LCOV - code coverage report
Current view: top level - kernel - audit.h (source / functions) Hit Total Coverage
Test: coverage.info Lines: 0 1 0.0 %
Date: 2015-04-12 14:34:49 Functions: 0 0 -

          Line data    Source code
       1             : /* audit -- definition of audit_context structure and supporting types 
       2             :  *
       3             :  * Copyright 2003-2004 Red Hat, Inc.
       4             :  * Copyright 2005 Hewlett-Packard Development Company, L.P.
       5             :  * Copyright 2005 IBM Corporation
       6             :  *
       7             :  * This program is free software; you can redistribute it and/or modify
       8             :  * it under the terms of the GNU General Public License as published by
       9             :  * the Free Software Foundation; either version 2 of the License, or
      10             :  * (at your option) any later version.
      11             :  *
      12             :  * This program is distributed in the hope that it will be useful,
      13             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      14             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      15             :  * GNU General Public License for more details.
      16             :  *
      17             :  * You should have received a copy of the GNU General Public License
      18             :  * along with this program; if not, write to the Free Software
      19             :  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
      20             :  */
      21             : 
      22             : #include <linux/fs.h>
      23             : #include <linux/audit.h>
      24             : #include <linux/skbuff.h>
      25             : #include <uapi/linux/mqueue.h>
      26             : 
      27             : /* 0 = no checking
      28             :    1 = put_count checking
      29             :    2 = verbose put_count checking
      30             : */
      31             : #define AUDIT_DEBUG 0
      32             : 
      33             : /* AUDIT_NAMES is the number of slots we reserve in the audit_context
      34             :  * for saving names from getname().  If we get more names we will allocate
      35             :  * a name dynamically and also add those to the list anchored by names_list. */
      36             : #define AUDIT_NAMES     5
      37             : 
      38             : /* At task start time, the audit_state is set in the audit_context using
      39             :    a per-task filter.  At syscall entry, the audit_state is augmented by
      40             :    the syscall filter. */
      41             : enum audit_state {
      42             :         AUDIT_DISABLED,         /* Do not create per-task audit_context.
      43             :                                  * No syscall-specific audit records can
      44             :                                  * be generated. */
      45             :         AUDIT_BUILD_CONTEXT,    /* Create the per-task audit_context,
      46             :                                  * and fill it in at syscall
      47             :                                  * entry time.  This makes a full
      48             :                                  * syscall record available if some
      49             :                                  * other part of the kernel decides it
      50             :                                  * should be recorded. */
      51             :         AUDIT_RECORD_CONTEXT    /* Create the per-task audit_context,
      52             :                                  * always fill it in at syscall entry
      53             :                                  * time, and always write out the audit
      54             :                                  * record at syscall exit time.  */
      55             : };
      56             : 
      57             : /* Rule lists */
      58             : struct audit_watch;
      59             : struct audit_tree;
      60             : struct audit_chunk;
      61             : 
      62             : struct audit_entry {
      63             :         struct list_head        list;
      64             :         struct rcu_head         rcu;
      65             :         struct audit_krule      rule;
      66             : };
      67             : 
      68             : struct audit_cap_data {
      69             :         kernel_cap_t            permitted;
      70             :         kernel_cap_t            inheritable;
      71             :         union {
      72             :                 unsigned int    fE;             /* effective bit of file cap */
      73             :                 kernel_cap_t    effective;      /* effective set of process */
      74             :         };
      75             : };
      76             : 
      77             : /* When fs/namei.c:getname() is called, we store the pointer in name and
      78             :  * we don't let putname() free it (instead we free all of the saved
      79             :  * pointers at syscall exit time).
      80             :  *
      81             :  * Further, in fs/namei.c:path_lookup() we store the inode and device.
      82             :  */
      83             : struct audit_names {
      84             :         struct list_head        list;           /* audit_context->names_list */
      85             : 
      86             :         struct filename         *name;
      87             :         int                     name_len;       /* number of chars to log */
      88             :         bool                    hidden;         /* don't log this record */
      89             :         bool                    name_put;       /* call __putname()? */
      90             : 
      91             :         unsigned long           ino;
      92             :         dev_t                   dev;
      93             :         umode_t                 mode;
      94             :         kuid_t                  uid;
      95             :         kgid_t                  gid;
      96             :         dev_t                   rdev;
      97             :         u32                     osid;
      98             :         struct audit_cap_data   fcap;
      99             :         unsigned int            fcap_ver;
     100             :         unsigned char           type;           /* record type */
     101             :         /*
     102             :          * This was an allocated audit_names and not from the array of
     103             :          * names allocated in the task audit context.  Thus this name
     104             :          * should be freed on syscall exit.
