diff options
Diffstat (limited to 'include/linux/audit.h')
| -rw-r--r-- | include/linux/audit.h | 43 |
1 files changed, 28 insertions, 15 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index fccc6e50298a..4bbd8601b8f0 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -63,9 +63,12 @@ | |||
| 63 | #define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */ | 63 | #define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */ |
| 64 | #define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */ | 64 | #define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */ |
| 65 | #define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */ | 65 | #define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */ |
| 66 | #define AUDIT_TTY_GET 1014 /* Get TTY auditing status */ | ||
| 67 | #define AUDIT_TTY_SET 1015 /* Set TTY auditing status */ | ||
| 66 | 68 | ||
| 67 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ | 69 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ |
| 68 | #define AUDIT_USER_AVC 1107 /* We filter this differently */ | 70 | #define AUDIT_USER_AVC 1107 /* We filter this differently */ |
| 71 | #define AUDIT_USER_TTY 1124 /* Non-ICANON TTY input meaning */ | ||
| 69 | #define AUDIT_LAST_USER_MSG 1199 | 72 | #define AUDIT_LAST_USER_MSG 1199 |
| 70 | #define AUDIT_FIRST_USER_MSG2 2100 /* More user space messages */ | 73 | #define AUDIT_FIRST_USER_MSG2 2100 /* More user space messages */ |
| 71 | #define AUDIT_LAST_USER_MSG2 2999 | 74 | #define AUDIT_LAST_USER_MSG2 2999 |
| @@ -92,6 +95,7 @@ | |||
| 92 | #define AUDIT_KERNEL_OTHER 1316 /* For use by 3rd party modules */ | 95 | #define AUDIT_KERNEL_OTHER 1316 /* For use by 3rd party modules */ |
| 93 | #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */ | 96 | #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */ |
| 94 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ | 97 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ |
| 98 | #define AUDIT_TTY 1319 /* Input on an administrative TTY */ | ||
| 95 | 99 | ||
| 96 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 100 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
| 97 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 101 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
| @@ -157,7 +161,7 @@ | |||
| 157 | * are currently used in an audit field constant understood by the kernel. | 161 | * are currently used in an audit field constant understood by the kernel. |
| 158 | * If you are adding a new #define AUDIT_<whatever>, please ensure that | 162 | * If you are adding a new #define AUDIT_<whatever>, please ensure that |
| 159 | * AUDIT_UNUSED_BITS is updated if need be. */ | 163 | * AUDIT_UNUSED_BITS is updated if need be. */ |
| 160 | #define AUDIT_UNUSED_BITS 0x0FFFFC00 | 164 | #define AUDIT_UNUSED_BITS 0x07FFFC00 |
| 161 | 165 | ||
| 162 | 166 | ||
| 163 | /* Rule fields */ | 167 | /* Rule fields */ |
| @@ -209,25 +213,29 @@ | |||
| 209 | #define AUDIT_NEGATE 0x80000000 | 213 | #define AUDIT_NEGATE 0x80000000 |
| 210 | 214 | ||
| 211 | /* These are the supported operators. | 215 | /* These are the supported operators. |
| 212 | * 4 2 1 | 216 | * 4 2 1 8 |
| 213 | * = > < | 217 | * = > < ? |
| 214 | * ------- | 218 | * ---------- |
| 215 | * 0 0 0 0 nonsense | 219 | * 0 0 0 0 00 nonsense |
| 216 | * 0 0 1 1 < | 220 | * 0 0 0 1 08 & bit mask |
| 217 | * 0 1 0 2 > | 221 | * 0 0 1 0 10 < |
| 218 | * 0 1 1 3 != | 222 | * 0 1 0 0 20 > |
| 219 | * 1 0 0 4 = | 223 | * 0 1 1 0 30 != |
| 220 | * 1 0 1 5 <= | 224 | * 1 0 0 0 40 = |
| 221 | * 1 1 0 6 >= | 225 | * 1 0 0 1 48 &= bit test |
| 222 | * 1 1 1 7 all operators | 226 | * 1 0 1 0 50 <= |
| 227 | * 1 1 0 0 60 >= | ||
| 228 | * 1 1 1 1 78 all operators | ||
| 223 | */ | 229 | */ |
| 230 | #define AUDIT_BIT_MASK 0x08000000 | ||
| 224 | #define AUDIT_LESS_THAN 0x10000000 | 231 | #define AUDIT_LESS_THAN 0x10000000 |
| 225 | #define AUDIT_GREATER_THAN 0x20000000 | 232 | #define AUDIT_GREATER_THAN 0x20000000 |
| 226 | #define AUDIT_NOT_EQUAL 0x30000000 | 233 | #define AUDIT_NOT_EQUAL 0x30000000 |
| 227 | #define AUDIT_EQUAL 0x40000000 | 234 | #define AUDIT_EQUAL 0x40000000 |
| 235 | #define AUDIT_BIT_TEST (AUDIT_BIT_MASK|AUDIT_EQUAL) | ||
| 228 | #define AUDIT_LESS_THAN_OR_EQUAL (AUDIT_LESS_THAN|AUDIT_EQUAL) | 236 | #define AUDIT_LESS_THAN_OR_EQUAL (AUDIT_LESS_THAN|AUDIT_EQUAL) |
| 229 | #define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL) | 237 | #define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL) |
