linux-pinenote/security/apparmor/include/audit.h

/*
 * AppArmor security module
 *
 * This file contains AppArmor auditing function definitions.
 *
 * Copyright (C) 1998-2008 Novell/SUSE
 * Copyright 2009-2010 Canonical Ltd.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, version 2 of the
 * License.
 */

#ifndef __AA_AUDIT_H
#define __AA_AUDIT_H

#include <linux/audit.h>
#include <linux/fs.h>
#include <linux/lsm_audit.h>
#include <linux/sched.h>
#include <linux/slab.h>

#include "file.h"

struct aa_profile;

extern const char *const audit_mode_names[];
#define AUDIT_MAX_INDEX 5
enum audit_mode {
	AUDIT_NORMAL,		/* follow normal auditing of accesses */
	AUDIT_QUIET_DENIED,	/* quiet all denied access messages */
	AUDIT_QUIET,		/* quiet all messages */
	AUDIT_NOQUIET,		/* do not quiet audit messages */
	AUDIT_ALL		/* audit all accesses */
};

enum audit_type {
	AUDIT_APPARMOR_AUDIT,
	AUDIT_APPARMOR_ALLOWED,
	AUDIT_APPARMOR_DENIED,
	AUDIT_APPARMOR_HINT,
	AUDIT_APPARMOR_STATUS,
	AUDIT_APPARMOR_ERROR,
	AUDIT_APPARMOR_KILL,
	AUDIT_APPARMOR_AUTO
};

extern const char *const op_table[];
enum aa_ops {
	OP_NULL,

	OP_SYSCTL,
	OP_CAPABLE,

	OP_UNLINK,
	OP_MKDIR,
	OP_RMDIR,
	OP_MKNOD,
	OP_TRUNC,
	OP_LINK,
	OP_SYMLINK,
	OP_RENAME_SRC,
	OP_RENAME_DEST,
	OP_CHMOD,
	OP_CHOWN,
	OP_GETATTR,
	OP_OPEN,

	OP_FPERM,
	OP_FLOCK,
	OP_FMMAP,
	OP_FMPROT,

	OP_CREATE,
	OP_POST_CREATE,
	OP_BIND,
	OP_CONNECT,
	OP_LISTEN,
	OP_ACCEPT,
	OP_SENDMSG,
	OP_RECVMSG,
	OP_GETSOCKNAME,
	OP_GETPEERNAME,
	OP_GETSOCKOPT,
	OP_SETSOCKOPT,
	OP_SOCK_SHUTDOWN,

	OP_PTRACE,

	OP_EXEC,
	OP_CHANGE_HAT,
	OP_CHANGE_PROFILE,
	OP_CHANGE_ONEXEC,

	OP_SETPROCATTR,
	OP_SETRLIMIT,

	OP_PROF_REPL,
	OP_PROF_LOAD,
	OP_PROF_RM,
};


struct apparmor_audit_data {
	int error;
	int op;
	int type;
	void *profile;
	const char *name;
	const char *info;
	union {
		void *target;
		struct {
			long pos;
			void *target;
		} iface;
		struct {
			int rlim;
			unsigned long max;
		} rlim;
		struct {
			const char *target;
			u32 request;
			u32 denied;
			kuid_t ouid;
		} fs;
	};
};

/* define a short hand for apparmor_audit_data structure */
#define aad apparmor_audit_data

void aa_audit_msg(int type, struct common_audit_data *sa,
		  void (*cb) (struct audit_buffer *, void *));
int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
	     struct common_audit_data *sa,
	     void (*cb) (struct audit_buffer *, void *));

static inline int complain_error(int error)
{
	if (error == -EPERM || error == -EACCES)
		return 0;
	return error;
}

#endif /* __AA_AUDIT_H */
AppArmor: basic auditing infrastructure. Update lsm_audit for AppArmor specific data, and add the core routines for AppArmor uses for auditing. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-29 14:47:58 -07:00			`/*`
			`* AppArmor security module`
			`*`
			`* This file contains AppArmor auditing function definitions.`
			`*`
			`* Copyright (C) 1998-2008 Novell/SUSE`
			`* Copyright 2009-2010 Canonical Ltd.`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License as`
			`* published by the Free Software Foundation, version 2 of the`
			`* License.`
			`*/`

			`#ifndef __AA_AUDIT_H`
			`#define __AA_AUDIT_H`

			`#include <linux/audit.h>`
			`#include <linux/fs.h>`
			`#include <linux/lsm_audit.h>`
			`#include <linux/sched.h>`
			`#include <linux/slab.h>`

			`#include "file.h"`

			`struct aa_profile;`

AppArmor: add const qualifiers to string arrays Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: John Johansen <john.johansen@canonical.com> 2012-03-14 13:30:36 +01:00			`extern const char *const audit_mode_names[];`
AppArmor: basic auditing infrastructure. Update lsm_audit for AppArmor specific data, and add the core routines for AppArmor uses for auditing. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-29 14:47:58 -07:00			`#define AUDIT_MAX_INDEX 5`
			`enum audit_mode {`
			`AUDIT_NORMAL, /* follow normal auditing of accesses */`
			`AUDIT_QUIET_DENIED, /* quiet all denied access messages */`
			`AUDIT_QUIET, /* quiet all messages */`
			`AUDIT_NOQUIET, /* do not quiet audit messages */`
			`AUDIT_ALL /* audit all accesses */`
			`};`

