18c2ecf20Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-only */
28c2ecf20Sopenharmony_ci/*
38c2ecf20Sopenharmony_ci * AppArmor security module
48c2ecf20Sopenharmony_ci *
58c2ecf20Sopenharmony_ci * This file contains AppArmor auditing function definitions.
68c2ecf20Sopenharmony_ci *
78c2ecf20Sopenharmony_ci * Copyright (C) 1998-2008 Novell/SUSE
88c2ecf20Sopenharmony_ci * Copyright 2009-2010 Canonical Ltd.
98c2ecf20Sopenharmony_ci */
108c2ecf20Sopenharmony_ci
118c2ecf20Sopenharmony_ci#ifndef __AA_AUDIT_H
128c2ecf20Sopenharmony_ci#define __AA_AUDIT_H
138c2ecf20Sopenharmony_ci
148c2ecf20Sopenharmony_ci#include <linux/audit.h>
158c2ecf20Sopenharmony_ci#include <linux/fs.h>
168c2ecf20Sopenharmony_ci#include <linux/lsm_audit.h>
178c2ecf20Sopenharmony_ci#include <linux/sched.h>
188c2ecf20Sopenharmony_ci#include <linux/slab.h>
198c2ecf20Sopenharmony_ci
208c2ecf20Sopenharmony_ci#include "file.h"
218c2ecf20Sopenharmony_ci#include "label.h"
228c2ecf20Sopenharmony_ci
238c2ecf20Sopenharmony_ciextern const char *const audit_mode_names[];
248c2ecf20Sopenharmony_ci#define AUDIT_MAX_INDEX 5
258c2ecf20Sopenharmony_cienum audit_mode {
268c2ecf20Sopenharmony_ci	AUDIT_NORMAL,		/* follow normal auditing of accesses */
278c2ecf20Sopenharmony_ci	AUDIT_QUIET_DENIED,	/* quiet all denied access messages */
288c2ecf20Sopenharmony_ci	AUDIT_QUIET,		/* quiet all messages */
298c2ecf20Sopenharmony_ci	AUDIT_NOQUIET,		/* do not quiet audit messages */
308c2ecf20Sopenharmony_ci	AUDIT_ALL		/* audit all accesses */
318c2ecf20Sopenharmony_ci};
328c2ecf20Sopenharmony_ci
338c2ecf20Sopenharmony_cienum audit_type {
348c2ecf20Sopenharmony_ci	AUDIT_APPARMOR_AUDIT,
358c2ecf20Sopenharmony_ci	AUDIT_APPARMOR_ALLOWED,
368c2ecf20Sopenharmony_ci	AUDIT_APPARMOR_DENIED,
378c2ecf20Sopenharmony_ci	AUDIT_APPARMOR_HINT,
388c2ecf20Sopenharmony_ci	AUDIT_APPARMOR_STATUS,
398c2ecf20Sopenharmony_ci	AUDIT_APPARMOR_ERROR,
408c2ecf20Sopenharmony_ci	AUDIT_APPARMOR_KILL,
418c2ecf20Sopenharmony_ci	AUDIT_APPARMOR_AUTO
428c2ecf20Sopenharmony_ci};
438c2ecf20Sopenharmony_ci
448c2ecf20Sopenharmony_ci#define OP_NULL NULL
458c2ecf20Sopenharmony_ci
468c2ecf20Sopenharmony_ci#define OP_SYSCTL "sysctl"
478c2ecf20Sopenharmony_ci#define OP_CAPABLE "capable"
488c2ecf20Sopenharmony_ci
498c2ecf20Sopenharmony_ci#define OP_UNLINK "unlink"
508c2ecf20Sopenharmony_ci#define OP_MKDIR "mkdir"
518c2ecf20Sopenharmony_ci#define OP_RMDIR "rmdir"
528c2ecf20Sopenharmony_ci#define OP_MKNOD "mknod"
538c2ecf20Sopenharmony_ci#define OP_TRUNC "truncate"
548c2ecf20Sopenharmony_ci#define OP_LINK "link"
558c2ecf20Sopenharmony_ci#define OP_SYMLINK "symlink"
568c2ecf20Sopenharmony_ci#define OP_RENAME_SRC "rename_src"
578c2ecf20Sopenharmony_ci#define OP_RENAME_DEST "rename_dest"
588c2ecf20Sopenharmony_ci#define OP_CHMOD "chmod"
598c2ecf20Sopenharmony_ci#define OP_CHOWN "chown"
608c2ecf20Sopenharmony_ci#define OP_GETATTR "getattr"
618c2ecf20Sopenharmony_ci#define OP_OPEN "open"
628c2ecf20Sopenharmony_ci
638c2ecf20Sopenharmony_ci#define OP_FRECEIVE "file_receive"
648c2ecf20Sopenharmony_ci#define OP_FPERM "file_perm"
658c2ecf20Sopenharmony_ci#define OP_FLOCK "file_lock"
