Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Data Structures | Macros | Enumerations | Functions | Variables
audit.h File Reference
#include <linux/audit.h>
#include <linux/fs.h>
#include <linux/lsm_audit.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include "file.h"

Go to the source code of this file.

Data Structures

struct  apparmor_audit_data
 

Macros

#define AUDIT_MAX_INDEX   5
 
#define aad   apparmor_audit_data
 

Enumerations

enum  audit_mode {
  AUDIT_NORMAL, AUDIT_QUIET_DENIED, AUDIT_QUIET, AUDIT_NOQUIET,
  AUDIT_ALL
}
 
enum  audit_type {
  AUDIT_APPARMOR_AUDIT, AUDIT_APPARMOR_ALLOWED, AUDIT_APPARMOR_DENIED, AUDIT_APPARMOR_HINT,
  AUDIT_APPARMOR_STATUS, AUDIT_APPARMOR_ERROR, AUDIT_APPARMOR_KILL, AUDIT_APPARMOR_AUTO
}
 
enum  aa_ops {
  OP_NULL, OP_SYSCTL, OP_CAPABLE, OP_UNLINK,
  OP_MKDIR, OP_RMDIR, OP_MKNOD, OP_TRUNC,
  OP_LINK, OP_SYMLINK, OP_RENAME_SRC, OP_RENAME_DEST,
  OP_CHMOD, OP_CHOWN, OP_GETATTR, OP_OPEN,
  OP_FPERM, OP_FLOCK, OP_FMMAP, OP_FMPROT,
  OP_CREATE, OP_POST_CREATE, OP_BIND, OP_CONNECT,
  OP_LISTEN, OP_ACCEPT, OP_SENDMSG, OP_RECVMSG,
  OP_GETSOCKNAME, OP_GETPEERNAME, OP_GETSOCKOPT, OP_SETSOCKOPT,
  OP_SOCK_SHUTDOWN, OP_PTRACE, OP_EXEC, OP_CHANGE_HAT,
  OP_CHANGE_PROFILE, OP_CHANGE_ONEXEC, OP_SETPROCATTR, OP_SETRLIMIT,
  OP_PROF_REPL, OP_PROF_LOAD, OP_PROF_RM
}
 

Functions

void aa_audit_msg (int type, struct common_audit_data *sa, void(*cb)(struct audit_buffer *, void *))
 
int aa_audit (int type, struct aa_profile *profile, gfp_t gfp, struct common_audit_data *sa, void(*cb)(struct audit_buffer *, void *))
 

Variables

const char *const audit_mode_names []
 
const char *const op_table []
 

Macro Definition Documentation

#define aad   apparmor_audit_data

Definition at line 134 of file audit.h.

#define AUDIT_MAX_INDEX   5

Definition at line 29 of file audit.h.

Enumeration Type Documentation

enum aa_ops
Enumerator:
OP_NULL 
OP_SYSCTL 
OP_CAPABLE 
OP_UNLINK 
OP_MKDIR 
OP_RMDIR 
OP_MKNOD 
OP_TRUNC 
OP_LINK 
OP_SYMLINK 
OP_RENAME_SRC 
OP_RENAME_DEST 
OP_CHMOD 
OP_CHOWN 
OP_GETATTR 
OP_OPEN 
OP_FPERM 
OP_FLOCK 
OP_FMMAP 
OP_FMPROT 
OP_CREATE 
OP_POST_CREATE 
OP_BIND 
OP_CONNECT 
OP_LISTEN 
OP_ACCEPT 
OP_SENDMSG 
OP_RECVMSG 
OP_GETSOCKNAME 
OP_GETPEERNAME 
OP_GETSOCKOPT 
OP_SETSOCKOPT 
OP_SOCK_SHUTDOWN 
OP_PTRACE 
OP_EXEC 
OP_CHANGE_HAT 
OP_CHANGE_PROFILE 
OP_CHANGE_ONEXEC 
OP_SETPROCATTR 
OP_SETRLIMIT 
OP_PROF_REPL 
OP_PROF_LOAD 
OP_PROF_RM 

Definition at line 51 of file audit.h.

enum audit_mode
Enumerator:
AUDIT_NORMAL 
AUDIT_QUIET_DENIED 
AUDIT_QUIET 
AUDIT_NOQUIET 
AUDIT_ALL 

Definition at line 31 of file audit.h.

enum audit_type
Enumerator:
AUDIT_APPARMOR_AUDIT 
AUDIT_APPARMOR_ALLOWED 
AUDIT_APPARMOR_DENIED 
AUDIT_APPARMOR_HINT 
AUDIT_APPARMOR_STATUS 
AUDIT_APPARMOR_ERROR 
AUDIT_APPARMOR_KILL 
AUDIT_APPARMOR_AUTO 

Definition at line 39 of file audit.h.

Function Documentation

int aa_audit ( int  type,
struct aa_profile profile,
gfp_t  gfp,
struct common_audit_data sa,
void(*)(struct audit_buffer *, void *)  cb 
)

aa_audit - Log a profile based audit event to the audit subsystem : audit type for the message : profile to check against (NOT NULL) : allocation flags to use

See Also
: audit event (NOT NULL) : optional callback fn for type specific fields (MAYBE NULL)

Handle default message switching based off of audit mode flags

Returns: error on failure

Definition at line 184 of file audit.c.

void aa_audit_msg ( int  type,
struct common_audit_data sa,
void(*)(struct audit_buffer *, void *)  cb 
)

aa_audit_msg - Log a message to the audit subsystem

See Also
: audit event structure (NOT NULL) : optional callback fn for type specific fields (MAYBE NULL)

Definition at line 165 of file audit.c.

Variable Documentation

const char* const audit_mode_names[]

Definition at line 76 of file audit.c.

const char* const op_table[]

Definition at line 22 of file audit.c.