~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,24 +1,10 @@
	1	+/* SPDX-License-Identifier: GPL-2.0-or-later */
1	2	/* audit.h -- Auditing support
2	3	*
3	4	* Copyright 2003-2004 Red Hat Inc., Durham, North Carolina.
4	5	* All Rights Reserved.
5	6	*
6		- * This program is free software; you can redistribute it and/or modify
7		- * it under the terms of the GNU General Public License as published by
8		- * the Free Software Foundation; either version 2 of the License, or
9		- * (at your option) any later version.
10		- *
11		- * This program is distributed in the hope that it will be useful,
12		- * but WITHOUT ANY WARRANTY; without even the implied warranty of
13		- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14		- * GNU General Public License for more details.
15		- *
16		- * You should have received a copy of the GNU General Public License
17		- * along with this program; if not, write to the Free Software
18		- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19		- *
20	7	* Written by Rickard E. (Rik) Faith <faith@redhat.com>
21		- *
22	8	*/
23	9	#ifndef _LINUX_AUDIT_H_
24	10	#define _LINUX_AUDIT_H_
..	..	@@ -26,6 +12,7 @@
26	12	#include <linux/sched.h>
27	13	#include <linux/ptrace.h>
28	14	#include <uapi/linux/audit.h>
	15	+#include <uapi/linux/netfilter/nf_tables.h>
29	16
30	17	#define AUDIT_INO_UNSET ((unsigned long)-1)
31	18	#define AUDIT_DEV_UNSET ((dev_t)-1)
..	..	@@ -33,7 +20,7 @@
33	20	struct audit_sig_info {
34	21	uid_t uid;
35	22	pid_t pid;
36		- char ctx[0];
	23	+ char ctx[];
37	24	};
38	25
39	26	struct audit_buffer;
..	..	@@ -85,6 +72,52 @@
85	72	u32 op;
86	73	};
87	74
	75	+enum audit_ntp_type {
	76	+ AUDIT_NTP_OFFSET,
	77	+ AUDIT_NTP_FREQ,
	78	+ AUDIT_NTP_STATUS,
	79	+ AUDIT_NTP_TAI,
	80	+ AUDIT_NTP_TICK,
	81	+ AUDIT_NTP_ADJUST,
	82	+
	83	+ AUDIT_NTP_NVALS /* count */
	84	+};
	85	+
	86	+#ifdef CONFIG_AUDITSYSCALL
	87	+struct audit_ntp_val {
	88	+ long long oldval, newval;
	89	+};
	90	+
	91	+struct audit_ntp_data {
	92	+ struct audit_ntp_val vals[AUDIT_NTP_NVALS];
	93	+};
	94	+#else
	95	+struct audit_ntp_data {};
	96	+#endif
	97	+
	98	+enum audit_nfcfgop {
	99	+ AUDIT_XT_OP_REGISTER,
	100	+ AUDIT_XT_OP_REPLACE,
	101	+ AUDIT_XT_OP_UNREGISTER,
	102	+ AUDIT_NFT_OP_TABLE_REGISTER,
	103	+ AUDIT_NFT_OP_TABLE_UNREGISTER,
	104	+ AUDIT_NFT_OP_CHAIN_REGISTER,
	105	+ AUDIT_NFT_OP_CHAIN_UNREGISTER,
	106	+ AUDIT_NFT_OP_RULE_REGISTER,
	107	+ AUDIT_NFT_OP_RULE_UNREGISTER,
	108	+ AUDIT_NFT_OP_SET_REGISTER,
	109	+ AUDIT_NFT_OP_SET_UNREGISTER,
	110	+ AUDIT_NFT_OP_SETELEM_REGISTER,
	111	+ AUDIT_NFT_OP_SETELEM_UNREGISTER,
	112	+ AUDIT_NFT_OP_GEN_REGISTER,
	113	+ AUDIT_NFT_OP_OBJ_REGISTER,
	114	+ AUDIT_NFT_OP_OBJ_UNREGISTER,
	115	+ AUDIT_NFT_OP_OBJ_RESET,
	116	+ AUDIT_NFT_OP_FLOWTABLE_REGISTER,
	117	+ AUDIT_NFT_OP_FLOWTABLE_UNREGISTER,
	118	+ AUDIT_NFT_OP_INVALID,
	119	+};
	120	+
88	121	extern int is_audit_feature_set(int which);
89	122
90	123	extern int __init audit_register_class(int class, unsigned *list);
..	..	@@ -114,8 +147,6 @@
114	147	#define AUDIT_TTY_LOG_PASSWD BIT(1)
115	148
116	149	struct filename;
117		-
118		-extern void audit_log_session_info(struct audit_buffer *ab);
119	150
120	151	#define AUDIT_OFF 0
121	152	#define AUDIT_ON 1
..	..	@@ -149,12 +180,12 @@
149	180	const struct path *path);
150	181	extern void audit_log_key(struct audit_buffer *ab,
151	182	char *key);
152		-extern void audit_log_link_denied(const char *operation);
	183	+extern void audit_log_path_denied(int type,
	184	+ const char *operation);
153	185	extern void audit_log_lost(const char *message);
154	186
155	187	extern int audit_log_task_context(struct audit_buffer *ab);
156		-extern void audit_log_task_info(struct audit_buffer *ab,
157		- struct task_struct *tsk);
	188	+extern void audit_log_task_info(struct audit_buffer *ab);
158	189
159	190	extern int audit_update_lsm_rules(void);
160	191
..	..	@@ -162,7 +193,22 @@
162	193	extern int audit_rule_change(int type, int seq, void *data, size_t datasz);
163	194	extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);
164	195
	196	+extern int audit_set_loginuid(kuid_t loginuid);
	197	+
	198	+static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
	199	+{
	200	+ return tsk->loginuid;
	201	+}
	202	+
