Loading...
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * SELinux support for the Audit LSM hooks
4 *
5 * Author: James Morris <jmorris@redhat.com>
6 *
7 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
8 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
10 */
11
12#ifndef _SELINUX_AUDIT_H
13#define _SELINUX_AUDIT_H
14
15#include <linux/audit.h>
16#include <linux/types.h>
17
18/**
19 * selinux_audit_rule_init - alloc/init an selinux audit rule structure.
20 * @field: the field this rule refers to
21 * @op: the operator the rule uses
22 * @rulestr: the text "target" of the rule
23 * @rule: pointer to the new rule structure returned via this
24 * @gfp: GFP flag used for kmalloc
25 *
26 * Returns 0 if successful, -errno if not. On success, the rule structure
27 * will be allocated internally. The caller must free this structure with
28 * selinux_audit_rule_free() after use.
29 */
30int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule,
31 gfp_t gfp);
32
33/**
34 * selinux_audit_rule_free - free an selinux audit rule structure.
35 * @rule: pointer to the audit rule to be freed
36 *
37 * This will free all memory associated with the given rule.
38 * If @rule is NULL, no operation is performed.
39 */
40void selinux_audit_rule_free(void *rule);
41
42/**
43 * selinux_audit_rule_match - determine if a context ID matches a rule.
44 * @prop: includes the context ID to check
45 * @field: the field this rule refers to
46 * @op: the operator the rule uses
47 * @rule: pointer to the audit rule to check against
48 *
49 * Returns 1 if the context id matches the rule, 0 if it does not, and
50 * -errno on failure.
51 */
52int selinux_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,
53 void *rule);
54
55/**
56 * selinux_audit_rule_known - check to see if rule contains selinux fields.
57 * @rule: rule to be checked
58 * Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
59 */
60int selinux_audit_rule_known(struct audit_krule *rule);
61
62#endif /* _SELINUX_AUDIT_H */
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * SELinux support for the Audit LSM hooks
4 *
5 * Author: James Morris <jmorris@redhat.com>
6 *
7 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
8 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
10 */
11
12#ifndef _SELINUX_AUDIT_H
13#define _SELINUX_AUDIT_H
14
15/**
16 * selinux_audit_rule_init - alloc/init an selinux audit rule structure.
17 * @field: the field this rule refers to
18 * @op: the operater the rule uses
19 * @rulestr: the text "target" of the rule
20 * @rule: pointer to the new rule structure returned via this
21 *
22 * Returns 0 if successful, -errno if not. On success, the rule structure
23 * will be allocated internally. The caller must free this structure with
24 * selinux_audit_rule_free() after use.
25 */
26int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule);
27
28/**
29 * selinux_audit_rule_free - free an selinux audit rule structure.
30 * @rule: pointer to the audit rule to be freed
31 *
32 * This will free all memory associated with the given rule.
33 * If @rule is NULL, no operation is performed.
34 */
35void selinux_audit_rule_free(void *rule);
36
37/**
38 * selinux_audit_rule_match - determine if a context ID matches a rule.
39 * @sid: the context ID to check
40 * @field: the field this rule refers to
41 * @op: the operater the rule uses
42 * @rule: pointer to the audit rule to check against
43 *
44 * Returns 1 if the context id matches the rule, 0 if it does not, and
45 * -errno on failure.
46 */
47int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule);
48
49/**
50 * selinux_audit_rule_known - check to see if rule contains selinux fields.
51 * @rule: rule to be checked
52 * Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
53 */
54int selinux_audit_rule_known(struct audit_krule *krule);
55
56#endif /* _SELINUX_AUDIT_H */
57