forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
193 lines
4.5 KiB
193 lines
4.5 KiB
/* SPDX-License-Identifier: GPL-2.0-only */ |
|
/* |
|
* AppArmor security module |
|
* |
|
* This file contains AppArmor auditing function definitions. |
|
* |
|
* Copyright (C) 1998-2008 Novell/SUSE |
|
* Copyright 2009-2010 Canonical Ltd. |
|
*/ |
|
|
|
#ifndef __AA_AUDIT_H |
|
#define __AA_AUDIT_H |
|
|
|
#include <linux/audit.h> |
|
#include <linux/fs.h> |
|
#include <linux/lsm_audit.h> |
|
#include <linux/sched.h> |
|
#include <linux/slab.h> |
|
|
|
#include "file.h" |
|
#include "label.h" |
|
|
|
extern const char *const audit_mode_names[]; |
|
#define AUDIT_MAX_INDEX 5 |
|
enum audit_mode { |
|
AUDIT_NORMAL, /* follow normal auditing of accesses */ |
|
AUDIT_QUIET_DENIED, /* quiet all denied access messages */ |
|
AUDIT_QUIET, /* quiet all messages */ |
|
AUDIT_NOQUIET, /* do not quiet audit messages */ |
|
AUDIT_ALL /* audit all accesses */ |
|
}; |
|
|
|
enum audit_type { |
|
AUDIT_APPARMOR_AUDIT, |
|
AUDIT_APPARMOR_ALLOWED, |
|
AUDIT_APPARMOR_DENIED, |
|
AUDIT_APPARMOR_HINT, |
|
AUDIT_APPARMOR_STATUS, |
|
AUDIT_APPARMOR_ERROR, |
|
AUDIT_APPARMOR_KILL, |
|
AUDIT_APPARMOR_AUTO |
|
}; |
|
|
|
#define OP_NULL NULL |
|
|
|
#define OP_SYSCTL "sysctl" |
|
#define OP_CAPABLE "capable" |
|
|
|
#define OP_UNLINK "unlink" |
|
#define OP_MKDIR "mkdir" |
|
#define OP_RMDIR "rmdir" |
|
#define OP_MKNOD "mknod" |
|
#define OP_TRUNC "truncate" |
|
#define OP_LINK "link" |
|
#define OP_SYMLINK "symlink" |
|
#define OP_RENAME_SRC "rename_src" |
|
#define OP_RENAME_DEST "rename_dest" |
|
#define OP_CHMOD "chmod" |
|
#define OP_CHOWN "chown" |
|
#define OP_GETATTR "getattr" |
|
#define OP_OPEN "open" |
|
|
|
#define OP_FRECEIVE "file_receive" |
|
#define OP_FPERM "file_perm" |
|
#define OP_FLOCK "file_lock" |
|
#define OP_FMMAP "file_mmap" |
|
#define OP_FMPROT "file_mprotect" |
|
#define OP_INHERIT "file_inherit" |
|
|
|
#define OP_PIVOTROOT "pivotroot" |
|
#define OP_MOUNT "mount" |
|
#define OP_UMOUNT "umount" |
|
|
|
#define OP_CREATE "create" |
|
#define OP_POST_CREATE "post_create" |
|
#define OP_BIND "bind" |
|
#define OP_CONNECT "connect" |
|
#define OP_LISTEN "listen" |
|
#define OP_ACCEPT "accept" |
|
#define OP_SENDMSG "sendmsg" |
|
#define OP_RECVMSG "recvmsg" |
|
#define OP_GETSOCKNAME "getsockname" |
|
#define OP_GETPEERNAME "getpeername" |
|
#define OP_GETSOCKOPT "getsockopt" |
|
#define OP_SETSOCKOPT "setsockopt" |
|
#define OP_SHUTDOWN "socket_shutdown" |
|
|
|
#define OP_PTRACE "ptrace" |
|
#define OP_SIGNAL "signal" |
|
|
|
#define OP_EXEC "exec" |
|
|
|
#define OP_CHANGE_HAT "change_hat" |
|
#define OP_CHANGE_PROFILE "change_profile" |
|
#define OP_CHANGE_ONEXEC "change_onexec" |
|
#define OP_STACK "stack" |
|
#define OP_STACK_ONEXEC "stack_onexec" |
|
|
|
#define OP_SETPROCATTR "setprocattr" |
|
#define OP_SETRLIMIT "setrlimit" |
|
|
|
#define OP_PROF_REPL "profile_replace" |
|
#define OP_PROF_LOAD "profile_load" |
|
#define OP_PROF_RM "profile_remove" |
|
|
|
|
|
struct apparmor_audit_data { |
|
int error; |
|
int type; |
|
const char *op; |
|
struct aa_label *label; |
|
const char *name; |
|
const char *info; |
|
u32 request; |
|
u32 denied; |
|
union { |
|
/* these entries require a custom callback fn */ |
|
struct { |
|
struct aa_label *peer; |
|
union { |
|
struct { |
|
const char *target; |
|
kuid_t ouid; |
|
} fs; |
|
struct { |
|
int rlim; |
|
unsigned long max; |
|
} rlim; |
|
struct { |
|
int signal; |
|
int unmappedsig; |
|
}; |
|
struct { |
|
int type, protocol; |
|
struct sock *peer_sk; |
|
void *addr; |
|
int addrlen; |
|
} net; |
|
}; |
|
}; |
|
struct { |
|
struct aa_profile *profile; |
|
const char *ns; |
|
long pos; |
|
} iface; |
|
struct { |
|
const char *src_name; |
|
const char *type; |
|
const char *trans; |
|
const char *data; |
|
unsigned long flags; |
|
} mnt; |
|
}; |
|
}; |
|
|
|
/* macros for dealing with apparmor_audit_data structure */ |
|
#define aad(SA) ((SA)->apparmor_audit_data) |
|
#define DEFINE_AUDIT_DATA(NAME, T, X) \ |
|
/* TODO: cleanup audit init so we don't need _aad = {0,} */ \ |
|
struct apparmor_audit_data NAME ## _aad = { .op = (X), }; \ |
|
struct common_audit_data NAME = \ |
|
{ \ |
|
.type = (T), \ |
|
.u.tsk = NULL, \ |
|
}; \ |
|
NAME.apparmor_audit_data = &(NAME ## _aad) |
|
|
|
void aa_audit_msg(int type, struct common_audit_data *sa, |
|
void (*cb) (struct audit_buffer *, void *)); |
|
int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, |
|
void (*cb) (struct audit_buffer *, void *)); |
|
|
|
#define aa_audit_error(ERROR, SA, CB) \ |
|
({ \ |
|
aad((SA))->error = (ERROR); \ |
|
aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB)); \ |
|
aad((SA))->error; \ |
|
}) |
|
|
|
|
|
static inline int complain_error(int error) |
|
{ |
|
if (error == -EPERM || error == -EACCES) |
|
return 0; |
|
return error; |
|
} |
|
|
|
void aa_audit_rule_free(void *vrule); |
|
int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule); |
|
int aa_audit_rule_known(struct audit_krule *rule); |
|
int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule); |
|
|
|
#endif /* __AA_AUDIT_H */
|
|
|