diff options
Diffstat (limited to 'framework/src/audit/lib')
35 files changed, 0 insertions, 9197 deletions
diff --git a/framework/src/audit/lib/Makefile.am b/framework/src/audit/lib/Makefile.am deleted file mode 100644 index e2ed1019..00000000 --- a/framework/src/audit/lib/Makefile.am +++ /dev/null @@ -1,265 +0,0 @@ -# Makefile.am -- -# Copyright 2004-2009,2013-15 Red Hat Inc., Durham, North Carolina. -# All Rights Reserved. -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -# Authors: -# Steve Grubb <sgrubb@redhat.com> -# - -SUBDIRS = test -CLEANFILES = $(BUILT_SOURCES) -CONFIG_CLEAN_FILES = *.loT *.rej *.orig -EXTRA_DIST = syscall-update.txt -VERSION_INFO = 1:0 -AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -AM_CPPFLAGS = -I. -I${top_srcdir} -I${top_srcdir}/auparse - -pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = audit.pc -DISTCLEANFILES = $(pkgconfig_DATA) - -lib_LTLIBRARIES = libaudit.la -include_HEADERS = libaudit.h -libaudit_la_SOURCES = libaudit.c message.c netlink.c \ - lookup_table.c audit_logging.c deprecated.c \ - strsplit.c dso.h private.h errormsg.h -libaudit_la_LIBADD = -libaudit_la_DEPENDENCIES = $(libaudit_la_SOURCES) ../config.h -libaudit_la_LDFLAGS = -Wl,-z,relro -version-info $(VERSION_INFO) -nodist_libaudit_la_SOURCES = $(BUILT_SOURCES) - -BUILT_SOURCES = actiontabs.h errtabs.h fieldtabs.h flagtabs.h \ - ftypetabs.h i386_tables.h ia64_tables.h machinetabs.h \ - msg_typetabs.h optabs.h ppc_tables.h s390_tables.h \ - s390x_tables.h x86_64_tables.h -if USE_ALPHA -BUILT_SOURCES += alpha_tables.h -endif -if USE_ARM -BUILT_SOURCES += arm_tables.h -endif -if USE_AARCH64 -BUILT_SOURCES += aarch64_tables.h -endif -noinst_PROGRAMS = gen_actiontabs_h gen_errtabs_h gen_fieldtabs_h \ - gen_flagtabs_h gen_ftypetabs_h gen_i386_tables_h \ - gen_ia64_tables_h gen_machinetabs_h gen_msg_typetabs_h \ - gen_optabs_h gen_ppc_tables_h gen_s390_tables_h \ - gen_s390x_tables_h gen_x86_64_tables_h -if USE_ALPHA -noinst_PROGRAMS += gen_alpha_tables_h -endif -if USE_ARM -noinst_PROGRAMS += gen_arm_tables_h -endif -if USE_AARCH64 -noinst_PROGRAMS += gen_aarch64_tables_h -endif -gen_actiontabs_h_SOURCES = gen_tables.c gen_tables.h actiontab.h -gen_actiontabs_h_CFLAGS = '-DTABLE_H="actiontab.h"' -$(gen_actiontabs_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_actiontabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_actiontabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_actiontabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_actiontabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_actiontabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -actiontabs.h: gen_actiontabs_h Makefile - ./gen_actiontabs_h --lowercase --i2s --s2i action > $@ - -if USE_ALPHA -gen_alpha_tables_h_SOURCES = gen_tables.c gen_tables.h alpha_table.h -gen_alpha_tables_h_CFLAGS = '-DTABLE_H="alpha_table.h"' -$(gen_alpha_tables_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_alpha_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_alpha_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_alpha_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_alpha_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_alpha_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -alpha_tables.h: gen_alpha_tables_h Makefile - ./gen_alpha_tables_h --lowercase --i2s --s2i alpha_syscall > $@ -endif - -if USE_ARM -gen_arm_tables_h_SOURCES = gen_tables.c gen_tables.h arm_table.h -gen_arm_tables_h_CFLAGS = '-DTABLE_H="arm_table.h"' -$(gen_arm_tables_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_arm_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_arm_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_arm_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_arm_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_arm_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -arm_tables.h: gen_arm_tables_h Makefile - ./gen_arm_tables_h --lowercase --i2s --s2i arm_syscall > $@ -endif - -if USE_AARCH64 -gen_aarch64_tables_h_SOURCES = gen_tables.c gen_tables.h aarch64_table.h -gen_aarch64_tables_h_CFLAGS = '-DTABLE_H="aarch64_table.h"' -$(gen_aarch64_tables_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_aarch64_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_aarch64_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_aarch64_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_aarch64_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_aarch64_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -aarch64_tables.h: gen_aarch64_tables_h Makefile - ./gen_aarch64_tables_h --lowercase --i2s --s2i aarch64_syscall > $@ -endif - -gen_errtabs_h_SOURCES = gen_tables.c gen_tables.h errtab.h -gen_errtabs_h_CFLAGS = '-DTABLE_H="errtab.h"' -$(gen_errtabs_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_errtabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_errtabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_errtabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_errtabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_errtabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -errtabs.h: gen_errtabs_h Makefile - ./gen_errtabs_h --duplicate-ints --uppercase --i2s --s2i err > $@ - -gen_fieldtabs_h_SOURCES = gen_tables.c gen_tables.h fieldtab.h -gen_fieldtabs_h_CFLAGS = '-DTABLE_H="fieldtab.h"' -$(gen_fieldtabs_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_fieldtabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_fieldtabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_fieldtabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_fieldtabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_fieldtabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -fieldtabs.h: gen_fieldtabs_h Makefile - ./gen_fieldtabs_h --duplicate-ints --lowercase --i2s --s2i field > $@ - -gen_flagtabs_h_SOURCES = gen_tables.c gen_tables.h flagtab.h -gen_flagtabs_h_CFLAGS = '-DTABLE_H="flagtab.h"' -$(gen_flagtabs_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_flagtabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_flagtabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_flagtabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_flagtabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_flagtabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -flagtabs.h: gen_flagtabs_h Makefile - ./gen_flagtabs_h --lowercase --i2s --s2i flag > $@ - -gen_ftypetabs_h_SOURCES = gen_tables.c gen_tables.h ftypetab.h -gen_ftypetabs_h_CFLAGS = '-DTABLE_H="ftypetab.h"' -$(gen_ftypetabs_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_ftypetabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_ftypetabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_ftypetabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_ftypetabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_ftypetabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -ftypetabs.h: gen_ftypetabs_h Makefile - ./gen_ftypetabs_h --lowercase --i2s --s2i ftype > $@ - -gen_i386_tables_h_SOURCES = gen_tables.c gen_tables.h i386_table.h -gen_i386_tables_h_CFLAGS = '-DTABLE_H="i386_table.h"' -$(gen_i386_tables_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_i386_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_i386_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_i386_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_i386_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_i386_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -i386_tables.h: gen_i386_tables_h Makefile - ./gen_i386_tables_h --duplicate-ints --lowercase --i2s --s2i \ - i386_syscall > $@ - -gen_ia64_tables_h_SOURCES = gen_tables.c gen_tables.h ia64_table.h -gen_ia64_tables_h_CFLAGS = '-DTABLE_H="ia64_table.h"' -$(gen_ia64_tables_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_ia64_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_ia64_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_ia64_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_ia64_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_ia64_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -ia64_tables.h: gen_ia64_tables_h Makefile - ./gen_ia64_tables_h --lowercase --i2s --s2i ia64_syscall > $@ - -gen_machinetabs_h_SOURCES = gen_tables.c gen_tables.h machinetab.h -gen_machinetabs_h_CFLAGS = '-DTABLE_H="machinetab.h"' -$(gen_machinetabs_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_machinetabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_machinetabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_machinetabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_machinetabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_machinetabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -machinetabs.h: gen_machinetabs_h Makefile - ./gen_machinetabs_h --duplicate-ints --lowercase --i2s --s2i machine \ - > $@ - -gen_msg_typetabs_h_SOURCES = gen_tables.c gen_tables.h msg_typetab.h -gen_msg_typetabs_h_CFLAGS = '-DTABLE_H="msg_typetab.h"' -$(gen_msg_typetabs_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_msg_typetabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_msg_typetabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_msg_typetabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_msg_typetabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_msg_typetabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -msg_typetabs.h: gen_msg_typetabs_h Makefile - ./gen_msg_typetabs_h --uppercase --i2s --s2i msg_type > $@ - -gen_optabs_h_SOURCES = gen_tables.c gen_tables.h optab.h -gen_optabs_h_CFLAGS = '-DTABLE_H="optab.h"' -$(gen_optabs_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_optabs_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_optabs_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_optabs_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_optabs_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_optabs_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -optabs.h: gen_optabs_h Makefile - ./gen_optabs_h --i2s op > $@ - -gen_ppc_tables_h_SOURCES = gen_tables.c gen_tables.h ppc_table.h -gen_ppc_tables_h_CFLAGS = '-DTABLE_H="ppc_table.h"' -$(gen_ppc_tables_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_ppc_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_ppc_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_ppc_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_ppc_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_ppc_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -ppc_tables.h: gen_ppc_tables_h Makefile - ./gen_ppc_tables_h --lowercase --i2s --s2i ppc_syscall > $@ - -gen_s390_tables_h_SOURCES = gen_tables.c gen_tables.h s390_table.h -gen_s390_tables_h_CFLAGS = '-DTABLE_H="s390_table.h"' -$(gen_s390_tables_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_s390_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_s390_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_s390_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_s390_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_s390_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -s390_tables.h: gen_s390_tables_h Makefile - ./gen_s390_tables_h --lowercase --i2s --s2i s390_syscall > $@ - -gen_s390x_tables_h_SOURCES = gen_tables.c gen_tables.h s390x_table.h -gen_s390x_tables_h_CFLAGS = '-DTABLE_H="s390x_table.h"' -$(gen_s390x_tables_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_s390x_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_s390x_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_s390x_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_s390x_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_s390x_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -s390x_tables.h: gen_s390x_tables_h Makefile - ./gen_s390x_tables_h --lowercase --i2s --s2i s390x_syscall > $@ - -gen_x86_64_tables_h_SOURCES = gen_tables.c gen_tables.h x86_64_table.h -gen_x86_64_tables_h_CFLAGS = '-DTABLE_H="x86_64_table.h"' -$(gen_x86_64_tables_h_OBJECTS): CC=$(CC_FOR_BUILD) -$(gen_x86_64_tables_h_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -$(gen_x86_64_tables_h_OBJECTS): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -gen_x86_64_tables_h$(BUILD_EXEEXT): CC=$(CC_FOR_BUILD) -gen_x86_64_tables_h$(BUILD_EXEEXT): CFLAGS=$(CFLAGS_FOR_BUILD) -gen_x86_64_tables_h$(BUILD_EXEEXT): CPPFLAGS=$(CPPFLAGS_FOR_BUILD) -x86_64_tables.h: gen_x86_64_tables_h Makefile - ./gen_x86_64_tables_h --lowercase --i2s --s2i x86_64_syscall > $@ diff --git a/framework/src/audit/lib/aarch64_table.h b/framework/src/audit/lib/aarch64_table.h deleted file mode 100644 index bf64b98a..00000000 --- a/framework/src/audit/lib/aarch64_table.h +++ /dev/null @@ -1,288 +0,0 @@ -/* aarch64_table.h -- - * Copyright 2013-15 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(0, "io_setup") -_S(1, "io_destroy") -_S(2, "io_submit") -_S(3, "io_cancel") -_S(4, "io_getevents") -_S(5, "setxattr") -_S(6, "lsetxattr") -_S(7, "fsetxattr") -_S(8, "getxattr") -_S(9, "lgetxattr") -_S(10, "fgetxattr") -_S(11, "listxattr") -_S(12, "llistxattr") -_S(13, "flistxattr") -_S(14, "removexattr") -_S(15, "lremovexattr") -_S(16, "fremovexattr") -_S(17, "getcwd") -_S(18, "lookup_dcookie") -_S(19, "eventfd2") -_S(20, "epoll_create1") -_S(21, "epoll_ctl") -_S(22, "epoll_pwait") -_S(23, "dup") -_S(24, "dup3") -_S(25, "fcntl") -_S(26, "inotify_init1") -_S(27, "inotify_add_watch") -_S(28, "inotify_rm_watch") -_S(29, "ioctl") -_S(30, "ioprio_set") -_S(31, "ioprio_get") -_S(32, "flock") -_S(33, "mknodat") -_S(34, "mkdirat") -_S(35, "unlinkat") -_S(36, "symlinkat") -_S(37, "linkat") -_S(38, "renameat") -_S(39, "umount2") -_S(40, "mount") -_S(41, "pivot_root") -_S(42, "nfsservctl") -_S(43, "statfs") -_S(44, "fstatfs") -_S(45, "truncate") -_S(46, "ftruncate") -_S(47, "fallocate") -_S(48, "faccessat") -_S(49, "chdir") -_S(50, "fchdir") -_S(51, "chroot") -_S(52, "fchmod") -_S(53, "fchmodat") -_S(54, "fchownat") -_S(55, "fchown") -_S(56, "openat") -_S(57, "close") -_S(58, "vhangup") -_S(59, "pipe2") -_S(60, "quotactl") -_S(61, "getdents") -_S(62, "lseek") -_S(63, "read") -_S(64, "write") -_S(65, "readv") -_S(66, "writev") -_S(67, "pread") -_S(68, "pwrite") -_S(69, "preadv") -_S(70, "pwritev") -_S(71, "sendfile") -_S(72, "pselect6") -_S(73, "ppoll") -_S(74, "signalfd4") -_S(75, "vmsplice") -_S(76, "splice") -_S(77, "tee") -_S(78, "readlinkat") -_S(79, "newfstatat") -_S(80, "newfstat") -_S(81, "sync") -_S(82, "fsync") -_S(83, "fdatasync") -_S(84, "sync_file_range") -_S(85, "timerfd_create") -_S(86, "timerfd_settime") -_S(87, "timerfd_gettime") -_S(88, "utimensat") -_S(89, "acct") -_S(90, "capget") -_S(91, "capset") -_S(92, "personality") -_S(93, "exit") -_S(94, "exit_group") -_S(95, "waitid") -_S(96, "set_tid_address") -_S(97, "unshare") -_S(98, "futex") -_S(99, "set_robust_list") -_S(100, "get_robust_list") -_S(101, "nanosleep") -_S(102, "getitimer") -_S(103, "setitimer") -_S(104, "kexec_load") -_S(105, "init_module") -_S(106, "delete_module") -_S(107, "timer_create") -_S(108, "timer_gettime") -_S(109, "timer_getoverrun") -_S(110, "timer_settime") -_S(111, "timer_delete") -_S(112, "clock_settime") -_S(113, "clock_gettime") -_S(114, "clock_getres") -_S(115, "clock_nanosleep") -_S(116, "syslog") -_S(117, "ptrace") -_S(118, "sched_setparam") -_S(119, "sched_setscheduler") -_S(120, "sched_getscheduler") -_S(121, "sched_getparam") -_S(122, "sched_setaffinity") -_S(123, "sched_getaffinity") -_S(124, "sched_yield") -_S(125, "sched_get_priority_max") -_S(126, "sched_get_priority_min") -_S(127, "sched_rr_get_interval") -_S(128, "restart_syscall") -_S(129, "kill") -_S(130, "tkill") -_S(131, "tgkill") -_S(132, "sigaltstack") -_S(133, "rt_sigsuspend") -_S(134, "rt_sigaction") -_S(135, "rt_sigprocmask") -_S(136, "rt_sigpending") -_S(137, "rt_sigtimedwait") -_S(138, "rt_sigqueueinfo") -_S(139, "rt_sigreturn") -_S(140, "setpriority") -_S(141, "getpriority") -_S(142, "reboot") -_S(143, "setregid") -_S(144, "setgid") -_S(145, "setreuid") -_S(146, "setuid") -_S(147, "setresuid") -_S(148, "getresuid") -_S(149, "setresgid") -_S(150, "getresgid") -_S(151, "setfsuid") -_S(152, "setfsgid") -_S(153, "times") -_S(154, "setpgid") -_S(155, "getpgid") -_S(156, "getsid") -_S(157, "setsid") -_S(158, "getgroups") -_S(159, "setgroups") -_S(160, "uname") -_S(161, "sethostname") -_S(162, "setdomainname") -_S(163, "getrlimit") -_S(164, "setrlimit") -_S(165, "getrusage") -_S(166, "umask") -_S(167, "prctl") -_S(168, "getcpu") -_S(169, "gettimeofday") -_S(170, "settimeofday") -_S(171, "adjtimex") -_S(172, "getpid") -_S(173, "getppid") -_S(174, "getuid") -_S(175, "geteuid") -_S(176, "getgid") -_S(177, "getegid") -_S(178, "gettid") -_S(179, "sysinfo") -_S(180, "mq_open") -_S(181, "mq_unlink") -_S(182, "mq_timedsend") -_S(183, "mq_timedreceive") -_S(184, "mq_notify") -_S(185, "mq_getsetattr") -_S(186, "msgget") -_S(187, "msgctl") -_S(188, "msgrcv") -_S(189, "msgsnd") -_S(190, "semget") -_S(191, "semctl") -_S(192, "semtimedop") -_S(193, "semop") -_S(194, "shmget") -_S(195, "shmctl") -_S(196, "shmat") -_S(197, "shmdt") -_S(198, "socket") -_S(199, "socketpair") -_S(200, "bind") -_S(201, "listen") -_S(202, "accept") -_S(203, "connect") -_S(204, "getsockname") -_S(205, "getpeername") -_S(206, "sendto") -_S(207, "recvfrom") -_S(208, "setsockopt") -_S(209, "getsockopt") -_S(210, "shutdown") -_S(211, "sendmsg") -_S(212, "recvmsg") -_S(213, "readahead") -_S(214, "brk") -_S(215, "munmap") -_S(216, "mremap") -_S(217, "add_key") -_S(218, "request_key") -_S(219, "keyctl") -_S(220, "clone") -_S(221, "execve") -_S(222, "mmap") -_S(223, "fadvise64") -_S(224, "swapon") -_S(225, "swapoff") -_S(226, "mprotect") -_S(227, "msync") -_S(228, "mlock") -_S(229, "munlock") -_S(230, "mlockall") -_S(231, "munlockall") -_S(232, "mincore") -_S(233, "madvise") -_S(234, "remap_file_pages") -_S(235, "mbind") -_S(236, "get_mempolicy") -_S(237, "set_mempolicy") -_S(238, "migrate_pages") -_S(239, "move_pages") -_S(240, "rt_tgsigqueueinfo") -_S(241, "perf_event_open") -_S(242, "accept4") -_S(243, "recvmmsg") -_S(260, "wait4") -_S(261, "prlimit64") -_S(262, "fanotify_init") -_S(263, "fanotify_mark") -_S(264, "name_to_handle_at") -_S(265, "open_by_handle_at") -_S(266, "clock_adjtime") -_S(267, "syncfs") -_S(268, "setns") -_S(269, "sendmmsg") -_S(270, "process_vm_readv") -_S(271, "process_vm_writev") -_S(272, "kcmp") -_S(273, "finit_module") -_S(274, "sched_setattr") -_S(275, "sched_getattr") -_S(276, "renameat2") -_S(277, "seccomp") -_S(278, "getrandom") -_S(279, "memfd_create") -_S(280, "bpf") -_S(281, "execveat") diff --git a/framework/src/audit/lib/actiontab.h b/framework/src/audit/lib/actiontab.h deleted file mode 100644 index 12744229..00000000 --- a/framework/src/audit/lib/actiontab.h +++ /dev/null @@ -1,25 +0,0 @@ -/* actiontab.h -- - * Copyright 2005,2006 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(AUDIT_NEVER, "never" ) -_S(AUDIT_POSSIBLE, "possible" ) -_S(AUDIT_ALWAYS, "always" ) diff --git a/framework/src/audit/lib/alpha_table.h b/framework/src/audit/lib/alpha_table.h deleted file mode 100644 index c798f834..00000000 --- a/framework/src/audit/lib/alpha_table.h +++ /dev/null @@ -1,453 +0,0 @@ -/* alpha_table.h -- - * Copyright 2005-07,2010-12,2014 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(0, "osf_syscall") -_S(1, "exit") -_S(2, "fork") -_S(3, "read") -_S(4, "write") -_S(5, "osf_old_open") -_S(6, "close") -_S(7, "osf_wait4") -_S(8, "osf_old_creat") -_S(9, "link") -_S(10, "unlink") -_S(11, "osf_execve") -_S(12, "chdir") -_S(13, "fchdir") -_S(14, "mknod") -_S(15, "chmod") -_S(16, "chown") -_S(17, "brk") -_S(18, "osf_getfsstat") -_S(19, "lseek") -_S(20, "getxpid") -_S(21, "osf_mount") -_S(22, "umount") -_S(23, "setuid") -_S(24, "getxuid") -_S(25, "exec_with_loader") -_S(26, "ptrace") -_S(27, "osf_nrecvmsg") -_S(28, "osf_nsendmsg") -_S(29, "osf_nrecvfrom") -_S(30, "osf_naccept") -_S(31, "osf_ngetpeername") -_S(32, "osf_ngetsockname") -_S(33, "access") -_S(34, "osf_chflags") -_S(35, "osf_fchflags") -_S(36, "sync") -_S(37, "kill") -_S(38, "osf_old_stat") -_S(39, "setpgid") -_S(40, "osf_old_lstat") -_S(41, "dup") -_S(42, "pipe") -_S(43, "osf_set_program_attributes") -_S(44, "osf_profil") -_S(45, "open") -_S(46, "osf_old_sigaction") -_S(47, "getxgid") -_S(48, "osf_sigprocmask") -_S(49, "osf_getlogin") -_S(50, "osf_setlogin") -_S(51, "acct") -_S(52, "sigpending") - -_S(54, "ioctl") -_S(55, "osf_reboot") -_S(56, "osf_revoke") -_S(57, "symlink") -_S(58, "readlink") -_S(59, "execve") -_S(60, "umask") -_S(61, "chroot") -_S(62, "osf_old_fstat") -_S(63, "getpgrp") -_S(64, "getpagesize") -_S(65, "osf_mremap") -_S(66, "vfork") -_S(67, "stat") -_S(68, "lstat") -_S(69, "osf_sbrk") -_S(70, "osf_sstk") -_S(71, "mmap") -_S(72, "osf_old_vadvise") -_S(73, "munmap") -_S(74, "mprotect") -_S(75, "madvise") -_S(76, "vhangup") -_S(77, "osf_kmodcall") -_S(78, "osf_mincore") -_S(79, "getgroups") -_S(80, "setgroups") -_S(81, "osf_old_getpgrp") -_S(82, "setpgrp") -_S(83, "osf_setitimer") -_S(84, "osf_old_wait") -_S(85, "osf_table") -_S(86, "osf_getitimer") -_S(87, "gethostname") -_S(88, "sethostname") -_S(89, "getdtablesize") -_S(90, "dup2") -_S(91, "fstat") -_S(92, "fcntl") -_S(93, "osf_select") -_S(94, "poll") -_S(95, "fsync") -_S(96, "setpriority") -_S(97, "socket") -_S(98, "connect") -_S(99, "accept") -_S(100, "getpriority") -_S(101, "send") -_S(102, "recv") -_S(103, "sigreturn") -_S(104, "bind") -_S(105, "setsockopt") -_S(106, "listen") -_S(107, "osf_plock") -_S(108, "osf_old_sigvec") -_S(109, "osf_old_sigblock") -_S(110, "osf_old_sigsetmask") -_S(111, "sigsuspend") -_S(112, "osf_sigstack") -_S(113, "recvmsg") -_S(114, "sendmsg") -_S(115, "osf_old_vtrace") -_S(116, "osf_gettimeofday") -_S(117, "osf_getrusage") -_S(118, "getsockopt") - -_S(120, "readv") -_S(121, "writev") -_S(122, "osf_settimeofday") -_S(123, "fchown") -_S(124, "fchmod") -_S(125, "recvfrom") -_S(126, "setreuid") -_S(127, "setregid") -_S(128, "rename") -_S(129, "truncate") -_S(130, "ftruncate") -_S(131, "flock") -_S(132, "setgid") -_S(133, "sendto") -_S(134, "shutdown") -_S(135, "socketpair") -_S(136, "mkdir") -_S(137, "rmdir") -_S(138, "osf_utimes") -_S(139, "osf_old_sigreturn") -_S(140, "osf_adjtime") -_S(141, "getpeername") -_S(142, "osf_gethostid") -_S(143, "osf_sethostid") -_S(144, "getrlimit") -_S(145, "setrlimit") -_S(146, "osf_old_killpg") -_S(147, "setsid") -_S(148, "quotactl") -_S(149, "osf_oldquota") -_S(150, "getsockname") - -_S(153, "osf_pid_block") -_S(154, "osf_pid_unblock") - -_S(156, "sigaction") -_S(157, "osf_sigwaitprim") -_S(158, "osf_nfssvc") -_S(159, "osf_getdirentries") -_S(160, "osf_statfs") -_S(161, "osf_fstatfs") - -_S(163, "osf_asynch_daemon") -_S(164, "osf_getfh") -_S(165, "osf_getdomainname") -_S(166, "setdomainname") - -_S(169, "osf_exportfs") - -_S(181, "osf_alt_plock") - -_S(184, "osf_getmnt") - -_S(187, "osf_alt_sigpending") -_S(188, "osf_alt_setsid") - -_S(199, "osf_swapon") -_S(200, "msgctl") -_S(201, "msgget") -_S(202, "msgrcv") -_S(203, "msgsnd") -_S(204, "semctl") -_S(205, "semget") -_S(206, "semop") -_S(207, "osf_utsname") -_S(208, "lchown") -_S(209, "osf_shmat") -_S(210, "shmctl") -_S(211, "shmdt") -_S(212, "shmget") -_S(213, "osf_mvalid") -_S(214, "osf_getaddressconf") -_S(215, "osf_msleep") -_S(216, "osf_mwakeup") -_S(217, "msync") -_S(218, "osf_signal") -_S(219, "osf_utc_gettime") -_S(220, "osf_utc_adjtime") - -_S(222, "osf_security") -_S(223, "osf_kloadcall") - -_S(233, "getpgid") -_S(234, "getsid") -_S(235, "sigaltstack") -_S(236, "osf_waitid") -_S(237, "osf_priocntlset") -_S(238, "osf_sigsendset") -_S(239, "osf_set_speculative") -_S(240, "osf_msfs_syscall") -_S(241, "osf_sysinfo") -_S(242, "osf_uadmin") -_S(243, "osf_fuser") -_S(244, "osf_proplist_syscall") -_S(245, "osf_ntp_adjtime") -_S(246, "osf_ntp_gettime") -_S(247, "osf_pathconf") -_S(248, "osf_fpathconf") - -_S(250, "osf_uswitch") -_S(251, "osf_usleep_thread") -_S(252, "osf_audcntl") -_S(253, "osf_audgen") -_S(254, "sysfs") -_S(255, "osf_subsys_info") -_S(256, "osf_getsysinfo") -_S(257, "osf_setsysinfo") -_S(258, "osf_afs_syscall") -_S(259, "osf_swapctl") -_S(260, "osf_memcntl") -_S(261, "osf_fdatasync") - -_S(300, "bdflush") -_S(301, "sethae") -_S(302, "mount") -_S(303, "old_adjtimex") -_S(304, "swapoff") -_S(305, "getdents") -_S(306, "create_module") -_S(307, "init_module") -_S(308, "delete_module") -_S(309, "get_kernel_syms") -_S(310, "syslog") -_S(311, "reboot") -_S(312, "clone") -_S(313, "uselib") -_S(314, "mlock") -_S(315, "munlock") -_S(316, "mlockall") -_S(317, "munlockall") -_S(318, "sysinfo") -_S(319, "_sysctl") -/* 