01 10:08:55 +0200	[diff] [blame]	1	/* SPDX-License-Identifier: GPL-2.0-only */
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	2	/*
				3	* AppArmor security module
				4	*
				5	* This file contains AppArmor auditing function definitions.
				6	*
				7	* Copyright (C) 1998-2008 Novell/SUSE
				8	* Copyright 2009-2010 Canonical Ltd.
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	9	*/
				10
				11	#ifndef __AA_AUDIT_H
				12	#define __AA_AUDIT_H
				13
				14	#include <linux/audit.h>
				15	#include <linux/fs.h>
				16	#include <linux/lsm_audit.h>
				17	#include <linux/sched.h>
				18	#include <linux/slab.h>
				19
				20	#include "file.h"
John Johansen	637f688	2017-06-09 08:14:28 -0700	[diff] [blame]	21	#include "label.h"
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	22
Jan Engelhardt	2d4cee7	2012-03-14 13:30:36 +0100	[diff] [blame]	23	extern const char *const audit_mode_names[];
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	24	#define AUDIT_MAX_INDEX 5
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	25	enum audit_mode {
				26	AUDIT_NORMAL, /* follow normal auditing of accesses */
				27	AUDIT_QUIET_DENIED, /* quiet all denied access messages */
				28	AUDIT_QUIET, /* quiet all messages */
				29	AUDIT_NOQUIET, /* do not quiet audit messages */
				30	AUDIT_ALL /* audit all accesses */
				31	};
				32
				33	enum audit_type {
				34	AUDIT_APPARMOR_AUDIT,
				35	AUDIT_APPARMOR_ALLOWED,
				36	AUDIT_APPARMOR_DENIED,
				37	AUDIT_APPARMOR_HINT,
				38	AUDIT_APPARMOR_STATUS,
				39	AUDIT_APPARMOR_ERROR,
John Johansen	ade3ddc	2012-02-22 00:20:26 -0800	[diff] [blame]	40	AUDIT_APPARMOR_KILL,
				41	AUDIT_APPARMOR_AUTO
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	42	};
				43
John Johansen	47f6e5c	2017-01-16 00:43:01 -0800	[diff] [blame]	44	#define OP_NULL NULL
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	45
John Johansen	47f6e5c	2017-01-16 00:43:01 -0800	[diff] [blame]	46	#define OP_SYSCTL "sysctl"
				47	#define OP_CAPABLE "capable"
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	48
John Johansen	47f6e5c	2017-01-16 00:43:01 -0800	[diff] [blame]	49	#define OP_UNLINK "unlink"
				50	#define OP_MKDIR "mkdir"
				51	#define OP_RMDIR "rmdir"
				52	#define OP_MKNOD "mknod"
				53	#define OP_TRUNC "truncate"
				54	#define OP_LINK "link"
				55	#define OP_SYMLINK "symlink"
				56	#define OP_RENAME_SRC "rename_src"
				57	#define OP_RENAME_DEST "rename_dest"
				58	#define OP_CHMOD "chmod"
				59	#define OP_CHOWN "chown"
				60	#define OP_GETATTR "getattr"
				61	#define OP_OPEN "open"
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	62
John Johansen	064dc94	2017-06-09 17:15:56 -0700	[diff] [blame]	63	#define OP_FRECEIVE "file_receive"
John Johansen	47f6e5c	2017-01-16 00:43:01 -0800	[diff] [blame]	64	#define OP_FPERM "file_perm"
				65	#define OP_FLOCK "file_lock"
				66	#define OP_FMMAP "file_mmap"
				67	#define OP_FMPROT "file_mprotect"
John Johansen	192ca6b	2017-06-09 11:58:42 -0700	[diff] [blame]	68	#define OP_INHERIT "file_inherit"
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	69
