diff options
Diffstat (limited to 'include/linux/audit.h')
| -rw-r--r-- | include/linux/audit.h | 114 |
1 files changed, 70 insertions, 44 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 6272a395d43c..67e5dbfc2961 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -99,6 +99,8 @@ | |||
| 99 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ | 99 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ |
| 100 | #define AUDIT_TTY 1319 /* Input on an administrative TTY */ | 100 | #define AUDIT_TTY 1319 /* Input on an administrative TTY */ |
| 101 | #define AUDIT_EOE 1320 /* End of multi-record event */ | 101 | #define AUDIT_EOE 1320 /* End of multi-record event */ |
| 102 | #define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */ | ||
| 103 | #define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */ | ||
| 102 | 104 | ||
| 103 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 105 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
| 104 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 106 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
| @@ -245,6 +247,18 @@ | |||
| 245 | #define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL) | 247 | #define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL) |
| 246 | #define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK) | 248 | #define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK) |
| 247 | 249 | ||
| 250 | enum { | ||
| 251 | Audit_equal, | ||
| 252 | Audit_not_equal, | ||
| 253 | Audit_bitmask, | ||
| 254 | Audit_bittest, | ||
| 255 | Audit_lt, | ||
| 256 | Audit_gt, | ||
| 257 | Audit_le, | ||
| 258 | Audit_ge, | ||
| 259 | Audit_bad | ||
| 260 | }; | ||
| 261 | |||
| 248 | /* Status symbols */ | 262 | /* Status symbols */ |
| 249 | /* Mask values */ | 263 | /* Mask values */ |
| 250 | #define AUDIT_STATUS_ENABLED 0x0001 | 264 | #define AUDIT_STATUS_ENABLED 0x0001 |
| @@ -371,6 +385,8 @@ struct audit_krule { | |||
| 371 | struct audit_watch *watch; /* associated watch */ | 385 | struct audit_watch *watch; /* associated watch */ |
| 372 | struct audit_tree *tree; /* associated watched tree */ | 386 | struct audit_tree *tree; /* associated watched tree */ |
| 373 | struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ | 387 | struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ |
| 388 | struct list_head list; /* for AUDIT_LIST* purposes only */ | ||
| 389 | u64 prio; | ||
| 374 | }; | 390 | }; |
| 375 | 391 | ||
| 376 | struct audit_field { | 392 | struct audit_field { |
| @@ -391,6 +407,7 @@ extern int audit_classify_arch(int arch); | |||
| 391 | #ifdef CONFIG_AUDITSYSCALL | 407 | #ifdef CONFIG_AUDITSYSCALL |
| 392 | /* These are defined in auditsc.c */ | 408 | /* These are defined in auditsc.c */ |
| 393 | /* Public API */ | 409 | /* Public API */ |
| 410 | extern void audit_finish_fork(struct task_struct *child); | ||
| 394 | extern int audit_alloc(struct task_struct *task); | 411 | extern int audit_alloc(struct task_struct *task); |
| 395 | extern void audit_free(struct task_struct *task); | 412 | extern void audit_free(struct task_struct *task); |
| 396 | extern void audit_syscall_entry(int arch, | 413 | extern void audit_syscall_entry(int arch, |
| @@ -434,76 +451,84 @@ static inline void audit_ptrace(struct task_struct *t) | |||
| 434 | 451 | ||
| 435 | /* Private API (for audit.c only) */ | 452 | /* Private API (for audit.c only) */ |
| 436 | extern unsigned int audit_serial(void); | 453 | extern unsigned int audit_serial(void); |
| 437 | extern void auditsc_get_stamp(struct audit_context *ctx, | 454 | extern int auditsc_get_stamp(struct audit_context *ctx, |
| 438 | struct timespec *t, unsigned int *serial); | 455 | struct timespec *t, unsigned int *serial); |
| 439 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); | 456 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); |
| 440 | #define audit_get_loginuid(t) ((t)->loginuid) | 457 | #define audit_get_loginuid(t) ((t)->loginuid) |
| 441 | #define audit_get_sessionid(t) ((t)->sessionid) | 458 | #define audit_get_sessionid(t) ((t)->sessionid) |