	203	+static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
	204	+{
	205	+ return tsk->sessionid;
	206	+}
	207	+
165	208	extern u32 audit_enabled;
	209	+
	210	+extern int audit_signal_info(int sig, struct task_struct *t);
	211	+
166	212	#else /* CONFIG_AUDIT */
167	213	static inline __printf(4, 5)
168	214	void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
..	..	@@ -196,16 +242,32 @@
196	242	{ }
197	243	static inline void audit_log_key(struct audit_buffer ab, char key)
198	244	{ }
199		-static inline void audit_log_link_denied(const char *string)
	245	+static inline void audit_log_path_denied(int type, const char *operation)
200	246	{ }
201	247	static inline int audit_log_task_context(struct audit_buffer *ab)
202	248	{
203	249	return 0;
204	250	}
205		-static inline void audit_log_task_info(struct audit_buffer *ab,
206		- struct task_struct *tsk)
	251	+static inline void audit_log_task_info(struct audit_buffer *ab)
207	252	{ }
	253	+
	254	+static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
	255	+{
	256	+ return INVALID_UID;
	257	+}
	258	+
	259	+static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
	260	+{
	261	+ return AUDIT_SID_UNSET;
	262	+}
	263	+
208	264	#define audit_enabled AUDIT_OFF
	265	+
	266	+static inline int audit_signal_info(int sig, struct task_struct *t)
	267	+{
	268	+ return 0;
	269	+}
	270	+
209	271	#endif /* CONFIG_AUDIT */
210	272
211	273	#ifdef CONFIG_AUDIT_COMPAT_GENERIC
..	..	@@ -213,6 +275,10 @@
213	275	#else
214	276	#define audit_is_compat(arch) false
215	277	#endif
	278	+
	279	+#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */
	280	+#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
	281	+#define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */
216	282
217	283	#ifdef CONFIG_AUDITSYSCALL
218	284	#include <asm/syscall.h> /* for syscall_get_arch() */
..	..	@@ -226,9 +292,7 @@
226	292	extern void __audit_syscall_exit(int ret_success, long ret_value);
227	293	extern struct filename __audit_reusename(const __user char uptr);
228	294	extern void __audit_getname(struct filename *name);
229		-
230		-#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */
231		-#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
	295	+extern void __audit_getcwd(void);
232	296	extern void __audit_inode(struct filename name, const struct dentry dentry,
233	297	unsigned int flags);
234	298	extern void __audit_file(const struct file *);
..	..	@@ -287,15 +351,16 @@
287	351	if (unlikely(!audit_dummy_context()))
288	352	__audit_getname(name);
289	353	}
	354	+static inline void audit_getcwd(void)
	355	+{
	356	+ if (unlikely(audit_context()))
	357	+ __audit_getcwd();
	358	+}
290	359	static inline void audit_inode(struct filename *name,
291	360	const struct dentry *dentry,
292		- unsigned int parent) {
293		- if (unlikely(!audit_dummy_context())) {
294		- unsigned int flags = 0;
295		- if (parent)
296		- flags \|= AUDIT_INODE_PARENT;
297		- __audit_inode(name, dentry, flags);
298		- }
	361	+ unsigned int aflags) {
	362	+ if (unlikely(!audit_dummy_context()))
	363	+ __audit_inode(name, dentry, aflags);
299	364	}
300	365	static inline void audit_file(struct file *file)
301	366	{
..	..	@@ -324,21 +389,6 @@
324	389	}
325	390
326	391	/* Private API (for audit.c only) */
327		-extern unsigned int audit_serial(void);
328		-extern int auditsc_get_stamp(struct audit_context *ctx,
329		- struct timespec64 t, unsigned int serial);
330		-extern int audit_set_loginuid(kuid_t loginuid);
331		-
332		-static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
333		-{
334		- return tsk->loginuid;
335		-}
336		-
337		-static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
338		-{
339		- return tsk->sessionid;
340		-}
341		-
342	392	extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
343	393	extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
344	394	extern void __audit_bprm(struct linux_binprm *bprm);
..	..	@@ -356,6 +406,10 @@
356	406	extern void __audit_mmap_fd(int fd, int flags);
357	407	extern void __audit_log_kern_module(char *name);
358	408	extern void __audit_fanotify(unsigned int response);
	409	+extern void __audit_tk_injoffset(struct timespec64 offset);
	410	+extern void __audit_ntp_log(const struct audit_ntp_data *ad);
