129d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts/* 229d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Copyright 2012, Samsung Telecommunications of America 329d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Copyright (C) 2014 The Android Open Source Project 429d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * 529d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Licensed under the Apache License, Version 2.0 (the "License"); 629d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * you may not use this file except in compliance with the License. 729d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * You may obtain a copy of the License at 829d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * 929d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * http://www.apache.org/licenses/LICENSE-2.0 1029d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * 1129d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Unless required by applicable law or agreed to in writing, software 1229d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * distributed under the License is distributed on an "AS IS" BASIS, 1329d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1429d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * See the License for the specific language governing permissions and 1529d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * limitations under the License. 1629d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * 1729d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Written by William Roberts <w.roberts@sta.samsung.com> 1829d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts */ 1929d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 2029d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts#ifndef _LIBAUDIT_H_ 2129d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts#define _LIBAUDIT_H_ 2229d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 2329d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts#include <stdint.h> 2429d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts#include <sys/cdefs.h> 2529d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts#include <sys/socket.h> 2629d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts#include <sys/types.h> 2729d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 2829d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts#include <linux/netlink.h> 2929d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts#include <linux/audit.h> 3029d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 3129d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts__BEGIN_DECLS 3229d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 3329d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts#define MAX_AUDIT_MESSAGE_LENGTH 8970 3429d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 3529d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Robertstypedef enum { 3629d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts GET_REPLY_BLOCKING=0, 3729d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts GET_REPLY_NONBLOCKING 3829d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts} reply_t; 3929d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 4029d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts/* type == AUDIT_SIGNAL_INFO */ 4129d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Robertsstruct audit_sig_info { 4229d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts uid_t uid; 4329d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts pid_t pid; 4429d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts char ctx[0]; 4529d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts}; 4629d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 4729d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Robertsstruct audit_message { 4829d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts struct nlmsghdr nlh; 4929d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts char data[MAX_AUDIT_MESSAGE_LENGTH]; 5029d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts}; 5129d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 5229d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts/** 5329d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Opens a connection to the Audit netlink socket 5429d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * @return 5529d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * A valid fd on success or < 0 on error with errno set. 5629d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Returns the same errors as man 2 socket. 5729d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts */ 5829d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Robertsextern int audit_open(void); 5929d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 6029d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts/** 6129d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Closes the fd returned from audit_open() 6229d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * @param fd 6329d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * The fd to close 6429d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts */ 6529d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Robertsextern void audit_close(int fd); 6629d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 6729d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts/** 6829d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * 6929d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * @param fd 7029d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * The fd returned by a call to audit_open() 7129d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * @param rep 7229d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * The response struct to store the response in. 7329d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * @param block 7429d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Whether or not to block on IO 7529d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * @param peek 7629d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Whether or not we are to remove the message from 7729d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * the queue when we do a read on the netlink socket. 7829d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * @return 7929d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * This function returns 0 on success, else -errno. 8029d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts */ 8129d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Robertsextern int audit_get_reply(int fd, struct audit_message *rep, reply_t block, 8229d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts int peek); 8329d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 8429d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts/** 8529d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * Sets a pid to recieve audit netlink events from the kernel 8629d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * @param fd 8729d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * The fd returned by a call to audit_open() 8829d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * @param pid 8929d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * The pid whom to set as the reciever of audit messages 9029d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * @return 9129d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts * This function returns 0 on success, -errno on error. 9229d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts */ 93c234a1b879d9c9d8e1a797c5dcf3098249945748Nick Kralevichextern int audit_setup(int fd, uint32_t pid); 9429d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 9529d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts__END_DECLS 9629d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts 9729d238d2a8e12c131a4cfbccb912e525cca6b10dWilliam Roberts#endif 98