diff options
Diffstat (limited to 'include/linux/audit.h')
| -rw-r--r-- | include/linux/audit.h | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 68aba0c02e49..b2a2509bd7ea 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -51,7 +51,8 @@ | |||
| 51 | #define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ | 51 | #define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ |
| 52 | #define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ | 52 | #define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ |
| 53 | 53 | ||
| 54 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */ | 54 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ |
| 55 | #define AUDIT_USER_AVC 1107 /* We filter this differently */ | ||
| 55 | #define AUDIT_LAST_USER_MSG 1199 | 56 | #define AUDIT_LAST_USER_MSG 1199 |
| 56 | 57 | ||
| 57 | #define AUDIT_DAEMON_START 1200 /* Daemon startup record */ | 58 | #define AUDIT_DAEMON_START 1200 /* Daemon startup record */ |
| @@ -75,10 +76,15 @@ | |||
| 75 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ | 76 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ |
| 76 | 77 | ||
| 77 | /* Rule flags */ | 78 | /* Rule flags */ |
| 78 | #define AUDIT_PER_TASK 0x01 /* Apply rule at task creation (not syscall) */ | 79 | #define AUDIT_FILTER_USER 0x00 /* Apply rule to user-generated messages */ |
| 79 | #define AUDIT_AT_ENTRY 0x02 /* Apply rule at syscall entry */ | 80 | #define AUDIT_FILTER_TASK 0x01 /* Apply rule at task creation (not syscall) */ |
| 80 | #define AUDIT_AT_EXIT 0x04 /* Apply rule at syscall exit */ | 81 | #define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */ |
| 81 | #define AUDIT_PREPEND 0x10 /* Prepend to front of list */ | 82 | #define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */ |
| 83 | #define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */ | ||
| 84 | |||
| 85 | #define AUDIT_NR_FILTERS 5 | ||
| 86 | |||
| 87 | #define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */ | ||
| 82 | 88 | ||
| 83 | /* Rule actions */ | 89 | /* Rule actions */ |
| 84 | #define AUDIT_NEVER 0 /* Do not build context if rule matches */ | 90 | #define AUDIT_NEVER 0 /* Do not build context if rule matches */ |
| @@ -199,6 +205,7 @@ struct audit_sig_info { | |||
| 199 | struct audit_buffer; | 205 | struct audit_buffer; |
| 200 | struct audit_context; | 206 | struct audit_context; |
| 201 | struct inode; | 207 | struct inode; |
| 208 | struct netlink_skb_parms; | ||
| 202 | 209 | ||
| 203 | #define AUDITSC_INVALID 0 | 210 | #define AUDITSC_INVALID 0 |
| 204 | #define AUDITSC_SUCCESS 1 | 211 | #define AUDITSC_SUCCESS 1 |
| @@ -215,7 +222,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch, | |||
| 215 | extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); | 222 | extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); |
| 216 | extern void audit_getname(const char *name); | 223 | extern void audit_getname(const char *name); |
| 217 | extern void audit_putname(const char *name); | 224 | extern void audit_putname(const char *name); |
| 218 | extern void audit_inode(const char *name, const struct inode *inode); | 225 | extern void audit_inode(const char *name, const struct inode *inode, unsigned flags); |
| 219 | 226 | ||
| 220 | /* Private API (for audit.c only) */ | 227 | /* Private API (for audit.c only) */ |
| 221 | extern int audit_receive_filter(int type, int pid, int uid, int seq, | 228 | extern int audit_receive_filter(int type, int pid, int uid, int seq, |
| @@ -230,6 +237,7 @@ extern int audit_socketcall(int nargs, unsigned long *args); | |||
| 230 | extern int audit_sockaddr(int len, void *addr); | 237 | extern int audit_sockaddr(int len, void *addr); |
| 231 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | 238 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); |