John Johansen	2ea3ffb	2017-07-18 23:04:47 -0700	[diff] [blame]	70	#define OP_PIVOTROOT "pivotroot"
				71	#define OP_MOUNT "mount"
				72	#define OP_UMOUNT "umount"
				73
John Johansen	47f6e5c	2017-01-16 00:43:01 -0800	[diff] [blame]	74	#define OP_CREATE "create"
				75	#define OP_POST_CREATE "post_create"
				76	#define OP_BIND "bind"
				77	#define OP_CONNECT "connect"
				78	#define OP_LISTEN "listen"
				79	#define OP_ACCEPT "accept"
				80	#define OP_SENDMSG "sendmsg"
				81	#define OP_RECVMSG "recvmsg"
				82	#define OP_GETSOCKNAME "getsockname"
				83	#define OP_GETPEERNAME "getpeername"
				84	#define OP_GETSOCKOPT "getsockopt"
				85	#define OP_SETSOCKOPT "setsockopt"
				86	#define OP_SHUTDOWN "socket_shutdown"
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	87
John Johansen	47f6e5c	2017-01-16 00:43:01 -0800	[diff] [blame]	88	#define OP_PTRACE "ptrace"
John Johansen	cd1dbf7	2017-07-18 22:56:22 -0700	[diff] [blame]	89	#define OP_SIGNAL "signal"
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	90
John Johansen	47f6e5c	2017-01-16 00:43:01 -0800	[diff] [blame]	91	#define OP_EXEC "exec"
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	92
John Johansen	47f6e5c	2017-01-16 00:43:01 -0800	[diff] [blame]	93	#define OP_CHANGE_HAT "change_hat"
				94	#define OP_CHANGE_PROFILE "change_profile"
				95	#define OP_CHANGE_ONEXEC "change_onexec"
John Johansen	40cde7f	2017-06-09 17:11:17 -0700	[diff] [blame]	96	#define OP_STACK "stack"
				97	#define OP_STACK_ONEXEC "stack_onexec"
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	98
John Johansen	47f6e5c	2017-01-16 00:43:01 -0800	[diff] [blame]	99	#define OP_SETPROCATTR "setprocattr"
				100	#define OP_SETRLIMIT "setrlimit"
				101
				102	#define OP_PROF_REPL "profile_replace"
				103	#define OP_PROF_LOAD "profile_load"
				104	#define OP_PROF_RM "profile_remove"
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	105
				106
Eric Paris	3b3b0e4	2012-04-03 09:37:02 -0700	[diff] [blame]	107	struct apparmor_audit_data {
				108	int error;
Eric Paris	3b3b0e4	2012-04-03 09:37:02 -0700	[diff] [blame]	109	int type;
John Johansen	637f688	2017-06-09 08:14:28 -0700	[diff] [blame]	110	const char *op;
				111	struct aa_label *label;
Eric Paris	3b3b0e4	2012-04-03 09:37:02 -0700	[diff] [blame]	112	const char *name;
				113	const char *info;
John Johansen	aa9aeea	2017-05-29 12:16:04 -0700	[diff] [blame]	114	u32 request;
				115	u32 denied;
Eric Paris	3b3b0e4	2012-04-03 09:37:02 -0700	[diff] [blame]	116	union {
John Johansen	ef88a7a	2017-01-16 00:43:02 -0800	[diff] [blame]	117	/* these entries require a custom callback fn */
Eric Paris	3b3b0e4	2012-04-03 09:37:02 -0700	[diff] [blame]	118	struct {
John Johansen	637f688	2017-06-09 08:14:28 -0700	[diff] [blame]	119	struct aa_label *peer;
John Johansen	b12cbb2	2017-11-22 07:33:38 -0800	[diff] [blame]	120	union {
				121	struct {
				122	const char *target;
				123	kuid_t ouid;
				124	} fs;
John Johansen	b5beb07	2018-02-09 04:57:39 -0800	[diff] [blame]	125	struct {
				126	int rlim;
				127	unsigned long max;
				128	} rlim;
John Johansen	3acfd5f	2018-02-01 12:32:02 +0100	[diff] [blame]	129	struct {
