1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Common LSM logging functions
4 * Heavily borrowed from selinux/avc.h
5 *
6 * Author : Etienne BASSET <etienne.basset@ensta.org>
7 *
8 * All credits to : Stephen Smalley, <sds@tycho.nsa.gov>
9 * All BUGS to : Etienne BASSET <etienne.basset@ensta.org>
10 */
11#ifndef _LSM_COMMON_LOGGING_
12#define _LSM_COMMON_LOGGING_
13
14#include <linux/stddef.h>
15#include <linux/errno.h>
16#include <linux/kernel.h>
17#include <linux/kdev_t.h>
18#include <linux/spinlock.h>
19#include <linux/init.h>
20#include <linux/audit.h>
21#include <linux/in6.h>
22#include <linux/path.h>
23#include <linux/key.h>
24#include <linux/skbuff.h>
25#include <rdma/ib_verbs.h>
26
27struct lsm_network_audit {
28 int netif;
29 struct sock *sk;
30 u16 family;
31 __be16 dport;
32 __be16 sport;
33 union {
34 struct {
35 __be32 daddr;
36 __be32 saddr;
37 } v4;
38 struct {
39 struct in6_addr daddr;
40 struct in6_addr saddr;
41 } v6;
42 } fam;
43};
44
45struct lsm_ioctlop_audit {
46 struct path path;
47 u16 cmd;
48};
49
50struct lsm_ibpkey_audit {
51 u64 subnet_prefix;
52 u16 pkey;
53};
54
55struct lsm_ibendport_audit {
56 char dev_name[IB_DEVICE_NAME_MAX];
57 u8 port;
58};
59
60/* Auxiliary data to use in generating the audit record. */
61struct common_audit_data {
62 char type;
63#define LSM_AUDIT_DATA_PATH 1
64#define LSM_AUDIT_DATA_NET 2
65#define LSM_AUDIT_DATA_CAP 3
66#define LSM_AUDIT_DATA_IPC 4
67#define LSM_AUDIT_DATA_TASK 5
68#define LSM_AUDIT_DATA_KEY 6
69#define LSM_AUDIT_DATA_NONE 7
70#define LSM_AUDIT_DATA_KMOD 8
71#define LSM_AUDIT_DATA_INODE 9
72#define LSM_AUDIT_DATA_DENTRY 10
73#define LSM_AUDIT_DATA_IOCTL_OP 11
74#define LSM_AUDIT_DATA_FILE 12
75#define LSM_AUDIT_DATA_IBPKEY 13
76#define LSM_AUDIT_DATA_IBENDPORT 14
77 union {
78 struct path path;
79 struct dentry *dentry;
80 struct inode *inode;
81 struct lsm_network_audit *net;
82 int cap;
83 int ipc_id;
84 struct task_struct *tsk;
85#ifdef CONFIG_KEYS
86 struct {
87 key_serial_t key;
88 char *key_desc;
89 } key_struct;
90#endif
91 char *kmod_name;
92 struct lsm_ioctlop_audit *op;
93 struct file *file;
94 struct lsm_ibpkey_audit *ibpkey;
95 struct lsm_ibendport_audit *ibendport;
96 } u;
97 /* this union contains LSM specific data */
98 union {
99#ifdef CONFIG_SECURITY_SMACK
100 struct smack_audit_data *smack_audit_data;
101#endif
102#ifdef CONFIG_SECURITY_SELINUX
103 struct selinux_audit_data *selinux_audit_data;
104#endif
105#ifdef CONFIG_SECURITY_APPARMOR
106 struct apparmor_audit_data *apparmor_audit_data;
107#endif
108 }; /* per LSM data pointer union */
109};
110
111#define v4info fam.v4
112#define v6info fam.v6
113
114int ipv4_skb_to_auditdata(struct sk_buff *skb,
115 struct common_audit_data *ad, u8 *proto);
116
117int ipv6_skb_to_auditdata(struct sk_buff *skb,
118 struct common_audit_data *ad, u8 *proto);
119
120void common_lsm_audit(struct common_audit_data *a,
121 void (*pre_audit)(struct audit_buffer *, void *),
122 void (*post_audit)(struct audit_buffer *, void *));
123
124#endif
125