| 232 | extern void audit_signal_info(int sig, struct task_struct *t); | 239 | extern void audit_signal_info(int sig, struct task_struct *t); |
| 240 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); | ||
| 233 | #else | 241 | #else |
| 234 | #define audit_alloc(t) ({ 0; }) | 242 | #define audit_alloc(t) ({ 0; }) |
| 235 | #define audit_free(t) do { ; } while (0) | 243 | #define audit_free(t) do { ; } while (0) |
| @@ -237,7 +245,7 @@ extern void audit_signal_info(int sig, struct task_struct *t); | |||
| 237 | #define audit_syscall_exit(t,f,r) do { ; } while (0) | 245 | #define audit_syscall_exit(t,f,r) do { ; } while (0) |
| 238 | #define audit_getname(n) do { ; } while (0) | 246 | #define audit_getname(n) do { ; } while (0) |
| 239 | #define audit_putname(n) do { ; } while (0) | 247 | #define audit_putname(n) do { ; } while (0) |
| 240 | #define audit_inode(n,i) do { ; } while (0) | 248 | #define audit_inode(n,i,f) do { ; } while (0) |
| 241 | #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) | 249 | #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) |
| 242 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 250 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
| 243 | #define audit_get_loginuid(c) ({ -1; }) | 251 | #define audit_get_loginuid(c) ({ -1; }) |
| @@ -246,16 +254,17 @@ extern void audit_signal_info(int sig, struct task_struct *t); | |||
| 246 | #define audit_sockaddr(len, addr) ({ 0; }) | 254 | #define audit_sockaddr(len, addr) ({ 0; }) |
| 247 | #define audit_avc_path(dentry, mnt) ({ 0; }) | 255 | #define audit_avc_path(dentry, mnt) ({ 0; }) |
| 248 | #define audit_signal_info(s,t) do { ; } while (0) | 256 | #define audit_signal_info(s,t) do { ; } while (0) |
| 257 | #define audit_filter_user(cb,t) ({ 1; }) | ||
| 249 | #endif | 258 | #endif |
| 250 | 259 | ||
| 251 | #ifdef CONFIG_AUDIT | 260 | #ifdef CONFIG_AUDIT |
| 252 | /* These are defined in audit.c */ | 261 | /* These are defined in audit.c */ |
| 253 | /* Public API */ | 262 | /* Public API */ |
| 254 | extern void audit_log(struct audit_context *ctx, int type, | 263 | extern void audit_log(struct audit_context *ctx, int gfp_mask, |
| 255 | const char *fmt, ...) | 264 | int type, const char *fmt, ...) |
| 256 | __attribute__((format(printf,3,4))); | 265 | __attribute__((format(printf,4,5))); |
| 257 | 266 | ||
| 258 | extern struct audit_buffer *audit_log_start(struct audit_context *ctx,int type); | 267 | extern struct audit_buffer *audit_log_start(struct audit_context *ctx, int gfp_mask, int type); |
| 259 | extern void audit_log_format(struct audit_buffer *ab, | 268 | extern void audit_log_format(struct audit_buffer *ab, |
| 260 | const char *fmt, ...) | 269 | const char *fmt, ...) |
| 261 | __attribute__((format(printf,2,3))); | 270 | __attribute__((format(printf,2,3))); |
| @@ -274,9 +283,10 @@ extern void audit_send_reply(int pid, int seq, int type, | |||
| 274 | int done, int multi, | 283 | int done, int multi, |
| 275 | void *payload, int size); | 284 | void *payload, int size); |
| 276 | extern void audit_log_lost(const char *message); | 285 | extern void audit_log_lost(const char *message); |
| 286 | extern struct semaphore audit_netlink_sem; | ||
| 277 | #else | 287 | #else |
| 278 | #define audit_log(c,t,f,...) do { ; } while (0) | 288 | #define audit_log(c,g,t,f,...) do { ; } while (0) |
| 279 | #define audit_log_start(c,t) ({ NULL; }) | 289 | #define audit_log_start(c,g,t) ({ NULL; }) |
| 280 | #define audit_log_vformat(b,f,a) do { ; } while (0) | 290 | #define audit_log_vformat(b,f,a) do { ; } while (0) |
| 281 | #define audit_log_format(b,f,...) do { ; } while (0) | 291 | #define audit_log_format(b,f,...) do { ; } while (0) |
| 282 | #define audit_log_end(b) do { ; } while (0) | 292 | #define audit_log_end(b) do { ; } while (0) |