				130	int signal;
				131	int unmappedsig;
				132	};
John Johansen	56974a6	2017-07-18 23:18:33 -0700	[diff] [blame]	133	struct {
				134	int type, protocol;
				135	struct sock *peer_sk;
				136	void *addr;
				137	int addrlen;
				138	} net;
John Johansen	b12cbb2	2017-11-22 07:33:38 -0800	[diff] [blame]	139	};
John Johansen	ef88a7a	2017-01-16 00:43:02 -0800	[diff] [blame]	140	};
				141	struct {
John Johansen	2410aa9	2017-07-18 23:37:18 -0700	[diff] [blame]	142	struct aa_profile *profile;
John Johansen	fc1c9fd	2017-01-16 00:42:54 -0800	[diff] [blame]	143	const char *ns;
John Johansen	2410aa9	2017-07-18 23:37:18 -0700	[diff] [blame]	144	long pos;
Eric Paris	3b3b0e4	2012-04-03 09:37:02 -0700	[diff] [blame]	145	} iface;
Linus Torvalds	80c094a	2017-10-26 19:35:35 +0200	[diff] [blame]	146	struct {
John Johansen	2ea3ffb	2017-07-18 23:04:47 -0700	[diff] [blame]	147	const char *src_name;
				148	const char *type;
				149	const char *trans;
				150	const char *data;
				151	unsigned long flags;
				152	} mnt;
Eric Paris	3b3b0e4	2012-04-03 09:37:02 -0700	[diff] [blame]	153	};
				154	};
				155
John Johansen	ef88a7a	2017-01-16 00:43:02 -0800	[diff] [blame]	156	/* macros for dealing with apparmor_audit_data structure */
				157	#define aad(SA) ((SA)->apparmor_audit_data)
				158	#define DEFINE_AUDIT_DATA(NAME, T, X) \
				159	/* TODO: cleanup audit init so we don't need _aad = {0,} */ \
				160	struct apparmor_audit_data NAME ## _aad = { .op = (X), }; \
				161	struct common_audit_data NAME = \
				162	{ \
				163	.type = (T), \
				164	.u.tsk = NULL, \
				165	}; \
				166	NAME.apparmor_audit_data = &(NAME ## _aad)
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	167
				168	void aa_audit_msg(int type, struct common_audit_data *sa,
				169	void (cb) (struct audit_buffer , void *));
John Johansen	ef88a7a	2017-01-16 00:43:02 -0800	[diff] [blame]	170	int aa_audit(int type, struct aa_profile profile, struct common_audit_data sa,
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	171	void (cb) (struct audit_buffer , void *));
				172
John Johansen	ef88a7a	2017-01-16 00:43:02 -0800	[diff] [blame]	173	#define aa_audit_error(ERROR, SA, CB) \
				174	({ \
				175	aad((SA))->error = (ERROR); \
				176	aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB)); \
				177	aad((SA))->error; \
				178	})
				179
				180
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	181	static inline int complain_error(int error)
				182	{
				183	if (error == -EPERM \|\| error == -EACCES)
				184	return 0;
				185	return error;
				186	}
				187
Matthew Garrett	e79c26d	2018-04-16 11:23:58 -0700	[diff] [blame]	188	void aa_audit_rule_free(void *vrule);
				189	int aa_audit_rule_init(u32 field, u32 op, char rulestr, void *vrule);
				190	int aa_audit_rule_known(struct audit_krule *rule);
Richard Guy Briggs	90462a5	2019-01-31 11:52:11 -0500	[diff] [blame]	191	int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule);
Matthew Garrett	e79c26d	2018-04-16 11:23:58 -0700	[diff] [blame]	192
John Johansen	67012e8	2010-07-29 14:47:58 -0700	[diff] [blame]	193	#endif /* __AA_AUDIT_H */