TOMOYO: Add auditing interface.

Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse audit logs for appending to /sys/kernel/security/tomoyo/domain_policy interface. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2011-06-26 10:18:58 -0400
committer: James Morris <jmorris@namei.org> 2011-06-28 19:31:20 -0400
commit: eadd99cc85347b4f9eb10122ac90032eb4971b02 (patch)
tree: fa6075ad4917422288222ee52bfcb66b7ed30a0e /security/tomoyo/common.h
parent: d5ca1725ac9ba876c2dd614bb9826d0c4e13d818 (diff)
1 files changed, 78 insertions, 5 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 2b39e63234c8..f40ec1fcbc5d 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -44,7 +44,10 @@ enum tomoyo_mode_index {
        TOMOYO_CONFIG_LEARNING,
        TOMOYO_CONFIG_PERMISSIVE,
        TOMOYO_CONFIG_ENFORCING,
-        TOMOYO_CONFIG_USE_DEFAULT = 255
+        TOMOYO_CONFIG_MAX_MODE,
+        TOMOYO_CONFIG_WANT_REJECT_LOG =  64,
+        TOMOYO_CONFIG_WANT_GRANT_LOG  = 128,
+        TOMOYO_CONFIG_USE_DEFAULT     = 255,
 };
 /* Index numbers for entry type. */
@@ -115,6 +118,13 @@ enum tomoyo_path_acl_index {
        TOMOYO_MAX_PATH_OPERATION
 };
+enum tomoyo_memory_stat_type {
+        TOMOYO_MEMORY_POLICY,
+        TOMOYO_MEMORY_AUDIT,
+        TOMOYO_MEMORY_QUERY,
+        TOMOYO_MAX_MEMORY_STAT
+};
 enum tomoyo_mkdev_acl_index {
        TOMOYO_TYPE_MKBLOCK,
        TOMOYO_TYPE_MKCHAR,
@@ -150,6 +160,7 @@ enum tomoyo_securityfs_interface_index {
        TOMOYO_PROCESS_STATUS,
        TOMOYO_MEMINFO,
        TOMOYO_SELFDOMAIN,
+        TOMOYO_AUDIT,
        TOMOYO_VERSION,
        TOMOYO_PROFILE,
        TOMOYO_QUERY,
@@ -213,6 +224,7 @@ enum tomoyo_mac_category_index {
 /* Index numbers for profile's PREFERENCE values. */
 enum tomoyo_pref_index {
+        TOMOYO_PREF_MAX_AUDIT_LOG,
        TOMOYO_PREF_MAX_LEARNING_ENTRY,
        TOMOYO_MAX_PREF
 };
@@ -506,13 +518,21 @@ struct tomoyo_profile {
        unsigned int pref[TOMOYO_MAX_PREF];
 };
+/* Structure for representing YYYY/MM/DD hh/mm/ss. */
+struct tomoyo_time {
+        u16 year;
+        u8 month;
+        u8 day;
+        u8 hour;
+        u8 min;
+        u8 sec;
+};
 /********** Function prototypes. **********/
 bool tomoyo_str_starts(char **src, const char *find);
 const char *tomoyo_get_exe(void);
 void tomoyo_normalize_line(unsigned char *buffer);
-void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...)
-     __attribute__ ((format(printf, 2, 3)));
 void tomoyo_check_profile(void);
 int tomoyo_open_control(const u8 type, struct file *file);
 int tomoyo_close_control(struct tomoyo_io_buffer *head);
@@ -620,6 +640,14 @@ void tomoyo_check_acl(struct tomoyo_request_info *r,
 char *tomoyo_read_token(struct tomoyo_acl_param *param);
 bool tomoyo_permstr(const char *string, const char *keyword);
+const char *tomoyo_yesno(const unsigned int value);
+void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt,
+                       va_list args);
+void tomoyo_read_log(struct tomoyo_io_buffer *head);
+int tomoyo_poll_log(struct file *file, poll_table *wait);
+char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt,
+                      va_list args);
 /********** External variable definitions. **********/
 /* Lock for GC. */
@@ -650,8 +678,9 @@ extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION];
 extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION];
 extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION];
-extern unsigned int tomoyo_quota_for_query;
+extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE];
-extern unsigned int tomoyo_query_memory_size;
+extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT];
+extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT];
 /********** Inlined functions. **********/
@@ -773,6 +802,50 @@ static inline bool tomoyo_same_number_union
                a->value_type[1] == b->value_type[1];
 }
+#if defined(CONFIG_SLOB)
+/**
+ * tomoyo_round2 - Round up to power of 2 for calculating memory usage.