| 230 | #define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL) | 238 | #define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK) |
| 231 | 239 | ||
| 232 | /* Status symbols */ | 240 | /* Status symbols */ |
| 233 | /* Mask values */ | 241 | /* Mask values */ |
| @@ -289,6 +297,10 @@ struct audit_status { | |||
| 289 | __u32 backlog; /* messages waiting in queue */ | 297 | __u32 backlog; /* messages waiting in queue */ |
| 290 | }; | 298 | }; |
| 291 | 299 | ||
| 300 | struct audit_tty_status { | ||
| 301 | __u32 enabled; /* 1 = enabled, 0 = disabled */ | ||
| 302 | }; | ||
| 303 | |||
| 292 | /* audit_rule_data supports filter rules with both integer and string | 304 | /* audit_rule_data supports filter rules with both integer and string |
| 293 | * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and | 305 | * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and |
| 294 | * AUDIT_LIST_RULES requests. | 306 | * AUDIT_LIST_RULES requests. |
| @@ -399,7 +411,6 @@ extern int audit_bprm(struct linux_binprm *bprm); | |||
| 399 | extern int audit_socketcall(int nargs, unsigned long *args); | 411 | extern int audit_socketcall(int nargs, unsigned long *args); |
| 400 | extern int audit_sockaddr(int len, void *addr); | 412 | extern int audit_sockaddr(int len, void *addr); |
| 401 | extern int __audit_fd_pair(int fd1, int fd2); | 413 | extern int __audit_fd_pair(int fd1, int fd2); |
| 402 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | ||
| 403 | extern int audit_set_macxattr(const char *name); | 414 | extern int audit_set_macxattr(const char *name); |
| 404 | extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr); | 415 | extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr); |
| 405 | extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout); | 416 | extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout); |
| @@ -479,7 +490,6 @@ extern int audit_signals; | |||
| 479 | #define audit_socketcall(n,a) ({ 0; }) | 490 | #define audit_socketcall(n,a) ({ 0; }) |
| 480 | #define audit_fd_pair(n,a) ({ 0; }) | 491 | #define audit_fd_pair(n,a) ({ 0; }) |
| 481 | #define audit_sockaddr(len, addr) ({ 0; }) | 492 | #define audit_sockaddr(len, addr) ({ 0; }) |
| 482 | #define audit_avc_path(dentry, mnt) ({ 0; }) | ||
| 483 | #define audit_set_macxattr(n) do { ; } while (0) | 493 | #define audit_set_macxattr(n) do { ; } while (0) |
| 484 | #define audit_mq_open(o,m,a) ({ 0; }) | 494 | #define audit_mq_open(o,m,a) ({ 0; }) |
| 485 | #define audit_mq_timedsend(d,l,p,t) ({ 0; }) | 495 | #define audit_mq_timedsend(d,l,p,t) ({ 0; }) |
| @@ -515,11 +525,13 @@ extern void audit_log_d_path(struct audit_buffer *ab, | |||
| 515 | const char *prefix, | 525 | const char *prefix, |
| 516 | struct dentry *dentry, | 526 | struct dentry *dentry, |
| 517 | struct vfsmount *vfsmnt); | 527 | struct vfsmount *vfsmnt); |
| 528 | extern void audit_log_lost(const char *message); | ||
| 518 | /* Private API (for audit.c only) */ | 529 | /* Private API (for audit.c only) */ |
| 519 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); | 530 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); |
| 520 | extern int audit_filter_type(int type); | 531 | extern int audit_filter_type(int type); |
| 521 | extern int audit_receive_filter(int type, int pid, int uid, int seq, | 532 | extern int audit_receive_filter(int type, int pid, int uid, int seq, |
| 522 | void *data, size_t datasz, uid_t loginuid, u32 sid); | 533 | void *data, size_t datasz, uid_t loginuid, u32 sid); |
| 534 | extern int audit_enabled; | ||
| 523 | #else | 535 | #else |
| 524 | #define audit_log(c,g,t,f,...) do { ; } while (0) | 536 | #define audit_log(c,g,t,f,...) do { ; } while (0) |
| 525 | #define audit_log_start(c,g,t) ({ NULL; }) | 537 | #define audit_log_start(c,g,t) ({ NULL; }) |
| @@ -530,6 +542,7 @@ extern int audit_receive_filter(int type, int pid, int uid, int seq, | |||
| 530 | #define audit_log_untrustedstring(a,s) do { ; } while (0) | 542 | #define audit_log_untrustedstring(a,s) do { ; } while (0) |
| 531 | #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0) | 543 | #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0) |
| 532 | #define audit_log_d_path(b,p,d,v) do { ; } while (0) | 544 | #define audit_log_d_path(b,p,d,v) do { ; } while (0) |
| 545 | #define audit_enabled 0 | ||
| 533 | #endif | 546 | #endif |
| 534 | #endif | 547 | #endif |
| 535 | #endif | 548 | #endif |