1 /* SPDX-License-Identifier: GPL-2.0-only */ 1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /* 2 /*
3 * SELinux support for the Audit LSM hooks 3 * SELinux support for the Audit LSM hooks
4 * 4 *
5 * Author: James Morris <jmorris@redhat.com> 5 * Author: James Morris <jmorris@redhat.com>
6 * 6 *
7 * Copyright (C) 2005 Red Hat, Inc., James Mor 7 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
8 * Copyright (C) 2006 Trusted Computer Solutio 8 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9 * Copyright (C) 2006 IBM Corporation, Timothy 9 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
10 */ 10 */
11 11
12 #ifndef _SELINUX_AUDIT_H 12 #ifndef _SELINUX_AUDIT_H
13 #define _SELINUX_AUDIT_H 13 #define _SELINUX_AUDIT_H
14 14
15 #include <linux/audit.h> 15 #include <linux/audit.h>
16 #include <linux/types.h> 16 #include <linux/types.h>
17 17
18 /** 18 /**
19 * selinux_audit_rule_init - alloc/init a 19 * selinux_audit_rule_init - alloc/init an selinux audit rule structure.
20 * @field: the field this rule refers to 20 * @field: the field this rule refers to
21 * @op: the operator the rule uses 21 * @op: the operator the rule uses
22 * @rulestr: the text "target" of the rul 22 * @rulestr: the text "target" of the rule
23 * @rule: pointer to the new rule structu 23 * @rule: pointer to the new rule structure returned via this
24 * @gfp: GFP flag used for kmalloc 24 * @gfp: GFP flag used for kmalloc
25 * 25 *
26 * Returns 0 if successful, -errno if not 26 * Returns 0 if successful, -errno if not. On success, the rule structure
27 * will be allocated internally. The cal 27 * will be allocated internally. The caller must free this structure with
28 * selinux_audit_rule_free() after use. 28 * selinux_audit_rule_free() after use.
29 */ 29 */
30 int selinux_audit_rule_init(u32 field, u32 op, 30 int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule,
31 gfp_t gfp); 31 gfp_t gfp);
32 32
33 /** 33 /**
34 * selinux_audit_rule_free - free an seli 34 * selinux_audit_rule_free - free an selinux audit rule structure.
35 * @rule: pointer to the audit rule to be 35 * @rule: pointer to the audit rule to be freed
36 * 36 *
37 * This will free all memory associated w 37 * This will free all memory associated with the given rule.
38 * If @rule is NULL, no operation is perf 38 * If @rule is NULL, no operation is performed.
39 */ 39 */
40 void selinux_audit_rule_free(void *rule); 40 void selinux_audit_rule_free(void *rule);
41 41
42 /** 42 /**
43 * selinux_audit_rule_match - determine i 43 * selinux_audit_rule_match - determine if a context ID matches a rule.
44 * @sid: the context ID to check 44 * @sid: the context ID to check
45 * @field: the field this rule refers to 45 * @field: the field this rule refers to
46 * @op: the operator the rule uses 46 * @op: the operator the rule uses
47 * @rule: pointer to the audit rule to ch 47 * @rule: pointer to the audit rule to check against
48 * 48 *
49 * Returns 1 if the context id matches th 49 * Returns 1 if the context id matches the rule, 0 if it does not, and
50 * -errno on failure. 50 * -errno on failure.
51 */ 51 */
52 int selinux_audit_rule_match(u32 sid, u32 fiel 52 int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule);
53 53
54 /** 54 /**
55 * selinux_audit_rule_known - check to se 55 * selinux_audit_rule_known - check to see if rule contains selinux fields.
56 * @rule: rule to be checked 56 * @rule: rule to be checked
57 * Returns 1 if there are selinux fields 57 * Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
58 */ 58 */
59 int selinux_audit_rule_known(struct audit_krul 59 int selinux_audit_rule_known(struct audit_krule *rule);
60 60
61 #endif /* _SELINUX_AUDIT_H */ 61 #endif /* _SELINUX_AUDIT_H */
>> 62
62 63
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.