320 was sys_idle. */ -_S(321, "oldumount") -_S(322, "swapon") -_S(323, "times") -_S(324, "personality") -_S(325, "setfsuid") -_S(326, "setfsgid") -_S(327, "ustat") -_S(328, "statfs") -_S(329, "fstatfs") -_S(330, "sched_setparam") -_S(331, "sched_getparam") -_S(332, "sched_setscheduler") -_S(333, "sched_getscheduler") -_S(334, "sched_yield") -_S(335, "sched_get_priority_max") -_S(336, "sched_get_priority_min") -_S(337, "sched_rr_get_interval") -_S(338, "afs_syscall") -_S(339, "uname") -_S(340, "nanosleep") -_S(341, "mremap") -_S(342, "nfsservctl") -_S(343, "setresuid") -_S(344, "getresuid") -_S(345, "pciconfig_read") -_S(346, "pciconfig_write") -_S(347, "query_module") -_S(348, "prctl") -_S(349, "pread") -_S(350, "pwrite") -_S(351, "rt_sigreturn") -_S(352, "rt_sigaction") -_S(353, "rt_sigprocmask") -_S(354, "rt_sigpending") -_S(355, "rt_sigtimedwait") -_S(356, "rt_sigqueueinfo") -_S(357, "rt_sigsuspend") -_S(358, "select") -_S(359, "gettimeofday") -_S(360, "settimeofday") -_S(361, "getitimer") -_S(362, "setitimer") -_S(363, "utimes") -_S(364, "getrusage") -_S(365, "wait4") -_S(366, "adjtimex") -_S(367, "getcwd") -_S(368, "capget") -_S(369, "capset") -_S(370, "sendfile") -_S(371, "setresgid") -_S(372, "getresgid") -_S(373, "dipc") -_S(374, "pivot_root") -_S(375, "mincore") -_S(376, "pciconfig_iobase") -_S(377, "getdents64") -_S(378, "gettid") -_S(379, "readahead") -/* 380 is unused */ -_S(381, "tkill") -_S(382, "setxattr") -_S(383, "lsetxattr") -_S(384, "fsetxattr") -_S(385, "getxattr") -_S(386, "lgetxattr") -_S(387, "fgetxattr") -_S(388, "listxattr") -_S(389, "llistxattr") -_S(390, "flistxattr") -_S(391, "removexattr") -_S(392, "lremovexattr") -_S(393, "fremovexattr") -_S(394, "futex") -_S(395, "sched_setaffinity") -_S(396, "sched_getaffinity") -_S(397, "tuxcall") -_S(398, "io_setup") -_S(399, "io_destroy") -_S(400, "io_getevents") -_S(401, "io_submit") -_S(402, "io_cancel") -_S(405, "exit_group") -_S(406, "lookup_dcookie") -_S(407, "epoll_create") -_S(408, "epoll_ctl") -_S(409, "epoll_wait") -_S(410, "remap_file_pages") -_S(411, "set_tid_address") -_S(412, "restart_syscall") -_S(413, "fadvise64") -_S(424, "tgkill") -_S(425, "stat64") -_S(426, "lstat64") -_S(427, "fstat64") -_S(428, "vserver") -_S(429, "mbind") -_S(430, "get_mempolicy") -_S(431, "set_mempolicy") -_S(432, "mq_open") -_S(433, "mq_unlink") -_S(434, "mq_timedsend") -_S(435, "mq_timedreceive") -_S(436, "mq_notify") -_S(437, "mq_getsetattr") -_S(438, "waitid") -_S(439, "add_key") -_S(440, "request_key") -_S(441, "keyctl") -_S(442, "ioprio_set") -_S(443, "ioprio_get") -_S(444, "inotify_init") -_S(445, "inotify_add_watch") -_S(446, "inotify_rm_watch") -_S(447, "fdatasync") -_S(448, "kexec_load") -_S(449, "migrate_pages") -_S(450, "openat") -_S(451, "mkdirat") -_S(452, "mknodat") -_S(453, "fchownat") -_S(454, "futimesat") -_S(455, "fstatat64") -_S(456, "unlinkat") -_S(457, "renameat") -_S(458, "linkat") -_S(459, "symlinkat") -_S(460, "readlinkat") -_S(461, "fchmodat") -_S(462, "faccessat") -_S(463, "pselect6") -_S(464, "ppoll") -_S(465, "unshare") -_S(466, "set_robust_list") -_S(467, "get_robust_list") -_S(468, "splice") -_S(469, "sync_file_range") -_S(470, "tee") -_S(471, "vmsplice") -_S(472, "move_pages") -_S(473, "getcpu") -_S(474, "epoll_pwait") -_S(475, "utimensat") -_S(476, "signalfd") -_S(477, "timerfd") -_S(478, "eventfd") -_S(479, "recvmmsg") -_S(480, "fallocate") -_S(481, "timerfd_create") -_S(482, "timerfd_settime") -_S(483, "timerfd_gettime") -_S(484, "signalfd4") -_S(485, "eventfd2") -_S(486, "epoll_create1") -_S(487, "dup3") -_S(488, "pipe2") -_S(489, "inotify_init1") -_S(490, "preadv") -_S(491, "pwritev") -_S(492, "rt_tgsigqueueinfo") -_S(493, "perf_event_open") -_S(494, "fanotify_init") -_S(495, "fanotify_mark") -_S(496, "prlimit64") -_S(497, "name_to_handle_at") -_S(498, "open_by_handle_at") -_S(499, "clock_adjtime") -_S(500, "syncfs") -_S(501, "setns") -_S(502, "accept4") -_S(503, "sendmmsg") -_S(504, "process_vm_readv") -_S(505, "process_vm_writev") -_S(506, "kcmp") -_S(507, "finit_module") -_S(508, "sched_setattr") -_S(509, "sched_getattr") -_S(510, "renameat2") diff --git a/framework/src/audit/lib/arm_table.h b/framework/src/audit/lib/arm_table.h deleted file mode 100644 index 56a1c9fc..00000000 --- a/framework/src/audit/lib/arm_table.h +++ /dev/null @@ -1,373 +0,0 @@ -/* arm_table.h -- - * Copyright 2009-10,2013-15 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ -_S(0, "restart_syscall") -_S(1, "exit") -_S(2, "fork") -_S(3, "read") -_S(4, "write") -_S(5, "open") -_S(6, "close") -_S(8, "creat") -_S(9, "link") -_S(10, "unlink") -_S(11, "execve") -_S(12, "chdir") -_S(13, "time") -_S(14, "mknod") -_S(15, "chmod") -_S(16, "lchown") -_S(19, "lseek") -_S(20, "getpid") -_S(21, "mount") -_S(22, "umount") -_S(23, "setuid") -_S(24, "getuid") -_S(25, "stime") -_S(26, "ptrace") -_S(27, "alarm") -_S(29, "pause") -_S(30, "utime") -_S(33, "access") -_S(34, "nice") -_S(36, "sync") -_S(37, "kill") -_S(38, "rename") -_S(39, "mkdir") -_S(40, "rmdir") -_S(41, "dup") -_S(42, "pipe") -_S(43, "times") -_S(45, "brk") -_S(46, "setgid") -_S(47, "getgid") -_S(49, "geteuid") -_S(50, "getegid") -_S(51, "acct") -_S(52, "umount2") -_S(54, "ioctl") -_S(55, "fcntl") -_S(57, "setpgid") -_S(60, "umask") -_S(61, "chroot") -_S(62, "ustat") -_S(63, "dup2") -_S(64, "getppid") -_S(65, "getpgrp") -_S(66, "setsid") -_S(67, "sigaction") -_S(70, "setreuid") -_S(71, "setregid") -_S(72, "sigsuspend") -_S(73, "sigpending") -_S(74, "sethostname") -_S(75, "setrlimit") -_S(76, "getrlimit") -_S(77, "getrusage") -_S(78, "gettimeofday") -_S(79, "settimeofday") -_S(80, "getgroups") -_S(81, "setgroups") -_S(82, "select") -_S(83, "symlink") -_S(85, "readlink") -_S(86, "uselib") -_S(87, "swapon") -_S(88, "reboot") -_S(89, "readdir") -_S(90, "mmap") -_S(91, "munmap") -_S(92, "truncate") -_S(93, "ftruncate") -_S(94, "fchmod") -_S(95, "fchown") -_S(96, "getpriority") -_S(97, "setpriority") -_S(99, "statfs") -_S(100, "fstatfs") -_S(102, "socketcall") -_S(103, "syslog") -_S(104, "setitimer") -_S(105, "getitimer") -_S(106, "stat") -_S(107, "lstat") -_S(108, "fstat") -_S(111, "vhangup") -_S(113, "syscall") -_S(114, "wait4") -_S(115, "swapoff") -_S(116, "sysinfo") -_S(117, "ipc") -_S(118, "fsync") -_S(119, "sigreturn") -_S(120, "clone") -_S(121, "setdomainname") -_S(122, "uname") -_S(124, "adjtimex") -_S(125, "mprotect") -_S(126, "sigprocmask") -_S(128, "init_module") -_S(129, "delete_module") -_S(131, "quotactl") -_S(132, "getpgid") -_S(133, "fchdir") -_S(134, "bdflush") -_S(135, "sysfs") -_S(136, "personality") -_S(138, "setfsuid") -_S(139, "setfsgid") -_S(140, "llseek") -_S(141, "getdents") -_S(142, "newselect") -_S(143, "flock") -_S(144, "msync") -_S(145, "readv") -_S(146, "writev") -_S(147, "getsid") -_S(148, "fdatasync") -_S(149, "sysctl") -_S(150, "mlock") -_S(151, "munlock") -_S(152, "mlockall") -_S(153, "munlockall") -_S(154, "sched_setparam") -_S(155, "sched_getparam") -_S(156, "sched_setscheduler") -_S(157, "sched_getscheduler") -_S(158, "sched_yield") -_S(159, "sched_get_priority_max") -_S(160, "sched_get_priority_min") -_S(161, "sched_rr_get_interval") -_S(162, "nanosleep") -_S(163, "mremap") -_S(164, "setresuid") -_S(165, "getresuid") -_S(168, "poll") -_S(169, "nfsservctl") -_S(170, "setresgid") -_S(171, "getresgid") -_S(172, "prctl") -_S(173, "rt_sigreturn") -_S(174, "rt_sigaction") -_S(175, "rt_sigprocmask") -_S(176, "rt_sigpending") -_S(177, "rt_sigtimedwait") -_S(178, "rt_sigqueueinfo") -_S(179, "rt_sigsuspend") -_S(180, "pread64") -_S(181, "pwrite64") -_S(182, "chown") -_S(183, "getcwd") -_S(184, "capget") -_S(185, "capset") -_S(186, "sigaltstack") -_S(187, "sendfile") -_S(190, "vfork") -_S(191, "ugetrlimit") -_S(192, "mmap2") -_S(193, "truncate64") -_S(194, "ftruncate64") -_S(195, "stat64") -_S(196, "lstat64") -_S(197, "fstat64") -_S(198, "lchown32") -_S(199, "getuid32") -_S(200, "getgid32") -_S(201, "geteuid32") -_S(202, "getegid32") -_S(203, "setreuid32") -_S(204, "setregid32") -_S(205, "getgroups32") -_S(206, "setgroups32") -_S(207, "fchown32") -_S(208, "setresuid32") -_S(209, "getresuid32") -_S(210, "setresgid32") -_S(211, "getresgid32") -_S(212, "chown32") -_S(213, "setuid32") -_S(214, "setgid32") -_S(215, "setfsuid32") -_S(216, "setfsgid32") -_S(217, "getdents64") -_S(218, "pivot_root") -_S(219, "mincore") -_S(220, "madvise") -_S(221, "fcntl64") -_S(224, "gettid") -_S(225, "readahead") -_S(226, "setxattr") -_S(227, "lsetxattr") -_S(228, "fsetxattr") -_S(229, "getxattr") -_S(230, "lgetxattr") -_S(231, "fgetxattr") -_S(232, "listxattr") -_S(233, "llistxattr") -_S(234, "flistxattr") -_S(235, "removexattr") -_S(236, "lremovexattr") -_S(237, "fremovexattr") -_S(238, "tkill") -_S(239, "sendfile64") -_S(240, "futex") -_S(241, "sched_setaffinity") -_S(242, "sched_getaffinity") -_S(243, "io_setup") -_S(244, "io_destroy") -_S(245, "io_getevents") -_S(246, "io_submit") -_S(247, "io_cancel") -_S(248, "exit_group") -_S(249, "lookup_dcookie") -_S(250, "epoll_create") -_S(251, "epoll_ctl") -_S(252, "epoll_wait") -_S(253, "remap_file_pages") -_S(256, "set_tid_address") -_S(257, "timer_create") -_S(258, "timer_settime") -_S(259, "timer_gettime") -_S(260, "timer_getoverrun") -_S(261, "timer_delete") -_S(262, "clock_settime") -_S(263, "clock_gettime") -_S(264, "clock_getres") -_S(265, "clock_nanosleep") -_S(266, "statfs64") -_S(267, "fstatfs64") -_S(268, "tgkill") -_S(269, "utimes") -_S(270, "fadvise64_64") -_S(271, "pciconfig_iobase") -_S(272, "pciconfig_read") -_S(273, "pciconfig_write") -_S(274, "mq_open") -_S(275, "mq_unlink") -_S(276, "mq_timedsend") -_S(277, "mq_timedreceive") -_S(278, "mq_notify") -_S(279, "mq_getsetattr") -_S(280, "waitid") -_S(281, "socket") -_S(282, "bind") -_S(283, "connect") -_S(284, "listen") -_S(285, "accept") -_S(286, "getsockname") -_S(287, "getpeername") -_S(288, "socketpair") -_S(289, "send") -_S(290, "sendto") -_S(291, "recv") -_S(292, "recvfrom") -_S(293, "shutdown") -_S(294, "setsockopt") -_S(295, "getsockopt") -_S(296, "sendmsg") -_S(297, "recvmsg") -_S(298, "semop") -_S(299, "semget") -_S(300, "semctl") -_S(301, "msgsnd") -_S(302, "msgrcv") -_S(303, "msgget") -_S(304, "msgctl") -_S(305, "shmat") -_S(306, "shmdt") -_S(307, "shmget") -_S(308, "shmctl") -_S(309, "add_key") -_S(310, "request_key") -_S(311, "keyctl") -_S(312, "semtimedop") -_S(313, "vserver") -_S(314, "ioprio_set") -_S(315, "ioprio_get") -_S(316, "inotify_init") -_S(317, "inotify_add_watch") -_S(318, "inotify_rm_watch") -_S(319, "mbind") -_S(320, "get_mempolicy") -_S(321, "set_mempolicy") -_S(322, "openat") -_S(323, "mkdirat") -_S(324, "mknodat") -_S(325, "fchownat") -_S(326, "futimesat") -_S(327, "fstatat64") -_S(328, "unlinkat") -_S(329, "renameat") -_S(330, "linkat") -_S(331, "symlinkat") -_S(332, "readlinkat") -_S(333, "fchmodat") -_S(334, "faccessat") -_S(337, "unshare") -_S(338, "set_robust_list") -_S(339, "get_robust_list") -_S(340, "splice") -_S(341, "sync_file_range") -_S(342, "tee") -_S(343, "vmsplice") -_S(344, "move_pages") -_S(345, "getcpu") -_S(347, "kexec_load") -_S(348, "utimensat") -_S(349, "signalfd") -_S(350, "timerfd_create") -_S(351, "eventfd") -_S(352, "fallocate") -_S(353, "timerfd_settime") -_S(354, "timerfd_gettime") -_S(355, "signalfd4") -_S(356, "eventfd2") -_S(357, "epoll_create1") -_S(358, "dup3") -_S(359, "pipe2") -_S(360, "inotify_init1") -_S(361, "preadv") -_S(362, "pwritev") -_S(363, "rt_tgsigqueueinfo") -_S(364, "perf_event_open") -_S(365, "recvmmsg") -_S(366, "accept4") -_S(367, "fanotify_init") -_S(368, "fanotify_mark") -_S(369, "prlimit64") -_S(370, "name_to_handle_at") -_S(371, "open_by_handle_at") -_S(372, "clock_adjtime") -_S(373, "syncfs") -_S(374, "sendmmsg") -_S(375, "setns") -_S(376, "process_vm_readv") -_S(377, "process_vm_writev") -_S(378, "kcmp") -_S(379, "finit_module") -_S(380, "sched_setattr") -_S(381, "sched_getattr") -_S(382, "renameat2") -_S(383, "seccomp") -_S(384, "getrandom") -_S(385, "memfd_create") -_S(386, "bpf") -_S(387, "execveat") diff --git a/framework/src/audit/lib/audit.pc.in b/framework/src/audit/lib/audit.pc.in deleted file mode 100644 index 140c919c..00000000 --- a/framework/src/audit/lib/audit.pc.in +++ /dev/null @@ -1,10 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: libaudit -Description: Libraries needed for apps that use the kernel audit framework -Version: @VERSION@ -Libs: -L${libdir} -laudit -Cflags: -I${includedir} diff --git a/framework/src/audit/lib/audit_logging.c b/framework/src/audit/lib/audit_logging.c deleted file mode 100644 index c9461061..00000000 --- a/framework/src/audit/lib/audit_logging.c +++ /dev/null @@ -1,746 +0,0 @@ -/* audit_logging.c -- - * Copyright 2005-2008,2010,2011,2013 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -#include "config.h" -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <unistd.h> -#include <sys/stat.h> -#include <errno.h> -#include <netinet/in.h> // inet6 addrlen -#include <netdb.h> // gethostbyname -#include <arpa/inet.h> // inet_ntop -#include <utmp.h> -#include <limits.h> // PATH_MAX - -#include "libaudit.h" -#include "private.h" - -#define TTY_PATH 32 -#define MAX_USER (UT_NAMESIZE * 2) + 8 - -// NOTE: The kernel fills in pid, uid, and loginuid of sender. Therefore, -// these routines do not need to send them. - -/* - * resolve's the hostname - caller must pass a INET6_ADDRSTRLEN byte buffer - * Returns string w/ numerical address, or "?" on failure - */ -static void _resolve_addr(char buf[], const char *host) -{ - struct addrinfo *ai; - struct addrinfo hints; - int e; - - buf[0] = '?'; - buf[1] = 0; - /* Short circuit this lookup if NULL, or empty */ - if (host == NULL || *host == 0) - return; - - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_ADDRCONFIG; - hints.ai_socktype = SOCK_STREAM; - - e = getaddrinfo(host, NULL, &hints, &ai); - if (e != 0) { - audit_msg(LOG_ERR, - "resolve_addr: cannot resolve hostname %s (%s)", - host, gai_strerror(e)); - return; - } - // What to do if more than 1 addr? - inet_ntop(ai->ai_family, ai->ai_family == AF_INET ? - (void *) &((struct sockaddr_in *)ai->ai_addr)->sin_addr : - (void *) &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr, - buf, INET6_ADDRSTRLEN); - freeaddrinfo(ai); -} - -/* - * This function checks a string to see if it needs encoding. It - * return 1 if needed and 0 if not - */ -int audit_value_needs_encoding(const char *str, unsigned int size) -{ - unsigned int i; - - if (str == NULL) - return 0; - - for (i=0; i<size; i++) { - // we don't test for > 0x7f because str[] is signed. - if (str[i] == '"' || str[i] < 0x21 || str[i] == 0x7F) - return 1; - } - return 0; -} - -/* - * This function does encoding of "untrusted" names just like the kernel - */ -char *audit_encode_value(char *final, const char *buf, unsigned int size) -{ - unsigned int i; - char *ptr = final; - const char *hex = "0123456789ABCDEF"; - - if (final == NULL) - return NULL; - - if (buf == NULL) { - *final = 0; - return final; - } - - for (i=0; i<size; i++) { - *ptr++ = hex[(buf[i] & 0xF0)>>4]; /* Upper nibble */ - *ptr++ = hex[buf[i] & 0x0F]; /* Lower nibble */ - } - *ptr = 0; - return final; -} - -char *audit_encode_nv_string(const char *name, const char *value, - unsigned int vlen) -{ - char *str; - - if (vlen == 0 && value) - vlen = strlen(value); - - if (value && audit_value_needs_encoding(value, vlen)) { - char *tmp = malloc(2*vlen + 1); - if (tmp) { - audit_encode_value(tmp, value, vlen); - if (asprintf(&str, "%s=%s", name, tmp) < 0) - str = NULL; - free(tmp); - } else - str = NULL; - } else - if (asprintf(&str, "%s=\"%s\"", name, value ? value : "?") < 0) - str = NULL; - return str; -} - -/* - * Get the executable's name - */ -static char *_get_exename(char *exename, int size) -{ - int res; - char tmp[PATH_MAX+1]; - - /* get the name of the current executable */ - if ((res = readlink("/proc/self/exe", tmp, PATH_MAX)) == -1) { - strcpy(exename, "\"?\""); - audit_msg(LOG_ERR, "get_exename: cannot determine executable"); - } else { - tmp[res] = '\0'; - if (audit_value_needs_encoding(tmp, res)) - return audit_encode_value(exename, tmp, res); - snprintf(exename, size, "\"%s\"", tmp); - } - return exename; -} - -/* - * Get the command line name - * NOTE: at the moment, this only escapes what the user sent - */ -static char *_get_commname(const char *comm, char *commname, unsigned int size) -{ - unsigned int len; - - if (comm == NULL) { - strcpy(commname, "\"?\""); - return commname; - } - - len = strlen(comm); - if (audit_value_needs_encoding(comm, len)) - audit_encode_value(commname, comm, len); - else - snprintf(commname, size, "\"%s\"", comm); - - return commname; -} - -static int check_ttyname(const char *ttyn) -{ - struct stat statbuf; - - if (lstat(ttyn, &statbuf) - || !S_ISCHR(statbuf.st_mode) - || (statbuf.st_nlink > 1 && strncmp(ttyn, "/dev/", 5))) { - audit_msg(LOG_ERR, "FATAL: bad tty %s", ttyn); - return 1; - } - return 0; -} - -static const char *_get_tty(char *tname, int size) -{ - int rc, i, found = 0; - - for (i=0; i<3 && !found; i++) { - rc = ttyname_r(i, tname, size); - if (rc == 0 && tname[0] != '\0') - found = 1; - } - - if (!found) - return NULL; - - if (check_ttyname(tname)) - return NULL; - - if (strncmp(tname, "/dev/", 5) == 0) - return &tname[5]; - - return tname; -} - -/* - * This function will log a message to the audit system using a predefined - * message format. This function should be used by all console apps that do - * not manipulate accounts or groups. - * - * audit_fd - The fd returned by audit_open - * type - type of message, ex: AUDIT_USER, AUDIT_USYS_CONFIG, AUDIT_USER_LOGIN - * message - the message being sent - * hostname - the hostname if known - * addr - The network address of the user - * tty - The tty of the user - * result - 1 is "success" and 0 is "failed" - * - * It returns the sequence number which is > 0 on success or <= 0 on error. - */ -int audit_log_user_message(int audit_fd, int type, const char *message, - const char *hostname, const char *addr, const char *tty, int result) -{ - char buf[MAX_AUDIT_MESSAGE_LENGTH]; - char addrbuf[INET6_ADDRSTRLEN]; - static char exename[PATH_MAX*2]=""; - char ttyname[TTY_PATH]; - const char *success; - int ret; - - if (audit_fd < 0) - return 0; - - if (result) - success = "success"; - else - success = "failed"; - - /* If hostname is empty string, make it NULL ptr */ - if (hostname && *hostname == 0) - hostname = NULL; - addrbuf[0] = 0; - if (addr == NULL || strlen(addr) == 0) - _resolve_addr(addrbuf, hostname); - else - strncat(addrbuf, addr, sizeof(addrbuf)-1); - - if (exename[0] == 0) - _get_exename(exename, sizeof(exename)); - if (tty == NULL) - tty = _get_tty(ttyname, TTY_PATH); - else if (*tty == 0) - tty = NULL; - - snprintf(buf, sizeof(buf), - "%s exe=%s hostname=%s addr=%s terminal=%s res=%s", - message, exename, - hostname ? hostname : "?", - addrbuf, - tty ? tty : "?", - success - ); - - errno = 0; - ret = audit_send_user_message( audit_fd, type, HIDE_IT, buf ); - if ((ret < 1) && errno == 0) - errno = ret; - return ret; -} - -/* - * This function will log a message to the audit system using a predefined - * message format. This function should be used by all console apps that do - * not manipulate accounts or groups and are executing a script. An example - * would be python or crond wanting to say what they are executing. - * - * audit_fd - The fd returned by audit_open - * type - type of message, ex: AUDIT_USER, AUDIT_USYS_CONFIG, AUDIT_USER_LOGIN - * message - the message being sent - * comm - the program command line name - * hostname - the hostname if known - * addr - The network address of the user - * tty - The tty of the user - * result - 1 is "success" and 0 is "failed" - * - * It returns the sequence number which is > 0 on success or <= 0 on error. - */ -int audit_log_user_comm_message(int audit_fd, int type, const char *message, - const char *comm, const char *hostname, const char *addr, - const char *tty, int result) -{ - char buf[MAX_AUDIT_MESSAGE_LENGTH]; - char addrbuf[INET6_ADDRSTRLEN]; - static char exename[PATH_MAX*2]=""; - char commname[PATH_MAX*2]; - char ttyname[TTY_PATH]; - const char *success; - int ret; - - if (audit_fd < 0) - return 0; - - if (result) - success = "success"; - else - success = "failed"; - - /* If hostname is empty string, make it NULL ptr */ - if (hostname && *hostname == 0) - hostname = NULL; - addrbuf[0] = 0; - if (addr == NULL || strlen(addr) == 0) - _resolve_addr(addrbuf, hostname); - else - strncat(addrbuf, addr, sizeof(addrbuf)-1); - if (exename[0] == 0) - _get_exename(exename, sizeof(exename)); - if (tty == NULL) - tty = _get_tty(ttyname, TTY_PATH); - else if (*tty == 0) - tty = NULL; - - _get_commname(comm, commname, sizeof(commname)); - - snprintf(buf, sizeof(buf), - "%s comm=%s exe=%s hostname=%s addr=%s terminal=%s res=%s", - message, commname, exename, - hostname ? hostname : "?", - addrbuf, - tty ? tty : "?", - success - ); - - errno = 0; - ret = audit_send_user_message( audit_fd, type, HIDE_IT, buf ); - if ((ret < 1) && errno == 0) - errno = ret; - return ret; -} - - -/* - * This function will log a message to the audit system using a predefined - * message format. It should be used for all account manipulation operations. - * Parameter usage is as follows: - * - * audit_fd - The fd returned by audit_open - * type - type of message: AUDIT_USER_CHAUTHTOK for changing any account - * attributes. - * pgname - program's name - * op - operation. "adding user", "changing finger info", "deleting group" - * name - user's account or group name. If not available use NULL. - * id - uid or gid that the operation is being performed on. This is used - * only when user is NULL. - * host - The hostname if known - * addr - The network address of the user - * tty - The tty of the user - * result - 1 is "success" and 0 is "failed" - * - * It returns the sequence number which is > 0 on success or <= 0 on error. - */ -int audit_log_acct_message(int audit_fd, int type, const char *pgname, - const char *op, const char *name, unsigned int id, - const char *host, const char *addr, const char *tty, int result) -{ - const char *success; - char buf[MAX_AUDIT_MESSAGE_LENGTH]; - char addrbuf[INET6_ADDRSTRLEN]; - static char exename[PATH_MAX*2] = ""; - char ttyname[TTY_PATH]; - int ret; - - if (audit_fd < 0) - return 0; - - if (result) - success = "success"; - else - success = "failed"; - - /* If hostname is empty string, make it NULL ptr */ - if (host && *host == 0) - host = NULL; - addrbuf[0] = 0; - if (addr == NULL || strlen(addr) == 0) - _resolve_addr(addrbuf, host); - else - strncat(addrbuf, addr, sizeof(addrbuf)-1); - - if (pgname == NULL) { - if (exename[0] == 0) - _get_exename(exename, sizeof(exename)); - } else if (pgname[0] != '"') - snprintf(exename, sizeof(exename), "\"%s\"", pgname); - else - snprintf(exename, sizeof(exename), "%s", pgname); - - if (tty == NULL) - tty = _get_tty(ttyname, TTY_PATH); - else if (*tty == 0) - tty = NULL; - - if (name && id == -1) { - char user[MAX_USER]; - const char *format; - size_t len; - - user[0] = 0; - strncat(user, name, MAX_USER-1); - len = strnlen(user, UT_NAMESIZE); - user[len] = 0; - if (audit_value_needs_encoding(name, len)) { - audit_encode_value(user, name, len); - format = - "op=%s acct=%s exe=%s hostname=%s addr=%s terminal=%s res=%s"; - } else - format = - "op=%s acct=\"%s\" exe=%s hostname=%s addr=%s terminal=%s res=%s"; - - snprintf(buf, sizeof(buf), format, - op, user, exename, - host ? host : "?", - addrbuf, - tty ? tty : "?", - success - ); - } else - snprintf(buf, sizeof(buf), - "op=%s id=%u exe=%s hostname=%s addr=%s terminal=%s res=%s", - op, id, exename, - host ? host : "?", - addrbuf, - tty ? tty : "?", - success - ); - - errno = 0; - ret = audit_send_user_message(audit_fd, type, REAL_ERR, buf); - if ((ret < 1) && errno == 0) - errno = ret; - return ret; -} - -/* - * This function will log a message to the audit system using a predefined - * message format. This function should be used by all apps that are SE Linux - * object managers. - * - * audit_fd - The fd returned by audit_open - * type - type of message, ex: AUDIT_USER, AUDIT_USYS_CONFIG, AUDIT_USER_LOGIN - * message - the message being sent - * hostname - the hostname if known - * addr - The network address of the user - * tty - The tty of the user - * uid - The auid of the person related to the avc message - * - * It returns the sequence number which is > 0 on success or <= 0 on error. - */ -int audit_log_user_avc_message(int audit_fd, int type, const char *message, - const char *hostname, const char *addr, const char *tty, uid_t uid) -{ - char buf[MAX_AUDIT_MESSAGE_LENGTH]; - char addrbuf[INET6_ADDRSTRLEN]; - static char exename[PATH_MAX*2] = ""; - char ttyname[TTY_PATH]; - int retval; - - if (audit_fd < 0) - return 0; - - /* If hostname is empty string, make it NULL ptr */ - if (hostname && *hostname == 0) - hostname = NULL; - addrbuf[0] = 0; - if (addr == NULL || strlen(addr) == 0) - _resolve_addr(addrbuf, hostname); - else - strncat(addrbuf, addr, sizeof(addrbuf)-1); - if (exename[0] == 0) - _get_exename(exename, sizeof(exename)); - if (tty == NULL) - tty = _get_tty(ttyname, TTY_PATH); - else if (*tty == 0) - tty = NULL; - - snprintf(buf, sizeof(buf), - "%s exe=%s sauid=%d hostname=%s addr=%s terminal=%s", - message, exename, uid, - hostname ? hostname : "?", - addrbuf, - tty ? tty : "?" - ); - - errno = 0; - retval = audit_send_user_message( audit_fd, type, REAL_ERR, buf ); - if (retval == -EPERM && getuid() != 0) { - syslog(LOG_ERR, "Can't send to audit system: %s %s", - audit_msg_type_to_name(type), buf); - return 0; - } - if ((retval < 1) && errno == 0) - errno = retval; - return retval; -} - -/* - * This function will log a message to the audit system using a predefined - * message format. It should be used for all SE linux user and role - * manipulation operations. - * Parameter usage is as follows: - * - * type - type of message: AUDIT_ROLE_ASSIGN/REMOVE for changing any SE Linux - * user or role attributes. - * pgname - program's name - * op - operation. "adding-user", "adding-role", "deleting-user", "deleting-role" - * name - user's account. If not available use NULL. - * id - uid that the operation is being performed on. This is used - * only when name is NULL. - * new_seuser - the new seuser that the login user is getting - * new_role - the new_role that the login user is getting - * new_range - the new mls range that the login user is getting - * old_seuser - the old seuser that the login usr had - * old_role - the old role that the login user had - * old_range - the old mls range that the login usr had - * host - The hostname if known - * addr - The network address of the user - * tty - The tty of the user - * result - 1 is "success" and 0 is "failed" - * - * It returns the sequence number which is > 0 on success or <= 0 on error. - */ -int audit_log_semanage_message(int audit_fd, int type, const char *pgname, - const char *op, const char *name, unsigned int id, - const char *new_seuser, const char *new_role, const char *new_range, - const char *old_seuser, const char *old_role, const char *old_range, - const char *host, const char *addr, - const char *tty, int result) -{ - const char *success; - char buf[MAX_AUDIT_MESSAGE_LENGTH]; - char addrbuf[INET6_ADDRSTRLEN]; - static char exename[PATH_MAX*2] = ""; - char ttyname[TTY_PATH]; - int ret; - - if (audit_fd < 0) - return 0; - - if (result) - success = "success"; - else - success = "failed"; - - /* If hostname is empty string, make it NULL ptr */ - if (host && *host == 0) - host = NULL; - addrbuf[0] = 0; - if (addr == NULL || strlen(addr) == 0) - _resolve_addr(addrbuf, host); - else - strncat(addrbuf, addr, sizeof(addrbuf)-1); - - if (pgname == NULL || strlen(pgname) == 0) { - if (exename[0] == 0) - _get_exename(exename, sizeof(exename)); - pgname = exename; - } - if (tty == NULL || strlen(tty) == 0) - tty = _get_tty(ttyname, TTY_PATH); - else if (*tty == 0) - tty = NULL; - - if (name && strlen(name) > 0) { - size_t len; - const char *format; - char user[MAX_USER]; - - user[0] = 0; - strncat(user, name, MAX_USER-1); - len = strnlen(user, UT_NAMESIZE); - user[len] = 0; - if (audit_value_needs_encoding(name, len)) { - audit_encode_value(user, name, len); - format = "op=%s acct=%s old-seuser=%s old-role=%s old-range=%s new-seuser=%s new-role=%s new-range=%s exe=%s hostname=%s addr=%s terminal=%s res=%s"; - } else - format = "op=%s acct=\"%s\" old-seuser=%s old-role=%s old-range=%s new-seuser=%s new-role=%s new-range=%s exe=%s hostname=%s addr=%s terminal=%s res=%s"; - snprintf(buf, sizeof(buf), format, op, user, - old_seuser && strlen(old_seuser) ? old_seuser : "?", - old_role && strlen(old_role) ? old_role : "?", - old_range && strlen(old_range) ? old_range : "?", - new_seuser && strlen(new_seuser) ? new_seuser : "?", - new_role && strlen(new_role) ? new_role : "?", - new_range && strlen(new_range) ? new_range : "?", - pgname, - host && strlen(host) ? host : "?", - addrbuf, - tty && strlen(tty) ? tty : "?", - success - ); - } else - snprintf(buf, sizeof(buf), - "op=%s id=%u old-seuser=%s old-role=%s old-range=%s new-seuser=%s new-role=%s new-range=%s exe=%s hostname=%s addr=%s terminal=%s res=%s", - op, id, - old_seuser && strlen(old_seuser) ? old_seuser : "?", - old_role && strlen(old_role) ? old_role : "?", - old_range && strlen(old_range) ? old_range : "?", - new_seuser && strlen(new_seuser) ? new_seuser : "?", - new_role && strlen(new_role) ? new_role : "?", - new_range && strlen(new_range) ? new_range : "?", - pgname, - host && strlen(host) ? host : "?", - addrbuf, - tty && strlen(tty) ? tty : "?", - success - ); - - errno = 0; - ret = audit_send_user_message(audit_fd, type, REAL_ERR, buf); - if ((ret < 1) && errno == 0) - errno = ret; - return ret; -} - -/* - * This function will log a message to the audit system using a predefined - * message format. This function should be used by all console apps that do - * not manipulate accounts or groups. - * - * audit_fd - The fd returned by audit_open - * type - type of message, ex: AUDIT_USER_CMD - * command - the command line being logged - * tty - The tty of the user - * result - 1 is "success" and 0 is "failed" - * - * It returns the sequence number which is > 0 on success or <= 0 on error. - */ -int audit_log_user_command(int audit_fd, int type, const char *command, - const char *tty, int result) -{ - char *p; - char buf[MAX_AUDIT_MESSAGE_LENGTH]; - char commname[PATH_MAX*2]; - char cwdname[PATH_MAX*2]; - char ttyname[TTY_PATH]; - char format[64]; - const char *success; - char *cmd; - int ret, cwdenc=0, cmdenc=0; - unsigned int len; - - if (audit_fd < 0) - return 0; - - if (result) - success = "success"; - else - success = "failed"; - - if (tty == NULL) - tty = _get_tty(ttyname, TTY_PATH); - else if (*tty == 0) - tty = NULL; - - /* Trim leading spaces */ - while (*command == ' ') - command++; - - cmd = strdup(command); - if (cmd == NULL) - return -1; - - // We borrow the commname buffer - if (getcwd(commname, PATH_MAX) == NULL) - strcpy(commname, "?"); - len = strlen(commname); - if (audit_value_needs_encoding(commname, len)) { - audit_encode_value(cwdname, commname, len); - cwdenc = 1; - } else - strcpy(cwdname, commname); - - len = strlen(cmd); - // Trim the trailing carriage return and spaces - while (len && (cmd[len-1] == 0x0A || cmd[len-1] == ' ')) { - cmd[len-1] = 0; - len--; - } - - if (len >= PATH_MAX) { - cmd[PATH_MAX] = 0; - len = PATH_MAX-1; - } - if (audit_value_needs_encoding(cmd, len)) { - audit_encode_value(commname, cmd, len); - cmdenc = 1; - } - if (cmdenc == 0) - strcpy(commname, cmd); - free(cmd); - - // Make the format string - if (cwdenc) - p=stpcpy(format, "cwd=%s "); - else - p=stpcpy(format, "cwd=\"%s\" "); - - if (cmdenc) - p = stpcpy(p, "cmd=%s "); - else - p = stpcpy(p, "cmd=\"%s\" "); - - strcpy(p, "terminal=%s res=%s"); - - // now use the format string to make the event - snprintf(buf, sizeof(buf), format, - cwdname, commname, - tty ? tty : "?", - success - ); - - errno = 0; - ret = audit_send_user_message( audit_fd, type, HIDE_IT, buf ); - if ((ret < 1) && errno == 0) - errno = ret; - return ret; -} - diff --git a/framework/src/audit/lib/deprecated.c b/framework/src/audit/lib/deprecated.c deleted file mode 100644 index 2238e791..00000000 --- a/framework/src/audit/lib/deprecated.c +++ /dev/null @@ -1,77 +0,0 @@ -/* deprecated.c -- This file is the trash heap of things about to leave - * Copyright 2006-07,2009 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -#include "config.h" -#include <errno.h> -#include <string.h> -#include <pwd.h> -#include <grp.h> -#include <ctype.h> -#include <stdlib.h> -#include <unistd.h> - -#include "libaudit.h" -#include "private.h" - -/* - * This function will send a user space message to the kernel. - * It returns the sequence number which is > 0 on success - * or <= 0 on error. (pam uses this) This is the main audit sending - * function now. - */ -int audit_send_user_message(int fd, int type, hide_t hide_error, - const char *message) -{ - int retry_cnt = 0; - int rc; -retry: - rc = audit_send(fd, type, message, strlen(message)+1); - if (rc == -ECONNREFUSED) { - /* This is here to let people that build their own kernel - and disable the audit system get in. ECONNREFUSED is - issued by the kernel when there is "no on listening". */ - return 0; - } else if (rc == -EPERM && getuid() != 0 && hide_error == HIDE_IT) { - /* If we get this, then the kernel supports auditing - * but we don't have enough privilege to write to the - * socket. Therefore, we have already been authenticated - * and we are a common user. Just act as though auditing - * is not enabled. Any other error we take seriously. - * This is here basically to satisfy Xscreensaver. */ - return 0; - } else if (rc == -EINVAL) { - /* If we get this, the kernel doesn't understand the - * netlink message type. This is most likely due to - * being an old kernel. Use the old message type. */ - if (type >= AUDIT_FIRST_USER_MSG && - type <= AUDIT_LAST_USER_MSG && !retry_cnt) { - - /* do retry */ - type = AUDIT_USER; - retry_cnt++; - goto retry; - } - } - return rc; -} -hidden_def(audit_send_user_message) - diff --git a/framework/src/audit/lib/dso.h b/framework/src/audit/lib/dso.h deleted file mode 100644 index 662b521b..00000000 --- a/framework/src/audit/lib/dso.h +++ /dev/null @@ -1,45 +0,0 @@ -/* dso.h -- - * Copyright 2005,2006,2009 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ -#ifndef _DSO_H_ -#define _DSO_H_ - -#ifdef PIC -# define hidden __attribute__ ((visibility ("hidden"))) -# define hidden_proto(fct) __hidden_proto (fct, fct##_internal) -# define __hidden_proto(fct, internal) \ - extern __typeof (fct) internal; \ - extern __typeof (fct) fct __asm (#internal) hidden; -# if defined(__alpha__) || defined(__mips__) -# define hidden_def(fct) \ - asm (".globl " #fct "\n" #fct " = " #fct "_internal"); -# else -# define hidden_def(fct) \ - asm (".globl " #fct "\n.set " #fct ", " #fct "_internal"); -#endif -#else -# define hidden -# define hidden_proto(fct) -# define hidden_def(fct) -#endif - -#endif - diff --git a/framework/src/audit/lib/errormsg.h b/framework/src/audit/lib/errormsg.h deleted file mode 100644 index a4fea664..00000000 --- a/framework/src/audit/lib/errormsg.h +++ /dev/null @@ -1,66 +0,0 @@ -/* errormsg.h -- - * Copyright 2008 FUJITSU Inc. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Zhang Xiliang <zhangxiliang@cn.fujitsu.com> - */ - -struct msg_tab { - int key; /* error number */ - /* - * the field string position in the error message - * 0: don't output field string - * 1: output field string before error message - * 2: output field string after error message - */ - int position; - const char *cvalue; -}; - -#ifndef NO_TABLES -static const struct msg_tab err_msgtab[] = { - { -1, 2, "-F missing operation for" }, - { -2, 2, "-F unknown field:" }, - { -3, 1, "must be before -S" }, - { -4, 1, "machine type not found" }, - { -5, 1, "elf mapping not found" }, - { -6, 1, "requested bit level not supported by machine" }, - { -7, 1, "can only be used with exit filter list" }, - { -8, 2, "-F unknown message type -" }, - { -9, 0, "msgtype field can only be used with exclude filter list" }, - { -10, 0, "Failed upgrading rule" }, - { -11, 0, "String value too long" }, - { -12, 0, "Only msgtype field can be used with exclude filter" }, - { -13, 1, "only takes = or != operators" }, - { -14, 0, "Permission can only contain \'rwxa\'" }, - { -15, 2, "-F unknown errno -"}, - { -16, 2, "-F unknown file type - " }, - { -17, 1, "can only be used with exit and entry filter list" }, - { -18, 1, "" }, // Unused - { -19, 0, "Key field needs a watch or syscall given prior to it" }, - { -20, 2, "-F missing value after operation for" }, - { -21, 2, "-F value should be number for" }, - { -22, 2, "-F missing field name before operator for" }, - { -23, 2, "" }, // Unused - { -24, 2, "-C missing field name before operator for" }, - { -25, 2, "-C missing value after operation for "}, - { -26, 2, "-C unknown field:" }, - { -27, 2, "-C unknown right hand value for comparison with:" }, - { -28, 2, "Too many fields in rule" }, -}; -#endif diff --git a/framework/src/audit/lib/errtab.h b/framework/src/audit/lib/errtab.h deleted file mode 100644 index f777d79d..00000000 --- a/framework/src/audit/lib/errtab.h +++ /dev/null @@ -1,154 +0,0 @@ -/* errtab.h -- - * Copyright 2007 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(EPERM, "EPERM" ) -_S(ENOENT, "ENOENT" ) -_S(ESRCH, "ESRCH" ) -_S(EINTR, "EINTR" ) -_S(EIO, "EIO" ) -_S(ENXIO, "ENXIO" ) -_S(E2BIG, "E2BIG" ) -_S(ENOEXEC, "ENOEXEC" ) -_S(EBADF, "EBADF" ) -_S(ECHILD, "ECHILD" ) -_S(EAGAIN, "EAGAIN" ) -_S(ENOMEM, "ENOMEM" ) -_S(EACCES, "EACCES" ) -_S(EFAULT, "EFAULT" ) -_S(ENOTBLK, "ENOTBLK" ) -_S(EBUSY, "EBUSY" ) -_S(EEXIST, "EEXIST" ) -_S(EXDEV, "EXDEV" ) -_S(ENODEV, "ENODEV" ) -_S(ENOTDIR, "ENOTDIR" ) -_S(EISDIR, "EISDIR" ) -_S(EINVAL, "EINVAL" ) -_S(ENFILE, "ENFILE" ) -_S(EMFILE, "EMFILE" ) -_S(ENOTTY, "ENOTTY" ) -_S(ETXTBSY, "ETXTBSY" ) -_S(EFBIG, "EFBIG" ) -_S(ENOSPC, "ENOSPC" ) -_S(ESPIPE, "ESPIPE" ) -_S(EROFS, "EROFS" ) -_S(EMLINK, "EMLINK" ) -_S(EPIPE, "EPIPE" ) -_S(EDOM, "EDOM" ) -_S(ERANGE, "ERANGE" ) -_S(EDEADLK, "EDEADLK" ) -_S(ENAMETOOLONG, "ENAMETOOLONG" ) -_S(ENOLCK, "ENOLCK" ) -_S(ENOSYS, "ENOSYS" ) -_S(ENOTEMPTY, "ENOTEMPTY" ) -_S(ELOOP, "ELOOP" ) -_S(EWOULDBLOCK, "EWOULDBLOCK" ) -_S(ENOMSG, "ENOMSG" ) -_S(EIDRM, "EIDRM" ) -_S(ECHRNG, "ECHRNG" ) -_S(EL2NSYNC, "EL2NSYNC" ) -_S(EL3HLT, "EL3HLT" ) -_S(EL3RST, "EL3RST" ) -_S(ELNRNG, "ELNRNG" ) -_S(EUNATCH, "EUNATCH" ) -_S(ENOCSI, "ENOCSI" ) -_S(EL2HLT, "EL2HLT" ) -_S(EBADE, "EBADE" ) -_S(EBADR, "EBADR" ) -_S(EXFULL, "EXFULL" ) -_S(ENOANO, "ENOANO" ) -_S(EBADRQC, "EBADRQC" ) -_S(EBADSLT, "EBADSLT" ) -_S(EDEADLOCK, "EDEADLOCK" ) -_S(EBFONT, "EBFONT" ) -_S(ENOSTR, "ENOSTR" ) -_S(ENODATA, "ENODATA" ) -_S(ETIME, "ETIME" ) -_S(ENOSR, "ENOSR" ) -_S(ENONET, "ENONET" ) -_S(ENOPKG, "ENOPKG" ) -_S(EREMOTE, "EREMOTE" ) -_S(ENOLINK, "ENOLINK" ) -_S(EADV, "EADV" ) -_S(ESRMNT, "ESRMNT" ) -_S(ECOMM, "ECOMM" ) -_S(EPROTO, "EPROTO" ) -_S(EMULTIHOP, "EMULTIHOP" ) -_S(EDOTDOT, "EDOTDOT" ) -_S(EBADMSG, "EBADMSG" ) -_S(EOVERFLOW, "EOVERFLOW" ) -_S(ENOTUNIQ, "ENOTUNIQ" ) -_S(EBADFD, "EBADFD" ) -_S(EREMCHG, "EREMCHG" ) -_S(ELIBACC, "ELIBACC" ) -_S(ELIBBAD, "ELIBBAD" ) -_S(ELIBSCN, "ELIBSCN" ) -_S(ELIBMAX, "ELIBMAX" ) -_S(ELIBEXEC, "ELIBEXEC" ) -_S(EILSEQ, "EILSEQ" ) -_S(ERESTART, "ERESTART" ) -_S(ESTRPIPE, "ESTRPIPE" ) -_S(EUSERS, "EUSERS" ) -_S(ENOTSOCK, "ENOTSOCK" ) -_S(EDESTADDRREQ, "EDESTADDRREQ" ) -_S(EMSGSIZE, "EMSGSIZE" ) -_S(EPROTOTYPE, "EPROTOTYPE" ) -_S(ENOPROTOOPT, "ENOPROTOOPT" ) -_S(EPROTONOSUPPORT, "EPROTONOSUPPORT" ) -_S(ESOCKTNOSUPPORT, "ESOCKTNOSUPPORT" ) -_S(EOPNOTSUPP, "EOPNOTSUPP" ) -_S(EPFNOSUPPORT, "EPFNOSUPPORT" ) -_S(EAFNOSUPPORT, "EAFNOSUPPORT" ) -_S(EADDRINUSE, "EADDRINUSE" ) -_S(EADDRNOTAVAIL, "EADDRNOTAVAIL" ) -_S(ENETDOWN, "ENETDOWN" ) -_S(ENETUNREACH, "ENETUNREACH" ) -_S(ENETRESET, "ENETRESET" ) -_S(ECONNABORTED, "ECONNABORTED" ) -_S(ECONNRESET, "ECONNRESET" ) -_S(ENOBUFS, "ENOBUFS" ) -_S(EISCONN, "EISCONN" ) -_S(ENOTCONN, "ENOTCONN" ) -_S(ESHUTDOWN, "ESHUTDOWN" ) -_S(ETOOMANYREFS, "ETOOMANYREFS" ) -_S(ETIMEDOUT, "ETIMEDOUT" ) -_S(ECONNREFUSED, "ECONNREFUSED" ) -_S(EHOSTDOWN, "EHOSTDOWN" ) -_S(EHOSTUNREACH, "EHOSTUNREACH" ) -_S(EALREADY, "EALREADY" ) -_S(EINPROGRESS, "EINPROGRESS" ) -_S(ESTALE, "ESTALE" ) -_S(EUCLEAN, "EUCLEAN" ) -_S(ENOTNAM, "ENOTNAM" ) -_S(ENAVAIL, "ENAVAIL" ) -_S(EISNAM, "EISNAM" ) -_S(EREMOTEIO, "EREMOTEIO" ) -_S(EDQUOT, "EDQUOT" ) -_S(ENOMEDIUM, "ENOMEDIUM" ) -_S(EMEDIUMTYPE, "EMEDIUMTYPE" ) -_S(ECANCELED, "ECANCELED" ) -_S(ENOKEY, "ENOKEY" ) -_S(EKEYEXPIRED, "EKEYEXPIRED" ) -_S(EKEYREVOKED, "EKEYREVOKED" ) -_S(EKEYREJECTED, "EKEYREJECTED" ) -_S(EOWNERDEAD, "EOWNERDEAD" ) -_S(ENOTRECOVERABLE, "ENOTRECOVERABLE" ) - diff --git a/framework/src/audit/lib/fieldtab.h b/framework/src/audit/lib/fieldtab.h deleted file mode 100644 index dd7474c1..00000000 --- a/framework/src/audit/lib/fieldtab.h +++ /dev/null @@ -1,68 +0,0 @@ -/* fieldtab.h -- - * Copyright 2005-07 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(AUDIT_PID, "pid" ) -_S(AUDIT_UID, "uid" ) -_S(AUDIT_EUID, "euid" ) -_S(AUDIT_SUID, "suid" ) -_S(AUDIT_FSUID, "fsuid" ) -_S(AUDIT_GID, "gid" ) -_S(AUDIT_EGID, "egid" ) -_S(AUDIT_SGID, "sgid" ) -_S(AUDIT_FSGID, "fsgid" ) -_S(AUDIT_LOGINUID, "auid" ) -_S(AUDIT_LOGINUID, "loginuid" ) -_S(AUDIT_PERS, "pers" ) -_S(AUDIT_ARCH, "arch" ) -_S(AUDIT_MSGTYPE, "msgtype" ) -_S(AUDIT_SUBJ_USER, "subj_user" ) -_S(AUDIT_SUBJ_ROLE, "subj_role" ) -_S(AUDIT_SUBJ_TYPE, "subj_type" ) -_S(AUDIT_SUBJ_SEN, "subj_sen" ) -_S(AUDIT_SUBJ_CLR, "subj_clr" ) -_S(AUDIT_PPID, "ppid" ) -_S(AUDIT_OBJ_USER, "obj_user" ) -_S(AUDIT_OBJ_ROLE, "obj_role" ) -_S(AUDIT_OBJ_TYPE, "obj_type" ) -_S(AUDIT_OBJ_LEV_LOW, "obj_lev_low" ) -_S(AUDIT_OBJ_LEV_HIGH, "obj_lev_high" ) - -_S(AUDIT_DEVMAJOR, "devmajor" ) -_S(AUDIT_DEVMINOR, "devminor" ) -_S(AUDIT_INODE, "inode" ) -_S(AUDIT_EXIT, "exit" ) -_S(AUDIT_SUCCESS, "success" ) -_S(AUDIT_WATCH, "path" ) -_S(AUDIT_PERM, "perm" ) -_S(AUDIT_DIR, "dir" ) -_S(AUDIT_FILETYPE, "filetype" ) -_S(AUDIT_OBJ_UID, "obj_uid" ) -_S(AUDIT_OBJ_GID, "obj_gid" ) -_S(AUDIT_FIELD_COMPARE, "field_compare" ) - -_S(AUDIT_ARG0, "a0" ) -_S(AUDIT_ARG1, "a1" ) -_S(AUDIT_ARG2, "a2" ) -_S(AUDIT_ARG3, "a3" ) - -_S(AUDIT_FILTERKEY, "key" ) - diff --git a/framework/src/audit/lib/flagtab.h b/framework/src/audit/lib/flagtab.h deleted file mode 100644 index e08d9bca..00000000 --- a/framework/src/audit/lib/flagtab.h +++ /dev/null @@ -1,26 +0,0 @@ -/* flagtab.h -- - * Copyright 2005,2006 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ -_S(AUDIT_FILTER_TASK, "task" ) -_S(AUDIT_FILTER_ENTRY, "entry" ) -_S(AUDIT_FILTER_EXIT, "exit" ) -_S(AUDIT_FILTER_USER, "user" ) -_S(AUDIT_FILTER_EXCLUDE, "exclude" ) diff --git a/framework/src/audit/lib/ftypetab.h b/framework/src/audit/lib/ftypetab.h deleted file mode 100644 index e1dc2676..00000000 --- a/framework/src/audit/lib/ftypetab.h +++ /dev/null @@ -1,30 +0,0 @@ -/* actiontab.h -- - * Copyright 2008 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(S_IFSOCK, "socket" ) -_S(S_IFLNK, "link" ) -_S(S_IFREG, "file" ) -_S(S_IFBLK, "block" ) -_S(S_IFDIR, "dir" ) -_S(S_IFCHR, "character" ) -_S(S_IFIFO, "fifo" ) - diff --git a/framework/src/audit/lib/gen_tables.c b/framework/src/audit/lib/gen_tables.c deleted file mode 100644 index 9f25b506..00000000 --- a/framework/src/audit/lib/gen_tables.c +++ /dev/null @@ -1,418 +0,0 @@ -/* gen_tables.c -- Generator of lookup tables. - * Copyright 2008 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Miloslav Trmač <mitr@redhat.com> - */ - -#include "config.h" -#include <assert.h> -#include <ctype.h> -#include <errno.h> -#include <limits.h> -#include <linux/net.h> -#include <stdbool.