Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_oneplus_msm8996 / 99b0d4b7b09edeacf4542bced5c01239375b51a9 / . / include / linux / lsm_audit.h
blob: f78f83d7663f7bad084b304c8a8f71a169db019e [file] [log] [blame]
Etienne Basset6e837fb2009-04-08 20:39:40 +0200[diff] [blame]1/*
2 * Common LSM logging functions
3 * Heavily borrowed from selinux/avc.h
4 *
5 * Author : Etienne BASSET <etienne.basset@ensta.org>
6 *
7 * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil>
8 * All BUGS to : Etienne BASSET <etienne.basset@ensta.org>
9 */
10#ifndef _LSM_COMMON_LOGGING_
11#define _LSM_COMMON_LOGGING_
12
13#include <linux/stddef.h>
14#include <linux/errno.h>
15#include <linux/kernel.h>
16#include <linux/kdev_t.h>
17#include <linux/spinlock.h>
18#include <linux/init.h>
19#include <linux/audit.h>
20#include <linux/in6.h>
21#include <linux/path.h>
22#include <linux/key.h>
23#include <linux/skbuff.h>
24#include <asm/system.h>
25
26
27/* Auxiliary data to use in generating the audit record. */
28struct common_audit_data {
Eric Parisdd8dbf22009-11-03 16:35:32 +1100[diff] [blame]29 char type;
30#define LSM_AUDIT_DATA_FS 1
31#define LSM_AUDIT_DATA_NET 2
32#define LSM_AUDIT_DATA_CAP 3
33#define LSM_AUDIT_DATA_IPC 4
34#define LSM_AUDIT_DATA_TASK 5
35#define LSM_AUDIT_DATA_KEY 6
36#define LSM_AUDIT_NO_AUDIT 7
37#define LSM_AUDIT_DATA_KMOD 8
Etienne Basset6e837fb2009-04-08 20:39:40 +0200[diff] [blame]38 struct task_struct *tsk;
39 union {
40 struct {
41 struct path path;
42 struct inode *inode;
43 } fs;
44 struct {
45 int netif;
46 struct sock *sk;
47 u16 family;
48 __be16 dport;
49 __be16 sport;
50 union {
51 struct {
52 __be32 daddr;
53 __be32 saddr;
54 } v4;
55 struct {
56 struct in6_addr daddr;
57 struct in6_addr saddr;
58 } v6;
59 } fam;
60 } net;
61 int cap;
62 int ipc_id;
63 struct task_struct *tsk;
64#ifdef CONFIG_KEYS
65 struct {
66 key_serial_t key;
67 char *key_desc;
68 } key_struct;
69#endif
Eric Parisdd8dbf22009-11-03 16:35:32 +1100[diff] [blame]70 char *kmod_name;
Etienne Basset6e837fb2009-04-08 20:39:40 +0200[diff] [blame]71 } u;
Etienne Basset6e837fb2009-04-08 20:39:40 +0200[diff] [blame]72 /* this union contains LSM specific data */
73 union {
Thomas Liu65c3f0a2009-07-09 10:00:31 -0400[diff] [blame]74#ifdef CONFIG_SECURITY_SMACK
Etienne Basset6e837fb2009-04-08 20:39:40 +0200[diff] [blame]75 /* SMACK data */
76 struct smack_audit_data {
Thomas Liued5215a2009-07-09 10:00:29 -0400[diff] [blame]77 const char *function;
Etienne Basset6e837fb2009-04-08 20:39:40 +0200[diff] [blame]78 char *subject;
79 char *object;
80 char *request;
81 int result;
82 } smack_audit_data;
Thomas Liu65c3f0a2009-07-09 10:00:31 -0400[diff] [blame]83#endif
84#ifdef CONFIG_SECURITY_SELINUX
Etienne Basset6e837fb2009-04-08 20:39:40 +0200[diff] [blame]85 /* SELinux data */
86 struct {
87 u32 ssid;
88 u32 tsid;
89 u16 tclass;
90 u32 requested;
91 u32 audited;
Thomas Liu2bf49692009-07-14 12:14:09 -0400[diff] [blame]92 u32 denied;
Etienne Basset6e837fb2009-04-08 20:39:40 +0200[diff] [blame]93 struct av_decision *avd;
94 int result;
95 } selinux_audit_data;
Thomas Liu65c3f0a2009-07-09 10:00:31 -0400[diff] [blame]96#endif
Thomas Liud4131de2009-07-09 10:00:30 -0400[diff] [blame]97 };
Etienne Basset6e837fb2009-04-08 20:39:40 +0200[diff] [blame]98 /* these callback will be implemented by a specific LSM */
99 void (*lsm_pre_audit)(struct audit_buffer *, void *);
100 void (*lsm_post_audit)(struct audit_buffer *, void *);
101};
102
103#define v4info fam.v4
104#define v6info fam.v6
105
106int ipv4_skb_to_auditdata(struct sk_buff *skb,
107 struct common_audit_data *ad, u8 *proto);
108
109int ipv6_skb_to_auditdata(struct sk_buff *skb,
110 struct common_audit_data *ad, u8 *proto);
111
112/* Initialize an LSM audit data structure. */
113#define COMMON_AUDIT_DATA_INIT(_d, _t) \
114 { memset((_d), 0, sizeof(struct common_audit_data)); \
Thomas Liued5215a2009-07-09 10:00:29 -0400[diff] [blame]115 (_d)->type = LSM_AUDIT_DATA_##_t; }
Etienne Basset6e837fb2009-04-08 20:39:40 +0200[diff] [blame]116
117void common_lsm_audit(struct common_audit_data *a);
118
119#endif