projects / linux-block.git / blame
| Commit | Line | Data |
|---|---|---|
| b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
| 6e837fb1 EB |
2 | /* |
| 3 | * Common LSM logging functions | |
| 4 | * Heavily borrowed from selinux/avc.h | |
| 5 | * | |
| 6 | * Author : Etienne BASSET <etienne.basset@ensta.org> | |
| 7 | * | |
| 9da4f4f9 | 8 | * All credits to : Stephen Smalley |
| 6e837fb1 EB |
9 | * All BUGS to : Etienne BASSET <etienne.basset@ensta.org> |
| 10 | */ | |
| 11 | #ifndef _LSM_COMMON_LOGGING_ | |
| 12 | #define _LSM_COMMON_LOGGING_ | |
| 13 | ||
| 14 | #include <linux/stddef.h> | |
| 15 | #include <linux/errno.h> | |
| 16 | #include <linux/kernel.h> | |
| 17 | #include <linux/kdev_t.h> | |
| 18 | #include <linux/spinlock.h> | |
| 19 | #include <linux/init.h> | |
| 20 | #include <linux/audit.h> | |
| 21 | #include <linux/in6.h> | |
| 22 | #include <linux/path.h> | |
| 23 | #include <linux/key.h> | |
| 24 | #include <linux/skbuff.h> | |
| ab861dfc | 25 | #include <rdma/ib_verbs.h> |
| 6e837fb1 | 26 | |
| 48c62af6 EP |
27 | struct lsm_network_audit { |
| 28 | int netif; | |
| 41dd9596 | 29 | const struct sock *sk; |
| 48c62af6 EP |
30 | u16 family; |
| 31 | __be16 dport; | |
| 32 | __be16 sport; | |
| 33 | union { | |
| 34 | struct { | |
| 35 | __be32 daddr; | |
| 36 | __be32 saddr; | |
| 37 | } v4; | |
| 38 | struct { | |
| 39 | struct in6_addr daddr; | |
| 40 | struct in6_addr saddr; | |
| 41 | } v6; | |
| 42 | } fam; | |
| 43 | }; | |
| 6e837fb1 | 44 | |
| 671a2781 JVS |
45 | struct lsm_ioctlop_audit { |
| 46 | struct path path; | |
| 47 | u16 cmd; | |
| 48 | }; | |
| 49 | ||
| cfc4d882 | 50 | struct lsm_ibpkey_audit { |
| 869cbeef OM |
51 | u64 subnet_prefix; |
| 52 | u16 pkey; | |
| cfc4d882 DJ |
53 | }; |
| 54 | ||
| ab861dfc | 55 | struct lsm_ibendport_audit { |
| 869cbeef OM |
56 | const char *dev_name; |
| 57 | u8 port; | |
| ab861dfc DJ |
58 | }; |
| 59 | ||
| 6e837fb1 EB |
60 | /* Auxiliary data to use in generating the audit record. */ |
| 61 | struct common_audit_data { | |
| dd8dbf2e | 62 | char type; |
| f48b7399 | 63 | #define LSM_AUDIT_DATA_PATH 1 |
| dd8dbf2e EP |
64 | #define LSM_AUDIT_DATA_NET 2 |
| 65 | #define LSM_AUDIT_DATA_CAP 3 | |
| 66 | #define LSM_AUDIT_DATA_IPC 4 | |
| 67 | #define LSM_AUDIT_DATA_TASK 5 | |
| 68 | #define LSM_AUDIT_DATA_KEY 6 | |
| cb84aa9b | 69 | #define LSM_AUDIT_DATA_NONE 7 |
| dd8dbf2e | 70 | #define LSM_AUDIT_DATA_KMOD 8 |
| f48b7399 | 71 | #define LSM_AUDIT_DATA_INODE 9 |
| a269434d | 72 | #define LSM_AUDIT_DATA_DENTRY 10 |
| 671a2781 | 73 | #define LSM_AUDIT_DATA_IOCTL_OP 11 |
| 43af5de7 | 74 | #define LSM_AUDIT_DATA_FILE 12 |
| cfc4d882 | 75 | #define LSM_AUDIT_DATA_IBPKEY 13 |
| ab861dfc | 76 | #define LSM_AUDIT_DATA_IBENDPORT 14 |
| 59438b46 | 77 | #define LSM_AUDIT_DATA_LOCKDOWN 15 |
| a8478a60 | 78 | #define LSM_AUDIT_DATA_NOTIFICATION 16 |
| c29722fa | 79 | #define LSM_AUDIT_DATA_ANONINODE 17 |
