1 files changed, 123 insertions, 0 deletions
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
new file mode 100644
index 00000000000..1951786d32e
--- /dev/null
+++ b/security/apparmor/include/audit.h
@@ -0,0 +1,123 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor auditing function definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+#ifndef __AA_AUDIT_H
+#define __AA_AUDIT_H
+#include <linux/audit.h>
+#include <linux/fs.h>
+#include <linux/lsm_audit.h>
+#include <linux/sched.h>
+#include <linux/slab.h>
+#include "file.h"
+struct aa_profile;
+extern const char *audit_mode_names[];
+#define AUDIT_MAX_INDEX 5
+#define AUDIT_APPARMOR_AUTO 0   /* auto choose audit message type */
+enum audit_mode {
+        AUDIT_NORMAL,           /* follow normal auditing of accesses */
+        AUDIT_QUIET_DENIED,     /* quiet all denied access messages */
+        AUDIT_QUIET,            /* quiet all messages */
+        AUDIT_NOQUIET,          /* do not quiet audit messages */
+        AUDIT_ALL               /* audit all accesses */
+};
+enum audit_type {
+        AUDIT_APPARMOR_AUDIT,
+        AUDIT_APPARMOR_ALLOWED,
+        AUDIT_APPARMOR_DENIED,
+        AUDIT_APPARMOR_HINT,
+        AUDIT_APPARMOR_STATUS,
+        AUDIT_APPARMOR_ERROR,
+        AUDIT_APPARMOR_KILL
+};
+extern const char *op_table[];
+enum aa_ops {
+        OP_NULL,
+        OP_SYSCTL,
+        OP_CAPABLE,
+        OP_UNLINK,
+        OP_MKDIR,
+        OP_RMDIR,
+        OP_MKNOD,
+        OP_TRUNC,
+        OP_LINK,
+        OP_SYMLINK,
+        OP_RENAME_SRC,
+        OP_RENAME_DEST,
+        OP_CHMOD,
+        OP_CHOWN,
+        OP_GETATTR,
+        OP_OPEN,
+        OP_FPERM,
+        OP_FLOCK,
+        OP_FMMAP,
+        OP_FMPROT,
+        OP_CREATE,
+        OP_POST_CREATE,
+        OP_BIND,
+        OP_CONNECT,
+        OP_LISTEN,
+        OP_ACCEPT,
+        OP_SENDMSG,
+        OP_RECVMSG,
+        OP_GETSOCKNAME,
+        OP_GETPEERNAME,
+        OP_GETSOCKOPT,
+        OP_SETSOCKOPT,
+        OP_SOCK_SHUTDOWN,
+        OP_PTRACE,
+        OP_EXEC,
+        OP_CHANGE_HAT,
+        OP_CHANGE_PROFILE,
+        OP_CHANGE_ONEXEC,
+        OP_SETPROCATTR,
+        OP_SETRLIMIT,
+        OP_PROF_REPL,
+        OP_PROF_LOAD,
+        OP_PROF_RM,
+};
+/* define a short hand for apparmor_audit_data portion of common_audit_data */
+#define aad apparmor_audit_data
+void aa_audit_msg(int type, struct common_audit_data *sa,
+                  void (*cb) (struct audit_buffer *, void *));
+int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
+             struct common_audit_data *sa,
+             void (*cb) (struct audit_buffer *, void *));
+static inline int complain_error(int error)
+{
+        if (error == -EPERM || error == -EACCES)
+                return 0;
+        return error;
+}
+#endif /* __AA_AUDIT_H */

diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h new file mode 100644 index 00000000000..1951786d32e --- /dev/null +++ b/security/apparmor/include/audit.h
@@ -0,0 +1,123 @@
	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor auditing function definitions.
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#ifndef __AA_AUDIT_H
	16	#define __AA_AUDIT_H
	17
	18	#include <linux/audit.h>
	19	#include <linux/fs.h>
	20	#include <linux/lsm_audit.h>
	21	#include <linux/sched.h>
	22	#include <linux/slab.h>
	23
	24	#include "file.h"
	25
	26	struct aa_profile;
	27
	28	extern const char *audit_mode_names[];
	29	#define AUDIT_MAX_INDEX 5
	30
	31	#define AUDIT_APPARMOR_AUTO 0 /* auto choose audit message type */
	32
	33	enum audit_mode {
	34	AUDIT_NORMAL, /* follow normal auditing of accesses */
	35	AUDIT_QUIET_DENIED, /* quiet all denied access messages */
	36	AUDIT_QUIET, /* quiet all messages */
	37	AUDIT_NOQUIET, /* do not quiet audit messages */
	38	AUDIT_ALL /* audit all accesses */
	39	};
	40
	41	enum audit_type {
	42	AUDIT_APPARMOR_AUDIT,
	43	AUDIT_APPARMOR_ALLOWED,
	44	AUDIT_APPARMOR_DENIED,
	45	AUDIT_APPARMOR_HINT,
	46	AUDIT_APPARMOR_STATUS,
	47	AUDIT_APPARMOR_ERROR,
	48	AUDIT_APPARMOR_KILL
	49	};
	50
	51	extern const char *op_table[];
	52	enum aa_ops {
	53	OP_NULL,
	54
	55	OP_SYSCTL,
	56	OP_CAPABLE,
	57
	58	OP_UNLINK,
	59	OP_MKDIR,
	60	OP_RMDIR,
	61	OP_MKNOD,
	62	OP_TRUNC,
	63	OP_LINK,
	64	OP_SYMLINK,
	65	OP_RENAME_SRC,
	66	OP_RENAME_DEST,
	67	OP_CHMOD,
	68	OP_CHOWN,
	69	OP_GETATTR,
	70	OP_OPEN,
	71
	72	OP_FPERM,
	73	OP_FLOCK,
	74	OP_FMMAP,
	75	OP_FMPROT,
	76
	77	OP_CREATE,
	78	OP_POST_CREATE,
	79	OP_BIND,
	80	OP_CONNECT,
	81	OP_LISTEN,
	82	OP_ACCEPT,
	83	OP_SENDMSG,
	84	OP_RECVMSG,
	85	OP_GETSOCKNAME,
	86	OP_GETPEERNAME,
	87	OP_GETSOCKOPT,
	88	OP_SETSOCKOPT,
	89	OP_SOCK_SHUTDOWN,
	90
	91	OP_PTRACE,
	92
	93	OP_EXEC,
	94	OP_CHANGE_HAT,
	95	OP_CHANGE_PROFILE,
	96	OP_CHANGE_ONEXEC,
	97
	98	OP_SETPROCATTR,
	99	OP_SETRLIMIT,
	100
	101	OP_PROF_REPL,
	102	OP_PROF_LOAD,
	103	OP_PROF_RM,
	104	};
	105
	106
	107	/* define a short hand for apparmor_audit_data portion of common_audit_data */
	108	#define aad apparmor_audit_data
	109
	110	void aa_audit_msg(int type, struct common_audit_data *sa,
	111	void (cb) (struct audit_buffer , void *));
	112	int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
	113	struct common_audit_data *sa,
	114	void (cb) (struct audit_buffer , void *));
	115
	116	static inline int complain_error(int error)
	117	{
	118	if (error == -EPERM \|\| error == -EACCES)
	119	return 0;
	120	return error;
	121	}
	122
	123	#endif /* __AA_AUDIT_H */