diff options
Diffstat (limited to 'include/linux/audit.h')
-rw-r--r-- | include/linux/audit.h | 43 |
1 files changed, 28 insertions, 15 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index fccc6e50298a..4bbd8601b8f0 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -63,9 +63,12 @@ #define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */ #define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */ #define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */ +#define AUDIT_TTY_GET 1014 /* Get TTY auditing status */ +#define AUDIT_TTY_SET 1015 /* Set TTY auditing status */ #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ #define AUDIT_USER_AVC 1107 /* We filter this differently */ +#define AUDIT_USER_TTY 1124 /* Non-ICANON TTY input meaning */ #define AUDIT_LAST_USER_MSG 1199 #define AUDIT_FIRST_USER_MSG2 2100 /* More user space messages */ #define AUDIT_LAST_USER_MSG2 2999 @@ -92,6 +95,7 @@ #define AUDIT_KERNEL_OTHER 1316 /* For use by 3rd party modules */ #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */ #define AUDIT_OBJ_PID 1318 /* ptrace target */ +#define AUDIT_TTY 1319 /* Input on an administrative TTY */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ @@ -157,7 +161,7 @@ * are currently used in an audit field constant understood by the kernel. * If you are adding a new #define AUDIT_<whatever>, please ensure that * AUDIT_UNUSED_BITS is updated if need be. */ -#define AUDIT_UNUSED_BITS 0x0FFFFC00 +#define AUDIT_UNUSED_BITS 0x07FFFC00 /* Rule fields */ @@ -209,25 +213,29 @@ #define AUDIT_NEGATE 0x80000000 /* These are the supported operators. - * 4 2 1 - * = > < - * ------- - * 0 0 0 0 nonsense - * 0 0 1 1 < - * 0 1 0 2 > - * 0 1 1 3 != - * 1 0 0 4 = - * 1 0 1 5 <= - * 1 1 0 6 >= - * 1 1 1 7 all operators + * 4 2 1 8 + * = > < ? + * ---------- + * 0 0 0 0 00 nonsense + * 0 0 0 1 08 & bit mask + * 0 0 1 0 10 < + * 0 1 0 0 20 > + * 0 1 1 0 30 != + * 1 0 0 0 40 = + * 1 0 0 1 48 &= bit test + * 1 0 1 0 50 <= + * 1 1 0 0 60 >= + * 1 1 1 1 78 all operators */ +#define AUDIT_BIT_MASK 0x08000000 #define AUDIT_LESS_THAN 0x10000000 #define AUDIT_GREATER_THAN 0x20000000 #define AUDIT_NOT_EQUAL 0x30000000 #define AUDIT_EQUAL 0x40000000 +#define AUDIT_BIT_TEST (AUDIT_BIT_MASK|AUDIT_EQUAL) #define AUDIT_LESS_THAN_OR_EQUAL (AUDIT_LESS_THAN|AUDIT_EQUAL) #define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL) -#define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL) +#define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK) /* Status symbols */ /* Mask values */ @@ -289,6 +297,10 @@ struct audit_status { __u32 backlog; /* messages waiting in queue */ }; +struct audit_tty_status { + __u32 enabled; /* 1 = enabled, 0 = disabled */ +}; + /* audit_rule_data supports filter rules with both integer and string * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and * AUDIT_LIST_RULES requests. @@ -399,7 +411,6 @@ extern int audit_bprm(struct linux_binprm *bprm); extern int audit_socketcall(int nargs, unsigned long *args); extern int audit_sockaddr(int len, void *addr); extern int __audit_fd_pair(int fd1, int fd2); -extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); extern int audit_set_macxattr(const char *name); extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr); extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout); @@ -479,7 +490,6 @@ extern int audit_signals; #define audit_socketcall(n,a) ({ 0; }) #define audit_fd_pair(n,a) ({ 0; }) #define audit_sockaddr(len, addr) ({ 0; }) -#define audit_avc_path(dentry, mnt) ({ 0; }) #define audit_set_macxattr(n) do { ; } while (0) #define audit_mq_open(o,m,a) ({ 0; }) #define audit_mq_timedsend(d,l,p,t) ({ 0; }) @@ -515,11 +525,13 @@ extern void audit_log_d_path(struct audit_buffer *ab, const char *prefix, struct dentry *dentry, struct vfsmount *vfsmnt); +extern void audit_log_lost(const char *message); /* Private API (for audit.c only) */ extern int audit_filter_user(struct netlink_skb_parms *cb, int type); extern int audit_filter_type(int type); extern int audit_receive_filter(int type, int pid, int uid, int seq, void *data, size_t datasz, uid_t loginuid, u32 sid); +extern int audit_enabled; #else #define audit_log(c,g,t,f,...) do { ; } while (0) #define audit_log_start(c,g,t) ({ NULL; }) @@ -530,6 +542,7 @@ extern int audit_receive_filter(int type, int pid, int uid, int seq, #define audit_log_untrustedstring(a,s) do { ; } while (0) #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0) #define audit_log_d_path(b,p,d,v) do { ; } while (0) +#define audit_enabled 0 #endif #endif #endif |