| 442 | extern void audit_log_task_context(struct audit_buffer *ab); | 459 | extern void audit_log_task_context(struct audit_buffer *ab); |
| 443 | extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); | 460 | extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); |
| 444 | extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); | 461 | extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); |
| 445 | extern int audit_bprm(struct linux_binprm *bprm); | 462 | extern int audit_bprm(struct linux_binprm *bprm); |
| 446 | extern int audit_socketcall(int nargs, unsigned long *args); | 463 | extern void audit_socketcall(int nargs, unsigned long *args); |
| 447 | extern int audit_sockaddr(int len, void *addr); | 464 | extern int audit_sockaddr(int len, void *addr); |
| 448 | extern int __audit_fd_pair(int fd1, int fd2); | 465 | extern void __audit_fd_pair(int fd1, int fd2); |
| 449 | extern int audit_set_macxattr(const char *name); | 466 | extern int audit_set_macxattr(const char *name); |
| 450 | extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr); | 467 | extern void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr); |
| 451 | extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout); | 468 | extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout); |
| 452 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); | 469 | extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); |
| 453 | extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); | 470 | extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); |
| 454 | extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); | 471 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, |
| 455 | 472 | const struct cred *new, | |
| 456 | static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) | 473 | const struct cred *old); |
| 474 | extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); | ||
| 475 | |||
| 476 | static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) | ||
| 457 | { | 477 | { |
| 458 | if (unlikely(!audit_dummy_context())) | 478 | if (unlikely(!audit_dummy_context())) |
| 459 | return __audit_ipc_obj(ipcp); | 479 | __audit_ipc_obj(ipcp); |
| 460 | return 0; | ||
| 461 | } | 480 | } |
| 462 | static inline int audit_fd_pair(int fd1, int fd2) | 481 | static inline void audit_fd_pair(int fd1, int fd2) |
| 463 | { | 482 | { |
| 464 | if (unlikely(!audit_dummy_context())) | 483 | if (unlikely(!audit_dummy_context())) |
| 465 | return __audit_fd_pair(fd1, fd2); | 484 | __audit_fd_pair(fd1, fd2); |
| 466 | return 0; | ||
| 467 | } | 485 | } |
| 468 | static inline int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) | 486 | static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) |
| 469 | { | 487 | { |
| 470 | if (unlikely(!audit_dummy_context())) | 488 | if (unlikely(!audit_dummy_context())) |
| 471 | return __audit_ipc_set_perm(qbytes, uid, gid, mode); | 489 | __audit_ipc_set_perm(qbytes, uid, gid, mode); |
| 472 | return 0; | ||
| 473 | } | 490 | } |
| 474 | static inline int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr) | 491 | static inline void audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr) |
| 475 | { | 492 | { |
| 476 | if (unlikely(!audit_dummy_context())) | 493 | if (unlikely(!audit_dummy_context())) |
| 477 | return __audit_mq_open(oflag, mode, u_attr); | 494 | __audit_mq_open(oflag, mode, attr); |
| 478 | return 0; | ||
| 479 | } | 495 | } |
| 480 | static inline int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout) | 496 | static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout) |
| 481 | { | 497 | { |
| 482 | if (unlikely(!audit_dummy_context())) | 498 | if (unlikely(!audit_dummy_context())) |
| 483 | return __audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout); | 499 | __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout); |
| 484 | return 0; | ||
| 485 | } | 500 | } |
| 486 | static inline int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout) | 501 | static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) |
| 487 | { | 502 | { |
| 488 | if (unlikely(!audit_dummy_context())) | 503 | if (unlikely(!audit_dummy_context())) |