668c2ecf20Sopenharmony_ci#define OP_FMMAP "file_mmap"
678c2ecf20Sopenharmony_ci#define OP_FMPROT "file_mprotect"
688c2ecf20Sopenharmony_ci#define OP_INHERIT "file_inherit"
698c2ecf20Sopenharmony_ci
708c2ecf20Sopenharmony_ci#define OP_PIVOTROOT "pivotroot"
718c2ecf20Sopenharmony_ci#define OP_MOUNT "mount"
728c2ecf20Sopenharmony_ci#define OP_UMOUNT "umount"
738c2ecf20Sopenharmony_ci
748c2ecf20Sopenharmony_ci#define OP_CREATE "create"
758c2ecf20Sopenharmony_ci#define OP_POST_CREATE "post_create"
768c2ecf20Sopenharmony_ci#define OP_BIND "bind"
778c2ecf20Sopenharmony_ci#define OP_CONNECT "connect"
788c2ecf20Sopenharmony_ci#define OP_LISTEN "listen"
798c2ecf20Sopenharmony_ci#define OP_ACCEPT "accept"
808c2ecf20Sopenharmony_ci#define OP_SENDMSG "sendmsg"
818c2ecf20Sopenharmony_ci#define OP_RECVMSG "recvmsg"
828c2ecf20Sopenharmony_ci#define OP_GETSOCKNAME "getsockname"
838c2ecf20Sopenharmony_ci#define OP_GETPEERNAME "getpeername"
848c2ecf20Sopenharmony_ci#define OP_GETSOCKOPT "getsockopt"
858c2ecf20Sopenharmony_ci#define OP_SETSOCKOPT "setsockopt"
868c2ecf20Sopenharmony_ci#define OP_SHUTDOWN "socket_shutdown"
878c2ecf20Sopenharmony_ci
888c2ecf20Sopenharmony_ci#define OP_PTRACE "ptrace"
898c2ecf20Sopenharmony_ci#define OP_SIGNAL "signal"
908c2ecf20Sopenharmony_ci
918c2ecf20Sopenharmony_ci#define OP_EXEC "exec"
928c2ecf20Sopenharmony_ci
938c2ecf20Sopenharmony_ci#define OP_CHANGE_HAT "change_hat"
948c2ecf20Sopenharmony_ci#define OP_CHANGE_PROFILE "change_profile"
958c2ecf20Sopenharmony_ci#define OP_CHANGE_ONEXEC "change_onexec"
968c2ecf20Sopenharmony_ci#define OP_STACK "stack"
978c2ecf20Sopenharmony_ci#define OP_STACK_ONEXEC "stack_onexec"
988c2ecf20Sopenharmony_ci
998c2ecf20Sopenharmony_ci#define OP_SETPROCATTR "setprocattr"
1008c2ecf20Sopenharmony_ci#define OP_SETRLIMIT "setrlimit"
1018c2ecf20Sopenharmony_ci
1028c2ecf20Sopenharmony_ci#define OP_PROF_REPL "profile_replace"
1038c2ecf20Sopenharmony_ci#define OP_PROF_LOAD "profile_load"
1048c2ecf20Sopenharmony_ci#define OP_PROF_RM "profile_remove"
1058c2ecf20Sopenharmony_ci
1068c2ecf20Sopenharmony_ci
1078c2ecf20Sopenharmony_cistruct apparmor_audit_data {
1088c2ecf20Sopenharmony_ci	int error;
1098c2ecf20Sopenharmony_ci	int type;
1108c2ecf20Sopenharmony_ci	const char *op;
1118c2ecf20Sopenharmony_ci	struct aa_label *label;
1128c2ecf20Sopenharmony_ci	const char *name;
1138c2ecf20Sopenharmony_ci	const char *info;
1148c2ecf20Sopenharmony_ci	u32 request;
1158c2ecf20Sopenharmony_ci	u32 denied;
1168c2ecf20Sopenharmony_ci	union {
1178c2ecf20Sopenharmony_ci		/* these entries require a custom callback fn */
1188c2ecf20Sopenharmony_ci		struct {
1198c2ecf20Sopenharmony_ci			struct aa_label *peer;
1208c2ecf20Sopenharmony_ci			union {
1218c2ecf20Sopenharmony_ci				struct {
1228c2ecf20Sopenharmony_ci					const char *target;
1238c2ecf20Sopenharmony_ci					kuid_t ouid;
1248c2ecf20Sopenharmony_ci				} fs;
1258c2ecf20Sopenharmony_ci				struct {
1268c2ecf20Sopenharmony_ci					int rlim;
1278c2ecf20Sopenharmony_ci					unsigned long max;
1288c2ecf20Sopenharmony_ci				} rlim;
1298c2ecf20Sopenharmony_ci				struct {
1308c2ecf20Sopenharmony_ci					int signal;
1318c2ecf20Sopenharmony_ci					int unmappedsig;
