aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/audit.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/audit.h')
-rw-r--r--include/linux/audit.h31
1 files changed, 27 insertions, 4 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 8868c96ca8a2..8a3b98175c25 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -50,15 +50,18 @@
50 */ 50 */
51#define AUDIT_GET 1000 /* Get status */ 51#define AUDIT_GET 1000 /* Get status */
52#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */ 52#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */
53#define AUDIT_LIST 1002 /* List syscall filtering rules */ 53#define AUDIT_LIST 1002 /* List syscall rules -- deprecated */
54#define AUDIT_ADD 1003 /* Add syscall filtering rule */ 54#define AUDIT_ADD 1003 /* Add syscall rule -- deprecated */
55#define AUDIT_DEL 1004 /* Delete syscall filtering rule */ 55#define AUDIT_DEL 1004 /* Delete syscall rule -- deprecated */
56#define AUDIT_USER 1005 /* Message from userspace -- deprecated */ 56#define AUDIT_USER 1005 /* Message from userspace -- deprecated */
57#define AUDIT_LOGIN 1006 /* Define the login id and information */ 57#define AUDIT_LOGIN 1006 /* Define the login id and information */
58#define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */ 58#define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */
59#define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */ 59#define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */
60#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ 60#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
61#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ 61#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
62#define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */
63#define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */
64#define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */
62 65
63#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ 66#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
64#define AUDIT_USER_AVC 1107 /* We filter this differently */ 67#define AUDIT_USER_AVC 1107 /* We filter this differently */
@@ -229,6 +232,26 @@ struct audit_status {
229 __u32 backlog; /* messages waiting in queue */ 232 __u32 backlog; /* messages waiting in queue */
230}; 233};
231 234
235/* audit_rule_data supports filter rules with both integer and string
236 * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
237 * AUDIT_LIST_RULES requests.
238 */
239struct audit_rule_data {
240 __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
241 __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
242 __u32 field_count;
243 __u32 mask[AUDIT_BITMASK_SIZE];
244 __u32 fields[AUDIT_MAX_FIELDS];
245 __u32 values[AUDIT_MAX_FIELDS];
246 __u32 fieldflags[AUDIT_MAX_FIELDS];
247 __u32 buflen; /* total length of string fields */
248 char buf[0]; /* string fields buffer */
249};
250
251/* audit_rule is supported to maintain backward compatibility with
252 * userspace. It supports integer fields only and corresponds to
253 * AUDIT_ADD, AUDIT_DEL and AUDIT_LIST requests.
254 */
232struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */ 255struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */
233 __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */ 256 __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
234 __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */ 257 __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
@@ -338,7 +361,7 @@ extern void audit_log_d_path(struct audit_buffer *ab,
338extern int audit_filter_user(struct netlink_skb_parms *cb, int type); 361extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
339extern int audit_filter_type(int type); 362extern int audit_filter_type(int type);
340extern int audit_receive_filter(int type, int pid, int uid, int seq, 363extern int audit_receive_filter(int type, int pid, int uid, int seq,
341 void *data, uid_t loginuid); 364 void *data, size_t datasz, uid_t loginuid);
342#else 365#else
343#define audit_log(c,g,t,f,...) do { ; } while (0) 366#define audit_log(c,g,t,f,...) do { ; } while (0)
344#define audit_log_start(c,g,t) ({ NULL; }) 367#define audit_log_start(c,g,t) ({ NULL; })