• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /netgear-R7000-V1.0.7.12_1.2.5/components/opensource/linux/linux-2.6.36/security/apparmor/include/
1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor auditing function definitions.
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15#ifndef __AA_AUDIT_H
16#define __AA_AUDIT_H
17
18#include <linux/audit.h>
19#include <linux/fs.h>
20#include <linux/lsm_audit.h>
21#include <linux/sched.h>
22#include <linux/slab.h>
23
24#include "file.h"
25
26struct aa_profile;
27
28extern const char *audit_mode_names[];
29#define AUDIT_MAX_INDEX 5
30
31#define AUDIT_APPARMOR_AUTO 0	/* auto choose audit message type */
32
33enum audit_mode {
34	AUDIT_NORMAL,		/* follow normal auditing of accesses */
35	AUDIT_QUIET_DENIED,	/* quiet all denied access messages */
36	AUDIT_QUIET,		/* quiet all messages */
37	AUDIT_NOQUIET,		/* do not quiet audit messages */
38	AUDIT_ALL		/* audit all accesses */
39};
40
41enum audit_type {
42	AUDIT_APPARMOR_AUDIT,
43	AUDIT_APPARMOR_ALLOWED,
44	AUDIT_APPARMOR_DENIED,
45	AUDIT_APPARMOR_HINT,
46	AUDIT_APPARMOR_STATUS,
47	AUDIT_APPARMOR_ERROR,
48	AUDIT_APPARMOR_KILL
49};
50
51extern const char *op_table[];
52enum aa_ops {
53	OP_NULL,
54
55	OP_SYSCTL,
56	OP_CAPABLE,
57
58	OP_UNLINK,
59	OP_MKDIR,
60	OP_RMDIR,
61	OP_MKNOD,
62	OP_TRUNC,
63	OP_LINK,
64	OP_SYMLINK,
65	OP_RENAME_SRC,
66	OP_RENAME_DEST,
67	OP_CHMOD,
68	OP_CHOWN,
69	OP_GETATTR,
70	OP_OPEN,
71
72	OP_FPERM,
73	OP_FLOCK,
74	OP_FMMAP,
75	OP_FMPROT,
76
77	OP_CREATE,
78	OP_POST_CREATE,
79	OP_BIND,
80	OP_CONNECT,
81	OP_LISTEN,
82	OP_ACCEPT,
83	OP_SENDMSG,
84	OP_RECVMSG,
85	OP_GETSOCKNAME,
86	OP_GETPEERNAME,
87	OP_GETSOCKOPT,
88	OP_SETSOCKOPT,
89	OP_SOCK_SHUTDOWN,
90
91	OP_PTRACE,
92
93	OP_EXEC,
94	OP_CHANGE_HAT,
95	OP_CHANGE_PROFILE,
96	OP_CHANGE_ONEXEC,
97
98	OP_SETPROCATTR,
99	OP_SETRLIMIT,
100
101	OP_PROF_REPL,
102	OP_PROF_LOAD,
103	OP_PROF_RM,
104};
105
106
107/* define a short hand for apparmor_audit_data portion of common_audit_data */
108#define aad apparmor_audit_data
109
110void aa_audit_msg(int type, struct common_audit_data *sa,
111		  void (*cb) (struct audit_buffer *, void *));
112int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
113	     struct common_audit_data *sa,
114	     void (*cb) (struct audit_buffer *, void *));
115
116static inline int complain_error(int error)
117{
118	if (error == -EPERM || error == -EACCES)
119		return 0;
120	return error;
121}
122
123#endif /* __AA_AUDIT_H */
124