1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * Common LSM logging functions
4 * Heavily borrowed from selinux/avc.h
5 *
6 * Author : Etienne BASSET <etienne.basset@ensta.org>
7 *
8 * All credits to : Stephen Smalley, <sds@tycho.nsa.gov>
9 * All BUGS to : Etienne BASSET <etienne.basset@ensta.org>
10 */
11 #ifndef _LSM_COMMON_LOGGING_
12 #define _LSM_COMMON_LOGGING_
13
14 #include <linux/stddef.h>
15 #include <linux/errno.h>
16 #include <linux/kernel.h>
17 #include <linux/kdev_t.h>
18 #include <linux/spinlock.h>
19 #include <linux/init.h>
20 #include <linux/audit.h>
21 #include <linux/in6.h>
22 #include <linux/path.h>
23 #include <linux/key.h>
24 #include <linux/skbuff.h>
25 #include <rdma/ib_verbs.h>
26
27 struct lsm_network_audit {
28 int netif;
29 const struct sock *sk;
30 u16 family;
31 __be16 dport;
32 __be16 sport;
33 union {
34 struct {
35 __be32 daddr;
36 __be32 saddr;
37 } v4;
38 struct {
39 struct in6_addr daddr;
40 struct in6_addr saddr;
41 } v6;
42 } fam;
43 };
44
45 struct lsm_ioctlop_audit {
46 struct path path;
47 u16 cmd;
48 };
49
50 struct lsm_ibpkey_audit {
51 u64 subnet_prefix;
52 u16 pkey;
53 };
54
55 struct lsm_ibendport_audit {
56 const char *dev_name;
57 u8 port;
58 };
59
60 /* Auxiliary data to use in generating the audit record. */
61 struct common_audit_data {
62 char type;
63 #define LSM_AUDIT_DATA_PATH 1
64 #define LSM_AUDIT_DATA_NET 2
65 #define LSM_AUDIT_DATA_CAP 3
66 #define LSM_AUDIT_DATA_IPC 4
67 #define LSM_AUDIT_DATA_TASK 5
68 #define LSM_AUDIT_DATA_KEY 6
69 #define LSM_AUDIT_DATA_NONE 7
70 #define LSM_AUDIT_DATA_KMOD 8
71 #define LSM_AUDIT_DATA_INODE 9
72 #define LSM_AUDIT_DATA_DENTRY 10
73 #define LSM_AUDIT_DATA_IOCTL_OP 11
74 #define LSM_AUDIT_DATA_FILE 12
75 #define LSM_AUDIT_DATA_IBPKEY 13
76 #define LSM_AUDIT_DATA_IBENDPORT 14
77 #define LSM_AUDIT_DATA_LOCKDOWN 15
78 #define LSM_AUDIT_DATA_NOTIFICATION 16
79 #define LSM_AUDIT_DATA_ANONINODE 17
80 union {
81 struct path path;
82 struct dentry *dentry;
83 struct inode *inode;
84 struct lsm_network_audit *net;
85 int cap;
86 int ipc_id;
87 struct task_struct *tsk;
88 #ifdef CONFIG_KEYS
89 struct {
90 key_serial_t key;
91 char *key_desc;
92 } key_struct;
93 #endif
94 char *kmod_name;
95 struct lsm_ioctlop_audit *op;
96 struct file *file;
97 struct lsm_ibpkey_audit *ibpkey;
98 struct lsm_ibendport_audit *ibendport;
99 int reason;
100 const char *anonclass;
101 } u;
102 /* this union contains LSM specific data */
103 union {
104 #ifdef CONFIG_SECURITY_SMACK
105 struct smack_audit_data *smack_audit_data;
106 #endif
107 #ifdef CONFIG_SECURITY_SELINUX
108 struct selinux_audit_data *selinux_audit_data;
109 #endif
110 #ifdef CONFIG_SECURITY_APPARMOR
111 struct apparmor_audit_data *apparmor_audit_data;
112 #endif
113 }; /* per LSM data pointer union */
114 };
115
116 #define v4info fam.v4
117 #define v6info fam.v6
118
119 int ipv4_skb_to_auditdata(struct sk_buff *skb,
120 struct common_audit_data *ad, u8 *proto);
121
122 int ipv6_skb_to_auditdata(struct sk_buff *skb,
123 struct common_audit_data *ad, u8 *proto);
124
125 void common_lsm_audit(struct common_audit_data *a,
126 void (*pre_audit)(struct audit_buffer *, void *),
127 void (*post_audit)(struct audit_buffer *, void *));
128
129 #endif
130
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.