aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/audit.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/audit.h')
-rw-r--r--include/linux/audit.h36
1 files changed, 23 insertions, 13 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 68aba0c02e49..b2a2509bd7ea 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -51,7 +51,8 @@
51#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ 51#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
52#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ 52#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
53 53
54#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */ 54#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
55#define AUDIT_USER_AVC 1107 /* We filter this differently */
55#define AUDIT_LAST_USER_MSG 1199 56#define AUDIT_LAST_USER_MSG 1199
56 57
57#define AUDIT_DAEMON_START 1200 /* Daemon startup record */ 58#define AUDIT_DAEMON_START 1200 /* Daemon startup record */
@@ -75,10 +76,15 @@
75#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ 76#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
76 77
77/* Rule flags */ 78/* Rule flags */
78#define AUDIT_PER_TASK 0x01 /* Apply rule at task creation (not syscall) */ 79#define AUDIT_FILTER_USER 0x00 /* Apply rule to user-generated messages */
79#define AUDIT_AT_ENTRY 0x02 /* Apply rule at syscall entry */ 80#define AUDIT_FILTER_TASK 0x01 /* Apply rule at task creation (not syscall) */
80#define AUDIT_AT_EXIT 0x04 /* Apply rule at syscall exit */ 81#define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */
81#define AUDIT_PREPEND 0x10 /* Prepend to front of list */ 82#define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */
83#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */
84
85#define AUDIT_NR_FILTERS 5
86
87#define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */
82 88
83/* Rule actions */ 89/* Rule actions */
84#define AUDIT_NEVER 0 /* Do not build context if rule matches */ 90#define AUDIT_NEVER 0 /* Do not build context if rule matches */
@@ -199,6 +205,7 @@ struct audit_sig_info {
199struct audit_buffer; 205struct audit_buffer;
200struct audit_context; 206struct audit_context;
201struct inode; 207struct inode;
208struct netlink_skb_parms;
202 209
203#define AUDITSC_INVALID 0 210#define AUDITSC_INVALID 0
204#define AUDITSC_SUCCESS 1 211#define AUDITSC_SUCCESS 1
@@ -215,7 +222,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
215extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); 222extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
216extern void audit_getname(const char *name); 223extern void audit_getname(const char *name);
217extern void audit_putname(const char *name); 224extern void audit_putname(const char *name);
218extern void audit_inode(const char *name, const struct inode *inode); 225extern void audit_inode(const char *name, const struct inode *inode, unsigned flags);
219 226
220 /* Private API (for audit.c only) */ 227 /* Private API (for audit.c only) */
221extern int audit_receive_filter(int type, int pid, int uid, int seq, 228extern int audit_receive_filter(int type, int pid, int uid, int seq,
@@ -230,6 +237,7 @@ extern int audit_socketcall(int nargs, unsigned long *args);
230extern int audit_sockaddr(int len, void *addr); 237extern int audit_sockaddr(int len, void *addr);
231extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); 238extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
232extern void audit_signal_info(int sig, struct task_struct *t); 239extern void audit_signal_info(int sig, struct task_struct *t);
240extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
233#else 241#else
234#define audit_alloc(t) ({ 0; }) 242#define audit_alloc(t) ({ 0; })
235#define audit_free(t) do { ; } while (0) 243#define audit_free(t) do { ; } while (0)
@@ -237,7 +245,7 @@ extern void audit_signal_info(int sig, struct task_struct *t);
237#define audit_syscall_exit(t,f,r) do { ; } while (0) 245#define audit_syscall_exit(t,f,r) do { ; } while (0)
238#define audit_getname(n) do { ; } while (0) 246#define audit_getname(n) do { ; } while (0)
239#define audit_putname(n) do { ; } while (0) 247#define audit_putname(n) do { ; } while (0)
240#define audit_inode(n,i) do { ; } while (0) 248#define audit_inode(n,i,f) do { ; } while (0)
241#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) 249#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
242#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) 250#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
243#define audit_get_loginuid(c) ({ -1; }) 251#define audit_get_loginuid(c) ({ -1; })
@@ -246,16 +254,17 @@ extern void audit_signal_info(int sig, struct task_struct *t);
246#define audit_sockaddr(len, addr) ({ 0; }) 254#define audit_sockaddr(len, addr) ({ 0; })
247#define audit_avc_path(dentry, mnt) ({ 0; }) 255#define audit_avc_path(dentry, mnt) ({ 0; })
248#define audit_signal_info(s,t) do { ; } while (0) 256#define audit_signal_info(s,t) do { ; } while (0)
257#define audit_filter_user(cb,t) ({ 1; })
249#endif 258#endif
250 259
251#ifdef CONFIG_AUDIT 260#ifdef CONFIG_AUDIT
252/* These are defined in audit.c */ 261/* These are defined in audit.c */
253 /* Public API */ 262 /* Public API */
254extern void audit_log(struct audit_context *ctx, int type, 263extern void audit_log(struct audit_context *ctx, int gfp_mask,
255 const char *fmt, ...) 264 int type, const char *fmt, ...)
256 __attribute__((format(printf,3,4))); 265 __attribute__((format(printf,4,5)));
257 266
258extern struct audit_buffer *audit_log_start(struct audit_context *ctx,int type); 267extern struct audit_buffer *audit_log_start(struct audit_context *ctx, int gfp_mask, int type);
259extern void audit_log_format(struct audit_buffer *ab, 268extern void audit_log_format(struct audit_buffer *ab,
260 const char *fmt, ...) 269 const char *fmt, ...)
261 __attribute__((format(printf,2,3))); 270 __attribute__((format(printf,2,3)));
@@ -274,9 +283,10 @@ extern void audit_send_reply(int pid, int seq, int type,
274 int done, int multi, 283 int done, int multi,
275 void *payload, int size); 284 void *payload, int size);
276extern void audit_log_lost(const char *message); 285extern void audit_log_lost(const char *message);
286extern struct semaphore audit_netlink_sem;
277#else 287#else
278#define audit_log(c,t,f,...) do { ; } while (0) 288#define audit_log(c,g,t,f,...) do { ; } while (0)
279#define audit_log_start(c,t) ({ NULL; }) 289#define audit_log_start(c,g,t) ({ NULL; })
280#define audit_log_vformat(b,f,a) do { ; } while (0) 290#define audit_log_vformat(b,f,a) do { ; } while (0)
281#define audit_log_format(b,f,...) do { ; } while (0) 291#define audit_log_format(b,f,...) do { ; } while (0)
282#define audit_log_end(b) do { ; } while (0) 292#define audit_log_end(b) do { ; } while (0)