1328c2ecf20Sopenharmony_ci				};
1338c2ecf20Sopenharmony_ci				struct {
1348c2ecf20Sopenharmony_ci					int type, protocol;
1358c2ecf20Sopenharmony_ci					struct sock *peer_sk;
1368c2ecf20Sopenharmony_ci					void *addr;
1378c2ecf20Sopenharmony_ci					int addrlen;
1388c2ecf20Sopenharmony_ci				} net;
1398c2ecf20Sopenharmony_ci			};
1408c2ecf20Sopenharmony_ci		};
1418c2ecf20Sopenharmony_ci		struct {
1428c2ecf20Sopenharmony_ci			struct aa_profile *profile;
1438c2ecf20Sopenharmony_ci			const char *ns;
1448c2ecf20Sopenharmony_ci			long pos;
1458c2ecf20Sopenharmony_ci		} iface;
1468c2ecf20Sopenharmony_ci		struct {
1478c2ecf20Sopenharmony_ci			const char *src_name;
1488c2ecf20Sopenharmony_ci			const char *type;
1498c2ecf20Sopenharmony_ci			const char *trans;
1508c2ecf20Sopenharmony_ci			const char *data;
1518c2ecf20Sopenharmony_ci			unsigned long flags;
1528c2ecf20Sopenharmony_ci		} mnt;
1538c2ecf20Sopenharmony_ci	};
1548c2ecf20Sopenharmony_ci};
1558c2ecf20Sopenharmony_ci
1568c2ecf20Sopenharmony_ci/* macros for dealing with  apparmor_audit_data structure */
1578c2ecf20Sopenharmony_ci#define aad(SA) ((SA)->apparmor_audit_data)
1588c2ecf20Sopenharmony_ci#define DEFINE_AUDIT_DATA(NAME, T, X)					\
1598c2ecf20Sopenharmony_ci	/* TODO: cleanup audit init so we don't need _aad = {0,} */	\
1608c2ecf20Sopenharmony_ci	struct apparmor_audit_data NAME ## _aad = { .op = (X), };	\
1618c2ecf20Sopenharmony_ci	struct common_audit_data NAME =					\
1628c2ecf20Sopenharmony_ci	{								\
1638c2ecf20Sopenharmony_ci	.type = (T),							\
1648c2ecf20Sopenharmony_ci	.u.tsk = NULL,							\
1658c2ecf20Sopenharmony_ci	};								\
1668c2ecf20Sopenharmony_ci	NAME.apparmor_audit_data = &(NAME ## _aad)
1678c2ecf20Sopenharmony_ci
1688c2ecf20Sopenharmony_civoid aa_audit_msg(int type, struct common_audit_data *sa,
1698c2ecf20Sopenharmony_ci		  void (*cb) (struct audit_buffer *, void *));
1708c2ecf20Sopenharmony_ciint aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
1718c2ecf20Sopenharmony_ci	     void (*cb) (struct audit_buffer *, void *));
1728c2ecf20Sopenharmony_ci
1738c2ecf20Sopenharmony_ci#define aa_audit_error(ERROR, SA, CB)				\
1748c2ecf20Sopenharmony_ci({								\
1758c2ecf20Sopenharmony_ci	aad((SA))->error = (ERROR);				\
1768c2ecf20Sopenharmony_ci	aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB));		\
1778c2ecf20Sopenharmony_ci	aad((SA))->error;					\
1788c2ecf20Sopenharmony_ci})
1798c2ecf20Sopenharmony_ci
1808c2ecf20Sopenharmony_ci
1818c2ecf20Sopenharmony_cistatic inline int complain_error(int error)
1828c2ecf20Sopenharmony_ci{
1838c2ecf20Sopenharmony_ci	if (error == -EPERM || error == -EACCES)
1848c2ecf20Sopenharmony_ci		return 0;
1858c2ecf20Sopenharmony_ci	return error;
1868c2ecf20Sopenharmony_ci}
1878c2ecf20Sopenharmony_ci
1888c2ecf20Sopenharmony_civoid aa_audit_rule_free(void *vrule);
1898c2ecf20Sopenharmony_ciint aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
1908c2ecf20Sopenharmony_ciint aa_audit_rule_known(struct audit_krule *rule);
1918c2ecf20Sopenharmony_ciint aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule);
1928c2ecf20Sopenharmony_ci
1938c2ecf20Sopenharmony_ci#endif /* __AA_AUDIT_H */
194