     105             :          */
     106             :         bool                    should_free;
     107             : };
     108             : 
     109             : struct audit_proctitle {
     110             :         int     len;    /* length of the cmdline field. */
     111             :         char    *value; /* the cmdline field */
     112             : };
     113             : 
     114             : /* The per-task audit context. */
     115             : struct audit_context {
     116             :         int                 dummy;      /* must be the first element */
     117             :         int                 in_syscall; /* 1 if task is in a syscall */
     118             :         enum audit_state    state, current_state;
     119             :         unsigned int        serial;     /* serial number for record */
     120             :         int                 major;      /* syscall number */
     121             :         struct timespec     ctime;      /* time of syscall entry */
     122             :         unsigned long       argv[4];    /* syscall arguments */
     123             :         long                return_code;/* syscall return code */
     124             :         u64                 prio;
     125             :         int                 return_valid; /* return code is valid */
     126             :         /*
     127             :          * The names_list is the list of all audit_names collected during this
     128             :          * syscall.  The first AUDIT_NAMES entries in the names_list will
     129             :          * actually be from the preallocated_names array for performance
     130             :          * reasons.  Except during allocation they should never be referenced
     131             :          * through the preallocated_names array and should only be found/used
     132             :          * by running the names_list.
     133             :          */
     134             :         struct audit_names  preallocated_names[AUDIT_NAMES];
     135             :         int                 name_count; /* total records in names_list */
     136             :         struct list_head    names_list; /* struct audit_names->list anchor */
     137             :         char                *filterkey; /* key for rule that triggered record */
     138             :         struct path         pwd;
     139             :         struct audit_aux_data *aux;
     140             :         struct audit_aux_data *aux_pids;
     141             :         struct sockaddr_storage *sockaddr;
     142             :         size_t sockaddr_len;
     143             :                                 /* Save things to print about task_struct */
     144             :         pid_t               pid, ppid;
     145             :         kuid_t              uid, euid, suid, fsuid;
     146             :         kgid_t              gid, egid, sgid, fsgid;
     147             :         unsigned long       personality;
     148             :         int                 arch;
     149             : 
     150             :         pid_t               target_pid;
     151             :         kuid_t              target_auid;
     152             :         kuid_t              target_uid;
     153             :         unsigned int        target_sessionid;
     154             :         u32                 target_sid;
     155             :         char                target_comm[TASK_COMM_LEN];
     156             : 
     157             :         struct audit_tree_refs *trees, *first_trees;
     158             :         struct list_head killed_trees;
     159             :         int tree_count;
     160             : 
     161             :         int type;
     162             :         union {
     163             :                 struct {
     164             :                         int nargs;
     165             :                         long args[6];
     166             :                 } socketcall;
     167             :                 struct {
     168             :                         kuid_t                  uid;
     169             :                         kgid_t                  gid;
     170             :                         umode_t                 mode;
     171             :                         u32                     osid;
     172             :                         int                     has_perm;
     173             :                         uid_t                   perm_uid;
     174             :                         gid_t                   perm_gid;
     175             :                         umode_t                 perm_mode;
     176             :                         unsigned long           qbytes;
     177             :                 } ipc;
     178             :                 struct {
     179             :                         mqd_t                   mqdes;
     180             :                         struct mq_attr          mqstat;
     181             :                 } mq_getsetattr;
     182             :                 struct {
     183             :                         mqd_t                   mqdes;
     184             :                         int                     sigev_signo;
     185             :                 } mq_notify;
     186             :                 struct {
     187             :                         mqd_t                   mqdes;
     188             :                         size_t                  msg_len;
     189             :                         unsigned int            msg_prio;
     190             :                         struct timespec         abs_timeout;
     191             :                 } mq_sendrecv;
     192             :                 struct {
     193             :                         int                     oflag;
     194             :                         umode_t                 mode;
     195             :                         struct mq_attr          attr;
     196             :                 } mq_open;
     197             :                 struct {
     198             :                         pid_t                   pid;
     199             :                         struct audit_cap_data   cap;
     200             :                 } capset;
     201             :                 struct {
     202             :                         int                     fd;
     203             :                         int                     flags;
     204             :                 } mmap;
     205             :                 struct {
     206             :                         int                     argc;
     207             :                 } execve;
     208             :         };
     209             :         int fds[2];
     210             :         struct audit_proctitle proctitle;
     211             : 
     212             : #if AUDIT_DEBUG
     213             :         int                 put_count;
     214             :         int                 ino_count;
     215             : #endif
     216             : };
     217             : 
     218             : extern u32 audit_ever_enabled;
