aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.h
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/audit.h')
-rw-r--r--kernel/audit.h38
1 files changed, 34 insertions, 4 deletions
diff --git a/kernel/audit.h b/kernel/audit.h
index 52cb1e31d522..58fa44cb8d01 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -19,7 +19,6 @@
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */ 20 */
21 21
22#include <linux/mutex.h>
23#include <linux/fs.h> 22#include <linux/fs.h>
24#include <linux/audit.h> 23#include <linux/audit.h>
25#include <linux/skbuff.h> 24#include <linux/skbuff.h>
@@ -54,6 +53,18 @@ enum audit_state {
54}; 53};
55 54
56/* Rule lists */ 55/* Rule lists */
56struct audit_parent;
57
58struct audit_watch {
59 atomic_t count; /* reference count */
60 char *path; /* insertion path */
61 dev_t dev; /* associated superblock device */
62 unsigned long ino; /* associated inode number */
63 struct audit_parent *parent; /* associated parent */
64 struct list_head wlist; /* entry in parent->watches list */
65 struct list_head rules; /* associated rules */
66};
67
57struct audit_field { 68struct audit_field {
58 u32 type; 69 u32 type;
59 u32 val; 70 u32 val;
@@ -71,6 +82,9 @@ struct audit_krule {
71 u32 buflen; /* for data alloc on list rules */ 82 u32 buflen; /* for data alloc on list rules */
72 u32 field_count; 83 u32 field_count;
73 struct audit_field *fields; 84 struct audit_field *fields;
85 struct audit_field *inode_f; /* quick access to an inode field */
86 struct audit_watch *watch; /* associated watch */
87 struct list_head rlist; /* entry in audit_watch.rules list */
74}; 88};
75 89
76struct audit_entry { 90struct audit_entry {
@@ -79,10 +93,18 @@ struct audit_entry {
79 struct audit_krule rule; 93 struct audit_krule rule;
80}; 94};
81 95
82
83extern int audit_pid; 96extern int audit_pid;
84extern int audit_comparator(const u32 left, const u32 op, const u32 right);
85 97
98#define AUDIT_INODE_BUCKETS 32
99extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
100
101static inline int audit_hash_ino(u32 ino)
102{
103 return (ino & (AUDIT_INODE_BUCKETS-1));
104}
105
106extern int audit_comparator(const u32 left, const u32 op, const u32 right);
107extern int audit_compare_dname_path(const char *dname, const char *path);
86extern struct sk_buff * audit_make_reply(int pid, int seq, int type, 108extern struct sk_buff * audit_make_reply(int pid, int seq, int type,
87 int done, int multi, 109 int done, int multi,
88 void *payload, int size); 110 void *payload, int size);
@@ -91,7 +113,6 @@ extern void audit_send_reply(int pid, int seq, int type,
91 void *payload, int size); 113 void *payload, int size);
92extern void audit_log_lost(const char *message); 114extern void audit_log_lost(const char *message);
93extern void audit_panic(const char *message); 115extern void audit_panic(const char *message);
94extern struct mutex audit_netlink_mutex;
95 116
96struct audit_netlink_list { 117struct audit_netlink_list {
97 int pid; 118 int pid;
@@ -100,6 +121,10 @@ struct audit_netlink_list {
100 121
101int audit_send_list(void *); 122int audit_send_list(void *);
102 123
124struct inotify_watch;
125extern void audit_free_parent(struct inotify_watch *);
126extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32,
127 const char *, struct inode *);
103extern int selinux_audit_rule_update(void); 128extern int selinux_audit_rule_update(void);
104 129
105#ifdef CONFIG_AUDITSYSCALL 130#ifdef CONFIG_AUDITSYSCALL
@@ -109,6 +134,11 @@ static inline void audit_signal_info(int sig, struct task_struct *t)
109 if (unlikely(audit_pid && t->tgid == audit_pid)) 134 if (unlikely(audit_pid && t->tgid == audit_pid))
110 __audit_signal_info(sig, t); 135 __audit_signal_info(sig, t);
111} 136}
137extern enum audit_state audit_filter_inodes(struct task_struct *,
138 struct audit_context *);
139extern void audit_set_auditable(struct audit_context *);
112#else 140#else
113#define audit_signal_info(s,t) 141#define audit_signal_info(s,t)
142#define audit_filter_inodes(t,c) AUDIT_DISABLED
143#define audit_set_auditable(c)
114#endif 144#endif