Warning: This file is not a C or C++ file. It does not have highlighting.
1 | /* SPDX-License-Identifier: GPL-2.0 */ |
---|---|
2 | /* |
3 | * Common LSM logging functions |
4 | * Heavily borrowed from selinux/avc.h |
5 | * |
6 | * Author : Etienne BASSET <etienne.basset@ensta.org> |
7 | * |
8 | * All credits to : Stephen Smalley, <sds@tycho.nsa.gov> |
9 | * All BUGS to : Etienne BASSET <etienne.basset@ensta.org> |
10 | */ |
11 | #ifndef _LSM_COMMON_LOGGING_ |
12 | #define _LSM_COMMON_LOGGING_ |
13 | |
14 | #include <linux/stddef.h> |
15 | #include <linux/errno.h> |
16 | #include <linux/kernel.h> |
17 | #include <linux/kdev_t.h> |
18 | #include <linux/spinlock.h> |
19 | #include <linux/init.h> |
20 | #include <linux/audit.h> |
21 | #include <linux/in6.h> |
22 | #include <linux/path.h> |
23 | #include <linux/key.h> |
24 | #include <linux/skbuff.h> |
25 | #include <rdma/ib_verbs.h> |
26 | |
27 | struct lsm_network_audit { |
28 | int netif; |
29 | const struct sock *sk; |
30 | u16 family; |
31 | __be16 dport; |
32 | __be16 sport; |
33 | union { |
34 | struct { |
35 | __be32 daddr; |
36 | __be32 saddr; |
37 | } v4; |
38 | struct { |
39 | struct in6_addr daddr; |
40 | struct in6_addr saddr; |
41 | } v6; |
42 | } fam; |
43 | }; |
44 | |
45 | struct lsm_ioctlop_audit { |
46 | struct path path; |
47 | u16 cmd; |
48 | }; |
49 | |
50 | struct lsm_ibpkey_audit { |
51 | u64 subnet_prefix; |
52 | u16 pkey; |
53 | }; |
54 | |
55 | struct lsm_ibendport_audit { |
56 | const char *dev_name; |
57 | u8 port; |
58 | }; |
59 | |
60 | /* Auxiliary data to use in generating the audit record. */ |
61 | struct common_audit_data { |
62 | char type; |
63 | #define LSM_AUDIT_DATA_PATH 1 |
64 | #define LSM_AUDIT_DATA_NET 2 |
65 | #define LSM_AUDIT_DATA_CAP 3 |
66 | #define LSM_AUDIT_DATA_IPC 4 |
67 | #define LSM_AUDIT_DATA_TASK 5 |
68 | #define LSM_AUDIT_DATA_KEY 6 |
69 | #define LSM_AUDIT_DATA_NONE 7 |
70 | #define LSM_AUDIT_DATA_KMOD 8 |
71 | #define LSM_AUDIT_DATA_INODE 9 |
72 | #define LSM_AUDIT_DATA_DENTRY 10 |
73 | #define LSM_AUDIT_DATA_IOCTL_OP 11 |
74 | #define LSM_AUDIT_DATA_FILE 12 |
75 | #define LSM_AUDIT_DATA_IBPKEY 13 |
76 | #define LSM_AUDIT_DATA_IBENDPORT 14 |
77 | #define LSM_AUDIT_DATA_LOCKDOWN 15 |
78 | #define LSM_AUDIT_DATA_NOTIFICATION 16 |
79 | #define LSM_AUDIT_DATA_ANONINODE 17 |
80 | union { |
81 | struct path path; |
82 | struct dentry *dentry; |
83 | struct inode *inode; |
84 | struct lsm_network_audit *net; |
85 | int cap; |
86 | int ipc_id; |
87 | struct task_struct *tsk; |
88 | #ifdef CONFIG_KEYS |
89 | struct { |
90 | key_serial_t key; |
91 | char *key_desc; |
92 | } key_struct; |
93 | #endif |
94 | char *kmod_name; |
95 | struct lsm_ioctlop_audit *op; |
96 | struct file *file; |
97 | struct lsm_ibpkey_audit *ibpkey; |
98 | struct lsm_ibendport_audit *ibendport; |
99 | int reason; |
100 | const char *anonclass; |
101 | } u; |
102 | /* this union contains LSM specific data */ |
103 | union { |
104 | #ifdef CONFIG_SECURITY_SMACK |
105 | struct smack_audit_data *smack_audit_data; |
106 | #endif |
107 | #ifdef CONFIG_SECURITY_SELINUX |
108 | struct selinux_audit_data *selinux_audit_data; |
109 | #endif |
110 | #ifdef CONFIG_SECURITY_APPARMOR |
111 | struct apparmor_audit_data *apparmor_audit_data; |
112 | #endif |
113 | }; /* per LSM data pointer union */ |
114 | }; |
115 | |
116 | #define v4info fam.v4 |
117 | #define v6info fam.v6 |
118 | |
119 | int ipv4_skb_to_auditdata(struct sk_buff *skb, |
120 | struct common_audit_data *ad, u8 *proto); |
121 | |
122 | int ipv6_skb_to_auditdata(struct sk_buff *skb, |
123 | struct common_audit_data *ad, u8 *proto); |
124 | |
125 | void common_lsm_audit(struct common_audit_data *a, |
126 | void (*pre_audit)(struct audit_buffer *, void *), |
127 | void (*post_audit)(struct audit_buffer *, void *)); |
128 | |
129 | #endif |
130 |
Warning: This file is not a C or C++ file. It does not have highlighting.