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/stat.h> -#include <sys/personality.h> -#include <sys/mount.h> -#ifndef MS_DIRSYNC -#include <linux/fs.h> -#endif -#include "gen_tables.h" -#include "libaudit.h" -#include "interpret.h" - -/* This is from asm/ipc.h. Copying it for now as some platforms - * * have broken headers. */ -#define SEMOP 1 -#define SEMGET 2 -#define SEMCTL 3 -#define SEMTIMEDOP 4 -#define MSGSND 11 -#define MSGRCV 12 -#define MSGGET 13 -#define MSGCTL 14 -#define SHMAT 21 -#define SHMDT 22 -#define SHMGET 23 -#define SHMCTL 24 - - -/* The ratio of table size to number of non-empty elements allowed for a - "direct" s2i table; if the ratio would be bigger, bsearch tables are used - instead. - - 2 looks like a lot at a first glance, but the bsearch tables need twice as - much space per element, so with the ratio equal to 2 the direct table uses - no more memory and is faster. */ -#define DIRECT_THRESHOLD 2 - -/* Allow more than one string defined for a single integer value */ -static bool allow_duplicate_ints; /* = false; */ - -struct value { - int val; - const char *s; - size_t s_offset; - size_t orig_index; -}; - -/* The mapping to store. */ -static struct value values[] = { -#define _S(VAL, S) { (VAL), (S), 0, 0 }, -#include TABLE_H -#undef _S -}; - -#define NUM_VALUES (sizeof(values) / sizeof(*values)) - -/* Compare two "struct value" members by name. */ -static int -cmp_value_strings(const void *xa, const void *xb) -{ - const struct value *a, *b; - - a = xa; - b = xb; - return strcmp(a->s, b->s); -} - -/* Compare two "struct value" members by value. */ -static int -cmp_value_vals(const void *xa, const void *xb) -{ - const struct value *a, *b; - - a = xa; - b = xb; - if (a->val > b->val) - return 1; - if (a->val < b->val) - return -1; - /* Preserve the original order if there is an ambiguity, to always use - the first specified value. */ - if (a->orig_index > b->orig_index) - return 1; - if (a->orig_index < b->orig_index) - return -1; - return 0; -} - -/* Compare two "struct value" members by orig_index. */ -static int -cmp_value_orig_index(const void *xa, const void *xb) -{ - const struct value *a, *b; - - a = xa; - b = xb; - if (a->orig_index > b->orig_index) - return 1; - if (a->orig_index < b->orig_index) - return -1; - return 0; -} - -/* Output the string table, initialize values[*]->s_offset. */ -static void -output_strings(const char *prefix) -{ - size_t i, offset; - - offset = 0; - for (i = 0; i < NUM_VALUES; i++) { - values[i].s_offset = offset; - offset += strlen(values[i].s) + 1; - } - printf("static const char %s_strings[] = \"", prefix); - assert(NUM_VALUES > 0); - for (i = 0; i < NUM_VALUES; i++) { - const char *c; - - if (i != 0 && i % 10 == 0) - fputs("\"\n" - "\t\"", stdout); - for (c = values[i].s; *c != '\0'; c++) { - assert(*c != '"' && *c != '\\' - && isprint((unsigned char)*c)); - putc(*c, stdout); - } - if (i != NUM_VALUES - 1) - fputs("\\0", stdout); - } - fputs("\";\n", stdout); -} - -/* Output the string to integer mapping code. - Assume strings are all uppsercase or all lowercase if specified by - parameters; in that case, make the search case-insensitive. - values must be sorted by strings. */ -static void -output_s2i(const char *prefix, bool uppercase, bool lowercase) -{ - size_t i; - - for (i = 0; i < NUM_VALUES - 1; i++) { - assert(strcmp(values[i].s, values[i + 1].s) <= 0); - if (strcmp(values[i].s, values[i + 1].s) == 0) { - fprintf(stderr, "Duplicate value `%s': %d, %d\n", - values[i].s, values[i].val, values[i + 1].val); - abort(); - } - } - printf("static const unsigned %s_s2i_s[] = {", prefix); - for (i = 0; i < NUM_VALUES; i++) { - if (i % 10 == 0) - fputs("\n\t", stdout); - assert(values[i].s_offset <= UINT_MAX); - printf("%zu,", values[i].s_offset); - } - printf("\n" - "};\n" - "static const int %s_s2i_i[] = {", prefix); - for (i = 0; i < NUM_VALUES; i++) { - if (i % 10 == 0) - fputs("\n\t", stdout); - printf("%d,", values[i].val); - } - fputs("\n" - "};\n", stdout); - assert(!(uppercase && lowercase)); - if (uppercase) { - for (i = 0; i < NUM_VALUES; i++) { - const char *c; - - for (c = values[i].s; *c != '\0'; c++) - assert(isascii((unsigned char)*c) - && !GT_ISLOWER(*c)); - } - } else if (lowercase) { - for (i = 0; i < NUM_VALUES; i++) { - const char *c; - - for (c = values[i].s; *c != '\0'; c++) - assert(isascii((unsigned char)*c) - && !GT_ISUPPER(*c)); - } - } - if (uppercase || lowercase) { - printf("static int %s_s2i(const char *s, int *value) {\n" - "\tsize_t len, i;\n" - "\tlen = strlen(s);\n" - "\t{ char copy[len + 1];\n" - "\tfor (i = 0; i < len; i++) {\n" - "\t\tchar c = s[i];\n", prefix); - if (uppercase) - fputs("\t\tcopy[i] = GT_ISLOWER(c) ? c - 'a' + 'A' " - ": c;\n", stdout); - else - fputs("\t\tcopy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' " - ": c;\n", stdout); - printf("\t}\n" - "\tcopy[i] = 0;\n" - "\treturn s2i__(%s_strings, %s_s2i_s, %s_s2i_i, %zu, " - "copy, value);\n" - "\t}\n" - "}\n", prefix, prefix, prefix, NUM_VALUES); - } else - printf("static int %s_s2i(const char *s, int *value) {\n" - "\treturn s2i__(%s_strings, %s_s2i_s, %s_s2i_i, %zu, s, " - "value);\n" - "}\n", prefix, prefix, prefix, prefix, NUM_VALUES); -} - -/* Output the string to integer mapping table. - values must be sorted by strings. */ -static void -output_i2s(const char *prefix) -{ - struct value *unique_values; - int min_val, max_val; - size_t i, n; - - assert(NUM_VALUES > 0); - for (i = 0; i < NUM_VALUES - 1; i++) { - assert(values[i].val <= values[i + 1].val); - if (!allow_duplicate_ints - && values[i].val == values[i + 1].val) { - fprintf(stderr, "Duplicate value %d: `%s', `%s'\n", - values[i].val, values[i].s, values[i + 1].s); - abort(); - } - } - - unique_values = malloc(NUM_VALUES * sizeof(*unique_values)); - assert(unique_values != NULL); - n = 0; - for (i = 0; i < NUM_VALUES; i++) { - if (n == 0 || unique_values[n - 1].val != values[i].val) { - unique_values[n] = values[i]; - n++; - } - } - - min_val = unique_values[0].val; - max_val = unique_values[n - 1].val; - if (((double)max_val - (double)min_val) / n <= DIRECT_THRESHOLD) { - int next_index; - - printf("static const unsigned %s_i2s_direct[] = {", prefix); - next_index = min_val; - i = 0; - for (;;) { - if ((next_index - min_val) % 10 == 0) - fputs("\n\t", stdout); - while (unique_values[i].val < next_index) - /* This can happen if (allow_duplicate_ints) */ - i++; - if (unique_values[i].val == next_index) { - assert(unique_values[i].s_offset <= UINT_MAX); - printf("%zu,", unique_values[i].s_offset); - } else - fputs("-1u,", stdout); - if (next_index == max_val) - /* Done like this to avoid integer overflow */ - break; - next_index++; - } - printf("\n" - "};\n" - "static const char *%s_i2s(int v) {\n" - "\treturn i2s_direct__(%s_strings, %s_i2s_direct, %d, " - "%d, v);\n" - "}\n", prefix, prefix, prefix, min_val, max_val); - } else { - printf("static const int %s_i2s_i[] = {", prefix); - for (i = 0; i < n; i++) { - if (i % 10 == 0) - fputs("\n\t", stdout); - printf("%d,", unique_values[i].val); - } - printf("\n" - "};\n" - "static const unsigned %s_i2s_s[] = {", prefix); - for (i = 0; i < n; i++) { - if (i % 10 == 0) - fputs("\n\t", stdout); - assert(unique_values[i].s_offset <= UINT_MAX); - printf("%zu,", unique_values[i].s_offset); - } - printf("\n" - "};\n" - "static const char *%s_i2s(int v) {\n" - "\treturn i2s_bsearch__(%s_strings, %s_i2s_i, %s_i2s_s, " - "%zu, v);\n" - "}\n", prefix, prefix, prefix, prefix, n); - } - free(unique_values); -} - -/* Output the string to integer mapping table as a transtab[]. - values must be sorted in the desired order. */ -static void -output_i2s_transtab(const char *prefix) -{ - size_t i; - char *uc_prefix; - - printf("static const struct transtab %s_table[] = {", prefix); - for (i = 0; i < NUM_VALUES; i++) { - if (i % 10 == 0) - fputs("\n\t", stdout); - printf("{%d,%zu},", values[i].val, values[i].s_offset); - } - uc_prefix = strdup(prefix); - assert(uc_prefix != NULL); - for (i = 0; uc_prefix[i] != '\0'; i++) - uc_prefix[i] = toupper((unsigned char)uc_prefix[i]); - printf("\n" - "};\n" - "#define %s_NUM_ENTRIES " - "(sizeof(%s_table) / sizeof(*%s_table))\n", uc_prefix, prefix, - prefix); - free(uc_prefix); -} - -int -main(int argc, char **argv) -{ - bool gen_i2s, gen_i2s_transtab, gen_s2i, uppercase, lowercase; - char *prefix; - size_t i; - - /* This is required by gen_tables.h */ - assert(NUM_VALUES <= (SSIZE_MAX / 2 + 1)); - - /* To make sure GT_ISUPPER and GT_ISLOWER work. */ - assert('Z' == 'A' + 25 && 'z' == 'a' + 25); - gen_i2s = false; - gen_i2s_transtab = false; - gen_s2i = false; - uppercase = false; - lowercase = false; - prefix = NULL; - assert (argc > 1); - for (i = 1; i < (size_t)argc; i++) { - if (strcmp(argv[i], "--i2s") == 0) - gen_i2s = true; - else if (strcmp(argv[i], "--i2s-transtab") == 0) - gen_i2s_transtab = true; - else if (strcmp(argv[i], "--s2i") == 0) - gen_s2i = true; - else if (strcmp(argv[i], "--uppercase") == 0) - uppercase = true; - else if (strcmp(argv[i], "--lowercase") == 0) - lowercase = true; - else if (strcmp(argv[i], "--duplicate-ints") == 0) - allow_duplicate_ints = true; - else { - assert(*argv[i] != '-'); - assert(prefix == NULL); - prefix = argv[i]; - } - } - assert(prefix != NULL); - assert(!(uppercase && lowercase)); - - printf("/* This is a generated file, see Makefile.am for its " - "inputs. */\n"); - for (i = 0; i < NUM_VALUES; i++) - values[i].orig_index = i; - qsort(values, NUM_VALUES, sizeof(*values), cmp_value_strings); - /* FIXME? if (gen_s2i), sort the strings in some other order - (e.g. "first 4 nodes in BFS of the bsearch tree first") to use the - cache better. */ - /* FIXME? If the only thing generated is a transtab, keep the strings - in the original order to use the cache better. */ - output_strings(prefix); - if (gen_s2i) - output_s2i(prefix, uppercase, lowercase); - if (gen_i2s) { - qsort(values, NUM_VALUES, sizeof(*values), cmp_value_vals); - output_i2s(prefix); - } - if (gen_i2s_transtab) { - qsort(values, NUM_VALUES, sizeof(*values), - cmp_value_orig_index); - output_i2s_transtab(prefix); - } - return EXIT_SUCCESS; -} diff --git a/framework/src/audit/lib/gen_tables.h b/framework/src/audit/lib/gen_tables.h deleted file mode 100644 index 84237a28..00000000 --- a/framework/src/audit/lib/gen_tables.h +++ /dev/null @@ -1,102 +0,0 @@ -/* gen_tables.h -- Declarations used for lookup tables. - * Copyright 2008 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Miloslav Trmač <mitr@redhat.com> - */ -#ifndef GEN_TABLES_H__ -#define GEN_TABLES_H__ - -#include <stddef.h> -#include <stdint.h> - -/* Assumes ASCII; verified in gen_tables.c. */ -#define GT_ISUPPER(X) ((X) >= 'A' && (X) <= 'Z') -#define GT_ISLOWER(X) ((X) >= 'a' && (X) <= 'z') - -inline static int s2i__(const char *strings, const unsigned *s_table, - const int *i_table, size_t n, const char *s, int *value) -{ - ssize_t left, right; - - left = 0; - right = n - 1; - while (left <= right) { /* invariant: left <= x <= right */ - size_t mid; - int r; - - mid = (left + right) / 2; - /* FIXME? avoid recomparing a common prefix */ - r = strcmp(s, strings + s_table[mid]); - if (r == 0) { - *value = i_table[mid]; - return 1; - } - if (r < 0) - right = mid - 1; - else - left = mid + 1; - } - return 0; -} - -inline static const char *i2s_direct__(const char *strings, - const unsigned *table, int min, int max, - int v) -{ - unsigned off; - - if (v < min || v > max) - return NULL; - off = table[v - min]; - if (off != -1u) - return strings + off; - return NULL; -} - -inline static const char *i2s_bsearch__(const char *strings, - const int *i_table, - const unsigned *s_table, size_t n, - int v) -{ - ssize_t left, right; - - left = 0; - right = n - 1; - while (left <= right) { /* invariant: left <= x <= right */ - size_t mid; - int mid_val; - - mid = (left + right) / 2; - mid_val = i_table[mid]; - if (v == mid_val) - return strings + s_table[mid]; - if (v < mid_val) - right = mid - 1; - else - left = mid + 1; - } - return NULL; -} - -struct transtab { - int value; - unsigned offset; -}; - -#endif diff --git a/framework/src/audit/lib/i386_table.h b/framework/src/audit/lib/i386_table.h deleted file mode 100644 index 208310cf..00000000 --- a/framework/src/audit/lib/i386_table.h +++ /dev/null @@ -1,379 +0,0 @@ -/* i386_table.h -- - * Copyright 2005-15 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(0, "restart_syscall") -_S(1, "exit") -_S(2, "fork") -_S(3, "read") -_S(4, "write") -_S(5, "open") -_S(6, "close") -_S(7, "waitpid") -_S(8, "creat") -_S(9, "link") -_S(10, "unlink") -_S(11, "execve") -_S(12, "chdir") -_S(13, "time") -_S(14, "mknod") -_S(15, "chmod") -_S(16, "lchown") -_S(17, "break") -_S(18, "oldstat") -_S(19, "lseek") -_S(20, "getpid") -_S(21, "mount") -_S(22, "umount") -_S(23, "setuid") -_S(24, "getuid") -_S(25, "stime") -_S(26, "ptrace") -_S(27, "alarm") -_S(28, "oldfstat") -_S(29, "pause") -_S(30, "utime") -_S(31, "stty") -_S(32, "gtty") -_S(33, "access") -_S(34, "nice") -_S(35, "ftime") -_S(36, "sync") -_S(37, "kill") -_S(38, "rename") -_S(39, "mkdir") -_S(40, "rmdir") -_S(41, "dup") -_S(42, "pipe") -_S(43, "times") -_S(44, "prof") -_S(45, "brk") -_S(46, "setgid") -_S(47, "getgid") -_S(48, "signal") -_S(49, "geteuid") -_S(50, "getegid") -_S(51, "acct") -_S(52, "umount2") -_S(53, "lock") -_S(54, "ioctl") -_S(55, "fcntl") -_S(56, "mpx") -_S(57, "setpgid") -_S(58, "ulimit") -_S(59, "oldolduname") -_S(60, "umask") -_S(61, "chroot") -_S(62, "ustat") -_S(63, "dup2") -_S(64, "getppid") -_S(65, "getpgrp") -_S(66, "setsid") -_S(67, "sigaction") -_S(68, "sgetmask") -_S(69, "ssetmask") -_S(70, "setreuid") -_S(71, "setregid") -_S(72, "sigsuspend") -_S(73, "sigpending") -_S(74, "sethostname") -_S(75, "setrlimit") -_S(76, "getrlimit") -_S(77, "getrusage") -_S(78, "gettimeofday") -_S(79, "settimeofday") -_S(80, "getgroups") -_S(81, "setgroups") -_S(82, "select") -_S(83, "symlink") -_S(84, "oldlstat") -_S(85, "readlink") -_S(86, "uselib") -_S(87, "swapon") -_S(88, "reboot") -_S(89, "readdir") -_S(90, "mmap") -_S(91, "munmap") -_S(92, "truncate") -_S(93, "ftruncate") -_S(94, "fchmod") -_S(95, "fchown") -_S(96, "getpriority") -_S(97, "setpriority") -_S(98, "profil") -_S(99, "statfs") -_S(100, "fstatfs") -_S(101, "ioperm") -_S(102, "socketcall") -_S(103, "syslog") -_S(104, "setitimer") -_S(105, "getitimer") -_S(106, "stat") -_S(107, "lstat") -_S(108, "fstat") -_S(109, "olduname") -_S(110, "iopl") -_S(111, "vhangup") -_S(112, "idle") -_S(113, "vm86old") -_S(114, "wait4") -_S(115, "swapoff") -_S(116, "sysinfo") -_S(117, "ipc") -_S(118, "fsync") -_S(119, "sigreturn") -_S(120, "clone") -_S(121, "setdomainname") -_S(122, "uname") -_S(123, "modify_ldt") -_S(124, "adjtimex") -_S(125, "mprotect") -_S(126, "sigprocmask") -_S(127, "create_module") -_S(128, "init_module") -_S(129, "delete_module") -_S(130, "get_kernel_syms") -_S(131, "quotactl") -_S(132, "getpgid") -_S(133, "fchdir") -_S(134, "bdflush") -_S(135, "sysfs") -_S(136, "personality") -_S(137, "afs_syscall") -_S(138, "setfsuid") -_S(139, "setfsgid") -_S(140, "_llseek") -_S(141, "getdents") -_S(142, "_newselect") -_S(143, "flock") -_S(144, "msync") -_S(145, "readv") -_S(146, "writev") -_S(147, "getsid") -_S(148, "fdatasync") -_S(149, "_sysctl") -_S(150, "mlock") -_S(151, "munlock") -_S(152, "mlockall") -_S(153, "munlockall") -_S(154, "sched_setparam") -_S(155, "sched_getparam") -_S(156, "sched_setscheduler") -_S(157, "sched_getscheduler") -_S(158, "sched_yield") -_S(159, "sched_get_priority_max") -_S(160, "sched_get_priority_min") -_S(161, "sched_rr_get_interval") -_S(162, "nanosleep") -_S(163, "mremap") -_S(164, "setresuid") -_S(165, "getresuid") -_S(166, "vm86") -_S(167, "query_module") -_S(168, "poll") -_S(169, "nfsservctl") -_S(170, "setresgid") -_S(171, "getresgid") -_S(172, "prctl") -_S(173, "rt_sigreturn") -_S(174, "rt_sigaction") -_S(175, "rt_sigprocmask") -_S(176, "rt_sigpending") -_S(177, "rt_sigtimedwait") -_S(178, "rt_sigqueueinfo") -_S(179, "rt_sigsuspend") -_S(180, "pread64") -_S(181, "pwrite64") -_S(182, "chown") -_S(183, "getcwd") -_S(184, "capget") -_S(185, "capset") -_S(186, "sigaltstack") -_S(187, "sendfile") -_S(188, "getpmsg") -_S(189, "putpmsg") -_S(190, "vfork") -_S(191, "ugetrlimit") -_S(192, "mmap2") -_S(193, "truncate64") -_S(194, "ftruncate64") -_S(195, "stat64") -_S(196, "lstat64") -_S(197, "fstat64") -_S(198, "lchown32") -_S(199, "getuid32") -_S(200, "getgid32") -_S(201, "geteuid32") -_S(202, "getegid32") -_S(203, "setreuid32") -_S(204, "setregid32") -_S(205, "getgroups32") -_S(206, "setgroups32") -_S(207, "fchown32") -_S(208, "setresuid32") -_S(209, "getresuid32") -_S(210, "setresgid32") -_S(211, "getresgid32") -_S(212, "chown32") -_S(213, "setuid32") -_S(214, "setgid32") -_S(215, "setfsuid32") -_S(216, "setfsgid32") -_S(217, "pivot_root") -_S(218, "mincore") -_S(219, "madvise") -_S(219, "madvise1") -_S(220, "getdents64") -_S(221, "fcntl64") -_S(224, "gettid") -_S(225, "readahead") -_S(226, "setxattr") -_S(227, "lsetxattr") -_S(228, "fsetxattr") -_S(229, "getxattr") -_S(230, "lgetxattr") -_S(231, "fgetxattr") -_S(232, "listxattr") -_S(233, "llistxattr") -_S(234, "flistxattr") -_S(235, "removexattr") -_S(236, "lremovexattr") -_S(237, "fremovexattr") -_S(238, "tkill") -_S(239, "sendfile64") -_S(240, "futex") -_S(241, "sched_setaffinity") -_S(242, "sched_getaffinity") -_S(243, "set_thread_area") -_S(244, "get_thread_area") -_S(245, "io_setup") -_S(246, "io_destroy") -_S(247, "io_getevents") -_S(248, "io_submit") -_S(249, "io_cancel") -_S(250, "fadvise64") -_S(252, "exit_group") -_S(253, "lookup_dcookie") -_S(254, "epoll_create") -_S(255, "epoll_ctl") -_S(256, "epoll_wait") -_S(257, "remap_file_pages") -_S(258, "set_tid_address") -_S(259, "timer_create") -_S(260, "timer_settime") -_S(261, "timer_gettime") -_S(262, "timer_getoverrun") -_S(263, "timer_delete") -_S(264, "clock_settime") -_S(265, "clock_gettime") -_S(266, "clock_getres") -_S(267, "clock_nanosleep") -_S(268, "statfs64") -_S(269, "fstatfs64") -_S(270, "tgkill") -_S(271, "utimes") -_S(272, "fadvise64_64") -_S(273, "vserver") -_S(274, "mbind") -_S(275, "get_mempolicy") -_S(276, "set_mempolicy") -_S(277, "mq_open") -_S(278, "mq_unlink") -_S(279, "mq_timedsend") -_S(280, "mq_timedreceive") -_S(281, "mq_notify") -_S(282, "mq_getsetattr") -_S(283, "sys_kexec_load") -_S(284, "waitid") -// 285 is setaltroot but it is not defined (yet) -_S(286, "add_key") -_S(287, "request_key") -_S(288, "keyctl") -_S(289, "ioprio_set") -_S(290, "ioprio_get") -_S(291, "inotify_init") -_S(292, "inotify_add_watch") -_S(293, "inotify_rm_watch") -_S(294, "migrate_pages") -_S(295, "openat") -_S(296, "mkdirat") -_S(297, "mknodat") -_S(298, "fchownat") -_S(299, "futimesat") -_S(300, "fstatat64") -_S(301, "unlinkat") -_S(302, "renameat") -_S(303, "linkat") -_S(304, "symlinkat") -_S(305, "readlinkat") -_S(306, "fchmodat") -_S(307, "faccessat") -_S(308, "pselect6") -_S(309, "ppoll") -_S(310, "unshare") -_S(311, "set_robust_list") -_S(312, "get_robust_list") -_S(313, "splice") -_S(314, "sync_file_range") -_S(315, "tee") -_S(316, "vmsplice") -_S(317, "move_pages") -_S(318, "getcpu") -_S(319, "epoll_pwait") -_S(320, "utimensat") -_S(321, "signalfd") -_S(322, "timerfd") -_S(323, "eventfd") -_S(324, "fallocate") -_S(325, "timerfd_settime") -_S(326, "timerfd_gettime") -_S(327, "signalfd4") -_S(328, "eventfd2") -_S(329, "epoll_create1") -_S(330, "dup3") -_S(331, "pipe2") -_S(332, "inotify_init1") -_S(333, "preadv") -_S(334, "pwritev") -_S(335, "rt_tgsigqueueinfo") -_S(336, "perf_event_open") -_S(337, "recvmmsg") -_S(338, "fanotify_init") -_S(339, "fanotify_mark") -_S(340, "prlimit64") -_S(341, "name_to_handle_at") -_S(342, "open_by_handle_at") -_S(343, "clock_adjtime") -_S(344, "syncfs") -_S(345, "sendmmsg") -_S(346, "setns") -_S(347, "process_vm_readv") -_S(348, "process_vm_writev") -_S(349, "kcmp") -_S(350, "finit_module") -_S(351, "sched_setattr") -_S(352, "sched_getattr") -_S(353, "renameat2") -_S(354, "seccomp") -_S(355, "getrandom") -_S(356, "memfd_create") -_S(357, "bpf") -_S(358, "execveat") diff --git a/framework/src/audit/lib/ia64_table.h b/framework/src/audit/lib/ia64_table.h deleted file mode 100644 index 4a154670..00000000 --- a/framework/src/audit/lib/ia64_table.h +++ /dev/null @@ -1,335 +0,0 @@ -/* ia64_table.h -- - * Copyright 2005-15 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(1024, "ni_syscall") -_S(1025, "exit") -_S(1026, "read") -_S(1027, "write") -_S(1028, "open") -_S(1029, "close") -_S(1030, "creat") -_S(1031, "link") -_S(1032, "unlink") -_S(1033, "execve") -_S(1034, "chdir") -_S(1035, "fchdir") -_S(1036, "utimes") -_S(1037, "mknod") -_S(1038, "chmod") -_S(1039, "chown") -_S(1040, "lseek") -_S(1041, "getpid") -_S(1042, "getppid") -_S(1043, "mount") -_S(1044, "umount") -_S(1045, "setuid") -_S(1046, "getuid") -_S(1047, "geteuid") -_S(1048, "ptrace") -_S(1049, "access") -_S(1050, "sync") -_S(1051, "fsync") -_S(1052, "fdatasync") -_S(1053, "kill") -_S(1054, "rename") -_S(1055, "mkdir") -_S(1056, "rmdir") -_S(1057, "dup") -_S(1058, "pipe") -_S(1059, "times") -_S(1060, "brk") -_S(1061, "setgid") -_S(1062, "getgid") -_S(1063, "getegid") -_S(1064, "acct") -_S(1065, "ioctl") -_S(1066, "fcntl") -_S(1067, "umask") -_S(1068, "chroot") -_S(1069, "ustat") -_S(1070, "dup2") -_S(1071, "setreuid") -_S(1072, "setregid") -_S(1073, "getresuid") -_S(1074, "setresuid") -_S(1075, "getresgid") -_S(1076, "setresgid") -_S(1077, "getgroups") -_S(1078, "setgroups") -_S(1079, "getpgid") -_S(1080, "setpgid") -_S(1081, "setsid") -_S(1082, "getsid") -_S(1083, "sethostname") -_S(1084, "setrlimit") -_S(1085, "getrlimit") -_S(1086, "getrusage") -_S(1087, "gettimeofday") -_S(1088, "settimeofday") -_S(1089, "select") -_S(1090, "poll") -_S(1091, "symlink") -_S(1092, "readlink") -_S(1093, "uselib") -_S(1094, "swapon") -_S(1095, "swapoff") -_S(1096, "reboot") -_S(1097, "truncate") -_S(1098, "ftruncate") -_S(1099, "fchmod") -_S(1100, "fchown") -_S(1101, "getpriority") -_S(1102, "setpriority") -_S(1103, "statfs") -_S(1104, "fstatfs") -_S(1105, "gettid") -_S(1106, "semget") -_S(1107, "semop") -_S(1108, "semctl") -_S(1109, "msgget") -_S(1110, "msgsnd") -_S(1111, "msgrcv") -_S(1112, "msgctl") -_S(1113, "shmget") -_S(1114, "shmat") -_S(1115, "shmdt") -_S(1116, "shmctl") -_S(1117, "syslog") -_S(1118, "setitimer") -_S(1119, "getitimer") -_S(1120, "tux") -_S(1123, "vhangup") -_S(1124, "lchown") -_S(1125, "remap_file_pages") -_S(1126, "wait4") -_S(1127, "sysinfo") -_S(1128, "clone") -_S(1129, "setdomainname") -_S(1130, "uname") -_S(1131, "adjtimex") -_S(1133, "init_module") -_S(1134, "delete_module") -_S(1137, "quotactl") -_S(1138, "bdflush") -_S(1139, "sysfs") -_S(1140, "personality") -_S(1141, "afs_syscall") -_S(1142, "setfsuid") -_S(1143, "setfsgid") -_S(1144, "getdents") -_S(1145, "flock") -_S(1146, "readv") -_S(1147, "writev") -_S(1148, "pread64") -_S(1149, "pwrite64") -_S(1150, "_sysctl") -_S(1151, "mmap") -_S(1152, "munmap") -_S(1153, "mlock") -_S(1154, "mlockall") -_S(1155, "mprotect") -_S(1156, "mremap") -_S(1157, "msync") -_S(1158, "munlock") -_S(1159, "munlockall") -_S(1160, "sched_getparam") -_S(1161, "sched_setparam") -_S(1162, "sched_getscheduler") -_S(1163, "sched_setscheduler") -_S(1164, "sched_yield") -_S(1165, "sched_get_priority_max") -_S(1166, "sched_get_priority_min") -_S(1167, "sched_rr_get_interval") -_S(1168, "nanosleep") -_S(1169, "nfsservctl") -_S(1170, "prctl") -_S(1172, "mmap2") -_S(1173, "pciconfig_read") -_S(1174, "pciconfig_write") -_S(1175, "perfmonctl") -_S(1176, "sigaltstack") -_S(1177, "rt_sigaction") -_S(1178, "rt_sigpending") -_S(1179, "rt_sigprocmask") -_S(1180, "rt_sigqueueinfo") -_S(1181, "rt_sigreturn") -_S(1182, "rt_sigsuspend") -_S(1183, "rt_sigtimedwait") -_S(1184, "getcwd") -_S(1185, "capget") -_S(1186, "capset") -_S(1187, "sendfile") -_S(1188, "getpmsg") -_S(1189, "putpmsg") -_S(1190, "socket") -_S(1191, "bind") -_S(1192, "connect") -_S(1193, "listen") -_S(1194, "accept") -_S(1195, "getsockname") -_S(1196, "getpeername") -_S(1197, "socketpair") -_S(1198, "send") -_S(1199, "sendto") -_S(1200, "recv") -_S(1201, "recvfrom") -_S(1202, "shutdown") -_S(1203, "setsockopt") -_S(1204, "getsockopt") -_S(1205, "sendmsg") -_S(1206, "recvmsg") -_S(1207, "pivot_root") -_S(1208, "mincore") -_S(1209, "madvise") -_S(1210, "stat") -_S(1211, "lstat") -_S(1212, "fstat") -_S(1213, "clone2") -_S(1214, "getdents64") -_S(1215, "getunwind") -_S(1216, "readahead") -_S(1217, "setxattr") -_S(1218, "lsetxattr") -_S(1219, "fsetxattr") -_S(1220, "getxattr") -_S(1221, "lgetxattr") -_S(1222, "fgetxattr") -_S(1223, "listxattr") -_S(1224, "llistxattr") -_S(1225, "flistxattr") -_S(1226, "removexattr") -_S(1227, "lremovexattr") -_S(1228, "fremovexattr") -_S(1229, "tkill") -_S(1230, "futex") -_S(1231, "sched_setaffinity") -_S(1232, "sched_getaffinity") -_S(1233, "set_tid_address") -_S(1234, "fadvise64") -_S(1235, "tgkill") -_S(1236, "exit_group") -_S(1237, "lookup_dcookie") -_S(1238, "io_setup") -_S(1239, "io_destroy") -_S(1240, "io_getevents") -_S(1241, "io_submit") -_S(1242, "io_cancel") -_S(1243, "epoll_create") -_S(1244, "epoll_ctl") -_S(1245, "epoll_wait") -_S(1246, "restart_syscall") -_S(1247, "semtimedop") -_S(1248, "timer_create") -_S(1249, "timer_settime") -_S(1250, "timer_gettime") -_S(1251, "timer_getoverrun") -_S(1252, "timer_delete") -_S(1253, "clock_settime") -_S(1254, "clock_gettime") -_S(1255, "clock_getres") -_S(1256, "clock_nanosleep") -_S(1257, "fstatfs64") -_S(1258, "statfs64") -_S(1259, "mbind") -_S(1260, "get_mempolicy") -_S(1261, "set_mempolicy") -_S(1262, "mq_open") -_S(1263, "mq_unlink") -_S(1264, "mq_timedsend") -_S(1265, "mq_timedreceive") -_S(1266, "mq_notify") -_S(1267, "mq_getsetattr") -_S(1268, "kexec_load") -_S(1269, "vserver") -_S(1270, "waitid") -_S(1271, "add_key") -_S(1272, "request_key") -_S(1273, "keyctl") -_S(1274, "ioprio_set") -_S(1275, "ioprio_get") -_S(1276, "set_zone_reclaim") -_S(1277, "inotify_init") -_S(1278, "inotify_add_watch") -_S(1279, "inotify_rm_watch") -_S(1280, "migrate_pages") -_S(1281, "openat") -_S(1282, "mkdirat") -_S(1283, "mknodat") -_S(1284, "fchownat") -_S(1285, "futimesat") -_S(1286, "newfstatat") -_S(1287, "unlinkat") -_S(1288, "renameat") -_S(1289, "linkat") -_S(1290, "symlinkat") -_S(1291, "readlinkat") -_S(1292, "fchmodat") -_S(1293, "faccessat") -_S(1294, "pselect") -_S(1295, "ppoll") -_S(1296, "unshare") -_S(1297, "splice") -_S(1298, "set_robust_list") -_S(1299, "get_robust_list") -_S(1300, "sync_file_range") -_S(1301, "tee") -_S(1302, "vmsplice") -_S(1303, "fallocate") -_S(1304, "getcpu") -_S(1305, "epoll_pwait") -_S(1306, "utimensat") -_S(1307, "signalfd") -_S(1308, "timerfd") -_S(1309, "eventfd") -_S(1310, "timerfd_create") -_S(1311, "timerfd_settime") -_S(1312, "timerfd_gettime") -_S(1313, "signalfd4") -_S(1314, "eventfd2") -_S(1315, "epoll_create1") -_S(1316, "dup3") -_S(1317, "pipe2") -_S(1318, "inotify_init1") -_S(1319, "preadv") -_S(1320, "pwritev") -_S(1321, "rt_tgsigqueueinfo") -_S(1322, "recvmmsg") -_S(1323, "fanotify_init") -_S(1324, "fanotify_mark") -_S(1325, "prlimit64") -_S(1326, "name_to_handle_at") -_S(1327, "open_by_handle_at") -_S(1328, "clock_adjtime") -_S(1329, "syncfs") -_S(1330, "setns") -_S(1331, "sendmmsg") -_S(1332, "process_vm_readv") -_S(1333, "process_vm_writev") -_S(1334, "accept4") -_S(1335, "finit_module") -_S(1336, "sched_setattr") -_S(1337, "sched_getattr") -_S(1338, "renameat2") -_S(1339, "getrandom") -_S(1340, "memfd_create") -_S(1341, "bpf") -_S(1342, "execveat") diff --git a/framework/src/audit/lib/libaudit.c b/framework/src/audit/lib/libaudit.c deleted file mode 100644 index 6311b813..00000000 --- a/framework/src/audit/lib/libaudit.c +++ /dev/null @@ -1,1606 +0,0 @@ -/* libaudit.c -- - * Copyright 2004-2009,2012,2014 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - * Rickard E. (Rik) Faith <faith@redhat.com> - */ - -#include "config.h" -#include <stdio.h> -#include <stdarg.h> -#include <string.h> -#include <stdlib.h> -#include <unistd.h> -#include <ctype.h> -#include <time.h> -#include <pwd.h> -#include <grp.h> -#include <errno.h> -#include <sys/poll.h> -#include <sys/utsname.h> -#include <sys/stat.h> -#include <fcntl.h> /* O_NOFOLLOW needs gnu defined */ -#include <limits.h> /* for PATH_MAX */ -#include <sys/stat.h> -#include <sys/types.h> - -#include "libaudit.h" -#include "private.h" -#include "errormsg.h" - -/* #defines for the audit failure query */ -#define CONFIG_FILE "/etc/libaudit.conf" - -/* Local prototypes */ -struct nv_pair -{ - const char *name; - const char *value; -}; - -struct kw_pair -{ - const char *name; - int (*parser)(const char *, int); -}; - -struct nv_list -{ - const char *name; - int option; -}; - -struct libaudit_conf -{ - auditfail_t failure_action; -}; - -static const struct nv_list failure_actions[] = -{ - {"ignore", FAIL_IGNORE }, - {"log", FAIL_LOG }, - {"terminate", FAIL_TERMINATE }, - { NULL, 0 } -}; - -int _audit_permadded = 0; -int _audit_archadded = 0; -int _audit_syscalladded = 0; -unsigned int _audit_elf = 0U; -static struct libaudit_conf config; - -static int audit_failure_parser(const char *val, int line); -static int audit_name_to_uid(const char *name, uid_t *uid); -static int audit_name_to_gid(const char *name, gid_t *gid); - -static const struct kw_pair keywords[] = -{ - {"failure_action", audit_failure_parser }, - { NULL, NULL } -}; - -static int audit_priority(int xerrno) -{ - /* If they've compiled their own kernel and did not include - * the audit susbsystem, they will get ECONNREFUSED. We'll - * demote the message to debug so its not lost entirely. */ - if (xerrno == ECONNREFUSED) - return LOG_DEBUG; - else - return LOG_WARNING; -} - -int audit_request_status(int fd) -{ - int rc = audit_send(fd, AUDIT_GET, NULL, 0); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error sending status request (%s)", strerror(-rc)); - return rc; -} -hidden_def(audit_request_status) - -/* - * Set everything to its default value - */ -static void clear_config(void) -{ - config.failure_action = FAIL_IGNORE; -} - -/* Get 1 line from file */ -static char *get_line(FILE *f, char *buf, size_t len) -{ - if (fgets(buf, len, f)) { - /* remove newline */ - char *ptr = strchr(buf, 0x0a); - if (ptr) - *ptr = 0; - return buf; - } - return NULL; -} - -static int nv_split(char *buf, struct nv_pair *nv) -{ - /* Get the name part */ - char *ptr, *saved=NULL; - - nv->name = NULL; - nv->value = NULL; - ptr = audit_strsplit_r(buf, &saved); - if (ptr == NULL) - return 0; /* If there's nothing, go to next line */ - if (ptr[0] == '#') - return 0; /* If there's a comment, go to next line */ - nv->name = ptr; - - /* Check for a '=' */ - ptr = audit_strsplit_r(NULL, &saved); - if (ptr == NULL) - return 1; - if (strcmp(ptr, "=") != 0) - return 2; - - /* get the value */ - ptr = audit_strsplit_r(NULL, &saved); - if (ptr == NULL) - return 1; - nv->value = ptr; - - /* Make sure there's nothing else */ - ptr = audit_strsplit_r(NULL, &saved); - if (ptr) - return 1; - - /* Everything is OK */ - return 0; -} - -static const struct kw_pair *kw_lookup(const char *val) -{ - int i = 0; - while (keywords[i].name != NULL) { - if (strcasecmp(keywords[i].name, val) == 0) - break; - i++; - } - return &keywords[i]; -} - -static int audit_failure_parser(const char *val, int line) -{ - int i; - - audit_msg(LOG_DEBUG, "audit_failure_parser called with: %s", val); - for (i=0; failure_actions[i].name != NULL; i++) { - if (strcasecmp(val, failure_actions[i].name) == 0) { - config.failure_action = failure_actions[i].option; - return 0; - } - } - audit_msg(LOG_ERR, "Option %s not found - line %d", val, line); - return 1; -} - -/* - * Read the /etc/libaudit.conf file and all tunables. - */ -static int load_libaudit_config(const char *path) -{ - int fd, rc, lineno = 1; - struct stat st; - FILE *f; - char buf[128]; - - /* open the file */ - rc = open(path, O_NOFOLLOW|O_RDONLY); - if (rc < 0) { - if (errno != ENOENT) { - audit_msg(LOG_ERR, "Error opening %s (%s)", - path, strerror(errno)); - return 1; - } - audit_msg(LOG_WARNING, - "Config file %s doesn't exist, skipping", path); - return 0; - } - fd = rc; - - /* check the file's permissions: owned by root, not world writable, - * not symlink. - */ - audit_msg(LOG_DEBUG, "Config file %s opened for parsing", path); - if (fstat(fd, &st) < 0) { - audit_msg(LOG_ERR, "Error fstat'ing %s (%s)", - path, strerror(errno)); - close(fd); - return 1; - } - if (st.st_uid != 0) { - audit_msg(LOG_ERR, "Error - %s isn't owned by root", path); - close(fd); - return 1; - } - if ((st.st_mode & S_IWOTH) == S_IWOTH) { - audit_msg(LOG_ERR, "Error - %s is world writable", path); - close(fd); - return 1; - } - if (!S_ISREG(st.st_mode)) { - audit_msg(LOG_ERR, "Error - %s is not a regular file", path); - close(fd); - return 1; - } - - /* it's ok, read line by line */ - f = fdopen(fd, "rm"); - if (f == NULL) { - audit_msg(LOG_ERR, "Error - fdopen failed (%s)", - strerror(errno)); - close(fd); - return 1; - } - - while (get_line(f, buf, sizeof(buf))) { - // convert line into name-value pair - const struct kw_pair *kw; - struct nv_pair nv; - rc = nv_split(buf, &nv); - switch (rc) { - case 0: // fine - break; - case 1: // not the right number of tokens. - audit_msg(LOG_ERR, - "Wrong number of arguments for line %d in %s", - lineno, path); - break; - case 2: // no '=' sign - audit_msg(LOG_ERR, - "Missing equal sign for line %d in %s", - lineno, path); - break; - default: // something else went wrong... - audit_msg(LOG_ERR, - "Unknown error for line %d in %s", - lineno, path); - break; - } - if (nv.name == NULL) { - lineno++; - continue; - } - if (nv.value == NULL) { - fclose(f); - return 1; - } - - /* identify keyword or error */ - kw = kw_lookup(nv.name); - if (kw->name == NULL) { - audit_msg(LOG_ERR, - "Unknown keyword \"%s\" in line %d of %s", - nv.name, lineno, path); - fclose(f); - return 1; - } - - /* dispatch to keyword's local parser */ - rc = kw->parser(nv.value, lineno); - if (rc != 0) { - fclose(f); - return 1; // local parser puts message out - } - - lineno++; - } - - fclose(f); - return 0; -} - - -/* - * This function is called to get the value of the failure_action - * tunable stored in /etc/libaudit.conf. The function returns 1 if - * the tunable is not found or there is an error. If the tunable is found, - * 0 is returned the the tunable value is saved in the failmode parameter. - */ -int get_auditfail_action(auditfail_t *failmode) -{ - clear_config(); - - if (load_libaudit_config(CONFIG_FILE)) { - *failmode = config.failure_action; - return 1; - } - - *failmode = config.failure_action; - return 0; -} - -int audit_set_enabled(int fd, uint32_t enabled) -{ - int rc; - struct audit_status s; - - memset(&s, 0, sizeof(s)); - s.mask = AUDIT_STATUS_ENABLED; - s.enabled = enabled; - rc = audit_send(fd, AUDIT_SET, &s, sizeof(s)); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error sending enable request (%s)", strerror(-rc)); - return rc; -} - -/* - * This function will return 0 if auditing is NOT enabled and - * 1 if enabled, and -1 on error. - */ -int audit_is_enabled(int fd) -{ - int rc; - - if (fd < 0) - return 0; - - if ((rc = audit_request_status(fd)) > 0) { - struct audit_reply rep; - int i; - int timeout = 40; /* tenths of seconds */ - struct pollfd pfd[1]; - - pfd[0].fd = fd; - pfd[0].events = POLLIN; - - for (i = 0; i < timeout; i++) { - do { - rc = poll(pfd, 1, 100); - } while (rc < 0 && errno == EINTR); - - rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING,0); - if (rc > 0) { - /* If we get done or error, break out */ - if (rep.type == NLMSG_DONE || - rep.type == NLMSG_ERROR) - break; - - /* If its not status, keep looping */ - if (rep.type != AUDIT_GET) - continue; - - /* Found it... */ - return rep.status->enabled; - } - } - } - if (rc == -ECONNREFUSED) { - /* This is here to let people that build their own kernel - and disable the audit system get in. ECONNREFUSED is - issued by the kernel when there is "no on listening". */ - return 0; - } else if (rc == -EPERM && getuid() != 0) { - /* If we get this, then the kernel supports auditing - * but we don't have enough privilege to write to the - * socket. Therefore, we have already been authenticated - * and we are a common user. Just act as though auditing - * is not enabled. Any other error we take seriously. - * This is here basically to satisfy Xscreensaver. */ - return 0; - } - return -1; -} - -int audit_set_failure(int fd, uint32_t failure) -{ - int rc; - struct audit_status s; - - memset(&s, 0, sizeof(s)); - s.mask = AUDIT_STATUS_FAILURE; - s.failure = failure; - rc = audit_send(fd, AUDIT_SET, &s, sizeof(s)); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error sending failure mode request (%s)", - strerror(-rc)); - return rc; -} - -/* - * This function returns -1 on error and 1 on success. - */ -int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode) -{ - struct audit_status s; - struct audit_reply rep; - struct pollfd pfd[1]; - int rc; - - memset(&s, 0, sizeof(s)); - s.mask = AUDIT_STATUS_PID; - s.pid = pid; - rc = audit_send(fd, AUDIT_SET, &s, sizeof(s)); - if (rc < 0) { - audit_msg(audit_priority(errno), - "Error setting audit daemon pid (%s)", - strerror(-rc)); - return rc; - } - if (wmode == WAIT_NO) - return 1; - - /* Now we'll see if there's any reply message. This only - happens on error. It is not fatal if there is no message. - As a matter of fact, we don't do anything with the message - besides gobble it. */ - pfd[0].fd = fd; - pfd[0].events = POLLIN; - do { - rc = poll(pfd, 1, 100); /* .1 second */ - } while (rc < 0 && errno == EINTR); - - (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); - return 1; -} - -int audit_set_rate_limit(int fd, uint32_t limit) -{ - int rc; - struct audit_status s; - - memset(&s, 0, sizeof(s)); - s.mask = AUDIT_STATUS_RATE_LIMIT; - s.rate_limit = limit; - rc = audit_send(fd, AUDIT_SET, &s, sizeof(s)); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error sending rate limit request (%s)", - strerror(-rc)); - return rc; -} - -int audit_set_backlog_limit(int fd, uint32_t limit) -{ - int rc; - struct audit_status s; - - memset(&s, 0, sizeof(s)); - s.mask = AUDIT_STATUS_BACKLOG_LIMIT; - s.backlog_limit = limit; - rc = audit_send(fd, AUDIT_SET, &s, sizeof(s)); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error sending backlog limit request (%s)", - strerror(-rc)); - return rc; -} - -int audit_set_backlog_wait_time(int fd, uint32_t bwt) -{ - int rc = -1; -#if HAVE_DECL_AUDIT_VERSION_BACKLOG_WAIT_TIME - struct audit_status s; - - memset(&s, 0, sizeof(s)); - s.mask = AUDIT_STATUS_BACKLOG_WAIT_TIME; - s.backlog_wait_time = bwt; - rc = audit_send(fd, AUDIT_SET, &s, sizeof(s)); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error sending backlog limit request (%s)", - strerror(-rc)); -#endif - return rc; -} - -int audit_set_feature(int fd, unsigned feature, unsigned value, unsigned lock) -{ -#if HAVE_DECL_AUDIT_FEATURE_VERSION - int rc; - struct audit_features f; - - memset(&f, 0, sizeof(f)); - f.mask = AUDIT_FEATURE_TO_MASK(feature); - if (value) - f.features = AUDIT_FEATURE_TO_MASK(feature); - if (lock) - f.lock = AUDIT_FEATURE_TO_MASK(feature); - rc = audit_send(fd, AUDIT_SET_FEATURE, &f, sizeof(f)); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error setting feature (%s)", - strerror(-rc)); - return rc; -#else - errno = EINVAL; - return -1; -#endif -} -hidden_def(audit_set_feature) - -int audit_request_features(int fd) -{ -#if HAVE_DECL_AUDIT_FEATURE_VERSION - int rc; - struct audit_features f; - - memset(&f, 0, sizeof(f)); - rc = audit_send(fd, AUDIT_GET_FEATURE, &f, sizeof(f)); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error getting feature (%s)", - strerror(-rc)); - return rc; -#else - errno = EINVAL; - return -1; -#endif -} -hidden_def(audit_request_features) - -extern int audit_set_loginuid_immutable(int fd) -{ -#if HAVE_DECL_AUDIT_FEATURE_VERSION - return audit_set_feature(fd, AUDIT_FEATURE_LOGINUID_IMMUTABLE, 1, 1); -#else - errno = EINVAL; - return -1; -#endif -} - -int audit_request_rules_list_data(int fd) -{ - int rc = audit_send(fd, AUDIT_LIST_RULES, NULL, 0); - if (rc < 0 && rc != -EINVAL) - audit_msg(audit_priority(errno), - "Error sending rule list data request (%s)", - strerror(-rc)); - return rc; -} - -int audit_request_signal_info(int fd) -{ - int rc = audit_send(fd, AUDIT_SIGNAL_INFO, NULL, 0); - if (rc < 0) - audit_msg(LOG_WARNING, - "Error sending signal_info request (%s)", - strerror(-rc)); - return rc; -} - -int audit_update_watch_perms(struct audit_rule_data *rule, int perms) -{ - int i, done=0; - - if (rule->field_count < 1) - return -1; - - // First see if we have an entry we are updating - for (i=0; i< rule->field_count; i++) { - if (rule->fields[i] == AUDIT_PERM) { - rule->values[i] = perms; - done = 1; - } - } - if (!done) { - // If not check to see if we have room to add a field - if (rule->field_count >= (AUDIT_MAX_FIELDS - 1)) - return -2; - - // Add the perm - rule->fields[rule->field_count] = AUDIT_PERM; - rule->fieldflags[rule->field_count] = AUDIT_EQUAL; - rule->values[rule->field_count] = perms; - rule->field_count++; - } - return 0; -} - -int audit_add_watch(struct audit_rule_data **rulep, const char *path) -{ - return audit_add_watch_dir(AUDIT_WATCH, rulep, path); -} - -int audit_add_dir(struct audit_rule_data **rulep, const char *path) -{ - return audit_add_watch_dir(AUDIT_DIR, rulep, path); -} - -int audit_add_watch_dir(int type, struct audit_rule_data **rulep, - const char *path) -{ - size_t len = strlen(path); - struct audit_rule_data *rule = *rulep; - - if (rule && rule->field_count) { - audit_msg(LOG_ERR, "Rule is not empty\n"); - return -1; - } - if (type != AUDIT_WATCH && type != AUDIT_DIR) { - audit_msg(LOG_ERR, "Invalid type used\n"); - return -1; - } - - *rulep = realloc(rule, len + sizeof(*rule)); - if (*rulep == NULL) { - free(rule); - audit_msg(LOG_ERR, "Cannot realloc memory!\n"); - return -1; - } - rule = *rulep; - memset(rule, 0, len + sizeof(*rule)); - - rule->flags = AUDIT_FILTER_EXIT; - rule->action = AUDIT_ALWAYS; - audit_rule_syscallbyname_data(rule, "all"); - rule->field_count = 2; - rule->fields[0] = type; - rule->values[0] = len; - rule->fieldflags[0] = AUDIT_EQUAL; - rule->buflen = len; - memcpy(&rule->buf[0], path, len); - - // Default to all permissions - rule->fields[1] = AUDIT_PERM; - rule->fieldflags[1] = AUDIT_EQUAL; - rule->values[1] = AUDIT_PERM_READ | AUDIT_PERM_WRITE | - AUDIT_PERM_EXEC | AUDIT_PERM_ATTR; - - _audit_permadded = 1; - - return 0; -} -hidden_def(audit_add_watch_dir) - -int audit_add_rule_data(int fd, struct audit_rule_data *rule, - int flags, int action) -{ - int rc; - - if (flags == AUDIT_FILTER_ENTRY) { - audit_msg(LOG_WARNING, "Use of entry filter is deprecated"); - return -2; - } - rule->flags = flags; - rule->action = action; - rc = audit_send(fd, AUDIT_ADD_RULE, rule, - sizeof(struct audit_rule_data) + rule->buflen); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error sending add rule data request (%s)", - errno == EEXIST ? - "Rule exists" : strerror(-rc)); - return rc; -} - -int audit_delete_rule_data(int fd, struct audit_rule_data *rule, - int flags, int action) -{ - int rc; - - if (flags == AUDIT_FILTER_ENTRY) { - audit_msg(LOG_WARNING, "Use of entry filter is deprecated"); - return -2; - } - rule->flags = flags; - rule->action = action; - rc = audit_send(fd, AUDIT_DEL_RULE, rule, - sizeof(struct audit_rule_data) + rule->buflen); - if (rc < 0) { - if (rc == -ENOENT) - audit_msg(LOG_WARNING, - "Error sending delete rule request (No rule matches)"); - else - audit_msg(audit_priority(errno), - "Error sending delete rule data request (%s)", - strerror(-rc)); - } - return rc; -} - -/* - * This function is part of the directory auditing code - */ -int audit_trim_subtrees(int fd) -{ - int rc = audit_send(fd, AUDIT_TRIM, NULL, 0); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error sending trim subtrees command (%s)", - strerror(-rc)); - return rc; -} - -/* - * This function is part of the directory auditing code - */ -int audit_make_equivalent(int fd, const char *mount_point, - const char *subtree) -{ - int rc; - size_t len1 = strlen(mount_point); - size_t len2 = strlen(subtree); - struct { - uint32_t sizes[2]; - unsigned char buf[]; - } *cmd = malloc(sizeof(*cmd) + len1 + len2); - - memset(cmd, 0, sizeof(*cmd) + len1 + len2); - - cmd->sizes[0] = len1; - cmd->sizes[1] = len2; - memcpy(&cmd->buf[0], mount_point, len1); - memcpy(&cmd->buf[len1], subtree, len2); - - rc = audit_send(fd, AUDIT_MAKE_EQUIV, cmd, sizeof(*cmd) + len1 + len2); - if (rc < 0) - audit_msg(audit_priority(errno), - "Error sending make_equivalent command (%s)", - strerror(-rc)); - free(cmd); - return rc; -} - -/* - * This function will retreive the loginuid or -1 if there - * is an error. - */ -uid_t audit_getloginuid(void) -{ - uid_t uid; - int len, in; - char buf[16]; - - errno = 0; - in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY); - if (in < 0) - return -1; - do { - len = read(in, buf, sizeof(buf)); - } while (len < 0 && errno == EINTR); - close(in); - if (len < 0 || len >= sizeof(buf)) - return -1; - buf[len] = 0; - errno = 0; - uid = strtol(buf, 0, 10); - if (errno) - return -1; - else - return uid; -} - -/* - * This function returns 0 on success and 1 on failure - */ -int audit_setloginuid(uid_t uid) -{ - char loginuid[16]; - int o, count, rc = 0; - - errno = 0; - count = snprintf(loginuid, sizeof(loginuid), "%u", uid); - o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); - if (o >= 0) { - int block, offset = 0; - - while (count > 0) { - block = write(o, &loginuid[offset], (unsigned)count); - - if (block < 0) { - if (errno == EINTR) - continue; - audit_msg(LOG_ERR, "Error writing loginuid"); - close(o); - return 1; - } - offset += block; - count -= block; - } - close(o); - } else { - audit_msg(LOG_ERR, "Error opening /proc/self/loginuid"); - rc = 1; - } - return rc; -} - -int audit_rule_syscall_data(struct audit_rule_data *rule, int scall) -{ - int word = AUDIT_WORD(scall); - int bit = AUDIT_BIT(scall); - - if (word >= (AUDIT_BITMASK_SIZE-1)) - return -1; - rule->mask[word] |= bit; - return 0; -} -hidden_def(audit_rule_syscall_data) - -int audit_rule_syscallbyname_data(struct audit_rule_data *rule, - const char *scall) -{ - int nr, i; - int machine; - - if (!strcmp(scall, "all")) { - for (i = 0; i < (AUDIT_BITMASK_SIZE-1); i++) - rule->mask[i] = ~0; - return 0; - } - if (!_audit_elf) - machine = audit_detect_machine(); - else - machine = audit_elf_to_machine(_audit_elf); - if (machine < 0) - return -2; - nr = audit_name_to_syscall(scall, machine); - if (nr < 0) { - if (isdigit(scall[0])) - nr = strtol(scall, NULL, 0); - } - if (nr >= 0) - return audit_rule_syscall_data(rule, nr); - return -1; -} -hidden_def(audit_rule_syscallbyname_data) - -int audit_rule_interfield_comp_data(struct audit_rule_data **rulep, - const char *pair, - int flags) { - const char *f = pair; - char *v; - int op; - int field1, field2; - struct audit_rule_data *rule = *rulep; - - if (f == NULL) - return -1; - - if (rule->field_count >= (AUDIT_MAX_FIELDS - 1)) - return -28; - - /* look for 2-char operators first - then look for 1-char operators afterwards - when found, null out the bytes under the operators to split - and set value pointer just past operator bytes - */ - if ( (v = strstr(pair, "!