diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/audit.h | 15 | ||||
| -rw-r--r-- | include/uapi/linux/audit.h | 26 |
2 files changed, 33 insertions, 8 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 729a4d165bcc..a40641954c29 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -73,6 +73,8 @@ struct audit_field { | |||
| 73 | void *lsm_rule; | 73 | void *lsm_rule; |
| 74 | }; | 74 | }; |
| 75 | 75 | ||
| 76 | extern int is_audit_feature_set(int which); | ||
| 77 | |||
| 76 | extern int __init audit_register_class(int class, unsigned *list); | 78 | extern int __init audit_register_class(int class, unsigned *list); |
| 77 | extern int audit_classify_syscall(int abi, unsigned syscall); | 79 | extern int audit_classify_syscall(int abi, unsigned syscall); |
| 78 | extern int audit_classify_arch(int arch); | 80 | extern int audit_classify_arch(int arch); |
| @@ -207,7 +209,7 @@ static inline int audit_get_sessionid(struct task_struct *tsk) | |||
| 207 | 209 | ||
| 208 | extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); | 210 | extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); |
| 209 | extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); | 211 | extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); |
| 210 | extern int __audit_bprm(struct linux_binprm *bprm); | 212 | extern void __audit_bprm(struct linux_binprm *bprm); |
| 211 | extern int __audit_socketcall(int nargs, unsigned long *args); | 213 | extern int __audit_socketcall(int nargs, unsigned long *args); |
| 212 | extern int __audit_sockaddr(int len, void *addr); | 214 | extern int __audit_sockaddr(int len, void *addr); |
| 213 | extern void __audit_fd_pair(int fd1, int fd2); | 215 | extern void __audit_fd_pair(int fd1, int fd2); |
| @@ -236,11 +238,10 @@ static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid | |||
| 236 | if (unlikely(!audit_dummy_context())) | 238 | if (unlikely(!audit_dummy_context())) |
| 237 | __audit_ipc_set_perm(qbytes, uid, gid, mode); | 239 | __audit_ipc_set_perm(qbytes, uid, gid, mode); |
| 238 | } | 240 | } |
| 239 | static inline int audit_bprm(struct linux_binprm *bprm) | 241 | static inline void audit_bprm(struct linux_binprm *bprm) |
| 240 | { | 242 | { |
| 241 | if (unlikely(!audit_dummy_context())) | 243 | if (unlikely(!audit_dummy_context())) |
| 242 | return __audit_bprm(bprm); | 244 | __audit_bprm(bprm); |
| 243 | return 0; | ||
| 244 | } | 245 | } |
| 245 | static inline int audit_socketcall(int nargs, unsigned long *args) | 246 | static inline int audit_socketcall(int nargs, unsigned long *args) |
| 246 | { | 247 | { |
| @@ -367,10 +368,8 @@ static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) | |||
| 367 | static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, | 368 | static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, |
| 368 | gid_t gid, umode_t mode) | 369 | gid_t gid, umode_t mode) |
| 369 | { } | 370 | { } |
| 370 | static inline int audit_bprm(struct linux_binprm *bprm) | 371 | static inline void audit_bprm(struct linux_binprm *bprm) |
| 371 | { | 372 | { } |
| 372 | return 0; | ||
| 373 | } | ||
| 374 | static inline int audit_socketcall(int nargs, unsigned long *args) | 373 | static inline int audit_socketcall(int nargs, unsigned long *args) |
| 375 | { | 374 | { |
| 376 | return 0; | 375 | return 0; |
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index db0b825b4810..44b05a09f193 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h | |||
