Blame view
include/linux/lsm_audit.h
2.53 KB
6e837fb15 smack: implement ... |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
/* * Common LSM logging functions * Heavily borrowed from selinux/avc.h * * Author : Etienne BASSET <etienne.basset@ensta.org> * * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil> * All BUGS to : Etienne BASSET <etienne.basset@ensta.org> */ #ifndef _LSM_COMMON_LOGGING_ #define _LSM_COMMON_LOGGING_ #include <linux/stddef.h> #include <linux/errno.h> #include <linux/kernel.h> #include <linux/kdev_t.h> #include <linux/spinlock.h> #include <linux/init.h> #include <linux/audit.h> #include <linux/in6.h> #include <linux/path.h> #include <linux/key.h> #include <linux/skbuff.h> #include <asm/system.h> /* Auxiliary data to use in generating the audit record. */ struct common_audit_data { char type; #define LSM_AUDIT_DATA_FS 1 #define LSM_AUDIT_DATA_NET 2 #define LSM_AUDIT_DATA_CAP 3 #define LSM_AUDIT_DATA_IPC 4 #define LSM_AUDIT_DATA_TASK 5 #define LSM_AUDIT_DATA_KEY 6 |
2bf496903 SELinux: Convert ... |
36 |
#define LSM_AUDIT_NO_AUDIT 7 |
6e837fb15 smack: implement ... |
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
struct task_struct *tsk; union { struct { struct path path; struct inode *inode; } fs; struct { int netif; struct sock *sk; u16 family; __be16 dport; __be16 sport; union { struct { __be32 daddr; __be32 saddr; } v4; struct { struct in6_addr daddr; struct in6_addr saddr; } v6; } fam; } net; int cap; int ipc_id; struct task_struct *tsk; #ifdef CONFIG_KEYS struct { key_serial_t key; char *key_desc; } key_struct; #endif } u; |
6e837fb15 smack: implement ... |
70 71 |
/* this union contains LSM specific data */ union { |
65c3f0a2d security: Wrap SM... |
72 |
#ifdef CONFIG_SECURITY_SMACK |
6e837fb15 smack: implement ... |
73 74 |
/* SMACK data */ struct smack_audit_data { |
ed5215a21 Move variable fun... |
75 |
const char *function; |
6e837fb15 smack: implement ... |
76 77 78 79 80 |
char *subject; char *object; char *request; int result; } smack_audit_data; |
65c3f0a2d security: Wrap SM... |
81 82 |
#endif #ifdef CONFIG_SECURITY_SELINUX |
6e837fb15 smack: implement ... |
83 84 85 86 87 88 89 |
/* SELinux data */ struct { u32 ssid; u32 tsid; u16 tclass; u32 requested; u32 audited; |
2bf496903 SELinux: Convert ... |
90 |
u32 denied; |
6e837fb15 smack: implement ... |
91 92 93 |
struct av_decision *avd; int result; } selinux_audit_data; |
65c3f0a2d security: Wrap SM... |
94 |
#endif |
d4131ded4 security: Make ls... |
95 |
}; |
6e837fb15 smack: implement ... |
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
/* these callback will be implemented by a specific LSM */ void (*lsm_pre_audit)(struct audit_buffer *, void *); void (*lsm_post_audit)(struct audit_buffer *, void *); }; #define v4info fam.v4 #define v6info fam.v6 int ipv4_skb_to_auditdata(struct sk_buff *skb, struct common_audit_data *ad, u8 *proto); int ipv6_skb_to_auditdata(struct sk_buff *skb, struct common_audit_data *ad, u8 *proto); /* Initialize an LSM audit data structure. */ #define COMMON_AUDIT_DATA_INIT(_d, _t) \ { memset((_d), 0, sizeof(struct common_audit_data)); \ |
ed5215a21 Move variable fun... |
113 |
(_d)->type = LSM_AUDIT_DATA_##_t; } |
6e837fb15 smack: implement ... |
114 115 116 117 |
void common_lsm_audit(struct common_audit_data *a); #endif |