security/apparmor/include/audit.h

Source file repositories/reference/linux-study-clean/security/apparmor/include/audit.h

File Facts

System
Linux kernel
Corpus path
security/apparmor/include/audit.h
Extension
.h
Size
4999 bytes
Lines
213
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: implementation source
Status
source implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

struct apparmor_audit_data {
	int error;
	int type;
	u16 class;
	const char *op;
	const struct cred *subj_cred;
	struct aa_label *subj_label;
	const char *name;
	const char *info;
	u32 request;
	u32 denied;
	u32 tags;

	union {
		/* these entries require a custom callback fn */
		struct {
			struct aa_label *peer;
			union {
				struct {
					const char *target;
					kuid_t ouid;
				} fs;
				struct {
					int rlim;
					unsigned long max;
				} rlim;
				struct {
					int signal;
					int unmappedsig;
				};
				struct {
					int type, protocol;
					void *addr;
					int addrlen;
					struct {
						void *addr;
						int addrlen;
					} peer;
				} net;
			};
		};
		struct {
			struct aa_profile *profile;
			const char *ns;
			long pos;
		} iface;
		struct {
			const char *src_name;
			const char *type;
			const char *trans;
			const char *data;
			unsigned long flags;
		} mnt;
		struct {
			struct aa_label *target;
		} uring;
	};

	struct common_audit_data common;
};

/* macros for dealing with  apparmor_audit_data structure */
#define aad(SA) (container_of(SA, struct apparmor_audit_data, common))
#define aad_of_va(VA) aad((struct common_audit_data *)(VA))

#define DEFINE_AUDIT_DATA(NAME, T, C, X)				\
	/* TODO: cleanup audit init so we don't need _aad = {0,} */	\
	struct apparmor_audit_data NAME = {				\
		.class = (C),						\
		.op = (X),                                              \
		.common.type = (T),					\
		.common.u.tsk = NULL,					\
		.common.apparmor_audit_data = &NAME,			\
	};

void aa_audit_msg(int type, struct apparmor_audit_data *ad,
		  void (*cb) (struct audit_buffer *, void *));
int aa_audit(int type, struct aa_profile *profile,
	     struct apparmor_audit_data *ad,
	     void (*cb) (struct audit_buffer *, void *));

#define aa_audit_error(ERROR, AD, CB)				\
({								\
	(AD)->error = (ERROR);					\
	aa_audit_msg(AUDIT_APPARMOR_ERROR, (AD), (CB));		\
	(AD)->error;					\
})


static inline int complain_error(int error)

Annotation

Implementation Notes