diff options
Diffstat (limited to 'include/linux/audit.h')
-rw-r--r-- | include/linux/audit.h | 103 |
1 files changed, 87 insertions, 16 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index b74c148f14e3..e051ff9c5b50 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -24,8 +24,7 @@ | |||
24 | #ifndef _LINUX_AUDIT_H_ | 24 | #ifndef _LINUX_AUDIT_H_ |
25 | #define _LINUX_AUDIT_H_ | 25 | #define _LINUX_AUDIT_H_ |
26 | 26 | ||
27 | #include <linux/sched.h> | 27 | #include <linux/elf-em.h> |
28 | #include <linux/elf.h> | ||
29 | 28 | ||
30 | /* The netlink messages for the audit system is divided into blocks: | 29 | /* The netlink messages for the audit system is divided into blocks: |
31 | * 1000 - 1099 are for commanding the audit system | 30 | * 1000 - 1099 are for commanding the audit system |
@@ -83,7 +82,12 @@ | |||
83 | #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ | 82 | #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ |
84 | #define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ | 83 | #define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ |
85 | #define AUDIT_CWD 1307 /* Current working directory */ | 84 | #define AUDIT_CWD 1307 /* Current working directory */ |
85 | #define AUDIT_EXECVE 1309 /* execve arguments */ | ||
86 | #define AUDIT_IPC_SET_PERM 1311 /* IPC new permissions record type */ | 86 | #define AUDIT_IPC_SET_PERM 1311 /* IPC new permissions record type */ |
87 | #define AUDIT_MQ_OPEN 1312 /* POSIX MQ open record type */ | ||
88 | #define AUDIT_MQ_SENDRECV 1313 /* POSIX MQ send/receive record type */ | ||
89 | #define AUDIT_MQ_NOTIFY 1314 /* POSIX MQ notify record type */ | ||
90 | #define AUDIT_MQ_GETSETATTR 1315 /* POSIX MQ get/set attribute record type */ | ||
87 | 91 | ||
88 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 92 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
89 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 93 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
@@ -151,6 +155,7 @@ | |||
151 | #define AUDIT_SE_TYPE 15 /* security label type */ | 155 | #define AUDIT_SE_TYPE 15 /* security label type */ |
152 | #define AUDIT_SE_SEN 16 /* security label sensitivity label */ | 156 | #define AUDIT_SE_SEN 16 /* security label sensitivity label */ |
153 | #define AUDIT_SE_CLR 17 /* security label clearance label */ | 157 | #define AUDIT_SE_CLR 17 /* security label clearance label */ |
158 | #define AUDIT_PPID 18 | ||
154 | 159 | ||
155 | /* These are ONLY useful when checking | 160 | /* These are ONLY useful when checking |
156 | * at syscall exit time (AUDIT_AT_EXIT). */ | 161 | * at syscall exit time (AUDIT_AT_EXIT). */ |
@@ -159,6 +164,7 @@ | |||
159 | #define AUDIT_INODE 102 | 164 | #define AUDIT_INODE 102 |
160 | #define AUDIT_EXIT 103 | 165 | #define AUDIT_EXIT 103 |
161 | #define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */ | 166 | #define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */ |
167 | #define AUDIT_WATCH 105 | ||
162 | 168 | ||
163 | #define AUDIT_ARG0 200 | 169 | #define AUDIT_ARG0 200 |
164 | #define AUDIT_ARG1 (AUDIT_ARG0+1) | 170 | #define AUDIT_ARG1 (AUDIT_ARG0+1) |
@@ -273,16 +279,21 @@ struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */ | |||
273 | }; | 279 | }; |
274 | 280 | ||
275 | #ifdef __KERNEL__ | 281 | #ifdef __KERNEL__ |
282 | #include <linux/sched.h> | ||
276 | 283 | ||
277 | struct audit_sig_info { | 284 | struct audit_sig_info { |
278 | uid_t uid; | 285 | uid_t uid; |
279 | pid_t pid; | 286 | pid_t pid; |
287 | char ctx[0]; | ||
280 | }; | 288 | }; |
281 | 289 | ||
282 | struct audit_buffer; | 290 | struct audit_buffer; |
283 | struct audit_context; | 291 | struct audit_context; |
284 | struct inode; | 292 | struct inode; |
285 | struct netlink_skb_parms; | 293 | struct netlink_skb_parms; |
294 | struct linux_binprm; | ||
295 | struct mq_attr; | ||
296 | struct mqstat; | ||
286 | 297 | ||
287 | #define AUDITSC_INVALID 0 | 298 | #define AUDITSC_INVALID 0 |
288 | #define AUDITSC_SUCCESS 1 | 299 | #define AUDITSC_SUCCESS 1 |
@@ -297,15 +308,19 @@ extern void audit_syscall_entry(int arch, | |||
297 | int major, unsigned long a0, unsigned long a1, | 308 | int major, unsigned long a0, unsigned long a1, |
298 | unsigned long a2, unsigned long a3); | 309 | unsigned long a2, unsigned long a3); |
299 | extern void audit_syscall_exit(int failed, long return_code); | 310 | extern void audit_syscall_exit(int failed, long return_code); |
