← Back to branch summary

~ubuntu-branches/ubuntu/precise/linux-lowlatency/precise

« back to all changes in this revision

Viewing changes to include/linux/lsm_audit.h

  • Committer: Package Import Robot
  • Author(s): Alessio Igor Bogani
  • Date: 2011-10-26 11:13:05 UTC
  • Revision ID: package-import@ubuntu.com-20111026111305-tz023xykf0i6eosh
Tags: upstream-3.2.0
ImportĀ upstreamĀ versionĀ 3.2.0

Show diffs side-by-side

added added

removed removed

Lines of Context:
include/linux/lsm_audit.h
 
1
/*
 
2
 * Common LSM logging functions
 
3
 * Heavily borrowed from selinux/avc.h
 
4
 *
 
5
 * Author : Etienne BASSET  <etienne.basset@ensta.org>
 
6
 *
 
7
 * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil>
 
8
 * All BUGS to : Etienne BASSET  <etienne.basset@ensta.org>
 
9
 */
 
10
#ifndef _LSM_COMMON_LOGGING_
 
11
#define _LSM_COMMON_LOGGING_
 
12
 
 
13
#include <linux/stddef.h>
 
14
#include <linux/errno.h>
 
15
#include <linux/kernel.h>
 
16
#include <linux/kdev_t.h>
 
17
#include <linux/spinlock.h>
 
18
#include <linux/init.h>
 
19
#include <linux/audit.h>
 
20
#include <linux/in6.h>
 
21
#include <linux/path.h>
 
22
#include <linux/key.h>
 
23
#include <linux/skbuff.h>
 
24
#include <asm/system.h>
 
25
 
 
26
 
 
27
/* Auxiliary data to use in generating the audit record. */
 
28
struct common_audit_data {
 
29
        char type;
 
30
#define LSM_AUDIT_DATA_PATH     1
 
31
#define LSM_AUDIT_DATA_NET      2
 
32
#define LSM_AUDIT_DATA_CAP      3
 
33
#define LSM_AUDIT_DATA_IPC      4
 
34
#define LSM_AUDIT_DATA_TASK     5
 
35
#define LSM_AUDIT_DATA_KEY      6
 
36
#define LSM_AUDIT_DATA_NONE     7
 
37
#define LSM_AUDIT_DATA_KMOD     8
 
38
#define LSM_AUDIT_DATA_INODE    9
 
39
#define LSM_AUDIT_DATA_DENTRY   10
 
40
        struct task_struct *tsk;
 
41
        union   {
 
42
                struct path path;
 
43
                struct dentry *dentry;
 
44
                struct inode *inode;
 
45
                struct {
 
46
                        int netif;
 
47
                        struct sock *sk;
 
48
                        u16 family;
 
49
                        __be16 dport;
 
50
                        __be16 sport;
 
51
                        union {
 
52
                                struct {
 
53
                                        __be32 daddr;
 
54
                                        __be32 saddr;
 
55
                                } v4;
 
56
                                struct {
 
57
                                        struct in6_addr daddr;
 
58
                                        struct in6_addr saddr;
 
59
                                } v6;
 
60
                        } fam;
 
61
                } net;
 
62
                int cap;
 
63
                int ipc_id;
 
64
                struct task_struct *tsk;
 
65
#ifdef CONFIG_KEYS
 
66
                struct {
 
67
                        key_serial_t key;
 
68
                        char *key_desc;
 
69
                } key_struct;
 
70
#endif
 
71
                char *kmod_name;
 
72
        } u;
 
73
        /* this union contains LSM specific data */
 
74
        union {
 
75
#ifdef CONFIG_SECURITY_SMACK
 
76
                /* SMACK data */
 
77
                struct smack_audit_data {
 
78
                        const char *function;
 
79
                        char *subject;
 
80
                        char *object;
 
81
                        char *request;
 
82
                        int result;
 
83
                } smack_audit_data;
 
84
#endif
 
85
#ifdef CONFIG_SECURITY_SELINUX
 
86
                /* SELinux data */
 
87
                struct {
 
88
                        u32 ssid;
 
89
                        u32 tsid;
 
90
                        u16 tclass;
 
91
                        u32 requested;
 
92
                        u32 audited;
 
93
                        u32 denied;
 
94
                        /*
 
95
                         * auditdeny is a bit tricky and unintuitive.  See the
 
96
                         * comments in avc.c for it's meaning and usage.
 
97
                         */
 
98
                        u32 auditdeny;
 
99
                        struct av_decision *avd;
 
100
                        int result;
 
101
                } selinux_audit_data;
 
102
#endif
 
103
#ifdef CONFIG_SECURITY_APPARMOR
 
104
                struct {
 
105
                        int error;
 
106
                        int op;
 
107
                        int type;
 
108
                        void *profile;
 
109
                        const char *name;
 
110
                        const char *info;
 
111
                        union {
 
112
                                void *target;
 
113
                                struct {
 
114
                                        long pos;
 
115
                                        void *target;
 
116
                                } iface;
 
117
                                struct {
 
118
                                        int rlim;
 
119
                                        unsigned long max;
 
120
                                } rlim;
 
121
                                struct {
 
122
                                        const char *target;
 
123
                                        u32 request;
 
124
                                        u32 denied;
 
125
                                        uid_t ouid;
 
126
                                } fs;
 
127
                        };
 
128
                } apparmor_audit_data;
 
129
#endif
 
130
        };
 
131
        /* these callback will be implemented by a specific LSM */
 
132
        void (*lsm_pre_audit)(struct audit_buffer *, void *);
 
133
        void (*lsm_post_audit)(struct audit_buffer *, void *);
 
134
};
 
135
 
 
136
#define v4info fam.v4
 
137
#define v6info fam.v6
 
138
 
 
139
int ipv4_skb_to_auditdata(struct sk_buff *skb,
 
140
                struct common_audit_data *ad, u8 *proto);
 
141
 
 
142
int ipv6_skb_to_auditdata(struct sk_buff *skb,
 
143
                struct common_audit_data *ad, u8 *proto);
 
144
 
 
145
/* Initialize an LSM audit data structure. */
 
146
#define COMMON_AUDIT_DATA_INIT(_d, _t) \
 
147
        { memset((_d), 0, sizeof(struct common_audit_data)); \
 
148
         (_d)->type = LSM_AUDIT_DATA_##_t; }
 
149
 
 
150
void common_lsm_audit(struct common_audit_data *a);
 
151
 
 
152
#endif