=")) ) { - *v++ = '\0'; - *v++ = '\0'; - op = AUDIT_NOT_EQUAL; - } else if ( (v = strstr(pair, "=")) ) { - *v++ = '\0'; - op = AUDIT_EQUAL; - } else { - return -13; - } - - if (*f == 0) - return -24; - - if (*v == 0) - return -25; - - if ((field1 = audit_name_to_field(f)) < 0) - return -26; - - if ((field2 = audit_name_to_field(v)) < 0) - return -27; - - /* Interfield comparison can only be in exit filter */ - if (flags != AUDIT_FILTER_EXIT) - return -7; - - // It should always be AUDIT_FIELD_COMPARE - rule->fields[rule->field_count] = AUDIT_FIELD_COMPARE; - rule->fieldflags[rule->field_count] = op; - /* oh god, so many permutations */ - switch (field1) - { - /* UID comparison */ - case AUDIT_EUID: - switch(field2) { - case AUDIT_LOGINUID: - rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_EUID; - break; - case AUDIT_FSUID: - rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_FSUID; - break; - case AUDIT_OBJ_UID: - rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_OBJ_UID; - break; - case AUDIT_SUID: - rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_SUID; - break; - case AUDIT_UID: - rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_EUID; - break; - default: - return -1; - } - break; - case AUDIT_FSUID: - switch(field2) { - case AUDIT_LOGINUID: - rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_FSUID; - break; - case AUDIT_EUID: - rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_FSUID; - break; - case AUDIT_OBJ_UID: - rule->values[rule->field_count] = AUDIT_COMPARE_FSUID_TO_OBJ_UID; - break; - case AUDIT_SUID: - rule->values[rule->field_count] = AUDIT_COMPARE_SUID_TO_FSUID; - break; - case AUDIT_UID: - rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_FSUID; - break; - default: - return -1; - } - break; - case AUDIT_LOGINUID: - switch(field2) { - case AUDIT_EUID: - rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_EUID; - break; - case AUDIT_FSUID: - rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_FSUID; - break; - case AUDIT_OBJ_UID: - rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_OBJ_UID; - break; - case AUDIT_SUID: - rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_SUID; - break; - case AUDIT_UID: - rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_AUID; - break; - default: - return -1; - } - break; - case AUDIT_SUID: - switch(field2) { - case AUDIT_LOGINUID: - rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_SUID; - break; - case AUDIT_EUID: - rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_SUID; - break; - case AUDIT_FSUID: - rule->values[rule->field_count] = AUDIT_COMPARE_SUID_TO_FSUID; - break; - case AUDIT_OBJ_UID: - rule->values[rule->field_count] = AUDIT_COMPARE_SUID_TO_OBJ_UID; - break; - case AUDIT_UID: - rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_SUID; - break; - default: - return -1; - } - break; - case AUDIT_OBJ_UID: - switch(field2) { - case AUDIT_LOGINUID: - rule->values[rule->field_count] = AUDIT_COMPARE_AUID_TO_OBJ_UID; - break; - case AUDIT_EUID: - rule->values[rule->field_count] = AUDIT_COMPARE_EUID_TO_OBJ_UID; - break; - case AUDIT_FSUID: - rule->values[rule->field_count] = AUDIT_COMPARE_FSUID_TO_OBJ_UID; - break; - case AUDIT_UID: - rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_OBJ_UID; - break; - case AUDIT_SUID: - rule->values[rule->field_count] = AUDIT_COMPARE_SUID_TO_OBJ_UID; - break; - default: - return -1; - } - break; - case AUDIT_UID: - switch(field2) { - case AUDIT_LOGINUID: - rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_AUID; - break; - case AUDIT_EUID: - rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_EUID; - break; - case AUDIT_FSUID: - rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_FSUID; - break; - case AUDIT_OBJ_UID: - rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_OBJ_UID; - break; - case AUDIT_SUID: - rule->values[rule->field_count] = AUDIT_COMPARE_UID_TO_SUID; - break; - default: - return -1; - } - break; - - /* GID comparisons */ - case AUDIT_EGID: - switch(field2) { - case AUDIT_FSGID: - rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_FSGID; - break; - case AUDIT_GID: - rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_EGID; - break; - case AUDIT_OBJ_GID: - rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_OBJ_GID; - break; - case AUDIT_SGID: - rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_SGID; - break; - default: - return -1; - } - break; - case AUDIT_FSGID: - switch(field2) { - case AUDIT_SGID: - rule->values[rule->field_count] = AUDIT_COMPARE_SGID_TO_FSGID; - break; - case AUDIT_GID: - rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_FSGID; - break; - case AUDIT_OBJ_GID: - rule->values[rule->field_count] = AUDIT_COMPARE_FSGID_TO_OBJ_GID; - break; - case AUDIT_EGID: - rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_FSGID; - break; - default: - return -1; - } - break; - case AUDIT_GID: - switch(field2) { - case AUDIT_EGID: - rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_EGID; - break; - case AUDIT_FSGID: - rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_FSGID; - break; - case AUDIT_OBJ_GID: - rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_OBJ_GID; - break; - case AUDIT_SGID: - rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_SGID; - break; - default: - return -1; - } - break; - case AUDIT_OBJ_GID: - switch(field2) { - case AUDIT_EGID: - rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_OBJ_GID; - break; - case AUDIT_FSGID: - rule->values[rule->field_count] = AUDIT_COMPARE_FSGID_TO_OBJ_GID; - break; - case AUDIT_GID: - rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_OBJ_GID; - break; - case AUDIT_SGID: - rule->values[rule->field_count] = AUDIT_COMPARE_SGID_TO_OBJ_GID; - break; - default: - return -1; - } - break; - case AUDIT_SGID: - switch(field2) { - case AUDIT_FSGID: - rule->values[rule->field_count] = AUDIT_COMPARE_SGID_TO_FSGID; - break; - case AUDIT_GID: - rule->values[rule->field_count] = AUDIT_COMPARE_GID_TO_SGID; - break; - case AUDIT_OBJ_GID: - rule->values[rule->field_count] = AUDIT_COMPARE_SGID_TO_OBJ_GID; - break; - case AUDIT_EGID: - rule->values[rule->field_count] = AUDIT_COMPARE_EGID_TO_SGID; - break; - default: - return -1; - } - break; - default: - return -1; - break; - } - rule->field_count++; - return 0; -} - -int audit_determine_machine(const char *arch) -{ // What do we want? i686, x86_64, ia64 or b64, b32 - int machine; - unsigned int bits = 0; - - if (strcasecmp("b64", arch) == 0) { - bits = __AUDIT_ARCH_64BIT; - machine = audit_detect_machine(); - } else if (strcasecmp("b32", arch) == 0) { - bits = ~__AUDIT_ARCH_64BIT; - machine = audit_detect_machine(); - } else { - machine = audit_name_to_machine(arch); - if (machine < 0) { - // See if its numeric - unsigned int ival; - errno = 0; - ival = strtoul(arch, NULL, 16); - if (errno) - return -4; - machine = audit_elf_to_machine(ival); - } - } - - if (machine < 0) - return -4; - - /* Here's where we fixup the machine. For example, they give - * x86_64 & want 32 bits we translate that to i686. */ - if (bits == ~__AUDIT_ARCH_64BIT && machine == MACH_86_64) - machine = MACH_X86; - else if (bits == ~__AUDIT_ARCH_64BIT && machine == MACH_PPC64) - machine = MACH_PPC; - else if (bits == ~__AUDIT_ARCH_64BIT && machine == MACH_S390X) - machine = MACH_S390; - else if (bits == ~__AUDIT_ARCH_64BIT && machine == MACH_AARCH64) - machine = MACH_ARM; - - /* Check for errors - return -6 - * We don't allow 32 bit machines to specify 64 bit. */ - switch (machine) - { - case MACH_X86: - if (bits == __AUDIT_ARCH_64BIT) - return -6; - break; - case MACH_IA64: - if (bits == ~__AUDIT_ARCH_64BIT) - return -6; - break; - case MACH_PPC: - if (bits == __AUDIT_ARCH_64BIT) - return -6; - break; - case MACH_S390: - if (bits == __AUDIT_ARCH_64BIT) - return -6; - break; -#ifdef WITH_ARM - case MACH_ARM: - if (bits == __AUDIT_ARCH_64BIT) - return -6; // Deadcode - just incase of mistake - break; -#endif -#ifdef WITH_AARCH64 - case MACH_AARCH64: - if (bits && bits != __AUDIT_ARCH_64BIT) - return -6; - break; -#endif - case MACH_86_64: /* fallthrough */ - case MACH_PPC64: /* fallthrough */ - case MACH_PPC64LE: /* fallthrough */ - case MACH_S390X: /* fallthrough */ - break; - default: - return -6; - } - return machine; -} - -int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - int flags) -{ - const char *f = pair; - char *v; - int op; - int field; - int vlen; - int offset; - struct audit_rule_data *rule = *rulep; - - if (f == NULL) - return -1; - - if (rule->field_count >= (AUDIT_MAX_FIELDS - 1)) - return -28; - - /* look for 2-char operators first - then look for 1-char operators afterwards - when found, null out the bytes under the operators to split - and set value pointer just past operator bytes - */ - if ( (v = strstr(pair, "!=")) ) { - *v++ = '\0'; - *v++ = '\0'; - op = AUDIT_NOT_EQUAL; - } else if ( (v = strstr(pair, ">=")) ) { - *v++ = '\0'; - *v++ = '\0'; - op = AUDIT_GREATER_THAN_OR_EQUAL; - } else if ( (v = strstr(pair, "<=")) ) { - *v++ = '\0'; - *v++ = '\0'; - op = AUDIT_LESS_THAN_OR_EQUAL; - } else if ( (v = strstr(pair, "&=")) ) { - *v++ = '\0'; - *v++ = '\0'; - op = AUDIT_BIT_TEST; - } else if ( (v = strstr(pair, "=")) ) { - *v++ = '\0'; - op = AUDIT_EQUAL; - } else if ( (v = strstr(pair, ">")) ) { - *v++ = '\0'; - op = AUDIT_GREATER_THAN; - } else if ( (v = strstr(pair, "<")) ) { - *v++ = '\0'; - op = AUDIT_LESS_THAN; - } else if ( (v = strstr(pair, "&")) ) { - *v++ = '\0'; - op = AUDIT_BIT_MASK; - } - - if (v == NULL) - return -1; - - if (*f == 0) - return -22; - - if (*v == 0) - return -20; - - if ((field = audit_name_to_field(f)) < 0) - return -2; - - /* Exclude filter can be used only with MSGTYPE field */ - if (flags == AUDIT_FILTER_EXCLUDE && field != AUDIT_MSGTYPE) - return -12; - - rule->fields[rule->field_count] = field; - rule->fieldflags[rule->field_count] = op; - switch (field) - { - case AUDIT_UID: - case AUDIT_EUID: - case AUDIT_SUID: - case AUDIT_FSUID: - case AUDIT_LOGINUID: - case AUDIT_OBJ_UID: - // Do positive & negative separate for 32 bit systems - vlen = strlen(v); - if (isdigit((char)*(v))) - rule->values[rule->field_count] = - strtoul(v, NULL, 0); - else if (vlen >= 2 && *(v)=='-' && - (isdigit((char)*(v+1)))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else { - if (strcmp(v, "unset") == 0) - rule->values[rule->field_count] = - 4294967295; - else if (audit_name_to_uid(v, - &rule->values[rule->field_count])) { - audit_msg(LOG_ERR, "Unknown user: %s", - v); - return -2; - } - } - break; - case AUDIT_GID: - case AUDIT_EGID: - case AUDIT_SGID: - case AUDIT_FSGID: - case AUDIT_OBJ_GID: - if (isdigit((char)*(v))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else { - if (audit_name_to_gid(v, - &rule->values[rule->field_count])) { - audit_msg(LOG_ERR, "Unknown group: %s", - v); - return -2; - } - } - break; - case AUDIT_EXIT: - if (flags != AUDIT_FILTER_EXIT) - return -7; - vlen = strlen(v); - if (isdigit((char)*(v))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else if (vlen >= 2 && *(v)=='-' && - (isdigit((char)*(v+1)))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else { - rule->values[rule->field_count] = - audit_name_to_errno(v); - if (rule->values[rule->field_count] == 0) - return -15; - } - break; - case AUDIT_MSGTYPE: - if (flags != AUDIT_FILTER_EXCLUDE && - flags != AUDIT_FILTER_USER) - return -9; - - if (isdigit((char)*(v))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else - if (audit_name_to_msg_type(v) > 0) - rule->values[rule->field_count] = - audit_name_to_msg_type(v); - else - return -8; - break; - /* These next few are strings */ - case AUDIT_OBJ_USER: - case AUDIT_OBJ_ROLE: - case AUDIT_OBJ_TYPE: - case AUDIT_OBJ_LEV_LOW: - case AUDIT_OBJ_LEV_HIGH: - case AUDIT_WATCH: - case AUDIT_DIR: - /* Watch & object filtering is invalid on anything - * but exit */ - if (flags != AUDIT_FILTER_EXIT) - return -7; - if (field == AUDIT_WATCH || field == AUDIT_DIR) - _audit_permadded = 1; - - /* fallthrough */ - case AUDIT_SUBJ_USER: - case AUDIT_SUBJ_ROLE: - case AUDIT_SUBJ_TYPE: - case AUDIT_SUBJ_SEN: - case AUDIT_SUBJ_CLR: - case AUDIT_FILTERKEY: - if (field == AUDIT_FILTERKEY && !(_audit_syscalladded || _audit_permadded)) - return -19; - vlen = strlen(v); - if (field == AUDIT_FILTERKEY && - vlen > AUDIT_MAX_KEY_LEN) - return -11; - else if (vlen > PATH_MAX) - return -11; - rule->values[rule->field_count] = vlen; - offset = rule->buflen; - rule->buflen += vlen; - *rulep = realloc(rule, sizeof(*rule) + rule->buflen); - if (*rulep == NULL) { - free(rule); - audit_msg(LOG_ERR, "Cannot realloc memory!\n"); - return -3; - } else { - rule = *rulep; - } - strncpy(&rule->buf[offset], v, vlen); - - break; - case AUDIT_ARCH: - if (_audit_syscalladded) - return -3; - if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL)) - return -13; - if (isdigit((char)*(v))) { - int machine; - - errno = 0; - _audit_elf = strtoul(v, NULL, 0); - if (errno) - return -5; - - // Make sure we have a valid mapping - machine = audit_elf_to_machine(_audit_elf); - if (machine < 0) - return -5; - } - else { - const char *arch=v; - unsigned int machine, elf; - machine = audit_determine_machine(arch); - /* OK, we have the machine type, now convert - to elf. */ - elf = audit_machine_to_elf(machine); - if (elf == 0) - return -5; - - _audit_elf = elf; - } - rule->values[rule->field_count] = _audit_elf; - _audit_archadded = 1; - break; - case AUDIT_PERM: - if (flags != AUDIT_FILTER_EXIT) - return -7; - else if (op != AUDIT_EQUAL) - return -13; - else { - unsigned int i, len, val = 0; - - len = strlen(v); - if (len > 4) - return -11; - - for (i = 0; i < len; i++) { - switch (tolower(v[i])) { - case 'r': - val |= AUDIT_PERM_READ; - break; - case 'w': - val |= AUDIT_PERM_WRITE; - break; - case 'x': - val |= AUDIT_PERM_EXEC; - break; - case 'a': - val |= AUDIT_PERM_ATTR; - break; - default: - return -14; - } - } - rule->values[rule->field_count] = val; - } - break; - case AUDIT_FILETYPE: - if (!(flags == AUDIT_FILTER_EXIT || flags == AUDIT_FILTER_ENTRY)) - return -17; - rule->values[rule->field_count] = - audit_name_to_ftype(v); - if ((int)rule->values[rule->field_count] < 0) { - return -16; - } - break; - case AUDIT_ARG0...AUDIT_ARG3: - vlen = strlen(v); - if (isdigit((char)*(v))) - rule->values[rule->field_count] = - strtoul(v, NULL, 0); - else if (vlen >= 2 && *(v)=='-' && - (isdigit((char)*(v+1)))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else - return -21; - break; - case AUDIT_DEVMAJOR...AUDIT_INODE: - case AUDIT_SUCCESS: - if (flags != AUDIT_FILTER_EXIT) - return -7; - /* fallthrough */ - default: - if (field == AUDIT_INODE) { - if (!(op == AUDIT_NOT_EQUAL || - op == AUDIT_EQUAL)) - return -13; - } - - if (field == AUDIT_PPID && !(flags == AUDIT_FILTER_EXIT - || flags == AUDIT_FILTER_ENTRY)) - return -17; - - if (!isdigit((char)*(v))) - return -21; - - if (field == AUDIT_INODE) - rule->values[rule->field_count] = - strtoul(v, NULL, 0); - else - rule->values[rule->field_count] = - strtol(v, NULL, 0); - break; - } - rule->field_count++; - return 0; -} - -void audit_rule_free_data(struct audit_rule_data *rule) -{ - free(rule); -} - -static int audit_name_to_uid(const char *name, uid_t *uid) -{ - struct passwd *pw; - - pw = getpwnam(name); - if (pw == NULL) - return 1; - - memset(pw->pw_passwd, ' ', strlen(pw->pw_passwd)); - *uid = pw->pw_uid; - return 0; -} - -static int audit_name_to_gid(const char *name, gid_t *gid) -{ - struct group *gr; - - gr = getgrnam(name); - if (gr == NULL) - return 1; - - *gid = gr->gr_gid; - return 0; -} - -int audit_detect_machine(void) -{ - struct utsname uts; - if (uname(&uts) == 0) -// strcpy(uts.machine, "x86_64"); - return audit_name_to_machine(uts.machine); - return -1; -} -hidden_def(audit_detect_machine) - -#ifndef NO_TABLES -void audit_number_to_errmsg(int errnumber, const char *opt) -{ - unsigned int i; - - for (i = 0; i < sizeof(err_msgtab)/sizeof(struct msg_tab); i++) { - if (err_msgtab[i].key == errnumber) { - switch (err_msgtab[i].position) - { - case 0: - fprintf(stderr, "%s\n", - err_msgtab[i].cvalue); - break; - case 1: - fprintf(stderr, "%s %s\n", opt, - err_msgtab[i].cvalue); - break; - case 2: - fprintf(stderr, "%s %s\n", - err_msgtab[i].cvalue, opt); - break; - default: - break; - } - return; - } - } -} -#endif diff --git a/framework/src/audit/lib/libaudit.h b/framework/src/audit/lib/libaudit.h deleted file mode 100644 index 8f96c5db..00000000 --- a/framework/src/audit/lib/libaudit.h +++ /dev/null @@ -1,584 +0,0 @@ -/* libaudit.h -- - * Copyright 2004-2015 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - * Rickard E. (Rik) Faith <faith@redhat.com> - */ -#ifndef _LIBAUDIT_H_ -#define _LIBAUDIT_H_ - -#ifdef __cplusplus -extern "C" { -#endif - - -#include <asm/types.h> -#include <stdint.h> -#include <sys/socket.h> -#include <linux/netlink.h> -#include <linux/audit.h> -#include <stdarg.h> -#include <syslog.h> - - -/* Audit message types as of 2.6.29 kernel: - * 1000 - 1099 are for commanding the audit system - * 1100 - 1199 user space trusted application messages - * 1200 - 1299 messages internal to the audit daemon - * 1300 - 1399 audit event messages - * 1400 - 1499 kernel SE Linux use - * 1500 - 1599 AppArmor events - * 1600 - 1699 kernel crypto events - * 1700 - 1799 kernel anomaly records - * 1800 - 1899 kernel integrity labels and related events - * 1800 - 1999 future kernel use - * 2001 - 2099 unused (kernel) - * 2100 - 2199 user space anomaly records - * 2200 - 2299 user space actions taken in response to anomalies - * 2300 - 2399 user space generated LSPP events - * 2400 - 2499 user space crypto events - * 2500 - 2599 user space virtualization management events - * 2600 - 2999 future user space (maybe integrity labels and related events) - */ - -#define AUDIT_FIRST_USER_MSG 1100 /* First user space message */ -#define AUDIT_LAST_USER_MSG 1199 /* Last user space message */ -#define AUDIT_USER_AUTH 1100 /* User system access authentication */ -#define AUDIT_USER_ACCT 1101 /* User system access authorization */ -#define AUDIT_USER_MGMT 1102 /* User acct attribute change */ -#define AUDIT_CRED_ACQ 1103 /* User credential acquired */ -#define AUDIT_CRED_DISP 1104 /* User credential disposed */ -#define AUDIT_USER_START 1105 /* User session start */ -#define AUDIT_USER_END 1106 /* User session end */ -#define AUDIT_USER_AVC 1107 /* User space avc message */ -#define AUDIT_USER_CHAUTHTOK 1108 /* User acct password or pin changed */ -#define AUDIT_USER_ERR 1109 /* User acct state error */ -#define AUDIT_CRED_REFR 1110 /* User credential refreshed */ -#define AUDIT_USYS_CONFIG 1111 /* User space system config change */ -#define AUDIT_USER_LOGIN 1112 /* User has logged in */ -#define AUDIT_USER_LOGOUT 1113 /* User has logged out */ -#define AUDIT_ADD_USER 1114 /* User account added */ -#define AUDIT_DEL_USER 1115 /* User account deleted */ -#define AUDIT_ADD_GROUP 1116 /* Group account added */ -#define AUDIT_DEL_GROUP 1117 /* Group account deleted */ -#define AUDIT_DAC_CHECK 1118 /* User space DAC check results */ -#define AUDIT_CHGRP_ID 1119 /* User space group ID changed */ -#define AUDIT_TEST 1120 /* Used for test success messages */ -#define AUDIT_TRUSTED_APP 1121 /* Trusted app msg - freestyle text */ -#define AUDIT_USER_SELINUX_ERR 1122 /* SE Linux user space error */ -#define AUDIT_USER_CMD 1123 /* User shell command and args */ -#define AUDIT_USER_TTY 1124 /* Non-ICANON TTY input meaning */ -#define AUDIT_CHUSER_ID 1125 /* Changed user ID supplemental data */ -#define AUDIT_GRP_AUTH 1126 /* Authentication for group password */ -#define AUDIT_SYSTEM_BOOT 1127 /* System boot */ -#define AUDIT_SYSTEM_SHUTDOWN 1128 /* System shutdown */ -#define AUDIT_SYSTEM_RUNLEVEL 1129 /* System runlevel change */ -#define AUDIT_SERVICE_START 1130 /* Service (daemon) start */ -#define AUDIT_SERVICE_STOP 1131 /* Service (daemon) stop */ -#define AUDIT_GRP_MGMT 1132 /* Group account attr was modified */ -#define AUDIT_GRP_CHAUTHTOK 1133 /* Group acct password or pin changed */ -#define AUDIT_MAC_CHECK 1134 /* User space MAC decision results */ - -#define AUDIT_FIRST_DAEMON 1200 -#define AUDIT_LAST_DAEMON 1299 -#define AUDIT_DAEMON_RECONFIG 1204 /* Auditd should reconfigure */ -#define AUDIT_DAEMON_ROTATE 1205 /* Auditd should rotate logs */ -#define AUDIT_DAEMON_RESUME 1206 /* Auditd should resume logging */ -#define AUDIT_DAEMON_ACCEPT 1207 /* Auditd accepted remote connection */ -#define AUDIT_DAEMON_CLOSE 1208 /* Auditd closed remote connection */ - -#define AUDIT_FIRST_EVENT 1300 -#define AUDIT_LAST_EVENT 1399 - -#define AUDIT_FIRST_SELINUX 1400 -#define AUDIT_LAST_SELINUX 1499 - -#define AUDIT_FIRST_APPARMOR 1500 -#define AUDIT_LAST_APPARMOR 1599 -#ifndef AUDIT_AA -#define AUDIT_AA 1500 /* Not upstream yet */ -#define AUDIT_APPARMOR_AUDIT 1501 -#define AUDIT_APPARMOR_ALLOWED 1502 -#define AUDIT_APPARMOR_DENIED 1503 -#define AUDIT_APPARMOR_HINT 1504 -#define AUDIT_APPARMOR_STATUS 1505 -#define AUDIT_APPARMOR_ERROR 1506 -#endif - -#define AUDIT_FIRST_KERN_CRYPTO_MSG 1600 -#define AUDIT_LAST_KERN_CRYPTO_MSG 1699 - -#define AUDIT_FIRST_KERN_ANOM_MSG 1700 -#define AUDIT_LAST_KERN_ANOM_MSG 1799 - -#define AUDIT_INTEGRITY_FIRST_MSG 1800 -#define AUDIT_INTEGRITY_LAST_MSG 1899 -#ifndef AUDIT_INTEGRITY_DATA -#define AUDIT_INTEGRITY_DATA 1800 /* Data integrity verification */ -#define AUDIT_INTEGRITY_METADATA 1801 // Metadata integrity verification -#define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */ -#define AUDIT_INTEGRITY_HASH 1803 /* Integrity HASH type */ -#define AUDIT_INTEGRITY_PCR 1804 /* PCR invalidation msgs */ -#define AUDIT_INTEGRITY_RULE 1805 /* Policy rule */ -#endif - -#define AUDIT_FIRST_ANOM_MSG 2100 -#define AUDIT_LAST_ANOM_MSG 2199 -#define AUDIT_ANOM_LOGIN_FAILURES 2100 // Failed login limit reached -#define AUDIT_ANOM_LOGIN_TIME 2101 // Login attempted at bad time -#define AUDIT_ANOM_LOGIN_SESSIONS 2102 // Max concurrent sessions reached -#define AUDIT_ANOM_LOGIN_ACCT 2103 // Login attempted to watched acct -#define AUDIT_ANOM_LOGIN_LOCATION 2104 // Login from forbidden location -#define AUDIT_ANOM_MAX_DAC 2105 // Max DAC failures reached -#define AUDIT_ANOM_MAX_MAC 2106 // Max MAC failures reached -#define AUDIT_ANOM_AMTU_FAIL 2107 // AMTU failure -#define AUDIT_ANOM_RBAC_FAIL 2108 // RBAC self test failure -#define AUDIT_ANOM_RBAC_INTEGRITY_FAIL 2109 // RBAC file integrity failure -#define AUDIT_ANOM_CRYPTO_FAIL 2110 // Crypto system test failure -#define AUDIT_ANOM_ACCESS_FS 2111 // Access of file or dir -#define AUDIT_ANOM_EXEC 2112 // Execution of file -#define AUDIT_ANOM_MK_EXEC 2113 // Make an executable -#define AUDIT_ANOM_ADD_ACCT 2114 // Adding an acct -#define AUDIT_ANOM_DEL_ACCT 2115 // Deleting an acct -#define AUDIT_ANOM_MOD_ACCT 2116 // Changing an acct -#define AUDIT_ANOM_ROOT_TRANS 2117 // User became root - -#define AUDIT_FIRST_ANOM_RESP 2200 -#define AUDIT_LAST_ANOM_RESP 2299 -#define AUDIT_RESP_ANOMALY 2200 /* Anomaly not reacted to */ -#define AUDIT_RESP_ALERT 2201 /* Alert email was sent */ -#define AUDIT_RESP_KILL_PROC 2202 /* Kill program */ -#define AUDIT_RESP_TERM_ACCESS 2203 /* Terminate session */ -#define AUDIT_RESP_ACCT_REMOTE 2204 /* Acct locked from remote access*/ -#define AUDIT_RESP_ACCT_LOCK_TIMED 2205 /* User acct locked for time */ -#define AUDIT_RESP_ACCT_UNLOCK_TIMED 2206 /* User acct unlocked from time */ -#define AUDIT_RESP_ACCT_LOCK 2207 /* User acct was locked */ -#define AUDIT_RESP_TERM_LOCK 2208 /* Terminal was locked */ -#define