+ *
+ * @size: Size to be rounded up.
+ *
+ * Returns @size.
+ *
+ * Since SLOB does not round up, this function simply returns @size.
+ */
+static inline int tomoyo_round2(size_t size)
+{
+        return size;
+}
+#else
+/**
+ * tomoyo_round2 - Round up to power of 2 for calculating memory usage.
+ *
+ * @size: Size to be rounded up.
+ *
+ * Returns rounded size.
+ *
+ * Strictly speaking, SLAB may be able to allocate (e.g.) 96 bytes instead of
+ * (e.g.) 128 bytes.
+ */
+static inline int tomoyo_round2(size_t size)
+{
+#if PAGE_SIZE == 4096
+        size_t bsize = 32;
+#else
+        size_t bsize = 64;
+#endif
+        if (!size)
+                return 0;
+        while (size > bsize)
+                bsize <<= 1;
+        return bsize;
+}
+#endif
 /**
 * list_for_each_cookie - iterate over a list with cookie.
 * @pos:        the &struct list_head to use as a loop cursor.
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2011-06-26 10:18:58 -0400
committer	James Morris <jmorris@namei.org>	2011-06-28 19:31:20 -0400
commit	eadd99cc85347b4f9eb10122ac90032eb4971b02 (patch)
tree	fa6075ad4917422288222ee52bfcb66b7ed30a0e /security/tomoyo/common.h
parent	d5ca1725ac9ba876c2dd614bb9826d0c4e13d818 (diff)

diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 2b39e63234c8..f40ec1fcbc5d 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h
@@ -44,7 +44,10 @@ enum tomoyo_mode_index {
44	TOMOYO_CONFIG_LEARNING,	44	TOMOYO_CONFIG_LEARNING,
45	TOMOYO_CONFIG_PERMISSIVE,	45	TOMOYO_CONFIG_PERMISSIVE,
46	TOMOYO_CONFIG_ENFORCING,	46	TOMOYO_CONFIG_ENFORCING,
47	TOMOYO_CONFIG_USE_DEFAULT = 255	47	TOMOYO_CONFIG_MAX_MODE,
		48	TOMOYO_CONFIG_WANT_REJECT_LOG = 64,
		49	TOMOYO_CONFIG_WANT_GRANT_LOG = 128,
		50	TOMOYO_CONFIG_USE_DEFAULT = 255,
48	};	51	};
49		52
50	/* Index numbers for entry type. */	53	/* Index numbers for entry type. */
@@ -115,6 +118,13 @@ enum tomoyo_path_acl_index {
115	TOMOYO_MAX_PATH_OPERATION	118	TOMOYO_MAX_PATH_OPERATION
116	};	119	};
117		120
		121	enum tomoyo_memory_stat_type {
		122	TOMOYO_MEMORY_POLICY,
		123	TOMOYO_MEMORY_AUDIT,
		124	TOMOYO_MEMORY_QUERY,
		125	TOMOYO_MAX_MEMORY_STAT
		126	};
		127
118	enum tomoyo_mkdev_acl_index {	128	enum tomoyo_mkdev_acl_index {
119	TOMOYO_TYPE_MKBLOCK,	129	TOMOYO_TYPE_MKBLOCK,
120	TOMOYO_TYPE_MKCHAR,	130	TOMOYO_TYPE_MKCHAR,
@@ -150,6 +160,7 @@ enum tomoyo_securityfs_interface_index {
150	TOMOYO_PROCESS_STATUS,	160	TOMOYO_PROCESS_STATUS,
151	TOMOYO_MEMINFO,	161	TOMOYO_MEMINFO,
152	TOMOYO_SELFDOMAIN,	162	TOMOYO_SELFDOMAIN,
		163	TOMOYO_AUDIT,
153	TOMOYO_VERSION,	164	TOMOYO_VERSION,
154	TOMOYO_PROFILE,	165	TOMOYO_PROFILE,
155	TOMOYO_QUERY,	166	TOMOYO_QUERY,
@@ -213,6 +224,7 @@ enum tomoyo_mac_category_index {
213		224
214	/* Index numbers for profile's PREFERENCE values. */	225	/* Index numbers for profile's PREFERENCE values. */
215	enum tomoyo_pref_index {	226	enum tomoyo_pref_index {
		227	TOMOYO_PREF_MAX_AUDIT_LOG,
216	TOMOYO_PREF_MAX_LEARNING_ENTRY,	228	TOMOYO_PREF_MAX_LEARNING_ENTRY,
217	TOMOYO_MAX_PREF	229	TOMOYO_MAX_PREF
218	};	230	};
@@ -506,13 +518,21 @@ struct tomoyo_profile {
506	unsigned int pref[TOMOYO_MAX_PREF];	518	unsigned int pref[TOMOYO_MAX_PREF];
507	};	519	};
508		520
		521	/* Structure for representing YYYY/MM/DD hh/mm/ss. */
		522	struct tomoyo_time {
		523	u16 year;
		524	u8 month;
		525	u8 day;
		526	u8 hour;
		527	u8 min;
		528	u8 sec;
		529	};
		530
509	/******** Function prototypes. ********/	531	/******** Function prototypes. ********/
510		532
511	bool tomoyo_str_starts(char *src, const char find);	533	bool tomoyo_str_starts(char *src, const char find);
512	const char *tomoyo_get_exe(void);	534	const char *tomoyo_get_exe(void);
513	void tomoyo_normalize_line(unsigned char *buffer);	535	void tomoyo_normalize_line(unsigned char *buffer);
514	void tomoyo_warn_log(struct tomoyo_request_info r, const char fmt, ...)
