lsm_audit.h 3.1 KB
Newer Older
E
Etienne Basset 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
/*
 * Common LSM logging functions
 * Heavily borrowed from selinux/avc.h
 *
 * Author : Etienne BASSET  <etienne.basset@ensta.org>
 *
 * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil>
 * All BUGS to : Etienne BASSET  <etienne.basset@ensta.org>
 */
#ifndef _LSM_COMMON_LOGGING_
#define _LSM_COMMON_LOGGING_

#include <linux/stddef.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/kdev_t.h>
#include <linux/spinlock.h>
#include <linux/init.h>
#include <linux/audit.h>
#include <linux/in6.h>
#include <linux/path.h>
#include <linux/key.h>
#include <linux/skbuff.h>
#include <asm/system.h>


/* Auxiliary data to use in generating the audit record. */
struct common_audit_data {
29
	char type;
30
#define LSM_AUDIT_DATA_PATH	1
31 32 33 34 35
#define LSM_AUDIT_DATA_NET	2
#define LSM_AUDIT_DATA_CAP	3
#define LSM_AUDIT_DATA_IPC	4
#define LSM_AUDIT_DATA_TASK	5
#define LSM_AUDIT_DATA_KEY	6
36
#define LSM_AUDIT_DATA_NONE	7
37
#define LSM_AUDIT_DATA_KMOD	8
38
#define LSM_AUDIT_DATA_INODE	9
E
Etienne Basset 已提交
39 40
	struct task_struct *tsk;
	union 	{
41 42
		struct path path;
		struct inode *inode;
E
Etienne Basset 已提交
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
		struct {
			int netif;
			struct sock *sk;
			u16 family;
			__be16 dport;
			__be16 sport;
			union {
				struct {
					__be32 daddr;
					__be32 saddr;
				} v4;
				struct {
					struct in6_addr daddr;
					struct in6_addr saddr;
				} v6;
			} fam;
		} net;
		int cap;
		int ipc_id;
		struct task_struct *tsk;
#ifdef CONFIG_KEYS
		struct {
			key_serial_t key;
			char *key_desc;
		} key_struct;
#endif
69
		char *kmod_name;
E
Etienne Basset 已提交
70 71 72
	} u;
	/* this union contains LSM specific data */
	union {
73
#ifdef CONFIG_SECURITY_SMACK
E
Etienne Basset 已提交
74 75
		/* SMACK data */
		struct smack_audit_data {
76
			const char *function;
E
Etienne Basset 已提交
77 78 79 80 81
			char *subject;
			char *object;
			char *request;
			int result;
		} smack_audit_data;
82 83
#endif
#ifdef CONFIG_SECURITY_SELINUX
E
Etienne Basset 已提交
84 85 86 87 88 89 90
		/* SELinux data */
		struct {
			u32 ssid;
			u32 tsid;
			u16 tclass;
			u32 requested;
			u32 audited;
91
			u32 denied;
92 93 94 95 96
			/*
			 * auditdeny is a bit tricky and unintuitive.  See the
			 * comments in avc.c for it's meaning and usage.
			 */
			u32 auditdeny;
E
Etienne Basset 已提交
97 98 99
			struct av_decision *avd;
			int result;
		} selinux_audit_data;
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
#endif
#ifdef CONFIG_SECURITY_APPARMOR
		struct {
			int error;
			int op;
			int type;
			void *profile;
			const char *name;
			const char *info;
			union {
				void *target;
				struct {
					long pos;
					void *target;
				} iface;
				struct {
					int rlim;
					unsigned long max;
				} rlim;
				struct {
					const char *target;
					u32 request;
					u32 denied;
					uid_t ouid;
				} fs;
			};
		} apparmor_audit_data;
127
#endif
128
	};
E
Etienne Basset 已提交
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145
	/* these callback will be implemented by a specific LSM */
	void (*lsm_pre_audit)(struct audit_buffer *, void *);
	void (*lsm_post_audit)(struct audit_buffer *, void *);
};

#define v4info fam.v4
#define v6info fam.v6

int ipv4_skb_to_auditdata(struct sk_buff *skb,
		struct common_audit_data *ad, u8 *proto);

int ipv6_skb_to_auditdata(struct sk_buff *skb,
		struct common_audit_data *ad, u8 *proto);

/* Initialize an LSM audit data structure. */
#define COMMON_AUDIT_DATA_INIT(_d, _t) \
	{ memset((_d), 0, sizeof(struct common_audit_data)); \
146
	 (_d)->type = LSM_AUDIT_DATA_##_t; }
E
Etienne Basset 已提交
147 148 149 150

void common_lsm_audit(struct common_audit_data *a);

#endif