Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
audit.h
Go to the documentation of this file.
1 /* audit -- definition of audit_context structure and supporting types
2  *
3  * Copyright 2003-2004 Red Hat, Inc.
4  * Copyright 2005 Hewlett-Packard Development Company, L.P.
5  * Copyright 2005 IBM Corporation
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 
22 #include <linux/fs.h>
23 #include <linux/audit.h>
24 #include <linux/skbuff.h>
25 
26 /* 0 = no checking
27  1 = put_count checking
28  2 = verbose put_count checking
29 */
30 #define AUDIT_DEBUG 0
31 
32 /* At task start time, the audit_state is set in the audit_context using
33  a per-task filter. At syscall entry, the audit_state is augmented by
34  the syscall filter. */
36  AUDIT_DISABLED, /* Do not create per-task audit_context.
37  * No syscall-specific audit records can
38  * be generated. */
39  AUDIT_BUILD_CONTEXT, /* Create the per-task audit_context,
40  * and fill it in at syscall
41  * entry time. This makes a full
42  * syscall record available if some
43  * other part of the kernel decides it
44  * should be recorded. */
45  AUDIT_RECORD_CONTEXT /* Create the per-task audit_context,
46  * always fill it in at syscall entry
47  * time, and always write out the audit
48  * record at syscall exit time. */
49 };
50 
51 /* Rule lists */
52 struct audit_watch;
53 struct audit_tree;
54 struct audit_chunk;
55 
56 struct audit_entry {
57  struct list_head list;
58  struct rcu_head rcu;
59  struct audit_krule rule;
60 };
61 
62 #ifdef CONFIG_AUDIT
63 extern int audit_enabled;
64 extern int audit_ever_enabled;
65 #endif
66 
67 extern int audit_pid;
68 
69 #define AUDIT_INODE_BUCKETS 32
71 
72 static inline int audit_hash_ino(u32 ino)
73 {
74  return (ino & (AUDIT_INODE_BUCKETS-1));
75 }
76 
77 /* Indicates that audit should log the full pathname. */
78 #define AUDIT_NAME_FULL -1
79 
80 extern int audit_match_class(int class, unsigned syscall);
81 extern int audit_comparator(const u32 left, const u32 op, const u32 right);
84 extern int parent_len(const char *path);
85 extern int audit_compare_dname_path(const char *dname, const char *path, int plen);
86 extern struct sk_buff * audit_make_reply(int pid, int seq, int type,
87  int done, int multi,
88  const void *payload, int size);
89 extern void audit_panic(const char *message);
90 
92  int pid;
93  struct sk_buff_head q;
94 };
95 
96 int audit_send_list(void *);
97 
98 extern int selinux_audit_rule_update(void);
99 
100 extern struct mutex audit_filter_mutex;
101 extern void audit_free_rule_rcu(struct rcu_head *);
102 extern struct list_head audit_filter_list[];
103 
104 extern struct audit_entry *audit_dupe_rule(struct audit_krule *old);
105 
106 /* audit watch functions */
107 #ifdef CONFIG_AUDIT_WATCH
108 extern void audit_put_watch(struct audit_watch *watch);
109 extern void audit_get_watch(struct audit_watch *watch);
110 extern int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op);
111 extern int audit_add_watch(struct audit_krule *krule, struct list_head **list);
112 extern void audit_remove_watch_rule(struct audit_krule *krule);
113 extern char *audit_watch_path(struct audit_watch *watch);
114 extern int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t dev);
115 #else
116 #define audit_put_watch(w) {}
117 #define audit_get_watch(w) {}
118 #define audit_to_watch(k, p, l, o) (-EINVAL)
119 #define audit_add_watch(k, l) (-EINVAL)
120 #define audit_remove_watch_rule(k) BUG()
121 #define audit_watch_path(w) ""
122 #define audit_watch_compare(w, i, d) 0
123 
124 #endif /* CONFIG_AUDIT_WATCH */
125 
126 #ifdef CONFIG_AUDIT_TREE
127 extern struct audit_chunk *audit_tree_lookup(const struct inode *);
128 extern void audit_put_chunk(struct audit_chunk *);
129 extern int audit_tree_match(struct audit_chunk *, struct audit_tree *);
130 extern int audit_make_tree(struct audit_krule *, char *, u32);
131 extern int audit_add_tree_rule(struct audit_krule *);
132 extern int audit_remove_tree_rule(struct audit_krule *);
133 extern void audit_trim_trees(void);
134 extern int audit_tag_tree(char *old, char *new);
135 extern const char *audit_tree_path(struct audit_tree *);
136 extern void audit_put_tree(struct audit_tree *);
137 extern void audit_kill_trees(struct list_head *);
138 #else
139 #define audit_remove_tree_rule(rule) BUG()
140 #define audit_add_tree_rule(rule) -EINVAL
141 #define audit_make_tree(rule, str, op) -EINVAL
142 #define audit_trim_trees() (void)0
143 #define audit_put_tree(tree) (void)0
144 #define audit_tag_tree(old, new) -EINVAL
145 #define audit_tree_path(rule) "" /* never called */
146 #define audit_kill_trees(list) BUG()
147 #endif
148 
149 extern char *audit_unpack_string(void **, size_t *, size_t);
150 
151 extern pid_t audit_sig_pid;
152 extern kuid_t audit_sig_uid;
153 extern u32 audit_sig_sid;
154 
155 #ifdef CONFIG_AUDITSYSCALL
156 extern int __audit_signal_info(int sig, struct task_struct *t);
157 static inline int audit_signal_info(int sig, struct task_struct *t)
158 {
159  if (unlikely((audit_pid && t->tgid == audit_pid) ||
160  (audit_signals && !audit_dummy_context())))
161  return __audit_signal_info(sig, t);
162  return 0;
163 }
164 extern void audit_filter_inodes(struct task_struct *, struct audit_context *);
165 extern struct list_head *audit_killed_trees(void);
166 #else
167 #define audit_signal_info(s,t) AUDIT_DISABLED
168 #define audit_filter_inodes(t,c) AUDIT_DISABLED
169 #endif
170 
171 extern struct mutex audit_cmd_mutex;