	411	+extern void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries,
	412	+ enum audit_nfcfgop op, gfp_t gfp);
359	413
360	414	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
361	415	{
..	..	@@ -458,6 +512,47 @@
458	512	__audit_fanotify(response);
459	513	}
460	514
	515	+static inline void audit_tk_injoffset(struct timespec64 offset)
	516	+{
	517	+ /* ignore no-op events */
	518	+ if (offset.tv_sec == 0 && offset.tv_nsec == 0)
	519	+ return;
	520	+
	521	+ if (!audit_dummy_context())
	522	+ __audit_tk_injoffset(offset);
	523	+}
	524	+
	525	+static inline void audit_ntp_init(struct audit_ntp_data *ad)
	526	+{
	527	+ memset(ad, 0, sizeof(*ad));
	528	+}
	529	+
	530	+static inline void audit_ntp_set_old(struct audit_ntp_data *ad,
	531	+ enum audit_ntp_type type, long long val)
	532	+{
	533	+ ad->vals[type].oldval = val;
	534	+}
	535	+
	536	+static inline void audit_ntp_set_new(struct audit_ntp_data *ad,
	537	+ enum audit_ntp_type type, long long val)
	538	+{
	539	+ ad->vals[type].newval = val;
	540	+}
	541	+
	542	+static inline void audit_ntp_log(const struct audit_ntp_data *ad)
	543	+{
	544	+ if (!audit_dummy_context())
	545	+ __audit_ntp_log(ad);
	546	+}
	547	+
	548	+static inline void audit_log_nfcfg(const char *name, u8 af,
	549	+ unsigned int nentries,
	550	+ enum audit_nfcfgop op, gfp_t gfp)
	551	+{
	552	+ if (audit_enabled)
	553	+ __audit_log_nfcfg(name, af, nentries, op, gfp);
	554	+}
	555	+
461	556	extern int audit_n_rules;
462	557	extern int audit_signals;
463	558	#else /* CONFIG_AUDITSYSCALL */
..	..	@@ -489,17 +584,11 @@
489	584	}
490	585	static inline void audit_getname(struct filename *name)
491	586	{ }
492		-static inline void __audit_inode(struct filename *name,
493		- const struct dentry *dentry,
494		- unsigned int flags)
495		-{ }
496		-static inline void __audit_inode_child(struct inode *parent,
497		- const struct dentry *dentry,
498		- const unsigned char type)
	587	+static inline void audit_getcwd(void)
499	588	{ }
500	589	static inline void audit_inode(struct filename *name,
501	590	const struct dentry *dentry,
502		- unsigned int parent)
	591	+ unsigned int aflags)
503	592	{ }
504	593	static inline void audit_file(struct file *file)
505	594	{
..	..	@@ -518,19 +607,6 @@
518	607	static inline void audit_seccomp_actions_logged(const char *names,
519	608	const char *old_names, int res)
520	609	{ }
521		-static inline int auditsc_get_stamp(struct audit_context *ctx,
522		- struct timespec64 t, unsigned int serial)
523		-{
524		- return 0;
525		-}
526		-static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
527		-{
528		- return INVALID_UID;
529		-}
530		-static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
531		-{
532		- return AUDIT_SID_UNSET;
533		-}
534	610	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
535	611	{ }
536	612	static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
..	..	@@ -584,8 +660,31 @@
584	660	static inline void audit_fanotify(unsigned int response)
585	661	{ }
586	662
	663	+static inline void audit_tk_injoffset(struct timespec64 offset)
	664	+{ }
	665	+
	666	+static inline void audit_ntp_init(struct audit_ntp_data *ad)
	667	+{ }
	668	+
	669	+static inline void audit_ntp_set_old(struct audit_ntp_data *ad,
	670	+ enum audit_ntp_type type, long long val)
	671	+{ }
	672	+
	673	+static inline void audit_ntp_set_new(struct audit_ntp_data *ad,
	674	+ enum audit_ntp_type type, long long val)
	675	+{ }
	676	+
	677	+static inline void audit_ntp_log(const struct audit_ntp_data *ad)
	678	+{ }
	679	+
587	680	static inline void audit_ptrace(struct task_struct *t)
588	681	{ }
	682	+
	683	+static inline void audit_log_nfcfg(const char *name, u8 af,
	684	+ unsigned int nentries,
	685	+ enum audit_nfcfgop op, gfp_t gfp)
	686	+{ }
	687	+
589	688	#define audit_n_rules 0
590	689	#define audit_signals 0
591	690	#endif /* CONFIG_AUDITSYSCALL */
..	..	@@ -593,11 +692,6 @@
593	692	static inline bool audit_loginuid_set(struct task_struct *tsk)
594	693	{
595	694	return uid_valid(audit_get_loginuid(tsk));
596		-}
597		-
598		-static inline void audit_log_string(struct audit_buffer ab, const char buf)
599		-{
600		- audit_log_n_string(ab, buf, strlen(buf));
601	695	}
602	696
603	697	#endif