AUDIT_RESP_SEBOOL 2209 /* Set an SE Linux boolean */ -#define AUDIT_RESP_EXEC 2210 /* Execute a script */ -#define AUDIT_RESP_SINGLE 2211 /* Go to single user mode */ -#define AUDIT_RESP_HALT 2212 /* take the system down */ - -#define AUDIT_FIRST_USER_LSPP_MSG 2300 -#define AUDIT_LAST_USER_LSPP_MSG 2399 -#define AUDIT_USER_ROLE_CHANGE 2300 /* User changed to a new role */ -#define AUDIT_ROLE_ASSIGN 2301 /* Admin assigned user to role */ -#define AUDIT_ROLE_REMOVE 2302 /* Admin removed user from role */ -#define AUDIT_LABEL_OVERRIDE 2303 /* Admin is overriding a label */ -#define AUDIT_LABEL_LEVEL_CHANGE 2304 /* Object's level was changed */ -#define AUDIT_USER_LABELED_EXPORT 2305 /* Object exported with label */ -#define AUDIT_USER_UNLABELED_EXPORT 2306 /* Object exported without label */ -#define AUDIT_DEV_ALLOC 2307 /* Device was allocated */ -#define AUDIT_DEV_DEALLOC 2308 /* Device was deallocated */ -#define AUDIT_FS_RELABEL 2309 /* Filesystem relabeled */ -#define AUDIT_USER_MAC_POLICY_LOAD 2310 /* Userspc daemon loaded policy */ -#define AUDIT_ROLE_MODIFY 2311 /* Admin modified a role */ -#define AUDIT_USER_MAC_CONFIG_CHANGE 2312 /* Change made to MAC policy */ - -#define AUDIT_FIRST_CRYPTO_MSG 2400 -#define AUDIT_CRYPTO_TEST_USER 2400 /* Crypto test results */ -#define AUDIT_CRYPTO_PARAM_CHANGE_USER 2401 /* Crypto attribute change */ -#define AUDIT_CRYPTO_LOGIN 2402 /* Logged in as crypto officer */ -#define AUDIT_CRYPTO_LOGOUT 2403 /* Logged out from crypto */ -#define AUDIT_CRYPTO_KEY_USER 2404 /* Create,delete,negotiate */ -#define AUDIT_CRYPTO_FAILURE_USER 2405 /* Fail decrypt,encrypt,randomiz */ -#define AUDIT_CRYPTO_REPLAY_USER 2406 /* Crypto replay detected */ -#define AUDIT_CRYPTO_SESSION 2407 /* Record parameters set during - TLS session establishment */ -#define AUDIT_CRYPTO_IKE_SA 2408 /* Record parameters related to - IKE SA */ -#define AUDIT_CRYPTO_IPSEC_SA 2409 /* Record parameters related to - IPSEC SA */ - -#define AUDIT_LAST_CRYPTO_MSG 2499 - -#define AUDIT_FIRST_VIRT_MSG 2500 -#define AUDIT_VIRT_CONTROL 2500 /* Start, Pause, Stop VM */ -#define AUDIT_VIRT_RESOURCE 2501 /* Resource assignment */ -#define AUDIT_VIRT_MACHINE_ID 2502 /* Binding of label to VM */ - -#define AUDIT_LAST_VIRT_MSG 2599 - -#ifndef AUDIT_FIRST_USER_MSG2 -#define AUDIT_FIRST_USER_MSG2 2100 /* More userspace messages */ -#define AUDIT_LAST_USER_MSG2 2999 -#endif - -/* New kernel event definitions since 2.6.30 */ -#ifndef AUDIT_SET_FEATURE -#define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */ -#endif - -#ifndef AUDIT_GET_FEATURE -#define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */ -#endif - -#ifndef AUDIT_MMAP -#define AUDIT_MMAP 1323 /* Descriptor and flags in mmap */ -#endif - -#ifndef AUDIT_NETFILTER_PKT -#define AUDIT_NETFILTER_PKT 1324 /* Packets traversing netfilter chains */ -#endif -#ifndef AUDIT_NETFILTER_CFG -#define AUDIT_NETFILTER_CFG 1325 /* Netfilter chain modifications */ -#endif - -#ifndef AUDIT_SECCOMP -#define AUDIT_SECCOMP 1326 /* Secure Computing event */ -#endif - -#ifndef AUDIT_PROCTITLE -#define AUDIT_PROCTITLE 1327 /* Process Title info */ -#endif - -#undef AUDIT_FEATURE_CHANGE -#ifndef AUDIT_FEATURE_CHANGE -#define AUDIT_FEATURE_CHANGE 1328 /* Audit feature changed value */ -#endif - -#ifndef AUDIT_ANOM_LINK -#define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */ -#endif - -/* This is related to the filterkey patch */ -#define AUDIT_KEY_SEPARATOR 0x01 - -/* These are used in filter control */ -#define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE -#define AUDIT_FILTER_MASK 0x07 /* Mask to get actual filter */ -#define AUDIT_FILTER_UNSET 0x80 /* This value means filter is unset */ - -/* Defines for interfield comparison update */ -#ifndef AUDIT_OBJ_UID -#define AUDIT_OBJ_UID 109 -#endif -#ifndef AUDIT_OBJ_GID -#define AUDIT_OBJ_GID 110 -#endif -#ifndef AUDIT_FIELD_COMPARE -#define AUDIT_FIELD_COMPARE 111 -#endif - -#ifndef AUDIT_COMPARE_UID_TO_OBJ_UID -#define AUDIT_COMPARE_UID_TO_OBJ_UID 1 -#endif -#ifndef AUDIT_COMPARE_GID_TO_OBJ_GID -#define AUDIT_COMPARE_GID_TO_OBJ_GID 2 -#endif -#ifndef AUDIT_COMPARE_EUID_TO_OBJ_UID -#define AUDIT_COMPARE_EUID_TO_OBJ_UID 3 -#endif -#ifndef AUDIT_COMPARE_EGID_TO_OBJ_GID -#define AUDIT_COMPARE_EGID_TO_OBJ_GID 4 -#endif -#ifndef AUDIT_COMPARE_AUID_TO_OBJ_UID -#define AUDIT_COMPARE_AUID_TO_OBJ_UID 5 -#endif -#ifndef AUDIT_COMPARE_SUID_TO_OBJ_UID -#define AUDIT_COMPARE_SUID_TO_OBJ_UID 6 -#endif -#ifndef AUDIT_COMPARE_SGID_TO_OBJ_GID -#define AUDIT_COMPARE_SGID_TO_OBJ_GID 7 -#endif -#ifndef AUDIT_COMPARE_FSUID_TO_OBJ_UID -#define AUDIT_COMPARE_FSUID_TO_OBJ_UID 8 -#endif -#ifndef AUDIT_COMPARE_FSGID_TO_OBJ_GID -#define AUDIT_COMPARE_FSGID_TO_OBJ_GID 9 -#endif -#ifndef AUDIT_COMPARE_UID_TO_AUID -#define AUDIT_COMPARE_UID_TO_AUID 10 -#endif -#ifndef AUDIT_COMPARE_UID_TO_EUID -#define AUDIT_COMPARE_UID_TO_EUID 11 -#endif -#ifndef AUDIT_COMPARE_UID_TO_FSUID -#define AUDIT_COMPARE_UID_TO_FSUID 12 -#endif -#ifndef AUDIT_COMPARE_UID_TO_SUID -#define AUDIT_COMPARE_UID_TO_SUID 13 -#endif -#ifndef AUDIT_COMPARE_AUID_TO_FSUID -#define AUDIT_COMPARE_AUID_TO_FSUID 14 -#endif -#ifndef AUDIT_COMPARE_AUID_TO_SUID -#define AUDIT_COMPARE_AUID_TO_SUID 15 -#endif -#ifndef AUDIT_COMPARE_AUID_TO_EUID -#define AUDIT_COMPARE_AUID_TO_EUID 16 -#endif -#ifndef AUDIT_COMPARE_EUID_TO_SUID -#define AUDIT_COMPARE_EUID_TO_SUID 17 -#endif -#ifndef AUDIT_COMPARE_EUID_TO_FSUID -#define AUDIT_COMPARE_EUID_TO_FSUID 18 -#endif -#ifndef AUDIT_COMPARE_SUID_TO_FSUID -#define AUDIT_COMPARE_SUID_TO_FSUID 19 -#endif -#ifndef AUDIT_COMPARE_GID_TO_EGID -#define AUDIT_COMPARE_GID_TO_EGID 20 -#endif -#ifndef AUDIT_COMPARE_GID_TO_FSGID -#define AUDIT_COMPARE_GID_TO_FSGID 21 -#endif -#ifndef AUDIT_COMPARE_GID_TO_SGID -#define AUDIT_COMPARE_GID_TO_SGID 22 -#endif -#ifndef AUDIT_COMPARE_EGID_TO_FSGID -#define AUDIT_COMPARE_EGID_TO_FSGID 23 -#endif -#ifndef AUDIT_COMPARE_EGID_TO_SGID -#define AUDIT_COMPARE_EGID_TO_SGID 24 -#endif -#ifndef AUDIT_COMPARE_SGID_TO_FSGID -#define AUDIT_COMPARE_SGID_TO_FSGID 25 -#endif - -#ifndef EM_ARM -#define EM_ARM 40 -#endif -#ifndef EM_AARCH64 -#define EM_AARCH64 183 -#endif - -#ifndef AUDIT_ARCH_AARCH64 -#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) -#endif - -#ifndef AUDIT_ARCH_PPC64LE -#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) -#endif - -////////////////////////////////////////////////////// -// This is an external ABI. Any changes in here will -// likely affect pam_loginuid. There might be other -// apps that use this low level interface, but I don't -// know of any. -// -/* data structure for who signaled the audit daemon */ -struct audit_sig_info { - uid_t uid; - pid_t pid; - char ctx[0]; -}; - -/* defines for audit subsystem */ -#define MAX_AUDIT_MESSAGE_LENGTH 8970 // PATH_MAX*2+CONTEXT_SIZE*2+11+256+1 -struct audit_message { - struct nlmsghdr nlh; - char data[MAX_AUDIT_MESSAGE_LENGTH]; -}; - -// internal - forward declaration -struct daemon_conf; - -struct audit_reply { - int type; - int len; - struct nlmsghdr *nlh; - struct audit_message msg; - - /* Using a union to compress this structure since only one of - * the following should be valid for any packet. */ - union { - struct audit_status *status; - struct audit_rule_data *ruledata; - struct audit_login *login; - char *message; - struct nlmsgerr *error; - struct audit_sig_info *signal_info; - struct daemon_conf *conf; -#if HAVE_DECL_AUDIT_FEATURE_VERSION - struct audit_features *features; -#endif - }; -}; - -// -// End of ABI control -////////////////////////////////////////////////////// - -////////////////////////////////////////////////////// -// audit dispatcher interface -// -/* audit_dispatcher_header: This header is versioned. If anything gets - * added to it, it must go at the end and the version number bumped. - * This MUST BE fixed size for compatibility. If you are going to add - * new member then add them into _structure_ part. - */ -struct audit_dispatcher_header { - uint32_t ver; /* The version of this protocol */ - uint32_t hlen; /* Header length */ - uint32_t type; /* Message type */ - uint32_t size; /* Size of data following the header */ -}; - -#define AUDISP_PROTOCOL_VER 0 - -/////////////////////////////////////////////////// -// Libaudit API -// - -/* This is the machine type list */ -typedef enum { - MACH_X86=0, - MACH_86_64, - MACH_IA64, - MACH_PPC64, - MACH_PPC, - MACH_S390X, - MACH_S390, - MACH_ALPHA, - MACH_ARM, - MACH_AARCH64, - MACH_PPC64LE -} machine_t; - -/* These are the valid audit failure tunable enum values */ -typedef enum { - FAIL_IGNORE=0, - FAIL_LOG, - FAIL_TERMINATE -} auditfail_t; - -/* Messages */ -typedef enum { MSG_STDERR, MSG_SYSLOG, MSG_QUIET } message_t; -typedef enum { DBG_NO, DBG_YES } debug_message_t; -void set_aumessage_mode(message_t mode, debug_message_t debug); - -/* General */ -typedef enum { GET_REPLY_BLOCKING=0, GET_REPLY_NONBLOCKING } reply_t; -extern int audit_open(void); -extern void audit_close(int fd); -extern int audit_get_reply(int fd, struct audit_reply *rep, reply_t block, - int peek); -extern uid_t audit_getloginuid(void); -extern int audit_setloginuid(uid_t uid); -extern int audit_detect_machine(void); -extern int audit_determine_machine(const char *arch); - -/* Translation functions */ -extern int audit_name_to_field(const char *field); -extern const char *audit_field_to_name(int field); -extern int audit_name_to_syscall(const char *sc, int machine); -extern const char *audit_syscall_to_name(int sc, int machine); -extern int audit_name_to_flag(const char *flag); -extern const char *audit_flag_to_name(int flag); -extern int audit_name_to_action(const char *action); -extern const char *audit_action_to_name(int action); -extern int audit_name_to_msg_type(const char *msg_type); -extern const char *audit_msg_type_to_name(int msg_type); -extern int audit_name_to_machine(const char *machine); -extern const char *audit_machine_to_name(int machine); -extern unsigned int audit_machine_to_elf(int machine); -extern int audit_elf_to_machine(unsigned int elf); -extern const char *audit_operator_to_symbol(int op); -extern int audit_name_to_errno(const char *error); -extern const char *audit_errno_to_name(int error); -extern int audit_name_to_ftype(const char *name); -extern const char *audit_ftype_to_name(int ftype); -extern void audit_number_to_errmsg(int errnumber, const char *opt); - -/* AUDIT_GET */ -extern int audit_request_status(int fd); -extern int audit_is_enabled(int fd); -extern int get_auditfail_action(auditfail_t *failmode); -extern int audit_request_features(int fd); - -/* AUDIT_SET */ -typedef enum { WAIT_NO, WAIT_YES } rep_wait_t; -extern int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode); -extern int audit_set_enabled(int fd, uint32_t enabled); -extern int audit_set_failure(int fd, uint32_t failure); -extern int audit_set_rate_limit(int fd, uint32_t limit); -extern int audit_set_backlog_limit(int fd, uint32_t limit); -int audit_set_backlog_wait_time(int fd, uint32_t bwt); -extern int audit_set_feature(int fd, unsigned feature, unsigned value, unsigned lock); -extern int audit_set_loginuid_immutable(int fd); - -/* AUDIT_LIST_RULES */ -extern int audit_request_rules_list_data(int fd); - -/* SIGNAL_INFO */ -extern int audit_request_signal_info(int fd); - -/* AUDIT_WATCH */ -extern int audit_update_watch_perms(struct audit_rule_data *rule, int perms); -extern int audit_add_watch(struct audit_rule_data **rulep, const char *path); -extern int audit_add_dir(struct audit_rule_data **rulep, const char *path); -extern int audit_add_watch_dir(int type, struct audit_rule_data **rulep, - const char *path); -extern int audit_trim_subtrees(int fd); -extern int audit_make_equivalent(int fd, const char *mount_point, - const char *subtree); - -/* AUDIT_ADD_RULE */ -extern int audit_add_rule_data(int fd, struct audit_rule_data *rule, - int flags, int action); - -/* AUDIT_DEL_RULE */ -extern int audit_delete_rule_data(int fd, struct audit_rule_data *rule, - int flags, int action); - -/* The following are for standard formatting of messages */ -extern int audit_value_needs_encoding(const char *str, unsigned int len); -extern char *audit_encode_value(char *final,const char *buf,unsigned int size); -extern char *audit_encode_nv_string(const char *name, const char *value, - unsigned int vlen); -extern int audit_log_user_message(int audit_fd, int type, const char *message, - const char *hostname, const char *addr, const char *tty, int result); -extern int audit_log_user_comm_message(int audit_fd, int type, - const char *message, const char *comm, const char *hostname, - const char *addr, const char *tty, int result); -extern int audit_log_acct_message(int audit_fd, int type, const char *pgname, - const char *op, const char *name, unsigned int id, - const char *host, const char *addr, const char *tty, int result); -extern int audit_log_user_avc_message(int audit_fd, int type, - const char *message, const char *hostname, const char *addr, - const char *tty, uid_t uid); -extern int audit_log_semanage_message(int audit_fd, int type, - const char *pgname, const char *op, const char *name, unsigned int id, - const char *new_seuser, const char *new_role, const char *new_range, - const char *old_seuser, const char *old_role, const char *old_range, - const char *host, const char *addr, - const char *tty, int result); -extern int audit_log_user_command(int audit_fd, int type, const char *command, - const char *tty, int result); - -/* Rule-building helper functions */ -extern int audit_rule_syscall_data(struct audit_rule_data *rule, int scall); -extern int audit_rule_syscallbyname_data(struct audit_rule_data *rule, - const char *scall); -/* Note that the following function takes a **, where audit_rule_fieldpair() - * takes just a *. That structure may need to be reallocated as a result of - * adding new fields */ -extern int audit_rule_fieldpair_data(struct audit_rule_data **rulep, - const char *pair, int flags); -extern int audit_rule_interfield_comp_data(struct audit_rule_data **rulep, - const char *pair, int flags); -extern void audit_rule_free_data(struct audit_rule_data *rule); - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/framework/src/audit/lib/lookup_table.c b/framework/src/audit/lib/lookup_table.c deleted file mode 100644 index 6dc63d4b..00000000 --- a/framework/src/audit/lib/lookup_table.c +++ /dev/null @@ -1,359 +0,0 @@ -/* lookup_table.c -- - * Copyright 2004-2008,2012-13 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - * Rickard E. (Rik) Faith <faith@redhat.com> - */ - -#include "config.h" -#include <stddef.h> -#include <stdint.h> -#include <string.h> -#include <unistd.h> -#include <stdlib.h> -#include <ctype.h> -#include <errno.h> - -#include "libaudit.h" -#include "gen_tables.h" -#include "private.h" - -#ifndef NO_TABLES -#ifdef WITH_ALPHA -#include "alpha_tables.h" -#endif -#ifdef WITH_ARM -#include "arm_tables.h" -#endif -#ifdef WITH_AARCH64 -#include "aarch64_tables.h" -#endif -#include "i386_tables.h" -#include "ia64_tables.h" -#include "ppc_tables.h" -#include "s390_tables.h" -#include "s390x_tables.h" -#include "x86_64_tables.h" -#include "errtabs.h" -#include "ftypetabs.h" -#include "fieldtabs.h" -#endif -#include "msg_typetabs.h" -#include "actiontabs.h" -#include "flagtabs.h" -#include "machinetabs.h" -#include "optabs.h" - -struct int_transtab { - int key; - unsigned int lvalue; -}; - -static const struct int_transtab elftab[] = { - { MACH_X86, AUDIT_ARCH_I386 }, - { MACH_86_64, AUDIT_ARCH_X86_64 }, - { MACH_IA64, AUDIT_ARCH_IA64 }, - { MACH_PPC64, AUDIT_ARCH_PPC64 }, - { MACH_PPC64LE, AUDIT_ARCH_PPC64LE}, - { MACH_PPC, AUDIT_ARCH_PPC }, - { MACH_S390X, AUDIT_ARCH_S390X }, - { MACH_S390, AUDIT_ARCH_S390 }, -#ifdef WITH_ALPHA - { MACH_ALPHA, AUDIT_ARCH_ALPHA }, -#endif -#ifdef WITH_ARM - { MACH_ARM, AUDIT_ARCH_ARM }, -#endif -#ifdef WITH_AARCH64 - { MACH_AARCH64, AUDIT_ARCH_AARCH64}, -#endif -}; -#define AUDIT_ELF_NAMES (sizeof(elftab)/sizeof(elftab[0])) - -int audit_name_to_field(const char *field) -{ -#ifndef NO_TABLES - int res; - - if (field_s2i(field, &res) != 0) - return res; -#endif - return -1; -} -hidden_def(audit_name_to_field) - -const char *audit_field_to_name(int field) -{ -#ifndef NO_TABLES - return field_i2s(field); -#else - return NULL; -#endif -} - -int audit_name_to_syscall(const char *sc, int machine) -{ - int res, found = 0; - - switch (machine) - { -#ifndef NO_TABLES - case MACH_X86: - found = i386_syscall_s2i(sc, &res); - break; - case MACH_86_64: - found = x86_64_syscall_s2i(sc, &res); - break; - case MACH_IA64: - found = ia64_syscall_s2i(sc, &res); - break; - case MACH_PPC64: - case MACH_PPC64LE: - case MACH_PPC: - found = ppc_syscall_s2i(sc, &res); - break; - case MACH_S390X: - found = s390x_syscall_s2i(sc, &res); - break; - case MACH_S390: - found = s390_syscall_s2i(sc, &res); - break; -#ifdef WITH_ALPHA - case MACH_ALPHA: - found = alpha_syscall_s2i(sc, &res); - break; -#endif -#ifdef WITH_ARM - case MACH_ARM: - found = arm_syscall_s2i(sc, &res); - break; -#endif -#ifdef WITH_AARCH64 - case MACH_AARCH64: - found = aarch64_syscall_s2i(sc, &res); - break; -#endif -#endif - default: - return -1; - } - if (found) - return res; - return -1; -} -hidden_def(audit_name_to_syscall) - -const char *audit_syscall_to_name(int sc, int machine) -{ -#ifndef NO_TABLES - switch (machine) - { - case MACH_X86: - return i386_syscall_i2s(sc); - case MACH_86_64: - return x86_64_syscall_i2s(sc); - case MACH_IA64: - return ia64_syscall_i2s(sc); - case MACH_PPC64: - case MACH_PPC64LE: - case MACH_PPC: - return ppc_syscall_i2s(sc); - case MACH_S390X: - return s390x_syscall_i2s(sc); - case MACH_S390: - return s390_syscall_i2s(sc); -#ifdef WITH_ALPHA - case MACH_ALPHA: - return alpha_syscall_i2s(sc); -#endif -#ifdef WITH_ARM - case MACH_ARM: - return arm_syscall_i2s(sc); -#endif -#ifdef WITH_AARCH64 - case MACH_AARCH64: - return aarch64_syscall_i2s(sc); -#endif - } -#endif - return NULL; -} - -int audit_name_to_flag(const char *flag) -{ - int res; - - if (flag_s2i(flag, &res) != 0) - return res; - return -1; -} - -const char *audit_flag_to_name(int flag) -{ - return flag_i2s(flag); -} - -int audit_name_to_action(const char *action) -{ - int res; - - if (action_s2i(action, &res) != 0) - return res; - return -1; -} - -const char *audit_action_to_name(int action) -{ - return action_i2s(action); -} - -// On the critical path for ausearch parser -int audit_name_to_msg_type(const char *msg_type) -{ - int rc; - - if (msg_type_s2i(msg_type, &rc) != 0) - return rc; - - /* Take a stab at converting */ - if (strncmp(msg_type, "UNKNOWN[", 8) == 0) { - int len; - char buf[8]; - const char *end = strchr(msg_type + 8, ']'); - if (end == NULL) - return -1; - - len = end - (msg_type + 8); - if (len > 7) - len = 7; - memset(buf, 0, sizeof(buf)); - strncpy(buf, msg_type + 8, len); - errno = 0; - return strtol(buf, NULL, 10); - } else if (isdigit(*msg_type)) { - errno = 0; - return strtol(msg_type, NULL, 10); - } - - return -1; -} -hidden_def(audit_name_to_msg_type) - -const char *audit_msg_type_to_name(int msg_type) -{ - return msg_type_i2s(msg_type); -} -hidden_def(audit_msg_type_to_name) - -int audit_name_to_machine(const char *machine) -{ - int res; - - if (machine_s2i(machine, &res) != 0) - return res; - return -1; -} -hidden_def(audit_name_to_machine) - -const char *audit_machine_to_name(int machine) -{ - return machine_i2s(machine); -} - -unsigned int audit_machine_to_elf(int machine) -{ - unsigned int i; - - for (i = 0; i < AUDIT_ELF_NAMES; i++) - if (elftab[i].key == machine) - return elftab[i].lvalue; - return 0; -} -hidden_def(audit_machine_to_elf) - -int audit_elf_to_machine(unsigned int elf) -{ - unsigned int i; - - for (i = 0; i < AUDIT_ELF_NAMES; i++) - if (elftab[i].lvalue == elf) return elftab[i].key; - return -1; -} -hidden_def(audit_elf_to_machine) - -const char *audit_operator_to_symbol(int op) -{ - return op_i2s(op); -} -hidden_def(audit_operator_to_symbol) - -/* This function returns 0 on error, otherwise the converted value */ -int audit_name_to_errno(const char *error) -{ -#ifndef NO_TABLES - int rc, minus = 1; - - if (*error == '-') { - minus = -1; - error++; - } - if (err_s2i(error, &rc) == 0) - rc = 0; - - return rc*minus; -#else - return 0; -#endif -} -hidden_def(audit_name_to_errno) - -/* This function does not handle negative numbers yet */ -const char *audit_errno_to_name(int error) -{ -#ifndef NO_TABLES - if (error < 0) - return NULL; - - return err_i2s(error); -#else - return NULL; -#endif -} - -int audit_name_to_ftype(const char *name) -{ - int res; - -#ifndef NO_TABLES - if (ftype_s2i(name, &res) != 0) - return res; -#endif - return -1; -} -hidden_def(audit_name_to_ftype) - -const char *audit_ftype_to_name(int ftype) -{ -#ifndef NO_TABLES - return ftype_i2s(ftype); -#else - return NULL; -#endif -} - diff --git a/framework/src/audit/lib/machinetab.h b/framework/src/audit/lib/machinetab.h deleted file mode 100644 index 27c69420..00000000 --- a/framework/src/audit/lib/machinetab.h +++ /dev/null @@ -1,47 +0,0 @@ -/* machine.h -- - * Copyright 2005,2006,2009,2012,2013 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(MACH_X86, "i386" ) -_S(MACH_X86, "i486" ) -_S(MACH_X86, "i586" ) -_S(MACH_X86, "i686" ) -_S(MACH_86_64, "x86_64" ) -_S(MACH_IA64, "ia64" ) -_S(MACH_PPC64, "ppc64" ) -_S(MACH_PPC64LE, "ppc64le") -_S(MACH_PPC, "ppc" ) -_S(MACH_S390X, "s390x" ) -_S(MACH_S390, "s390" ) -#ifdef WITH_ALPHA -_S(MACH_ALPHA, "alpha" ) -#endif -#ifdef WITH_ARM -_S(MACH_ARM, "armeb" ) -_S(MACH_ARM, "arm" ) -_S(MACH_ARM, "armv5tejl") -_S(MACH_ARM, "armv5tel") -_S(MACH_ARM, "armv6l") -_S(MACH_ARM, "armv7l") -#endif -#ifdef WITH_AARCH64 -_S(MACH_AARCH64, "aarch64" ) -#endif diff --git a/framework/src/audit/lib/message.c b/framework/src/audit/lib/message.c deleted file mode 100644 index 85e9e64b..00000000 --- a/framework/src/audit/lib/message.c +++ /dev/null @@ -1,59 +0,0 @@ -/* message.c -- - * Copyright 2004, 2005 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -#include "config.h" -#include <stdio.h> -#include <stdarg.h> -#include "libaudit.h" -#include "private.h" - -/* The message mode refers to where informational messages go - 0 - stderr, 1 - syslog, 2 - quiet. The default is quiet. */ -static message_t message_mode = MSG_QUIET; -static debug_message_t debug_message = DBG_NO; - -void set_aumessage_mode(message_t mode, debug_message_t debug) -{ - message_mode = mode; - debug_message = debug; -} - -void audit_msg(int priority, const char *fmt, ...) -{ - va_list ap; - - if (message_mode == MSG_QUIET) - return; - - if (priority == LOG_DEBUG && debug_message == DBG_NO) - return; - - va_start(ap, fmt); - if (message_mode == MSG_SYSLOG) - vsyslog(priority, fmt, ap); - else { - vfprintf(stderr, fmt, ap); - fputc('\n', stderr); - } - va_end( ap ); -} -hidden_def(audit_msg) diff --git a/framework/src/audit/lib/msg_typetab.h b/framework/src/audit/lib/msg_typetab.h deleted file mode 100644 index c8e47564..00000000 --- a/framework/src/audit/lib/msg_typetab.h +++ /dev/null @@ -1,214 +0,0 @@ -/* msg_typetab.h -- - * Copyright 2005-07,2009-15 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -/* - * This table is arranged from