diff options
Diffstat (limited to 'include/linux/audit.h')
-rw-r--r-- | include/linux/audit.h | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 68aba0c02e49..b2a2509bd7ea 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -51,7 +51,8 @@ | |||
51 | #define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ | 51 | #define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ |
52 | #define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ | 52 | #define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ |
53 | 53 | ||
54 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */ | 54 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ |
55 | #define AUDIT_USER_AVC 1107 /* We filter this differently */ | ||
55 | #define AUDIT_LAST_USER_MSG 1199 | 56 | #define AUDIT_LAST_USER_MSG 1199 |
56 | 57 | ||
57 | #define AUDIT_DAEMON_START 1200 /* Daemon startup record */ | 58 | #define AUDIT_DAEMON_START 1200 /* Daemon startup record */ |
@@ -75,10 +76,15 @@ | |||
75 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ | 76 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ |
76 | 77 | ||
77 | /* Rule flags */ | 78 | /* Rule flags */ |
78 | #define AUDIT_PER_TASK 0x01 /* Apply rule at task creation (not syscall) */ | 79 | #define AUDIT_FILTER_USER 0x00 /* Apply rule to user-generated messages */ |
79 | #define AUDIT_AT_ENTRY 0x02 /* Apply rule at syscall entry */ | 80 | #define AUDIT_FILTER_TASK 0x01 /* Apply rule at task creation (not syscall) */ |
80 | #define AUDIT_AT_EXIT 0x04 /* Apply rule at syscall exit */ | 81 | #define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */ |
81 | #define AUDIT_PREPEND 0x10 /* Prepend to front of list */ | 82 | #define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */ |
83 | #define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */ | ||
84 | |||
85 | #define AUDIT_NR_FILTERS 5 | ||
86 | |||
87 | #define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */ | ||
82 | 88 | ||
83 | /* Rule actions */ | 89 | /* Rule actions */ |
84 | #define AUDIT_NEVER 0 /* Do not build context if rule matches */ | 90 | #define AUDIT_NEVER 0 /* Do not build context if rule matches */ |
@@ -199,6 +205,7 @@ struct audit_sig_info { | |||
199 | struct audit_buffer; | 205 | struct audit_buffer; |
200 | struct audit_context; | 206 | struct audit_context; |
201 | struct inode; | 207 | struct inode; |
208 | struct netlink_skb_parms; | ||
202 | 209 | ||
203 | #define AUDITSC_INVALID 0 | 210 | #define AUDITSC_INVALID 0 |
204 | #define AUDITSC_SUCCESS 1 | 211 | #define AUDITSC_SUCCESS 1 |
@@ -215,7 +222,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch, | |||
215 | extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); | 222 | extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); |
216 | extern void audit_getname(const char *name); | 223 | extern void audit_getname(const char *name); |
217 | extern void audit_putname(const char *name); | 224 | extern void audit_putname(const char *name); |
218 | extern void audit_inode(const char *name, const struct inode *inode); | 225 | extern void audit_inode(const char *name, const struct inode *inode, unsigned flags); |
219 | 226 | ||
220 | /* Private API (for audit.c only) */ | 227 | /* Private API (for audit.c only) */ |
221 | extern int audit_receive_filter(int type, int pid, int uid, int seq, | 228 | extern int audit_receive_filter(int type, int pid, int uid, int seq, |
@@ -230,6 +237,7 @@ extern int audit_socketcall(int nargs, unsigned long *args); | |||
230 | extern int audit_sockaddr(int len, void *addr); | 237 | extern int audit_sockaddr(int len, void *addr); |
231 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | 238 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); |