515	__attribute__ ((format(printf, 2, 3)));
516	void tomoyo_check_profile(void);	536	void tomoyo_check_profile(void);
517	int tomoyo_open_control(const u8 type, struct file *file);	537	int tomoyo_open_control(const u8 type, struct file *file);
518	int tomoyo_close_control(struct tomoyo_io_buffer *head);	538	int tomoyo_close_control(struct tomoyo_io_buffer *head);
@@ -620,6 +640,14 @@ void tomoyo_check_acl(struct tomoyo_request_info *r,
620	char tomoyo_read_token(struct tomoyo_acl_param param);	640	char tomoyo_read_token(struct tomoyo_acl_param param);
621	bool tomoyo_permstr(const char string, const char keyword);	641	bool tomoyo_permstr(const char string, const char keyword);
622		642
		643	const char *tomoyo_yesno(const unsigned int value);
		644	void tomoyo_write_log2(struct tomoyo_request_info r, int len, const char fmt,
		645	va_list args);
		646	void tomoyo_read_log(struct tomoyo_io_buffer *head);
		647	int tomoyo_poll_log(struct file file, poll_table wait);
		648	char tomoyo_init_log(struct tomoyo_request_info r, int len, const char *fmt,
		649	va_list args);
		650
623	/******** External variable definitions. ********/	651	/******** External variable definitions. ********/
624		652
625	/* Lock for GC. */	653	/* Lock for GC. */
@@ -650,8 +678,9 @@ extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION];
650	extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION];	678	extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION];
651	extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION];	679	extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION];
652		680
653	extern unsigned int tomoyo_quota_for_query;	681	extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE];
654	extern unsigned int tomoyo_query_memory_size;	682	extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT];
		683	extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT];
655		684
656	/******** Inlined functions. ********/	685	/******** Inlined functions. ********/
657		686
@@ -773,6 +802,50 @@ static inline bool tomoyo_same_number_union
773	a->value_type[1] == b->value_type[1];	802	a->value_type[1] == b->value_type[1];
774	}	803	}
775		804
		805	#if defined(CONFIG_SLOB)
		806
		807	/**
		808	* tomoyo_round2 - Round up to power of 2 for calculating memory usage.
		809	*
		810	* @size: Size to be rounded up.
		811	*
		812	* Returns @size.
		813	*
		814	* Since SLOB does not round up, this function simply returns @size.
		815	*/
		816	static inline int tomoyo_round2(size_t size)
		817	{
		818	return size;
		819	}
		820
		821	#else
		822
		823	/**
		824	* tomoyo_round2 - Round up to power of 2 for calculating memory usage.
		825	*
		826	* @size: Size to be rounded up.
		827	*
		828	* Returns rounded size.
		829	*
		830	* Strictly speaking, SLAB may be able to allocate (e.g.) 96 bytes instead of
		831	* (e.g.) 128 bytes.
		832	*/
		833	static inline int tomoyo_round2(size_t size)
		834	{
		835	#if PAGE_SIZE == 4096
		836	size_t bsize = 32;
		837	#else
		838	size_t bsize = 64;
		839	#endif
		840	if (!size)
		841	return 0;
		842	while (size > bsize)
		843	bsize <<= 1;
		844	return bsize;
		845	}
		846
		847	#endif
		848
776	/**	849	/**
777	* list_for_each_cookie - iterate over a list with cookie.	850	* list_for_each_cookie - iterate over a list with cookie.
778	* @pos: the &struct list_head to use as a loop cursor.	851	* @pos: the &struct list_head to use as a loop cursor.