include/linux/lsm_audit.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 /*
0003  * Common LSM logging functions
0004  * Heavily borrowed from selinux/avc.h
0005  *
0006  * Author : Etienne BASSET  <etienne.basset@ensta.org>
0007  *
0008  * All credits to : Stephen Smalley, <sds@tycho.nsa.gov>
0009  * All BUGS to : Etienne BASSET  <etienne.basset@ensta.org>
0010  */
0011 #ifndef _LSM_COMMON_LOGGING_
0012 #define _LSM_COMMON_LOGGING_
0013
0014 #include <linux/stddef.h>
0015 #include <linux/errno.h>
0016 #include <linux/kernel.h>
0017 #include <linux/kdev_t.h>
0018 #include <linux/spinlock.h>
0019 #include <linux/init.h>
0020 #include <linux/audit.h>
0021 #include <linux/in6.h>
0022 #include <linux/path.h>
0023 #include <linux/key.h>
0024 #include <linux/skbuff.h>
0025 #include <rdma/ib_verbs.h>
0026
0027 struct lsm_network_audit {
0028     int netif;
0029     const struct sock *sk;
0030     u16 family;
0031     __be16 dport;
0032     __be16 sport;
0033     union {
0034         struct {
0035             __be32 daddr;
0036             __be32 saddr;
0037         } v4;
0038         struct {
0039             struct in6_addr daddr;
0040             struct in6_addr saddr;
0041         } v6;
0042     } fam;
0043 };
0044
0045 struct lsm_ioctlop_audit {
0046     struct path path;
0047     u16 cmd;
0048 };
0049
0050 struct lsm_ibpkey_audit {
0051     u64 subnet_prefix;
0052     u16 pkey;
0053 };
0054
0055 struct lsm_ibendport_audit {
0056     const char *dev_name;
0057     u8 port;
0058 };
0059
0060 /* Auxiliary data to use in generating the audit record. */
0061 struct common_audit_data {
0062     char type;
0063 #define LSM_AUDIT_DATA_PATH 1
0064 #define LSM_AUDIT_DATA_NET  2
0065 #define LSM_AUDIT_DATA_CAP  3
0066 #define LSM_AUDIT_DATA_IPC  4
0067 #define LSM_AUDIT_DATA_TASK 5
0068 #define LSM_AUDIT_DATA_KEY  6
0069 #define LSM_AUDIT_DATA_NONE 7
0070 #define LSM_AUDIT_DATA_KMOD 8
0071 #define LSM_AUDIT_DATA_INODE    9
0072 #define LSM_AUDIT_DATA_DENTRY   10
0073 #define LSM_AUDIT_DATA_IOCTL_OP 11
0074 #define LSM_AUDIT_DATA_FILE 12
0075 #define LSM_AUDIT_DATA_IBPKEY   13
0076 #define LSM_AUDIT_DATA_IBENDPORT 14
0077 #define LSM_AUDIT_DATA_LOCKDOWN 15
0078 #define LSM_AUDIT_DATA_NOTIFICATION 16
0079 #define LSM_AUDIT_DATA_ANONINODE    17
0080     union   {
0081         struct path path;
0082         struct dentry *dentry;
0083         struct inode *inode;
0084         struct lsm_network_audit *net;
0085         int cap;
0086         int ipc_id;
0087         struct task_struct *tsk;
0088 #ifdef CONFIG_KEYS
0089         struct {
0090             key_serial_t key;
0091             char *key_desc;
0092         } key_struct;
0093 #endif
0094         char *kmod_name;
0095         struct lsm_ioctlop_audit *op;
0096         struct file *file;
0097         struct lsm_ibpkey_audit *ibpkey;
0098         struct lsm_ibendport_audit *ibendport;
0099         int reason;
0100         const char *anonclass;
0101     } u;
0102     /* this union contains LSM specific data */
0103     union {
0104 #ifdef CONFIG_SECURITY_SMACK
0105         struct smack_audit_data *smack_audit_data;
0106 #endif
0107 #ifdef CONFIG_SECURITY_SELINUX
0108         struct selinux_audit_data *selinux_audit_data;
0109 #endif
0110 #ifdef CONFIG_SECURITY_APPARMOR
0111         struct apparmor_audit_data *apparmor_audit_data;
0112 #endif
0113     }; /* per LSM data pointer union */
0114 };
0115
0116 #define v4info fam.v4
0117 #define v6info fam.v6
0118
0119 int ipv4_skb_to_auditdata(struct sk_buff *skb,
0120         struct common_audit_data *ad, u8 *proto);
0121
0122 int ipv6_skb_to_auditdata(struct sk_buff *skb,
0123         struct common_audit_data *ad, u8 *proto);
0124
0125 void common_lsm_audit(struct common_audit_data *a,
0126     void (*pre_audit)(struct audit_buffer *, void *),
0127     void (*post_audit)(struct audit_buffer *, void *));
0128
0129 #endif