     219             : 
     220             : extern void audit_copy_inode(struct audit_names *name,
     221             :                              const struct dentry *dentry,
     222             :                              const struct inode *inode);
     223             : extern void audit_log_cap(struct audit_buffer *ab, char *prefix,
     224             :                           kernel_cap_t *cap);
     225             : extern void audit_log_name(struct audit_context *context,
     226             :                            struct audit_names *n, struct path *path,
     227             :                            int record_num, int *call_panic);
     228             : 
     229             : extern int audit_pid;
     230             : 
     231             : #define AUDIT_INODE_BUCKETS     32
     232             : extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
     233             : 
     234             : static inline int audit_hash_ino(u32 ino)
     235             : {
     236           0 :         return (ino & (AUDIT_INODE_BUCKETS-1));
     237             : }
     238             : 
     239             : /* Indicates that audit should log the full pathname. */
     240             : #define AUDIT_NAME_FULL -1
     241             : 
     242             : extern int audit_match_class(int class, unsigned syscall);
     243             : extern int audit_comparator(const u32 left, const u32 op, const u32 right);
     244             : extern int audit_uid_comparator(kuid_t left, u32 op, kuid_t right);
     245             : extern int audit_gid_comparator(kgid_t left, u32 op, kgid_t right);
     246             : extern int parent_len(const char *path);
     247             : extern int audit_compare_dname_path(const char *dname, const char *path, int plen);
     248             : extern struct sk_buff *audit_make_reply(__u32 portid, int seq, int type,
     249             :                                         int done, int multi,
     250             :                                         const void *payload, int size);
     251             : extern void                 audit_panic(const char *message);
     252             : 
     253             : struct audit_netlink_list {
     254             :         __u32 portid;
     255             :         struct net *net;
     256             :         struct sk_buff_head q;
     257             : };
     258             : 
     259             : int audit_send_list(void *);
     260             : 
     261             : struct audit_net {
     262             :         struct sock *nlsk;
     263             : };
     264             : 
     265             : extern int selinux_audit_rule_update(void);
     266             : 
     267             : extern struct mutex audit_filter_mutex;
     268             : extern void audit_free_rule_rcu(struct rcu_head *);
     269             : extern struct list_head audit_filter_list[];
     270             : 
     271             : extern struct audit_entry *audit_dupe_rule(struct audit_krule *old);
     272             : 
     273             : /* audit watch functions */
     274             : #ifdef CONFIG_AUDIT_WATCH
     275             : extern void audit_put_watch(struct audit_watch *watch);
     276             : extern void audit_get_watch(struct audit_watch *watch);
     277             : extern int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op);
     278             : extern int audit_add_watch(struct audit_krule *krule, struct list_head **list);
     279             : extern void audit_remove_watch_rule(struct audit_krule *krule);
     280             : extern char *audit_watch_path(struct audit_watch *watch);
     281             : extern int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t dev);
     282             : #else
     283             : #define audit_put_watch(w) {}
     284             : #define audit_get_watch(w) {}
     285             : #define audit_to_watch(k, p, l, o) (-EINVAL)
     286             : #define audit_add_watch(k, l) (-EINVAL)
     287             : #define audit_remove_watch_rule(k) BUG()
     288             : #define audit_watch_path(w) ""
     289             : #define audit_watch_compare(w, i, d) 0
     290             : 
     291             : #endif /* CONFIG_AUDIT_WATCH */
     292             : 
     293             : #ifdef CONFIG_AUDIT_TREE
     294             : extern struct audit_chunk *audit_tree_lookup(const struct inode *);
     295             : extern void audit_put_chunk(struct audit_chunk *);
     296             : extern int audit_tree_match(struct audit_chunk *, struct audit_tree *);
     297             : extern int audit_make_tree(struct audit_krule *, char *, u32);
     298             : extern int audit_add_tree_rule(struct audit_krule *);
     299             : extern int audit_remove_tree_rule(struct audit_krule *);
     300             : extern void audit_trim_trees(void);
     301             : extern int audit_tag_tree(char *old, char *new);
     302             : extern const char *audit_tree_path(struct audit_tree *);
     303             : extern void audit_put_tree(struct audit_tree *);
     304             : extern void audit_kill_trees(struct list_head *);
     305             : #else
     306             : #define audit_remove_tree_rule(rule) BUG()
     307             : #define audit_add_tree_rule(rule) -EINVAL
     308             : #define audit_make_tree(rule, str, op) -EINVAL
     309             : #define audit_trim_trees() (void)0
     310             : #define audit_put_tree(tree) (void)0
     311             : #define audit_tag_tree(old, new) -EINVAL
     312             : #define audit_tree_path(rule) ""      /* never called */
     313             : #define audit_kill_trees(list) BUG()
     314             : #endif
     315             : 
     316             : extern char *audit_unpack_string(void **, size_t *, size_t);
     317             : 
     318             : extern pid_t audit_sig_pid;
     319             : extern kuid_t audit_sig_uid;
     320             : extern u32 audit_sig_sid;
     321             : 
     322             : #ifdef CONFIG_AUDITSYSCALL
     323             : extern int __audit_signal_info(int sig, struct task_struct *t);
     324             : static inline int audit_signal_info(int sig, struct task_struct *t)
     325             : {
     326             :         if (unlikely((audit_pid && t->tgid == audit_pid) ||
     327             :                      (audit_signals && !audit_dummy_context())))
     328             :                 return __audit_signal_info(sig, t);
     329             :         return 0;
     330             : }
     331             : extern void audit_filter_inodes(struct task_struct *, struct audit_context *);
     332             : extern struct list_head *audit_killed_trees(void);
     333             : #else
     334             : #define audit_signal_info(s,t) AUDIT_DISABLED
     335             : #define audit_filter_inodes(t,c) AUDIT_DISABLED
     336             : #endif
     337             : 
     338             : extern struct mutex audit_cmd_mutex;

Generated by: LCOV version 1.11