300 | extern void audit_getname(const char *name); | 311 | extern void __audit_getname(const char *name); |
301 | extern void audit_putname(const char *name); | 312 | extern void audit_putname(const char *name); |
302 | extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags); | 313 | extern void __audit_inode(const char *name, const struct inode *inode); |
303 | extern void __audit_inode_child(const char *dname, const struct inode *inode, | 314 | extern void __audit_inode_child(const char *dname, const struct inode *inode, |
304 | unsigned long pino); | 315 | unsigned long pino); |
305 | static inline void audit_inode(const char *name, const struct inode *inode, | 316 | static inline void audit_getname(const char *name) |
306 | unsigned flags) { | 317 | { |
307 | if (unlikely(current->audit_context)) | 318 | if (unlikely(current->audit_context)) |
308 | __audit_inode(name, inode, flags); | 319 | __audit_getname(name); |
320 | } | ||
321 | static inline void audit_inode(const char *name, const struct inode *inode) { | ||
322 | if (unlikely(current->audit_context)) | ||
323 | __audit_inode(name, inode); | ||
309 | } | 324 | } |
310 | static inline void audit_inode_child(const char *dname, | 325 | static inline void audit_inode_child(const char *dname, |
311 | const struct inode *inode, | 326 | const struct inode *inode, |
@@ -320,13 +335,61 @@ extern void auditsc_get_stamp(struct audit_context *ctx, | |||
320 | struct timespec *t, unsigned int *serial); | 335 | struct timespec *t, unsigned int *serial); |
321 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); | 336 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); |
322 | extern uid_t audit_get_loginuid(struct audit_context *ctx); | 337 | extern uid_t audit_get_loginuid(struct audit_context *ctx); |
323 | extern int audit_ipc_obj(struct kern_ipc_perm *ipcp); | 338 | extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); |
324 | extern int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp); | 339 | extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); |
340 | extern int audit_bprm(struct linux_binprm *bprm); | ||
325 | extern int audit_socketcall(int nargs, unsigned long *args); | 341 | extern int audit_socketcall(int nargs, unsigned long *args); |
326 | extern int audit_sockaddr(int len, void *addr); | 342 | extern int audit_sockaddr(int len, void *addr); |
327 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | 343 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); |
328 | extern void audit_signal_info(int sig, struct task_struct *t); | ||
329 | extern int audit_set_macxattr(const char *name); | 344 | extern int audit_set_macxattr(const char *name); |
345 | extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr); | ||
346 | extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout); | ||
347 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); | ||
348 | extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); | ||
349 | extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); | ||
350 | |||
351 | static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) | ||
352 | { | ||
353 | if (unlikely(current->audit_context)) | ||
354 | return __audit_ipc_obj(ipcp); | ||
355 | return 0; | ||
356 | } | ||
357 | static inline int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) | ||
358 | { | ||
359 | if (unlikely(current->audit_context)) | ||
360 | return __audit_ipc_set_perm(qbytes, uid, gid, mode); | ||
361 | return 0; | ||
362 | } | ||
363 | static inline int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr) | ||
364 | { | ||
365 | if (unlikely(current->audit_context)) | ||
366 | return __audit_mq_open(oflag, mode, u_attr); | ||
367 | return 0; | ||
368 | } | ||
369 | static inline int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout) | ||
370 | { | ||
371 | if (unlikely(current->audit_context)) | ||
372 | return __audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout); | ||
373 | return 0; | ||
374 | } | ||
375 | static inline int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout) | ||
376 | { | ||
377 | if (unlikely(current->audit_context)) | ||
378 | return __audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout); | ||
379 | return 0; | ||
380 | } | ||
381 | static inline int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) | ||
382 | { | ||
