audit.h 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212
  1. /* SPDX-License-Identifier: GPL-2.0-only */
  2. /*
  3. * AppArmor security module
  4. *
  5. * This file contains AppArmor auditing function definitions.
  6. *
  7. * Copyright (C) 1998-2008 Novell/SUSE
  8. * Copyright 2009-2010 Canonical Ltd.
  9. */
  10. #ifndef __AA_AUDIT_H
  11. #define __AA_AUDIT_H
  12. #include <linux/audit.h>
  13. #include <linux/fs.h>
  14. #include <linux/lsm_audit.h>
  15. #include <linux/sched.h>
  16. #include <linux/slab.h>
  17. #include "file.h"
  18. #include "label.h"
  19. extern const char *const audit_mode_names[];
  20. #define AUDIT_MAX_INDEX 5
  21. enum audit_mode {
  22. AUDIT_NORMAL, /* follow normal auditing of accesses */
  23. AUDIT_QUIET_DENIED, /* quiet all denied access messages */
  24. AUDIT_QUIET, /* quiet all messages */
  25. AUDIT_NOQUIET, /* do not quiet audit messages */
  26. AUDIT_ALL /* audit all accesses */
  27. };
  28. enum audit_type {
  29. AUDIT_APPARMOR_AUDIT,
  30. AUDIT_APPARMOR_ALLOWED,
  31. AUDIT_APPARMOR_DENIED,
  32. AUDIT_APPARMOR_HINT,
  33. AUDIT_APPARMOR_STATUS,
  34. AUDIT_APPARMOR_ERROR,
  35. AUDIT_APPARMOR_KILL,
  36. AUDIT_APPARMOR_AUTO
  37. };
  38. #define OP_NULL NULL
  39. #define OP_SYSCTL "sysctl"
  40. #define OP_CAPABLE "capable"
  41. #define OP_UNLINK "unlink"
  42. #define OP_MKDIR "mkdir"
  43. #define OP_RMDIR "rmdir"
  44. #define OP_MKNOD "mknod"
  45. #define OP_TRUNC "truncate"
  46. #define OP_LINK "link"
  47. #define OP_SYMLINK "symlink"
  48. #define OP_RENAME_SRC "rename_src"
  49. #define OP_RENAME_DEST "rename_dest"
  50. #define OP_CHMOD "chmod"
  51. #define OP_CHOWN "chown"
  52. #define OP_GETATTR "getattr"
  53. #define OP_OPEN "open"
  54. #define OP_FRECEIVE "file_receive"
  55. #define OP_FPERM "file_perm"
  56. #define OP_FLOCK "file_lock"
  57. #define OP_FMMAP "file_mmap"
  58. #define OP_FMPROT "file_mprotect"
  59. #define OP_INHERIT "file_inherit"
  60. #define OP_PIVOTROOT "pivotroot"
  61. #define OP_MOUNT "mount"
  62. #define OP_UMOUNT "umount"
  63. #define OP_CREATE "create"
  64. #define OP_POST_CREATE "post_create"
  65. #define OP_BIND "bind"
  66. #define OP_CONNECT "connect"
  67. #define OP_LISTEN "listen"
  68. #define OP_ACCEPT "accept"
  69. #define OP_SENDMSG "sendmsg"
  70. #define OP_RECVMSG "recvmsg"
  71. #define OP_GETSOCKNAME "getsockname"
  72. #define OP_GETPEERNAME "getpeername"
  73. #define OP_GETSOCKOPT "getsockopt"
  74. #define OP_SETSOCKOPT "setsockopt"
  75. #define OP_SHUTDOWN "socket_shutdown"
  76. #define OP_PTRACE "ptrace"
  77. #define OP_SIGNAL "signal"
  78. #define OP_EXEC "exec"
  79. #define OP_CHANGE_HAT "change_hat"
  80. #define OP_CHANGE_PROFILE "change_profile"
  81. #define OP_CHANGE_ONEXEC "change_onexec"
  82. #define OP_STACK "stack"
  83. #define OP_STACK_ONEXEC "stack_onexec"
  84. #define OP_SETPROCATTR "setprocattr"
  85. #define OP_SETRLIMIT "setrlimit"
  86. #define OP_PROF_REPL "profile_replace"
  87. #define OP_PROF_LOAD "profile_load"
  88. #define OP_PROF_RM "profile_remove"
  89. #define OP_USERNS_CREATE "userns_create"
  90. #define OP_URING_OVERRIDE "uring_override"
  91. #define OP_URING_SQPOLL "uring_sqpoll"
  92. struct apparmor_audit_data {
  93. int error;
  94. int type;
  95. u16 class;
  96. const char *op;
  97. const struct cred *subj_cred;
  98. struct aa_label *subj_label;
  99. const char *name;
  100. const char *info;
  101. u32 request;
  102. u32 denied;
  103. u32 tags;
  104. union {
  105. /* these entries require a custom callback fn */
  106. struct {
  107. struct aa_label *peer;
  108. union {
  109. struct {
  110. const char *target;
  111. kuid_t ouid;
  112. } fs;
  113. struct {
  114. int rlim;
  115. unsigned long max;
  116. } rlim;
  117. struct {
  118. int signal;
  119. int unmappedsig;
  120. };
  121. struct {
  122. int type, protocol;
  123. void *addr;
  124. int addrlen;
  125. struct {
  126. void *addr;
  127. int addrlen;
  128. } peer;
  129. } net;
  130. };
  131. };
  132. struct {
  133. struct aa_profile *profile;
  134. const char *ns;
  135. long pos;
  136. } iface;
  137. struct {
  138. const char *src_name;
  139. const char *type;
  140. const char *trans;
  141. const char *data;
  142. unsigned long flags;
  143. } mnt;
  144. struct {
  145. struct aa_label *target;
  146. } uring;
  147. };
  148. struct common_audit_data common;
  149. };
  150. /* macros for dealing with apparmor_audit_data structure */
  151. #define aad(SA) (container_of(SA, struct apparmor_audit_data, common))
  152. #define aad_of_va(VA) aad((struct common_audit_data *)(VA))
  153. #define DEFINE_AUDIT_DATA(NAME, T, C, X) \
  154. /* TODO: cleanup audit init so we don't need _aad = {0,} */ \
  155. struct apparmor_audit_data NAME = { \
  156. .class = (C), \
  157. .op = (X), \
  158. .common.type = (T), \
  159. .common.u.tsk = NULL, \
  160. .common.apparmor_audit_data = &NAME, \
  161. };
  162. void aa_audit_msg(int type, struct apparmor_audit_data *ad,
  163. void (*cb) (struct audit_buffer *, void *));
  164. int aa_audit(int type, struct aa_profile *profile,
  165. struct apparmor_audit_data *ad,
  166. void (*cb) (struct audit_buffer *, void *));
  167. #define aa_audit_error(ERROR, AD, CB) \
  168. ({ \
  169. (AD)->error = (ERROR); \
  170. aa_audit_msg(AUDIT_APPARMOR_ERROR, (AD), (CB)); \
  171. (AD)->error; \
  172. })
  173. static inline int complain_error(int error)
  174. {
  175. if (error == -EPERM || error == -EACCES)
  176. return 0;
  177. return error;
  178. }
  179. void aa_audit_rule_free(void *vrule);
  180. int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, gfp_t gfp);
  181. int aa_audit_rule_known(struct audit_krule *rule);
  182. int aa_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op, void *vrule);
  183. #endif /* __AA_AUDIT_H */