audit.h File Reference

#include <linux/audit.h>
#include <linux/fs.h>
#include <linux/lsm_audit.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include "file.h"

Go to the source code of this file.

Data Structures
struct	apparmor_audit_data

Macros
#define	AUDIT_MAX_INDEX   5
#define	aad   apparmor_audit_data

Enumerations
enum	audit_mode {   AUDIT_NORMAL, AUDIT_QUIET_DENIED, AUDIT_QUIET, AUDIT_NOQUIET,   AUDIT_ALL }
enum	audit_type {   AUDIT_APPARMOR_AUDIT, AUDIT_APPARMOR_ALLOWED, AUDIT_APPARMOR_DENIED, AUDIT_APPARMOR_HINT,   AUDIT_APPARMOR_STATUS, AUDIT_APPARMOR_ERROR, AUDIT_APPARMOR_KILL, AUDIT_APPARMOR_AUTO }
enum	aa_ops {   OP_NULL, OP_SYSCTL, OP_CAPABLE, OP_UNLINK,   OP_MKDIR, OP_RMDIR, OP_MKNOD, OP_TRUNC,   OP_LINK, OP_SYMLINK, OP_RENAME_SRC, OP_RENAME_DEST,   OP_CHMOD, OP_CHOWN, OP_GETATTR, OP_OPEN,   OP_FPERM, OP_FLOCK, OP_FMMAP, OP_FMPROT,   OP_CREATE, OP_POST_CREATE, OP_BIND, OP_CONNECT,   OP_LISTEN, OP_ACCEPT, OP_SENDMSG, OP_RECVMSG,   OP_GETSOCKNAME, OP_GETPEERNAME, OP_GETSOCKOPT, OP_SETSOCKOPT,   OP_SOCK_SHUTDOWN, OP_PTRACE, OP_EXEC, OP_CHANGE_HAT,   OP_CHANGE_PROFILE, OP_CHANGE_ONEXEC, OP_SETPROCATTR, OP_SETRLIMIT,   OP_PROF_REPL, OP_PROF_LOAD, OP_PROF_RM }

Functions
void	aa_audit_msg (int type, struct common_audit_data *sa, void(*cb)(struct audit_buffer *, void *))
int	aa_audit (int type, struct aa_profile *profile, gfp_t gfp, struct common_audit_data *sa, void(*cb)(struct audit_buffer *, void *))

Variables
const char *const	audit_mode_names []
const char *const	op_table []

Macro Definition Documentation

#define aad   apparmor_audit_data

Definition at line 134 of file audit.h.

#define AUDIT_MAX_INDEX   5

Definition at line 29 of file audit.h.

Enumeration Type Documentation

enum aa_ops

Enumerator:

OP_NULL
OP_SYSCTL
OP_CAPABLE
OP_UNLINK
OP_MKDIR
OP_RMDIR
OP_MKNOD
OP_TRUNC
OP_LINK
OP_SYMLINK
OP_RENAME_SRC
OP_RENAME_DEST
OP_CHMOD
OP_CHOWN
OP_GETATTR
OP_OPEN
OP_FPERM
OP_FLOCK
OP_FMMAP
OP_FMPROT
OP_CREATE
OP_POST_CREATE
OP_BIND
OP_CONNECT
OP_LISTEN
OP_ACCEPT
OP_SENDMSG
OP_RECVMSG
OP_GETSOCKNAME
OP_GETPEERNAME
OP_GETSOCKOPT
OP_SETSOCKOPT
OP_SOCK_SHUTDOWN
OP_PTRACE
OP_EXEC
OP_CHANGE_HAT
OP_CHANGE_PROFILE
OP_CHANGE_ONEXEC
OP_SETPROCATTR
OP_SETRLIMIT
OP_PROF_REPL
OP_PROF_LOAD
OP_PROF_RM

Definition at line 51 of file audit.h.

enum audit_mode

Enumerator:

AUDIT_NORMAL
AUDIT_QUIET_DENIED
AUDIT_QUIET
AUDIT_NOQUIET
AUDIT_ALL

Definition at line 31 of file audit.h.

enum audit_type

Enumerator:

AUDIT_APPARMOR_AUDIT
AUDIT_APPARMOR_ALLOWED
AUDIT_APPARMOR_DENIED
AUDIT_APPARMOR_HINT
AUDIT_APPARMOR_STATUS
AUDIT_APPARMOR_ERROR
AUDIT_APPARMOR_KILL
AUDIT_APPARMOR_AUTO

Definition at line 39 of file audit.h.

Function Documentation

int aa_audit	(	int	type,
		struct aa_profile *	profile,
		gfp_t	gfp,
		struct common_audit_data *	sa,
		void(*)(struct audit_buffer *, void *)	cb
	)

aa_audit - Log a profile based audit event to the audit subsystem : audit type for the message : profile to check against (NOT NULL) : allocation flags to use

See Also

: audit event (NOT NULL) : optional callback fn for type specific fields (MAYBE NULL)

Handle default message switching based off of audit mode flags

Returns: error on failure

Definition at line 184 of file audit.c.

void aa_audit_msg	(	int	type,
		struct common_audit_data *	sa,
		void(*)(struct audit_buffer *, void *)	cb
	)

aa_audit_msg - Log a message to the audit subsystem

See Also

: audit event structure (NOT NULL) : optional callback fn for type specific fields (MAYBE NULL)

Definition at line 165 of file audit.c.

Variable Documentation

const char* const audit_mode_names[]

Definition at line 76 of file audit.c.

const char* const op_table[]

Definition at line 22 of file audit.c.