| @@ -68,6 +68,9 @@ | |||
| 68 | #define AUDIT_MAKE_EQUIV 1015 /* Append to watched tree */ | 68 | #define AUDIT_MAKE_EQUIV 1015 /* Append to watched tree */ |
| 69 | #define AUDIT_TTY_GET 1016 /* Get TTY auditing status */ | 69 | #define AUDIT_TTY_GET 1016 /* Get TTY auditing status */ |
| 70 | #define AUDIT_TTY_SET 1017 /* Set TTY auditing status */ | 70 | #define AUDIT_TTY_SET 1017 /* Set TTY auditing status */ |
| 71 | #define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */ | ||
| 72 | #define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */ | ||
| 73 | #define AUDIT_FEATURE_CHANGE 1020 /* audit log listing feature changes */ | ||
| 71 | 74 | ||
| 72 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ | 75 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ |
| 73 | #define AUDIT_USER_AVC 1107 /* We filter this differently */ | 76 | #define AUDIT_USER_AVC 1107 /* We filter this differently */ |
| @@ -357,6 +360,12 @@ enum { | |||
| 357 | #define AUDIT_PERM_READ 4 | 360 | #define AUDIT_PERM_READ 4 |
| 358 | #define AUDIT_PERM_ATTR 8 | 361 | #define AUDIT_PERM_ATTR 8 |
| 359 | 362 | ||
| 363 | /* MAX_AUDIT_MESSAGE_LENGTH is set in audit:lib/libaudit.h as: | ||
| 364 | * 8970 // PATH_MAX*2+CONTEXT_SIZE*2+11+256+1 | ||
| 365 | * max header+body+tailer: 44 + 29 + 32 + 262 + 7 + pad | ||
| 366 | */ | ||
| 367 | #define AUDIT_MESSAGE_TEXT_MAX 8560 | ||
| 368 | |||
| 360 | struct audit_status { | 369 | struct audit_status { |
| 361 | __u32 mask; /* Bit mask for valid entries */ | 370 | __u32 mask; /* Bit mask for valid entries */ |
| 362 | __u32 enabled; /* 1 = enabled, 0 = disabled */ | 371 | __u32 enabled; /* 1 = enabled, 0 = disabled */ |
| @@ -368,11 +377,28 @@ struct audit_status { | |||
| 368 | __u32 backlog; /* messages waiting in queue */ | 377 | __u32 backlog; /* messages waiting in queue */ |
| 369 | }; | 378 | }; |
| 370 | 379 | ||
| 380 | struct audit_features { | ||
| 381 | #define AUDIT_FEATURE_VERSION 1 | ||
| 382 | __u32 vers; | ||
| 383 | __u32 mask; /* which bits we are dealing with */ | ||
| 384 | __u32 features; /* which feature to enable/disable */ | ||
| 385 | __u32 lock; /* which features to lock */ | ||
| 386 | }; | ||
| 387 | |||
| 388 | #define AUDIT_FEATURE_ONLY_UNSET_LOGINUID 0 | ||
| 389 | #define AUDIT_FEATURE_LOGINUID_IMMUTABLE 1 | ||
| 390 | #define AUDIT_LAST_FEATURE AUDIT_FEATURE_LOGINUID_IMMUTABLE | ||
| 391 | |||
| 392 | #define audit_feature_valid(x) ((x) >= 0 && (x) <= AUDIT_LAST_FEATURE) | ||
| 393 | #define AUDIT_FEATURE_TO_MASK(x) (1 << ((x) & 31)) /* mask for __u32 */ | ||
| 394 | |||
| 371 | struct audit_tty_status { | 395 | struct audit_tty_status { |
| 372 | __u32 enabled; /* 1 = enabled, 0 = disabled */ | 396 | __u32 enabled; /* 1 = enabled, 0 = disabled */ |
| 373 | __u32 log_passwd; /* 1 = enabled, 0 = disabled */ | 397 | __u32 log_passwd; /* 1 = enabled, 0 = disabled */ |
| 374 | }; | 398 | }; |
| 375 | 399 | ||
| 400 | #define AUDIT_UID_UNSET (unsigned int)-1 | ||
| 401 | |||
| 376 | /* audit_rule_data supports filter rules with both integer and string | 402 | /* audit_rule_data supports filter rules with both integer and string |
| 377 | * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and | 403 | * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and |
| 378 | * AUDIT_LIST_RULES requests. | 404 | * AUDIT_LIST_RULES requests. |