cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

audit.h (4562B)

      1/* SPDX-License-Identifier: GPL-2.0-only */
      2/*
      3 * AppArmor security module
      4 *
      5 * This file contains AppArmor auditing function definitions.
      6 *
      7 * Copyright (C) 1998-2008 Novell/SUSE
      8 * Copyright 2009-2010 Canonical Ltd.
      9 */
     10
     11#ifndef __AA_AUDIT_H
     12#define __AA_AUDIT_H
     13
     14#include <linux/audit.h>
     15#include <linux/fs.h>
     16#include <linux/lsm_audit.h>
     17#include <linux/sched.h>
     18#include <linux/slab.h>
     19
     20#include "file.h"
     21#include "label.h"
     22
     23extern const char *const audit_mode_names[];
     24#define AUDIT_MAX_INDEX 5
     25enum audit_mode {
     26	AUDIT_NORMAL,		/* follow normal auditing of accesses */
     27	AUDIT_QUIET_DENIED,	/* quiet all denied access messages */
     28	AUDIT_QUIET,		/* quiet all messages */
     29	AUDIT_NOQUIET,		/* do not quiet audit messages */
     30	AUDIT_ALL		/* audit all accesses */
     31};
     32
     33enum audit_type {
     34	AUDIT_APPARMOR_AUDIT,
     35	AUDIT_APPARMOR_ALLOWED,
     36	AUDIT_APPARMOR_DENIED,
     37	AUDIT_APPARMOR_HINT,
     38	AUDIT_APPARMOR_STATUS,
     39	AUDIT_APPARMOR_ERROR,
     40	AUDIT_APPARMOR_KILL,
     41	AUDIT_APPARMOR_AUTO
     42};
     43
     44#define OP_NULL NULL
     45
     46#define OP_SYSCTL "sysctl"
     47#define OP_CAPABLE "capable"
     48
     49#define OP_UNLINK "unlink"
     50#define OP_MKDIR "mkdir"
     51#define OP_RMDIR "rmdir"
     52#define OP_MKNOD "mknod"
     53#define OP_TRUNC "truncate"
     54#define OP_LINK "link"
     55#define OP_SYMLINK "symlink"
     56#define OP_RENAME_SRC "rename_src"
     57#define OP_RENAME_DEST "rename_dest"
     58#define OP_CHMOD "chmod"
     59#define OP_CHOWN "chown"
     60#define OP_GETATTR "getattr"
     61#define OP_OPEN "open"
     62
     63#define OP_FRECEIVE "file_receive"
     64#define OP_FPERM "file_perm"
     65#define OP_FLOCK "file_lock"
     66#define OP_FMMAP "file_mmap"
     67#define OP_FMPROT "file_mprotect"
     68#define OP_INHERIT "file_inherit"
     69
     70#define OP_PIVOTROOT "pivotroot"
     71#define OP_MOUNT "mount"
     72#define OP_UMOUNT "umount"
     73
     74#define OP_CREATE "create"
     75#define OP_POST_CREATE "post_create"
     76#define OP_BIND "bind"
     77#define OP_CONNECT "connect"
     78#define OP_LISTEN "listen"
     79#define OP_ACCEPT "accept"
     80#define OP_SENDMSG "sendmsg"
     81#define OP_RECVMSG "recvmsg"
     82#define OP_GETSOCKNAME "getsockname"
     83#define OP_GETPEERNAME "getpeername"
     84#define OP_GETSOCKOPT "getsockopt"
     85#define OP_SETSOCKOPT "setsockopt"
     86#define OP_SHUTDOWN "socket_shutdown"
     87
     88#define OP_PTRACE "ptrace"
     89#define OP_SIGNAL "signal"
     90
     91#define OP_EXEC "exec"
     92
     93#define OP_CHANGE_HAT "change_hat"
     94#define OP_CHANGE_PROFILE "change_profile"
     95#define OP_CHANGE_ONEXEC "change_onexec"
     96#define OP_STACK "stack"
     97#define OP_STACK_ONEXEC "stack_onexec"
     98
     99#define OP_SETPROCATTR "setprocattr"
    100#define OP_SETRLIMIT "setrlimit"
    101
    102#define OP_PROF_REPL "profile_replace"
    103#define OP_PROF_LOAD "profile_load"
    104#define OP_PROF_RM "profile_remove"
    105
    106
    107struct apparmor_audit_data {
    108	int error;
    109	int type;
    110	const char *op;
    111	struct aa_label *label;
    112	const char *name;
    113	const char *info;
    114	u32 request;
    115	u32 denied;
    116	union {
    117		/* these entries require a custom callback fn */
    118		struct {
    119			struct aa_label *peer;
    120			union {
    121				struct {
    122					const char *target;
    123					kuid_t ouid;
    124				} fs;
    125				struct {
    126					int rlim;
    127					unsigned long max;
    128				} rlim;
    129				struct {
    130					int signal;
    131					int unmappedsig;
    132				};
    133				struct {
    134					int type, protocol;
    135					struct sock *peer_sk;
    136					void *addr;
    137					int addrlen;
    138				} net;
    139			};
    140		};
    141		struct {
    142			struct aa_profile *profile;
    143			const char *ns;
    144			long pos;
    145		} iface;
    146		struct {
    147			const char *src_name;
    148			const char *type;
    149			const char *trans;
    150			const char *data;
    151			unsigned long flags;
    152		} mnt;
    153	};
    154};
    155
    156/* macros for dealing with  apparmor_audit_data structure */
    157#define aad(SA) ((SA)->apparmor_audit_data)
    158#define DEFINE_AUDIT_DATA(NAME, T, X)					\
    159	/* TODO: cleanup audit init so we don't need _aad = {0,} */	\
    160	struct apparmor_audit_data NAME ## _aad = { .op = (X), };	\
    161	struct common_audit_data NAME =					\
    162	{								\
    163	.type = (T),							\
    164	.u.tsk = NULL,							\
    165	};								\
    166	NAME.apparmor_audit_data = &(NAME ## _aad)
    167
    168void aa_audit_msg(int type, struct common_audit_data *sa,
    169		  void (*cb) (struct audit_buffer *, void *));
    170int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
    171	     void (*cb) (struct audit_buffer *, void *));
    172
    173#define aa_audit_error(ERROR, SA, CB)				\
    174({								\
    175	aad((SA))->error = (ERROR);				\
    176	aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB));		\
    177	aad((SA))->error;					\
    178})
    179
    180
    181static inline int complain_error(int error)
    182{
    183	if (error == -EPERM || error == -EACCES)
    184		return 0;
    185	return error;
    186}
    187
    188void aa_audit_rule_free(void *vrule);
    189int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
    190int aa_audit_rule_known(struct audit_krule *rule);
    191int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule);
    192
    193#endif /* __AA_AUDIT_H */