| 2ef6fc99 | 80 | #define LSM_AUDIT_DATA_NLMSGTYPE 18 |
| 6e837fb1 | 81 | union { |
| f48b7399 | 82 | struct path path; |
| a269434d | 83 | struct dentry *dentry; |
| f48b7399 | 84 | struct inode *inode; |
| 48c62af6 | 85 | struct lsm_network_audit *net; |
| 6e837fb1 EB |
86 | int cap; |
| 87 | int ipc_id; | |
| 88 | struct task_struct *tsk; | |
| 89 | #ifdef CONFIG_KEYS | |
| 90 | struct { | |
| 91 | key_serial_t key; | |
| 92 | char *key_desc; | |
| 93 | } key_struct; | |
| 94 | #endif | |
| dd8dbf2e | 95 | char *kmod_name; |
| 671a2781 | 96 | struct lsm_ioctlop_audit *op; |
| 43af5de7 | 97 | struct file *file; |
| cfc4d882 | 98 | struct lsm_ibpkey_audit *ibpkey; |
| ab861dfc | 99 | struct lsm_ibendport_audit *ibendport; |
| 59438b46 | 100 | int reason; |
| c29722fa | 101 | const char *anonclass; |
| 2ef6fc99 | 102 | u16 nlmsg_type; |
| 6e837fb1 | 103 | } u; |
| 6e837fb1 EB |
104 | /* this union contains LSM specific data */ |
| 105 | union { | |
| 65c3f0a2 | 106 | #ifdef CONFIG_SECURITY_SMACK |
| 3b3b0e4f | 107 | struct smack_audit_data *smack_audit_data; |
| 65c3f0a2 TL |
108 | #endif |
| 109 | #ifdef CONFIG_SECURITY_SELINUX | |
| 3b3b0e4f | 110 | struct selinux_audit_data *selinux_audit_data; |
| 67012e82 JJ |
111 | #endif |
| 112 | #ifdef CONFIG_SECURITY_APPARMOR | |
| 3b3b0e4f | 113 | struct apparmor_audit_data *apparmor_audit_data; |
| 65c3f0a2 | 114 | #endif |
| 3b3b0e4f | 115 | }; /* per LSM data pointer union */ |
| 6e837fb1 EB |
116 | }; |
| 117 | ||
| 118 | #define v4info fam.v4 | |
| 119 | #define v6info fam.v6 | |
| 120 | ||
| 7ccbe076 MS |
121 | #ifdef CONFIG_AUDIT |
| 122 | ||
| 6e837fb1 EB |
123 | int ipv4_skb_to_auditdata(struct sk_buff *skb, |
| 124 | struct common_audit_data *ad, u8 *proto); | |
| 125 | ||
| 7ccbe076 | 126 | #if IS_ENABLED(CONFIG_IPV6) |
| 6e837fb1 EB |
127 | int ipv6_skb_to_auditdata(struct sk_buff *skb, |
| 128 | struct common_audit_data *ad, u8 *proto); | |
| 7ccbe076 | 129 | #endif /* IS_ENABLED(CONFIG_IPV6) */ |
| 6e837fb1 | 130 | |
| b61c37f5 LT |
131 | void common_lsm_audit(struct common_audit_data *a, |
| 132 | void (*pre_audit)(struct audit_buffer *, void *), | |
| 133 | void (*post_audit)(struct audit_buffer *, void *)); | |
| 6e837fb1 | 134 | |
| 9b08a166 MS |
135 | void audit_log_lsm_data(struct audit_buffer *ab, |
| 136 | const struct common_audit_data *a); | |
| 137 | ||
| 7ccbe076 MS |
138 | #else /* CONFIG_AUDIT */ |
| 139 | ||
| 140 | static inline void common_lsm_audit(struct common_audit_data *a, | |
| 141 | void (*pre_audit)(struct audit_buffer *, void *), | |
| 142 | void (*post_audit)(struct audit_buffer *, void *)) | |
| 143 | { | |
| 144 | } | |
| 145 | ||
| 9b08a166 MS |
146 | static inline void audit_log_lsm_data(struct audit_buffer *ab, |
| 147 | const struct common_audit_data *a) | |
| 148 | { | |
| 149 | } | |
| 150 | ||
| 7ccbe076 MS |
151 | #endif /* CONFIG_AUDIT */ |
| 152 | ||
| 6e837fb1 | 153 | #endif |