383 | if (unlikely(current->audit_context)) | ||
384 | return __audit_mq_notify(mqdes, u_notification); | ||
385 | return 0; | ||
386 | } | ||
387 | static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | ||
388 | { | ||
389 | if (unlikely(current->audit_context)) | ||
390 | return __audit_mq_getsetattr(mqdes, mqstat); | ||
391 | return 0; | ||
392 | } | ||
330 | #else | 393 | #else |
331 | #define audit_alloc(t) ({ 0; }) | 394 | #define audit_alloc(t) ({ 0; }) |
332 | #define audit_free(t) do { ; } while (0) | 395 | #define audit_free(t) do { ; } while (0) |
@@ -334,19 +397,24 @@ extern int audit_set_macxattr(const char *name); | |||
334 | #define audit_syscall_exit(f,r) do { ; } while (0) | 397 | #define audit_syscall_exit(f,r) do { ; } while (0) |
335 | #define audit_getname(n) do { ; } while (0) | 398 | #define audit_getname(n) do { ; } while (0) |
336 | #define audit_putname(n) do { ; } while (0) | 399 | #define audit_putname(n) do { ; } while (0) |
337 | #define __audit_inode(n,i,f) do { ; } while (0) | 400 | #define __audit_inode(n,i) do { ; } while (0) |
338 | #define __audit_inode_child(d,i,p) do { ; } while (0) | 401 | #define __audit_inode_child(d,i,p) do { ; } while (0) |
339 | #define audit_inode(n,i,f) do { ; } while (0) | 402 | #define audit_inode(n,i) do { ; } while (0) |
340 | #define audit_inode_child(d,i,p) do { ; } while (0) | 403 | #define audit_inode_child(d,i,p) do { ; } while (0) |
341 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 404 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
342 | #define audit_get_loginuid(c) ({ -1; }) | 405 | #define audit_get_loginuid(c) ({ -1; }) |
343 | #define audit_ipc_obj(i) ({ 0; }) | 406 | #define audit_ipc_obj(i) ({ 0; }) |
344 | #define audit_ipc_set_perm(q,u,g,m,i) ({ 0; }) | 407 | #define audit_ipc_set_perm(q,u,g,m) ({ 0; }) |
408 | #define audit_bprm(p) ({ 0; }) | ||
345 | #define audit_socketcall(n,a) ({ 0; }) | 409 | #define audit_socketcall(n,a) ({ 0; }) |
346 | #define audit_sockaddr(len, addr) ({ 0; }) | 410 | #define audit_sockaddr(len, addr) ({ 0; }) |
347 | #define audit_avc_path(dentry, mnt) ({ 0; }) | 411 | #define audit_avc_path(dentry, mnt) ({ 0; }) |
348 | #define audit_signal_info(s,t) do { ; } while (0) | ||
349 | #define audit_set_macxattr(n) do { ; } while (0) | 412 | #define audit_set_macxattr(n) do { ; } while (0) |
413 | #define audit_mq_open(o,m,a) ({ 0; }) | ||
414 | #define audit_mq_timedsend(d,l,p,t) ({ 0; }) | ||
415 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) | ||
416 | #define audit_mq_notify(d,n) ({ 0; }) | ||
417 | #define audit_mq_getsetattr(d,s) ({ 0; }) | ||
350 | #endif | 418 | #endif |
351 | 419 | ||
352 | #ifdef CONFIG_AUDIT | 420 | #ifdef CONFIG_AUDIT |
@@ -364,8 +432,11 @@ extern void audit_log_end(struct audit_buffer *ab); | |||
364 | extern void audit_log_hex(struct audit_buffer *ab, | 432 | extern void audit_log_hex(struct audit_buffer *ab, |
365 | const unsigned char *buf, | 433 | const unsigned char *buf, |
366 | size_t len); | 434 | size_t len); |
367 | extern void audit_log_untrustedstring(struct audit_buffer *ab, | 435 | extern const char * audit_log_untrustedstring(struct audit_buffer *ab, |
368 | const char *string); | 436 | const char *string); |
437 | extern const char * audit_log_n_untrustedstring(struct audit_buffer *ab, | ||
438 | size_t n, | ||
439 | const char *string); | ||
369 | extern void audit_log_d_path(struct audit_buffer *ab, | 440 | extern void audit_log_d_path(struct audit_buffer *ab, |
370 | const char *prefix, | 441 | const char *prefix, |
371 | struct dentry *dentry, | 442 | struct dentry *dentry, |
@@ -383,8 +454,8 @@ extern int audit_receive_filter(int type, int pid, int uid, int seq, | |||
383 | #define audit_log_end(b) do { ; } while (0) | 454 | #define audit_log_end(b) do { ; } while (0) |
384 | #define audit_log_hex(a,b,l) do { ; } while (0) | 455 | #define audit_log_hex(a,b,l) do { ; } while (0) |
385 | #define audit_log_untrustedstring(a,s) do { ; } while (0) | 456 | #define audit_log_untrustedstring(a,s) do { ; } while (0) |
457 | #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0) | ||
386 | #define audit_log_d_path(b,p,d,v) do { ; } while (0) | 458 | #define audit_log_d_path(b,p,d,v) do { ; } while (0) |
387 | #define audit_panic(m) do { ; } while (0) | ||
388 | #endif | 459 | #endif |
389 | #endif | 460 | #endif |
390 | #endif | 461 | #endif |