162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-only */ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * AppArmor security module 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * This file contains AppArmor auditing function definitions. 662306a36Sopenharmony_ci * 762306a36Sopenharmony_ci * Copyright (C) 1998-2008 Novell/SUSE 862306a36Sopenharmony_ci * Copyright 2009-2010 Canonical Ltd. 962306a36Sopenharmony_ci */ 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_ci#ifndef __AA_AUDIT_H 1262306a36Sopenharmony_ci#define __AA_AUDIT_H 1362306a36Sopenharmony_ci 1462306a36Sopenharmony_ci#include <linux/audit.h> 1562306a36Sopenharmony_ci#include <linux/fs.h> 1662306a36Sopenharmony_ci#include <linux/lsm_audit.h> 1762306a36Sopenharmony_ci#include <linux/sched.h> 1862306a36Sopenharmony_ci#include <linux/slab.h> 1962306a36Sopenharmony_ci 2062306a36Sopenharmony_ci#include "file.h" 2162306a36Sopenharmony_ci#include "label.h" 2262306a36Sopenharmony_ci 2362306a36Sopenharmony_ciextern const char *const audit_mode_names[]; 2462306a36Sopenharmony_ci#define AUDIT_MAX_INDEX 5 2562306a36Sopenharmony_cienum audit_mode { 2662306a36Sopenharmony_ci AUDIT_NORMAL, /* follow normal auditing of accesses */ 2762306a36Sopenharmony_ci AUDIT_QUIET_DENIED, /* quiet all denied access messages */ 2862306a36Sopenharmony_ci AUDIT_QUIET, /* quiet all messages */ 2962306a36Sopenharmony_ci AUDIT_NOQUIET, /* do not quiet audit messages */ 3062306a36Sopenharmony_ci AUDIT_ALL /* audit all accesses */ 3162306a36Sopenharmony_ci}; 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_cienum audit_type { 3462306a36Sopenharmony_ci AUDIT_APPARMOR_AUDIT, 3562306a36Sopenharmony_ci AUDIT_APPARMOR_ALLOWED, 3662306a36Sopenharmony_ci AUDIT_APPARMOR_DENIED, 3762306a36Sopenharmony_ci AUDIT_APPARMOR_HINT, 3862306a36Sopenharmony_ci AUDIT_APPARMOR_STATUS, 3962306a36Sopenharmony_ci AUDIT_APPARMOR_ERROR, 4062306a36Sopenharmony_ci AUDIT_APPARMOR_KILL, 4162306a36Sopenharmony_ci AUDIT_APPARMOR_AUTO 4262306a36Sopenharmony_ci}; 4362306a36Sopenharmony_ci 4462306a36Sopenharmony_ci#define OP_NULL NULL 4562306a36Sopenharmony_ci 4662306a36Sopenharmony_ci#define OP_SYSCTL "sysctl" 4762306a36Sopenharmony_ci#define OP_CAPABLE "capable" 4862306a36Sopenharmony_ci 4962306a36Sopenharmony_ci#define OP_UNLINK "unlink" 5062306a36Sopenharmony_ci#define OP_MKDIR "mkdir" 5162306a36Sopenharmony_ci#define OP_RMDIR "rmdir" 5262306a36Sopenharmony_ci#define OP_MKNOD "mknod" 5362306a36Sopenharmony_ci#define OP_TRUNC "truncate" 5462306a36Sopenharmony_ci#define OP_LINK "link" 5562306a36Sopenharmony_ci#define OP_SYMLINK "symlink" 5662306a36Sopenharmony_ci#define OP_RENAME_SRC "rename_src" 5762306a36Sopenharmony_ci#define OP_RENAME_DEST "rename_dest" 5862306a36Sopenharmony_ci#define OP_CHMOD "chmod" 5962306a36Sopenharmony_ci#define OP_CHOWN "chown" 6062306a36Sopenharmony_ci#define OP_GETATTR "getattr" 6162306a36Sopenharmony_ci#define OP_OPEN "open" 6262306a36Sopenharmony_ci 6362306a36Sopenharmony_ci#define OP_FRECEIVE "file_receive" 6462306a36Sopenharmony_ci#define OP_FPERM "file_perm" 6562306a36Sopenharmony_ci#define OP_FLOCK "file_lock" 6662306a36Sopenharmony_ci#define OP_FMMAP "file_mmap" 6762306a36Sopenharmony_ci#define OP_FMPROT "file_mprotect" 6862306a36Sopenharmony_ci#define OP_INHERIT "file_inherit" 6962306a36Sopenharmony_ci 7062306a36Sopenharmony_ci#define OP_PIVOTROOT "pivotroot" 7162306a36Sopenharmony_ci#define OP_MOUNT "mount" 7262306a36Sopenharmony_ci#define OP_UMOUNT "umount" 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_ci#define OP_CREATE "create" 7562306a36Sopenharmony_ci#define OP_POST_CREATE "post_create" 7662306a36Sopenharmony_ci#define OP_BIND "bind" 7762306a36Sopenharmony_ci#define OP_CONNECT "connect" 7862306a36Sopenharmony_ci#define OP_LISTEN "listen" 7962306a36Sopenharmony_ci#define OP_ACCEPT "accept" 8062306a36Sopenharmony_ci#define OP_SENDMSG "sendmsg" 8162306a36Sopenharmony_ci#define OP_RECVMSG "recvmsg" 8262306a36Sopenharmony_ci#define OP_GETSOCKNAME "getsockname" 8362306a36Sopenharmony_ci#define OP_GETPEERNAME "getpeername" 8462306a36Sopenharmony_ci#define OP_GETSOCKOPT "getsockopt" 8562306a36Sopenharmony_ci#define OP_SETSOCKOPT "setsockopt" 8662306a36Sopenharmony_ci#define OP_SHUTDOWN "socket_shutdown" 8762306a36Sopenharmony_ci 8862306a36Sopenharmony_ci#define OP_PTRACE "ptrace" 8962306a36Sopenharmony_ci#define OP_SIGNAL "signal" 9062306a36Sopenharmony_ci 9162306a36Sopenharmony_ci#define OP_EXEC "exec" 9262306a36Sopenharmony_ci 9362306a36Sopenharmony_ci#define OP_CHANGE_HAT "change_hat" 9462306a36Sopenharmony_ci#define OP_CHANGE_PROFILE "change_profile" 9562306a36Sopenharmony_ci#define OP_CHANGE_ONEXEC "change_onexec" 9662306a36Sopenharmony_ci#define OP_STACK "stack" 9762306a36Sopenharmony_ci#define OP_STACK_ONEXEC "stack_onexec" 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_ci#define OP_SETPROCATTR "setprocattr" 10062306a36Sopenharmony_ci#define OP_SETRLIMIT "setrlimit" 10162306a36Sopenharmony_ci 10262306a36Sopenharmony_ci#define OP_PROF_REPL "profile_replace" 10362306a36Sopenharmony_ci#define OP_PROF_LOAD "profile_load" 10462306a36Sopenharmony_ci#define OP_PROF_RM "profile_remove" 10562306a36Sopenharmony_ci 10662306a36Sopenharmony_ci 10762306a36Sopenharmony_cistruct apparmor_audit_data { 10862306a36Sopenharmony_ci int error; 10962306a36Sopenharmony_ci int type; 11062306a36Sopenharmony_ci u16 class; 11162306a36Sopenharmony_ci const char *op; 11262306a36Sopenharmony_ci const struct cred *subj_cred; 11362306a36Sopenharmony_ci struct aa_label *subj_label; 11462306a36Sopenharmony_ci const char *name; 11562306a36Sopenharmony_ci const char *info; 11662306a36Sopenharmony_ci u32 request; 11762306a36Sopenharmony_ci u32 denied; 11862306a36Sopenharmony_ci union { 11962306a36Sopenharmony_ci /* these entries require a custom callback fn */ 12062306a36Sopenharmony_ci struct { 12162306a36Sopenharmony_ci struct aa_label *peer; 12262306a36Sopenharmony_ci union { 12362306a36Sopenharmony_ci struct { 12462306a36Sopenharmony_ci const char *target; 12562306a36Sopenharmony_ci kuid_t ouid; 12662306a36Sopenharmony_ci } fs; 12762306a36Sopenharmony_ci struct { 12862306a36Sopenharmony_ci int rlim; 12962306a36Sopenharmony_ci unsigned long max; 13062306a36Sopenharmony_ci } rlim; 13162306a36Sopenharmony_ci struct { 13262306a36Sopenharmony_ci int signal; 13362306a36Sopenharmony_ci int unmappedsig; 13462306a36Sopenharmony_ci }; 13562306a36Sopenharmony_ci struct { 