			`enum audit_type {`
			`AUDIT_APPARMOR_AUDIT,`
			`AUDIT_APPARMOR_ALLOWED,`
			`AUDIT_APPARMOR_DENIED,`
			`AUDIT_APPARMOR_HINT,`
			`AUDIT_APPARMOR_STATUS,`
			`AUDIT_APPARMOR_ERROR,`
AppArmor: Fix dropping of allowed operations that are force audited The audit permission flag, that specifies an audit message should be provided when an operation is allowed, was being ignored in some cases. This is because the auto audit mode (which determines the audit mode from system flags) was incorrectly assigned the same value as audit mode. The shared value would result in messages that should be audited going through a second evaluation as to whether they should be audited based on the auto audit, resulting in some messages being dropped. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com> 2012-02-22 00:20:26 -08:00			`AUDIT_APPARMOR_KILL,`
			`AUDIT_APPARMOR_AUTO`
AppArmor: basic auditing infrastructure. Update lsm_audit for AppArmor specific data, and add the core routines for AppArmor uses for auditing. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-29 14:47:58 -07:00			`};`

AppArmor: add const qualifiers to string arrays Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: John Johansen <john.johansen@canonical.com> 2012-03-14 13:30:36 +01:00			`extern const char *const op_table[];`
AppArmor: basic auditing infrastructure. Update lsm_audit for AppArmor specific data, and add the core routines for AppArmor uses for auditing. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-29 14:47:58 -07:00			`enum aa_ops {`
			`OP_NULL,`

			`OP_SYSCTL,`
			`OP_CAPABLE,`

			`OP_UNLINK,`
			`OP_MKDIR,`
			`OP_RMDIR,`
			`OP_MKNOD,`
			`OP_TRUNC,`
			`OP_LINK,`
			`OP_SYMLINK,`
			`OP_RENAME_SRC,`
			`OP_RENAME_DEST,`
			`OP_CHMOD,`
			`OP_CHOWN,`
			`OP_GETATTR,`
			`OP_OPEN,`

			`OP_FPERM,`
			`OP_FLOCK,`
			`OP_FMMAP,`
			`OP_FMPROT,`

			`OP_CREATE,`
			`OP_POST_CREATE,`
			`OP_BIND,`
			`OP_CONNECT,`
			`OP_LISTEN,`
			`OP_ACCEPT,`
			`OP_SENDMSG,`
			`OP_RECVMSG,`
			`OP_GETSOCKNAME,`
			`OP_GETPEERNAME,`
			`OP_GETSOCKOPT,`
			`OP_SETSOCKOPT,`
			`OP_SOCK_SHUTDOWN,`

			`OP_PTRACE,`

			`OP_EXEC,`
			`OP_CHANGE_HAT,`
			`OP_CHANGE_PROFILE,`
			`OP_CHANGE_ONEXEC,`

			`OP_SETPROCATTR,`
			`OP_SETRLIMIT,`

			`OP_PROF_REPL,`
			`OP_PROF_LOAD,`
			`OP_PROF_RM,`
			`};`


LSM: shrink sizeof LSM specific portion of common_audit_data Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-04-03 09:37:02 -07:00			`struct apparmor_audit_data {`
			`int error;`
			`int op;`
			`int type;`
			`void *profile;`
			`const char *name;`
			`const char *info;`
			`union {`
			`void *target;`
			`struct {`
			`long pos;`
			`void *target;`
			`} iface;`
			`struct {`
			`int rlim;`
			`unsigned long max;`
			`} rlim;`
			`struct {`
			`const char *target;`
			`u32 request;`
			`u32 denied;`
userns: Convert apparmor to use kuid and kgid where appropriate Cc: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 2012-02-07 16:33:13 -08:00			`kuid_t ouid;`
LSM: shrink sizeof LSM specific portion of common_audit_data Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-04-03 09:37:02 -07:00			`} fs;`
			`};`
			`};`

			`/* define a short hand for apparmor_audit_data structure */`
AppArmor: basic auditing infrastructure. Update lsm_audit for AppArmor specific data, and add the core routines for AppArmor uses for auditing. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-29 14:47:58 -07:00			`#define aad apparmor_audit_data`

			`void aa_audit_msg(int type, struct common_audit_data *sa,`
			`void (cb) (struct audit_buffer , void *));`
			`int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,`
			`struct common_audit_data *sa,`
			`void (cb) (struct audit_buffer , void *));`

			`static inline int complain_error(int error)`
			`{`
			`if (error == -EPERM \|\| error == -EACCES)`
			`return 0;`
			`return error;`
			`}`

			`#endif /* __AA_AUDIT_H */`