1 /* SPDX-License-Identifier: GPL-2.0-only */ 1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 2 /* 3 * SELinux support for the Audit LSM hooks 3 * SELinux support for the Audit LSM hooks 4 * 4 * 5 * Author: James Morris <jmorris@redhat.com> 5 * Author: James Morris <jmorris@redhat.com> 6 * 6 * 7 * Copyright (C) 2005 Red Hat, Inc., James Mor 7 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com> 8 * Copyright (C) 2006 Trusted Computer Solutio 8 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * Copyright (C) 2006 IBM Corporation, Timothy 9 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com> 10 */ 10 */ 11 11 12 #ifndef _SELINUX_AUDIT_H 12 #ifndef _SELINUX_AUDIT_H 13 #define _SELINUX_AUDIT_H 13 #define _SELINUX_AUDIT_H 14 14 15 #include <linux/audit.h> 15 #include <linux/audit.h> 16 #include <linux/types.h> 16 #include <linux/types.h> 17 17 18 /** 18 /** 19 * selinux_audit_rule_init - alloc/init a 19 * selinux_audit_rule_init - alloc/init an selinux audit rule structure. 20 * @field: the field this rule refers to 20 * @field: the field this rule refers to 21 * @op: the operator the rule uses 21 * @op: the operator the rule uses 22 * @rulestr: the text "target" of the rul 22 * @rulestr: the text "target" of the rule 23 * @rule: pointer to the new rule structu 23 * @rule: pointer to the new rule structure returned via this 24 * @gfp: GFP flag used for kmalloc << 25 * 24 * 26 * Returns 0 if successful, -errno if not 25 * Returns 0 if successful, -errno if not. On success, the rule structure 27 * will be allocated internally. The cal 26 * will be allocated internally. The caller must free this structure with 28 * selinux_audit_rule_free() after use. 27 * selinux_audit_rule_free() after use. 29 */ 28 */ 30 int selinux_audit_rule_init(u32 field, u32 op, !! 29 int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule); 31 gfp_t gfp); << 32 30 33 /** 31 /** 34 * selinux_audit_rule_free - free an seli 32 * selinux_audit_rule_free - free an selinux audit rule structure. 35 * @rule: pointer to the audit rule to be 33 * @rule: pointer to the audit rule to be freed 36 * 34 * 37 * This will free all memory associated w 35 * This will free all memory associated with the given rule. 38 * If @rule is NULL, no operation is perf 36 * If @rule is NULL, no operation is performed. 39 */ 37 */ 40 void selinux_audit_rule_free(void *rule); 38 void selinux_audit_rule_free(void *rule); 41 39 42 /** 40 /** 43 * selinux_audit_rule_match - determine i 41 * selinux_audit_rule_match - determine if a context ID matches a rule. 44 * @sid: the context ID to check 42 * @sid: the context ID to check 45 * @field: the field this rule refers to 43 * @field: the field this rule refers to 46 * @op: the operator the rule uses 44 * @op: the operator the rule uses 47 * @rule: pointer to the audit rule to ch 45 * @rule: pointer to the audit rule to check against 48 * 46 * 49 * Returns 1 if the context id matches th 47 * Returns 1 if the context id matches the rule, 0 if it does not, and 50 * -errno on failure. 48 * -errno on failure. 51 */ 49 */ 52 int selinux_audit_rule_match(u32 sid, u32 fiel 50 int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule); 53 51 54 /** 52 /** 55 * selinux_audit_rule_known - check to se 53 * selinux_audit_rule_known - check to see if rule contains selinux fields. 56 * @rule: rule to be checked 54 * @rule: rule to be checked 57 * Returns 1 if there are selinux fields 55 * Returns 1 if there are selinux fields specified in the rule, 0 otherwise. 58 */ 56 */ 59 int selinux_audit_rule_known(struct audit_krul 57 int selinux_audit_rule_known(struct audit_krule *rule); 60 58 61 #endif /* _SELINUX_AUDIT_H */ 59 #endif /* _SELINUX_AUDIT_H */ >> 60 62 61
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.