232 | extern void audit_signal_info(int sig, struct task_struct *t); | 239 | extern void audit_signal_info(int sig, struct task_struct *t); |
240 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); | ||
233 | #else | 241 | #else |
234 | #define audit_alloc(t) ({ 0; }) | 242 | #define audit_alloc(t) ({ 0; }) |
235 | #define audit_free(t) do { ; } while (0) | 243 | #define audit_free(t) do { ; } while (0) |
@@ -237,7 +245,7 @@ extern void audit_signal_info(int sig, struct task_struct *t); | |||
237 | #define audit_syscall_exit(t,f,r) do { ; } while (0) | 245 | #define audit_syscall_exit(t,f,r) do { ; } while (0) |
238 | #define audit_getname(n) do { ; } while (0) | 246 | #define audit_getname(n) do { ; } while (0) |
239 | #define audit_putname(n) do { ; } while (0) | 247 | #define audit_putname(n) do { ; } while (0) |
240 | #define audit_inode(n,i) do { ; } while (0) | 248 | #define audit_inode(n,i,f) do { ; } while (0) |
241 | #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) | 249 | #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) |
242 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 250 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
243 | #define audit_get_loginuid(c) ({ -1; }) | 251 | #define audit_get_loginuid(c) ({ -1; }) |
@@ -246,16 +254,17 @@ extern void audit_signal_info(int sig, struct task_struct *t); | |||
246 | #define audit_sockaddr(len, addr) ({ 0; }) | 254 | #define audit_sockaddr(len, addr) ({ 0; }) |
247 | #define audit_avc_path(dentry, mnt) ({ 0; }) | 255 | #define audit_avc_path(dentry, mnt) ({ 0; }) |
248 | #define audit_signal_info(s,t) do { ; } while (0) | 256 | #define audit_signal_info(s,t) do { ; } while (0) |
257 | #define audit_filter_user(cb,t) ({ 1; }) | ||
249 | #endif | 258 | #endif |
250 | 259 | ||
251 | #ifdef CONFIG_AUDIT | 260 | #ifdef CONFIG_AUDIT |
252 | /* These are defined in audit.c */ | 261 | /* These are defined in audit.c */ |
253 | /* Public API */ | 262 | /* Public API */ |
254 | extern void audit_log(struct audit_context *ctx, int type, | 263 | extern void audit_log(struct audit_context *ctx, int gfp_mask, |
255 | const char *fmt, ...) | 264 | int type, const char *fmt, ...) |
256 | __attribute__((format(printf,3,4))); | 265 | __attribute__((format(printf,4,5))); |
257 | 266 | ||
258 | extern struct audit_buffer *audit_log_start(struct audit_context *ctx,int type); | 267 | extern struct audit_buffer *audit_log_start(struct audit_context *ctx, int gfp_mask, int type); |
259 | extern void audit_log_format(struct audit_buffer *ab, | 268 | extern void audit_log_format(struct audit_buffer *ab, |
260 | const char *fmt, ...) | 269 | const char *fmt, ...) |
261 | __attribute__((format(printf,2,3))); | 270 | __attribute__((format(printf,2,3))); |
@@ -274,9 +283,10 @@ extern void audit_send_reply(int pid, int seq, int type, | |||
274 | int done, int multi, | 283 | int done, int multi, |
275 | void *payload, int size); | 284 | void *payload, int size); |
276 | extern void audit_log_lost(const char *message); | 285 | extern void audit_log_lost(const char *message); |
286 | extern struct semaphore audit_netlink_sem; | ||
277 | #else | 287 | #else |
278 | #define audit_log(c,t,f,...) do { ; } while (0) | 288 | #define audit_log(c,g,t,f,...) do { ; } while (0) |
279 | #define audit_log_start(c,t) ({ NULL; }) | 289 | #define audit_log_start(c,g,t) ({ NULL; }) |
280 | #define audit_log_vformat(b,f,a) do { ; } while (0) | 290 | #define audit_log_vformat(b,f,a) do { ; } while (0) |
281 | #define audit_log_format(b,f,...) do { ; } while (0) | 291 | #define audit_log_format(b,f,...) do { ; } while (0) |
282 | #define audit_log_end(b) do { ; } while (0) | 292 | #define audit_log_end(b) do { ; } while (0) |