| 489 | return __audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout); | 504 | __audit_mq_notify(mqdes, notification); |
| 490 | return 0; | ||
| 491 | } | 505 | } |
| 492 | static inline int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) | 506 | static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) |
| 493 | { | 507 | { |
| 494 | if (unlikely(!audit_dummy_context())) | 508 | if (unlikely(!audit_dummy_context())) |
| 495 | return __audit_mq_notify(mqdes, u_notification); | 509 | __audit_mq_getsetattr(mqdes, mqstat); |
| 496 | return 0; | ||
| 497 | } | 510 | } |
| 498 | static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | 511 | |
| 512 | static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, | ||
| 513 | const struct cred *new, | ||
| 514 | const struct cred *old) | ||
| 499 | { | 515 | { |
| 500 | if (unlikely(!audit_dummy_context())) | 516 | if (unlikely(!audit_dummy_context())) |
| 501 | return __audit_mq_getsetattr(mqdes, mqstat); | 517 | return __audit_log_bprm_fcaps(bprm, new, old); |
| 502 | return 0; | 518 | return 0; |
| 503 | } | 519 | } |
| 520 | |||
| 521 | static inline void audit_log_capset(pid_t pid, const struct cred *new, | ||
| 522 | const struct cred *old) | ||
| 523 | { | ||
| 524 | if (unlikely(!audit_dummy_context())) | ||
| 525 | __audit_log_capset(pid, new, old); | ||
| 526 | } | ||
| 527 | |||
| 504 | extern int audit_n_rules; | 528 | extern int audit_n_rules; |
| 505 | extern int audit_signals; | 529 | extern int audit_signals; |
| 506 | #else | 530 | #else |
| 531 | #define audit_finish_fork(t) | ||
| 507 | #define audit_alloc(t) ({ 0; }) | 532 | #define audit_alloc(t) ({ 0; }) |
| 508 | #define audit_free(t) do { ; } while (0) | 533 | #define audit_free(t) do { ; } while (0) |
| 509 | #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0) | 534 | #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0) |
| @@ -516,22 +541,23 @@ extern int audit_signals; | |||
| 516 | #define audit_inode(n,d) do { ; } while (0) | 541 | #define audit_inode(n,d) do { ; } while (0) |
| 517 | #define audit_inode_child(d,i,p) do { ; } while (0) | 542 | #define audit_inode_child(d,i,p) do { ; } while (0) |
| 518 | #define audit_core_dumps(i) do { ; } while (0) | 543 | #define audit_core_dumps(i) do { ; } while (0) |
| 519 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 544 | #define auditsc_get_stamp(c,t,s) (0) |
| 520 | #define audit_get_loginuid(t) (-1) | 545 | #define audit_get_loginuid(t) (-1) |
| 521 | #define audit_get_sessionid(t) (-1) | 546 | #define audit_get_sessionid(t) (-1) |
| 522 | #define audit_log_task_context(b) do { ; } while (0) | 547 | #define audit_log_task_context(b) do { ; } while (0) |
| 523 | #define audit_ipc_obj(i) ({ 0; }) | 548 | #define audit_ipc_obj(i) ((void)0) |
| 524 | #define audit_ipc_set_perm(q,u,g,m) ({ 0; }) | 549 | #define audit_ipc_set_perm(q,u,g,m) ((void)0) |
| 525 | #define audit_bprm(p) ({ 0; }) | 550 | #define audit_bprm(p) ({ 0; }) |
| 526 | #define audit_socketcall(n,a) ({ 0; }) | 551 | #define audit_socketcall(n,a) ((void)0) |
| 527 | #define audit_fd_pair(n,a) ({ 0; }) | 552 | #define audit_fd_pair(n,a) ((void)0) |
| 528 | #define audit_sockaddr(len, addr) ({ 0; }) | 553 | #define audit_sockaddr(len, addr) ({ 0; }) |
| 529 | #define audit_set_macxattr(n) do { ; } while (0) | 554 | #define audit_set_macxattr(n) do { ; } while (0) |
| 530 | #define audit_mq_open(o,m,a) ({ 0; }) | 555 | #define audit_mq_open(o,m,a) ((void)0) |
| 531 | #define audit_mq_timedsend(d,l,p,t) ({ 0; }) | 556 | #define audit_mq_sendrecv(d,l,p,t) ((void)0) |
| 532 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) | 557 | #define audit_mq_notify(d,n) ((void)0) |
| 533 | #define audit_mq_notify(d,n) ({ 0; }) | 558 | #define audit_mq_getsetattr(d,s) ((void)0) |
| 534 | #define audit_mq_getsetattr(d,s) ({ 0; }) | 559 | #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) |
| 560 | #define audit_log_capset(pid, ncr, ocr) ((void)0) | ||
| 535 | #define audit_ptrace(t) ((void)0) | 561 | #define audit_ptrace(t) ((void)0) |
| 536 | #define audit_n_rules 0 | 562 | #define audit_n_rules 0 |
| 537 | #define audit_signals 0 | 563 | #define audit_signals 0 |