13662306a36Sopenharmony_ci int type, protocol; 13762306a36Sopenharmony_ci struct sock *peer_sk; 13862306a36Sopenharmony_ci void *addr; 13962306a36Sopenharmony_ci int addrlen; 14062306a36Sopenharmony_ci } net; 14162306a36Sopenharmony_ci }; 14262306a36Sopenharmony_ci }; 14362306a36Sopenharmony_ci struct { 14462306a36Sopenharmony_ci struct aa_profile *profile; 14562306a36Sopenharmony_ci const char *ns; 14662306a36Sopenharmony_ci long pos; 14762306a36Sopenharmony_ci } iface; 14862306a36Sopenharmony_ci struct { 14962306a36Sopenharmony_ci const char *src_name; 15062306a36Sopenharmony_ci const char *type; 15162306a36Sopenharmony_ci const char *trans; 15262306a36Sopenharmony_ci const char *data; 15362306a36Sopenharmony_ci unsigned long flags; 15462306a36Sopenharmony_ci } mnt; 15562306a36Sopenharmony_ci }; 15662306a36Sopenharmony_ci 15762306a36Sopenharmony_ci struct common_audit_data common; 15862306a36Sopenharmony_ci}; 15962306a36Sopenharmony_ci 16062306a36Sopenharmony_ci/* macros for dealing with apparmor_audit_data structure */ 16162306a36Sopenharmony_ci#define aad(SA) (container_of(SA, struct apparmor_audit_data, common)) 16262306a36Sopenharmony_ci#define aad_of_va(VA) aad((struct common_audit_data *)(VA)) 16362306a36Sopenharmony_ci 16462306a36Sopenharmony_ci#define DEFINE_AUDIT_DATA(NAME, T, C, X) \ 16562306a36Sopenharmony_ci /* TODO: cleanup audit init so we don't need _aad = {0,} */ \ 16662306a36Sopenharmony_ci struct apparmor_audit_data NAME = { \ 16762306a36Sopenharmony_ci .class = (C), \ 16862306a36Sopenharmony_ci .op = (X), \ 16962306a36Sopenharmony_ci .common.type = (T), \ 17062306a36Sopenharmony_ci .common.u.tsk = NULL, \ 17162306a36Sopenharmony_ci .common.apparmor_audit_data = &NAME, \ 17262306a36Sopenharmony_ci }; 17362306a36Sopenharmony_ci 17462306a36Sopenharmony_civoid aa_audit_msg(int type, struct apparmor_audit_data *ad, 17562306a36Sopenharmony_ci void (*cb) (struct audit_buffer *, void *)); 17662306a36Sopenharmony_ciint aa_audit(int type, struct aa_profile *profile, 17762306a36Sopenharmony_ci struct apparmor_audit_data *ad, 17862306a36Sopenharmony_ci void (*cb) (struct audit_buffer *, void *)); 17962306a36Sopenharmony_ci 18062306a36Sopenharmony_ci#define aa_audit_error(ERROR, AD, CB) \ 18162306a36Sopenharmony_ci({ \ 18262306a36Sopenharmony_ci (AD)->error = (ERROR); \ 18362306a36Sopenharmony_ci aa_audit_msg(AUDIT_APPARMOR_ERROR, (AD), (CB)); \ 18462306a36Sopenharmony_ci (AD)->error; \ 18562306a36Sopenharmony_ci}) 18662306a36Sopenharmony_ci 18762306a36Sopenharmony_ci 18862306a36Sopenharmony_cistatic inline int complain_error(int error) 18962306a36Sopenharmony_ci{ 19062306a36Sopenharmony_ci if (error == -EPERM || error == -EACCES) 19162306a36Sopenharmony_ci return 0; 19262306a36Sopenharmony_ci return error; 19362306a36Sopenharmony_ci} 19462306a36Sopenharmony_ci 19562306a36Sopenharmony_civoid aa_audit_rule_free(void *vrule); 19662306a36Sopenharmony_ciint aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule); 19762306a36Sopenharmony_ciint aa_audit_rule_known(struct audit_krule *rule); 19862306a36Sopenharmony_ciint aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule); 19962306a36Sopenharmony_ci 20062306a36Sopenharmony_ci#endif /* __AA_AUDIT_H */ 201