lowest number to highest number. The - * items that are commented out are for completeness. The audit - * daemon filters these and they never show up in the logs, therefore - * they are not needed for reporting. Or they have been deprecated for - * a long time. - */ -//_S(AUDIT_GET, "GET" ) -//_S(AUDIT_SET, "SET" ) -//_S(AUDIT_LIST, "LIST" ) -//_S(AUDIT_ADD, "ADD" ) -//_S(AUDIT_DEL, "DEL" ) -_S(AUDIT_USER, "USER" ) -_S(AUDIT_LOGIN, "LOGIN" ) -//_S(AUDIT_SIGNAL_INFO, "SIGNAL_INFO" ) -//_S(AUDIT_ADD_RULE, "ADD_RULE" ) -//_S(AUDIT_DEL_RULE, "DEL_RULE" ) -//_S(AUDIT_LIST_RULES, "LIST_RULES" ) -//_S(AUDIT_TRIM, "TRIM" ) -//_S(AUDIT_MAKE_EQUIV, "MAKE_EQUIV" ) -//_S(AUDIT_TTY_GET, "TTY_GET" ) -//_S(AUDIT_TTY_SET, "TTY_SET" ) -//_S(AUDIT_SET_FEATURE, "SET_FEATURE" ) -//_S(AUDIT_GET_FEATURE, "GET_FEATURE" ) -_S(AUDIT_USER_AUTH, "USER_AUTH" ) -_S(AUDIT_USER_ACCT, "USER_ACCT" ) -_S(AUDIT_USER_MGMT, "USER_MGMT" ) -_S(AUDIT_CRED_ACQ, "CRED_ACQ" ) -_S(AUDIT_CRED_DISP, "CRED_DISP" ) -_S(AUDIT_USER_START, "USER_START" ) -_S(AUDIT_USER_END, "USER_END" ) -_S(AUDIT_USER_AVC, "USER_AVC" ) -_S(AUDIT_USER_CHAUTHTOK, "USER_CHAUTHTOK" ) -_S(AUDIT_USER_ERR, "USER_ERR" ) -_S(AUDIT_CRED_REFR, "CRED_REFR" ) -_S(AUDIT_USYS_CONFIG, "USYS_CONFIG" ) -_S(AUDIT_USER_LOGIN, "USER_LOGIN" ) -_S(AUDIT_USER_LOGOUT, "USER_LOGOUT" ) -_S(AUDIT_ADD_USER, "ADD_USER" ) -_S(AUDIT_DEL_USER, "DEL_USER" ) -_S(AUDIT_ADD_GROUP, "ADD_GROUP" ) -_S(AUDIT_DEL_GROUP, "DEL_GROUP" ) -_S(AUDIT_DAC_CHECK, "DAC_CHECK" ) -_S(AUDIT_CHGRP_ID, "CHGRP_ID" ) -_S(AUDIT_TEST, "TEST" ) -_S(AUDIT_TRUSTED_APP, "TRUSTED_APP" ) -_S(AUDIT_USER_SELINUX_ERR, "USER_SELINUX_ERR" ) -_S(AUDIT_USER_CMD, "USER_CMD" ) -_S(AUDIT_USER_TTY, "USER_TTY" ) -_S(AUDIT_CHUSER_ID, "CHUSER_ID" ) -_S(AUDIT_GRP_AUTH, "GRP_AUTH" ) -_S(AUDIT_MAC_CHECK, "MAC_CHECK" ) -_S(AUDIT_SYSTEM_BOOT, "SYSTEM_BOOT" ) -_S(AUDIT_SYSTEM_SHUTDOWN, "SYSTEM_SHUTDOWN" ) -_S(AUDIT_SYSTEM_RUNLEVEL, "SYSTEM_RUNLEVEL" ) -_S(AUDIT_SERVICE_START, "SERVICE_START" ) -_S(AUDIT_SERVICE_STOP, "SERVICE_STOP" ) -_S(AUDIT_GRP_MGMT, "GRP_MGMT" ) -_S(AUDIT_GRP_CHAUTHTOK, "GRP_CHAUTHTOK" ) -_S(AUDIT_DAEMON_START, "DAEMON_START" ) -_S(AUDIT_DAEMON_END, "DAEMON_END" ) -_S(AUDIT_DAEMON_ABORT, "DAEMON_ABORT" ) -_S(AUDIT_DAEMON_CONFIG, "DAEMON_CONFIG" ) -//_S(AUDIT_DAEMON_RECONFIG, "DAEMON_RECONFIG" ) -_S(AUDIT_DAEMON_ROTATE, "DAEMON_ROTATE" ) -_S(AUDIT_DAEMON_RESUME, "DAEMON_RESUME" ) -_S(AUDIT_DAEMON_ACCEPT, "DAEMON_ACCEPT" ) -_S(AUDIT_DAEMON_CLOSE, "DAEMON_CLOSE" ) -_S(AUDIT_SYSCALL, "SYSCALL" ) -//_S(AUDIT_FS_WATCH, "FS_WATCH" ) -_S(AUDIT_PATH, "PATH" ) -_S(AUDIT_IPC, "IPC" ) -_S(AUDIT_SOCKETCALL, "SOCKETCALL" ) -_S(AUDIT_CONFIG_CHANGE, "CONFIG_CHANGE" ) -_S(AUDIT_SOCKADDR, "SOCKADDR" ) -_S(AUDIT_CWD, "CWD" ) -//_S(AUDIT_FS_INODE, "FS_INODE" ) -_S(AUDIT_EXECVE, "EXECVE" ) -_S(AUDIT_IPC_SET_PERM, "IPC_SET_PERM" ) -_S(AUDIT_MQ_OPEN, "MQ_OPEN" ) -_S(AUDIT_MQ_SENDRECV, "MQ_SENDRECV" ) -_S(AUDIT_MQ_NOTIFY, "MQ_NOTIFY" ) -_S(AUDIT_MQ_GETSETATTR, "MQ_GETSETATTR" ) -_S(AUDIT_KERNEL_OTHER, "KERNEL_OTHER" ) -_S(AUDIT_FD_PAIR, "FD_PAIR" ) -_S(AUDIT_OBJ_PID, "OBJ_PID" ) -_S(AUDIT_TTY, "TTY" ) -_S(AUDIT_EOE, "EOE" ) -_S(AUDIT_BPRM_FCAPS, "BPRM_FCAPS" ) -_S(AUDIT_CAPSET, "CAPSET" ) -_S(AUDIT_MMAP, "MMAP" ) -_S(AUDIT_NETFILTER_PKT, "NETFILTER_PKT" ) -_S(AUDIT_NETFILTER_CFG, "NETFILTER_CFG" ) -_S(AUDIT_SECCOMP, "SECCOMP" ) -_S(AUDIT_PROCTITLE, "PROCTITLE" ) -_S(AUDIT_FEATURE_CHANGE, "FEATURE_CHANGE" ) -_S(AUDIT_AVC, "AVC" ) -_S(AUDIT_SELINUX_ERR, "SELINUX_ERR" ) -_S(AUDIT_AVC_PATH, "AVC_PATH" ) -_S(AUDIT_MAC_POLICY_LOAD, "MAC_POLICY_LOAD" ) -_S(AUDIT_MAC_STATUS, "MAC_STATUS" ) -_S(AUDIT_MAC_CONFIG_CHANGE, "MAC_CONFIG_CHANGE" ) -_S(AUDIT_MAC_UNLBL_ALLOW, "MAC_UNLBL_ALLOW" ) -_S(AUDIT_MAC_CIPSOV4_ADD, "MAC_CIPSOV4_ADD" ) -_S(AUDIT_MAC_CIPSOV4_DEL, "MAC_CIPSOV4_DEL" ) -_S(AUDIT_MAC_MAP_ADD, "MAC_MAP_ADD" ) -_S(AUDIT_MAC_MAP_DEL, "MAC_MAP_DEL" ) -_S(AUDIT_MAC_IPSEC_ADDSA, "MAC_IPSEC_ADDSA" ) -_S(AUDIT_MAC_IPSEC_DELSA, "MAC_IPSEC_DELSA" ) -_S(AUDIT_MAC_IPSEC_ADDSPD, "MAC_IPSEC_ADDSPD" ) -_S(AUDIT_MAC_IPSEC_DELSPD, "MAC_IPSEC_DELSPD" ) -_S(AUDIT_MAC_IPSEC_EVENT, "MAC_IPSEC_EVENT" ) -_S(AUDIT_MAC_UNLBL_STCADD, "MAC_UNLBL_STCADD" ) -_S(AUDIT_MAC_UNLBL_STCDEL, "MAC_UNLBL_STCDEL" ) -_S(AUDIT_ANOM_PROMISCUOUS, "ANOM_PROMISCUOUS" ) -_S(AUDIT_ANOM_ABEND, "ANOM_ABEND" ) -_S(AUDIT_ANOM_LINK, "ANOM_LINK" ) -_S(AUDIT_INTEGRITY_DATA, "INTEGRITY_DATA" ) -_S(AUDIT_INTEGRITY_METADATA, "INTEGRITY_METADATA" ) -_S(AUDIT_INTEGRITY_STATUS, "INTEGRITY_STATUS" ) -_S(AUDIT_INTEGRITY_HASH, "INTEGRITY_HASH" ) -_S(AUDIT_INTEGRITY_PCR, "INTEGRITY_PCR" ) -_S(AUDIT_INTEGRITY_RULE, "INTEGRITY_RULE" ) - -#ifdef WITH_APPARMOR -_S(AUDIT_AA, "APPARMOR" ) -_S(AUDIT_APPARMOR_AUDIT, "APPARMOR_AUDIT" ) -_S(AUDIT_APPARMOR_ALLOWED, "APPARMOR_ALLOWED" ) -_S(AUDIT_APPARMOR_DENIED, "APPARMOR_DENIED" ) -_S(AUDIT_APPARMOR_HINT, "APPARMOR_HINT" ) -_S(AUDIT_APPARMOR_STATUS, "APPARMOR_STATUS" ) -_S(AUDIT_APPARMOR_ERROR, "APPARMOR_ERROR" ) -#endif -_S(AUDIT_KERNEL, "KERNEL" ) -_S(AUDIT_ANOM_LOGIN_FAILURES, "ANOM_LOGIN_FAILURES" ) -_S(AUDIT_ANOM_LOGIN_TIME, "ANOM_LOGIN_TIME" ) -_S(AUDIT_ANOM_LOGIN_SESSIONS, "ANOM_LOGIN_SESSIONS" ) -_S(AUDIT_ANOM_LOGIN_ACCT, "ANOM_LOGIN_ACCT" ) -_S(AUDIT_ANOM_LOGIN_LOCATION, "ANOM_LOGIN_LOCATION" ) -_S(AUDIT_ANOM_MAX_DAC, "ANOM_MAX_DAC" ) -_S(AUDIT_ANOM_MAX_MAC, "ANOM_MAX_MAC" ) -_S(AUDIT_ANOM_AMTU_FAIL, "ANOM_AMTU_FAIL" ) -_S(AUDIT_ANOM_RBAC_FAIL, "ANOM_RBAC_FAIL" ) -_S(AUDIT_ANOM_RBAC_INTEGRITY_FAIL, "ANOM_RBAC_INTEGRITY_FAIL" ) -_S(AUDIT_ANOM_CRYPTO_FAIL, "ANOM_CRYPTO_FAIL" ) -_S(AUDIT_ANOM_ACCESS_FS, "ANOM_ACCESS_FS" ) -_S(AUDIT_ANOM_EXEC, "ANOM_EXEC" ) -_S(AUDIT_ANOM_MK_EXEC, "ANOM_MK_EXEC" ) -_S(AUDIT_ANOM_ADD_ACCT, "ANOM_ADD_ACCT" ) -_S(AUDIT_ANOM_DEL_ACCT, "ANOM_DEL_ACCT" ) -_S(AUDIT_ANOM_MOD_ACCT, "ANOM_MOD_ACCT" ) -_S(AUDIT_ANOM_ROOT_TRANS, "ANOM_ROOT_TRANS" ) -_S(AUDIT_RESP_ANOMALY, "RESP_ANOMALY" ) -_S(AUDIT_RESP_ALERT, "RESP_ALERT" ) -_S(AUDIT_RESP_KILL_PROC, "RESP_KILL_PROC" ) -_S(AUDIT_RESP_TERM_ACCESS, "RESP_TERM_ACCESS" ) -_S(AUDIT_RESP_ACCT_REMOTE, "RESP_ACCT_REMOTE" ) -_S(AUDIT_RESP_ACCT_LOCK_TIMED, "RESP_ACCT_LOCK_TIMED" ) -_S(AUDIT_RESP_ACCT_UNLOCK_TIMED, "RESP_ACCT_UNLOCK_TIMED" ) -_S(AUDIT_RESP_ACCT_LOCK, "RESP_ACCT_LOCK" ) -_S(AUDIT_RESP_TERM_LOCK, "RESP_TERM_LOCK" ) -_S(AUDIT_RESP_SEBOOL, "RESP_SEBOOL" ) -_S(AUDIT_RESP_EXEC, "RESP_EXEC" ) -_S(AUDIT_RESP_SINGLE, "RESP_SINGLE" ) -_S(AUDIT_RESP_HALT, "RESP_HALT" ) -_S(AUDIT_USER_ROLE_CHANGE, "USER_ROLE_CHANGE" ) -_S(AUDIT_ROLE_ASSIGN, "ROLE_ASSIGN" ) -_S(AUDIT_ROLE_REMOVE, "ROLE_REMOVE" ) -_S(AUDIT_LABEL_OVERRIDE, "LABEL_OVERRIDE" ) -_S(AUDIT_LABEL_LEVEL_CHANGE, "LABEL_LEVEL_CHANGE" ) -_S(AUDIT_USER_LABELED_EXPORT, "USER_LABELED_EXPORT" ) -_S(AUDIT_USER_UNLABELED_EXPORT, "USER_UNLABELED_EXPORT" ) -_S(AUDIT_DEV_ALLOC, "DEV_ALLOC" ) -_S(AUDIT_DEV_DEALLOC, "DEV_DEALLOC" ) -_S(AUDIT_FS_RELABEL, "FS_RELABEL" ) -_S(AUDIT_USER_MAC_POLICY_LOAD, "USER_MAC_POLICY_LOAD" ) -_S(AUDIT_ROLE_MODIFY, "ROLE_MODIFY" ) -_S(AUDIT_USER_MAC_CONFIG_CHANGE, "USER_MAC_CONFIG_CHANGE" ) -_S(AUDIT_CRYPTO_TEST_USER, "CRYPTO_TEST_USER" ) -_S(AUDIT_CRYPTO_PARAM_CHANGE_USER, "CRYPTO_PARAM_CHANGE_USER" ) -_S(AUDIT_CRYPTO_LOGIN, "CRYPTO_LOGIN" ) -_S(AUDIT_CRYPTO_LOGOUT, "CRYPTO_LOGOUT" ) -_S(AUDIT_CRYPTO_KEY_USER, "CRYPTO_KEY_USER" ) -_S(AUDIT_CRYPTO_FAILURE_USER, "CRYPTO_FAILURE_USER" ) -_S(AUDIT_CRYPTO_REPLAY_USER, "CRYPTO_REPLAY_USER" ) -_S(AUDIT_CRYPTO_SESSION, "CRYPTO_SESSION" ) -_S(AUDIT_CRYPTO_IKE_SA, "CRYPTO_IKE_SA" ) -_S(AUDIT_CRYPTO_IPSEC_SA, "CRYPTO_IPSEC_SA" ) -_S(AUDIT_VIRT_CONTROL, "VIRT_CONTROL" ) -_S(AUDIT_VIRT_RESOURCE, "VIRT_RESOURCE" ) -_S(AUDIT_VIRT_MACHINE_ID, "VIRT_MACHINE_ID" ) - diff --git a/framework/src/audit/lib/netlink.c b/framework/src/audit/lib/netlink.c deleted file mode 100644 index 6c80c30c..00000000 --- a/framework/src/audit/lib/netlink.c +++ /dev/null @@ -1,299 +0,0 @@ -/* netlink.c -- - * Copyright 2004, 2005, 2009, 2013 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - * Rickard E. (Rik) Faith <faith@redhat.com> - */ - -#include "config.h" -#include <unistd.h> -#include <string.h> -#include <errno.h> -#include <fcntl.h> -#include <time.h> -#include <sys/poll.h> -#include "libaudit.h" -#include "private.h" - -#ifndef NETLINK_AUDIT -#define NETLINK_AUDIT 9 -#endif - -static int adjust_reply(struct audit_reply *rep, int len); -static int check_ack(int fd, int seq); - -/* - * This function opens a connection to the kernel's audit - * subsystem. You must be root for the call to succeed. On error, - * a negative value is returned. On success, the file descriptor is - * returned - which can be 0 or higher. - */ -int audit_open(void) -{ - int saved_errno; - int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT); - - if (fd < 0) { - saved_errno = errno; - if (errno == EINVAL || errno == EPROTONOSUPPORT || - errno == EAFNOSUPPORT) - audit_msg(LOG_ERR, - "Error - audit support not in kernel"); - else - audit_msg(LOG_ERR, - "Error opening audit netlink socket (%s)", - strerror(errno)); - errno = saved_errno; - return fd; - } - if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { - saved_errno = errno; - close(fd); - audit_msg(LOG_ERR, - "Error setting audit netlink socket CLOEXEC flag (%s)", - strerror(errno)); - errno = saved_errno; - return -1; - } - return fd; -} - - -void audit_close(int fd) -{ - if (fd >= 0) - close(fd); -} - - -/* - * This function returns -1 on error, 0 if error response received, - * and > 0 if packet OK. - */ -int audit_get_reply(int fd, struct audit_reply *rep, reply_t block, int peek) -{ - int len; - struct sockaddr_nl nladdr; - socklen_t nladdrlen = sizeof(nladdr); - - if (fd < 0) - return -EBADF; - - if (block == GET_REPLY_NONBLOCKING) - block = MSG_DONTWAIT; - -retry: - len = recvfrom(fd, &rep->msg, sizeof(rep->msg), block|peek, - (struct sockaddr*)&nladdr, &nladdrlen); - - if (len < 0) { - if (errno == EINTR) - goto retry; - if (errno != EAGAIN) { - int saved_errno = errno; - audit_msg(LOG_ERR, - "Error receiving audit netlink packet (%s)", - strerror(errno)); - errno = saved_errno; - } - return -errno; - } - if (nladdrlen != sizeof(nladdr)) { - audit_msg(LOG_ERR, - "Bad address size reading audit netlink socket"); - return -EPROTO; - } - if (nladdr.nl_pid) { - audit_msg(LOG_ERR, - "Spoofed packet received on audit netlink socket"); - return -EINVAL; - } - - len = adjust_reply(rep, len); - if (len == 0) - len = -errno; - return len; -} -hidden_def(audit_get_reply) - - -/* - * This function returns 0 on error and len on success. - */ -static int adjust_reply(struct audit_reply *rep, int len) -{ - rep->type = rep->msg.nlh.nlmsg_type; - rep->len = rep->msg.nlh.nlmsg_len; - rep->nlh = &rep->msg.nlh; - rep->status = NULL; - rep->ruledata = NULL; - rep->login = NULL; - rep->message = NULL; - rep->error = NULL; - rep->signal_info = NULL; - rep->conf = NULL; -#if HAVE_DECL_AUDIT_FEATURE_VERSION - rep->features = NULL; -#endif - if (!NLMSG_OK(rep->nlh, (unsigned int)len)) { - if (len == sizeof(rep->msg)) { - audit_msg(LOG_ERR, - "Netlink event from kernel is too big"); - errno = EFBIG; - } else { - audit_msg(LOG_ERR, - "Netlink message from kernel was not OK"); - errno = EBADE; - } - return 0; - } - - /* Next we'll set the data structure to point to msg.data. This is - * to avoid having to use casts later. */ - switch (rep->type) { - case NLMSG_ERROR: - rep->error = NLMSG_DATA(rep->nlh); - break; - case AUDIT_GET: - rep->status = NLMSG_DATA(rep->nlh); - break; -#if HAVE_DECL_AUDIT_FEATURE_VERSION - case AUDIT_GET_FEATURE: - rep->features = NLMSG_DATA(rep->nlh); - break; -#endif - case AUDIT_LIST_RULES: - rep->ruledata = NLMSG_DATA(rep->nlh); - break; - case AUDIT_USER: - case AUDIT_LOGIN: - case AUDIT_KERNEL: - case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: - case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2: - case AUDIT_FIRST_EVENT...AUDIT_INTEGRITY_LAST_MSG: - rep->message = NLMSG_DATA(rep->nlh); - break; - case AUDIT_SIGNAL_INFO: - rep->signal_info = NLMSG_DATA(rep->nlh); - break; - } - return len; -} - - -/* - * Return values: success: positive non-zero sequence number - * error: -errno - * short: 0 - */ -int audit_send(int fd, int type, const void *data, unsigned int size) -{ - static int sequence = 0; - struct audit_message req; - int retval; - struct sockaddr_nl addr; - - /* Due to user space library callbacks, there's a chance that - a -1 for the fd could be passed. Just check for and handle it. */ - if (fd < 0) { - errno = EBADF; - return -errno; - } - - if (NLMSG_SPACE(size) > MAX_AUDIT_MESSAGE_LENGTH) { - errno = EINVAL; - return -errno; - } - - if (++sequence < 0) - sequence = 1; - - memset(&req, 0, sizeof(req)); - req.nlh.nlmsg_len = NLMSG_SPACE(size); - req.nlh.nlmsg_type = type; - req.nlh.nlmsg_flags = NLM_F_REQUEST|NLM_F_ACK; - req.nlh.nlmsg_seq = sequence; - if (size && data) - memcpy(NLMSG_DATA(&req.nlh), data, size); - memset(&addr, 0, sizeof(addr)); - addr.nl_family = AF_NETLINK; - addr.nl_pid = 0; - addr.nl_groups = 0; - - do { - retval = sendto(fd, &req, req.nlh.nlmsg_len, 0, - (struct sockaddr*)&addr, sizeof(addr)); - } while (retval < 0 && errno == EINTR); - if (retval == (int)req.nlh.nlmsg_len) { - if ((retval = check_ack(fd, sequence)) == 0) - return sequence; - else - return retval; - } - if (retval < 0) - return -errno; - - return 0; -} -hidden_def(audit_send) - -/* - * This function will take a peek into the next packet and see if there's - * an error. If so, the error is returned and its non-zero. Otherwise a - * zero is returned indicating that we don't know of any problems. - */ -static int check_ack(int fd, int seq) -{ - int rc, retries = 80; - struct audit_reply rep; - struct pollfd pfd[1]; - -retry: - pfd[0].fd = fd; - pfd[0].events = POLLIN; - do { - rc = poll(pfd, 1, 500); /* .5 second */ - } while (rc < 0 && errno == EINTR); - - /* We don't look at rc from above as it doesn't matter. We are - * going to try to read nonblocking just in case packet shows up. */ - - /* NOTE: whatever is returned is treated as the errno */ - rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, MSG_PEEK); - if (rc == -EAGAIN && retries) { - retries--; - goto retry; - } else if (rc < 0) - return rc; - else if (rc == 0) - return -EINVAL; /* This can't happen anymore */ - else if (rc > 0 && rep.type == NLMSG_ERROR) { - int error = rep.error->error; - /* Eat the message */ - (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); - - /* NLMSG_ERROR can indicate success, only report nonzero */ - if (error) { - errno = -error; - return error; - } - } - return 0; -} - diff --git a/framework/src/audit/lib/optab.h b/framework/src/audit/lib/optab.h deleted file mode 100644 index bddac253..00000000 --- a/framework/src/audit/lib/optab.h +++ /dev/null @@ -1,31 +0,0 @@ -/* optab.h -- - * Copyright 2005-07 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(AUDIT_EQUAL, "=" ) -_S(AUDIT_NOT_EQUAL, "!=" ) -_S(AUDIT_GREATER_THAN, ">" ) -_S(AUDIT_GREATER_THAN_OR_EQUAL, ">=" ) -_S(AUDIT_LESS_THAN, "<" ) -_S(AUDIT_LESS_THAN_OR_EQUAL, "<=" ) -_S(AUDIT_BIT_MASK, "&" ) -_S(AUDIT_BIT_TEST, "&=" ) - diff --git a/framework/src/audit/lib/ppc_table.h b/framework/src/audit/lib/ppc_table.h deleted file mode 100644 index 5a22f8bc..00000000 --- a/framework/src/audit/lib/ppc_table.h +++ /dev/null @@ -1,379 +0,0 @@ -/* ppc_table.h -- - * Copyright 2005-09,2011-15 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - * Note from include/powerpc/unistd.h - */ - -_S(1, "exit") -_S(2, "fork") -_S(3, "read") -_S(4, "write") -_S(5, "open") -_S(6, "close") -_S(7, "waitpid") -_S(8, "creat") -_S(9, "link") -_S(10, "unlink") -_S(11, "execve") -_S(12, "chdir") -_S(13, "time") -_S(14, "mknod") -_S(15, "chmod") -_S(16, "lchown") -_S(17, "break") -_S(18, "oldstat") -_S(19, "lseek") -_S(20, "getpid") -_S(21, "mount") -_S(22, "umount") -_S(23, "setuid") -_S(24, "getuid") -_S(25, "stime") -_S(26, "ptrace") -_S(27, "alarm") -_S(28, "oldfstat") -_S(29, "pause") -_S(30, "utime") -_S(31, "stty") -_S(32, "gtty") -_S(33, "access") -_S(34, "nice") -_S(35, "ftime") -_S(36, "sync") -_S(37, "kill") -_S(38, "rename") -_S(39, "mkdir") -_S(40, "rmdir") -_S(41, "dup") -_S(42, "pipe") -_S(43, "times") -_S(44, "prof") -_S(45, "brk") -_S(46, "setgid") -_S(47, "getgid") -_S(48, "signal") -_S(49, "geteuid") -_S(50, "getegid") -_S(51, "acct") -_S(52, "umount2") -_S(53, "lock") -_S(54, "ioctl") -_S(55, "fcntl") -_S(56, "mpx") -_S(57, "setpgid") -_S(58, "ulimit") -_S(59, "oldolduname") -_S(60, "umask") -_S(61, "chroot") -_S(62, "ustat") -_S(63, "dup2") -_S(64, "getppid") -_S(65, "getpgrp") -_S(66, "setsid") -_S(67, "sigaction") -_S(68, "sgetmask") -_S(69, "ssetmask") -_S(70, "setreuid") -_S(71, "setregid") -_S(72, "sigsuspend") -_S(73, "sigpending") -_S(74, "sethostname") -_S(75, "setrlimit") -_S(76, "getrlimit") -_S(77, "getrusage") -_S(78, "gettimeofday") -_S(79, "settimeofday") -_S(80, "getgroups") -_S(81, "setgroups") -_S(82, "select") -_S(83, "symlink") -_S(84, "oldlstat") -_S(85, "readlink") -_S(86, "uselib") -_S(87, "swapon") -_S(88, "reboot") -_S(89, "readdir") -_S(90, "mmap") -_S(91, "munmap") -_S(92, "truncate") -_S(93, "ftruncate") -_S(94, "fchmod") -_S(95, "fchown") -_S(96, "getpriority") -_S(97, "setpriority") -_S(98, "profil") -_S(99, "statfs") -_S(100, "fstatfs") -_S(101, "ioperm") -_S(102, "socketcall") -_S(103, "syslog") -_S(104, "setitimer") -_S(105, "getitimer") -_S(106, "stat") -_S(107, "lstat") -_S(108, "fstat") -_S(109, "olduname") -_S(110, "iopl") -_S(111, "vhangup") -_S(112, "idle") -_S(113, "vm86") -_S(114, "wait4") -_S(115, "swapoff") -_S(116, "sysinfo") -_S(117, "ipc") -_S(118, "fsync") -_S(119, "sigreturn") -_S(120, "clone") -_S(121, "setdomainname") -_S(122, "uname") -_S(123, "modify_ldt") -_S(124, "adjtimex") -_S(125, "mprotect") -_S(126, "sigprocmask") -_S(127, "create_module") -_S(128, "init_module") -_S(129, "delete_module") -_S(130, "get_kernel_syms") -_S(131, "quotactl") -_S(132, "getpgid") -_S(133, "fchdir") -_S(134, "bdflush") -_S(135, "sysfs") -_S(136, "personality") -_S(137, "afs_syscall") -_S(138, "setfsuid") -_S(139, "setfsgid") -_S(140, "_llseek") -_S(141, "getdents") -_S(142, "_newselect") -_S(143, "flock") -_S(144, "msync") -_S(145, "readv") -_S(146, "writev") -_S(147, "getsid") -_S(148, "fdatasync") -_S(149, "_sysctl") -_S(150, "mlock") -_S(151, "munlock") -_S(152, "mlockall") -_S(153, "munlockall") -_S(154, "sched_setparam") -_S(155, "sched_getparam") -_S(156, "sched_setscheduler") -_S(157, "sched_getscheduler") -_S(158, "sched_yield") -_S(159, "sched_get_priority_max") -_S(160, "sched_get_priority_min") -_S(161, "sched_rr_get_interval") -_S(162, "nanosleep") -_S(163, "mremap") -_S(164, "setresuid") -_S(165, "getresuid") -_S(166, "query_module") -_S(167, "poll") -_S(168, "nfsservctl") -_S(169, "setresgid") -_S(170, "getresgid") -_S(171, "prctl") -_S(172, "rt_sigreturn") -_S(173, "rt_sigaction") -_S(174, "rt_sigprocmask") -_S(175, "rt_sigpending") -_S(176, "rt_sigtimedwait") -_S(177, "rt_sigqueueinfo") -_S(178, "rt_sigsuspend") -_S(179, "pread") -_S(180, "pwrite") -_S(181, "chown") -_S(182, "getcwd") -_S(183, "capget") -_S(184, "capset") -_S(185, "sigaltstack") -_S(186, "sendfile") -_S(187, "getpmsg") -_S(188, "putpmsg") -_S(189, "vfork") -_S(190, "ugetrlimit") -_S(191, "readahead") -_S(192, "mmap2") -_S(193, "truncate64") -_S(194, "ftruncate64") -_S(195, "stat64") -_S(196, "lstat64") -_S(197, "fstat64") -_S(198, "pciconfig_read") -_S(199, "pciconfig_write") -_S(200, "pciconfig_iobase") -_S(201, "multiplexer") -_S(202, "getdents64") -_S(203, "pivot_root") -_S(204, "fcntl64") -_S(205, "madvise") -_S(206, "mincore") -_S(207, "gettid") -_S(208, "tkill") -_S(209, "setxattr") -_S(210, "lsetxattr") -_S(211, "fsetxattr") -_S(212, "getxattr") -_S(213, "lgetxattr") -_S(214, "fgetxattr") -_S(215, "listxattr") -_S(216, "llistxattr") -_S(217, "flistxattr") -_S(218, "removexattr") -_S(219, "lremovexattr") -_S(220, "fremovexattr") -_S(221, "futex") -_S(222, "sched_setaffinity") -_S(223, "sched_getaffinity") -_S(225, "tuxcall") -_S(226, "sendfile64") -_S(227, "io_setup") -_S(228, "io_destroy") -_S(229, "io_getevents") -_S(230, "io_submit") -_S(231, "io_cancel") -_S(232, "set_tid_address") -_S(233, "fadvise64") -_S(234, "exit_group") -_S(235, "lookup_dcookie") -_S(236, "epoll_create") -_S(237, "epoll_ctl") -_S(238, "epoll_wait") -_S(239, "remap_file_pages") -_S(240, "timer_create") -_S(241, "timer_settime") -_S(242, "timer_gettime") -_S(243, "timer_getoverrun") -_S(244, "timer_delete") -_S(245, "clock_settime") -_S(246, "clock_gettime") -_S(247, "clock_getres") -_S(248, "clock_nanosleep") -_S(249, "swapcontext") -_S(250, "tgkill") -_S(251, "utimes") -_S(252, "statfs64") -_S(253, "fstatfs64") -_S(254, "fadvise64_64") -_S(255, "rtas") -_S(262, "mq_open") -_S(263, "mq_unlink") -_S(264, "mq_timedsend") -_S(265, "mq_timedreceive") -_S(266, "mq_notify") -_S(267, "mq_getsetattr") -_S(268, "kexec_load") -_S(269, "add_key") -_S(270, "request_key") -_S(271, "keyctl") -_S(272, "waitid") -_S(273, "ioprio_set") -_S(274, "ioprio_get") -_S(275, "inotify_init") -_S(276, "inotify_add_watch") -_S(277, "inotify_rm_watch") -_S(278, "spu_run") -_S(279, "spu_create") -_S(280, "pselect6") -_S(281, "ppoll") -_S(282, "unshare") -_S(283, "splice") -_S(284, "tee") -_S(285, "vmsplice") -_S(286, "openat") -_S(287, "mkdirat") -_S(288, "mknodat") -_S(289, "fchownat") -_S(290, "futimesat") -_S(291, "fstatat64") -_S(292, "unlinkat") -_S(293, "renameat") -_S(294, "linkat") -_S(295, "symlinkat") -_S(296, "readlinkat") -_S(297, "fchmodat") -_S(298, "faccessat") -_S(299, "get_robust_list") -_S(300, "set_robust_list") -_S(301, "move_pages") -_S(302, "getcpu") -_S(303, "epoll_pwait") -_S(304, "utimensat") -_S(305, "signalfd") -_S(306, "timerfd") -_S(307, "eventfd") -_S(308, "sync_file_range2") -_S(309, "fallocate") -_S(310, "subpage_prot") -_S(311, "timerfd_settime") -_S(312, "timerfd_gettime") -_S(313, "signalfd4") -_S(314, "eventfd2") -_S(315, "epoll_create1") -_S(316, "dup3") -_S(317, "pipe2") -_S(318, "inotify_init1") -_S(319, "perf_counter_open") -_S(320, "preadv") -_S(321, "pwritev") -_S(322, "rt_tgsigqueueinfo") -_S(323, "fanotify_init") -_S(324, "fanotify_mark") -_S(325, "prlimit64") -_S(326, "socket") -_S(327, "bind") -_S(328, "connect") -_S(329, "listen") -_S(330, "accept") -_S(331, "getsockname") -_S(332, "getpeername") -_S(333, "socketpair") -_S(334, "send") -_S(335, "sendto") -_S(336, "recv") -_S(337, "recvfrom") -_S(338, "shutdown") -_S(339, "setsockopt") -_S(340, "getsockopt") -_S(341, "sendmsg") -_S(342, "recvmsg") -_S(343, "recvmmsg") -_S(344, "accept4") -_S(345, "name_to_handle_at") -_S(346, "open_by_handle_at") -_S(347, "clock_adjtime") -_S(348, "syncfs") -_S(349, "sendmmsg") -_S(350, "setns") -_S(351, "process_vm_readv") -_S(352, "process_vm_writev") -_S(353, "finit_module") -_S(354, "kcmp") -_S(355, "sched_setattr") -_S(356, "sched_getattr") -_S(357, "renameat2") -_S(358, "seccomp") -_S(359, "getrandom") -_S(360, "memfd_create") -_S(361, "bpf") -_S(362, "execveat") -_S(363, "switch_endian") diff --git a/framework/src/audit/lib/private.h b/framework/src/audit/lib/private.h deleted file mode 100644 index a0e3e35c..00000000 --- a/framework/src/audit/lib/private.h +++ /dev/null @@ -1,175 +0,0 @@ -/* private.h -- - * Copyright 2005,2006,2009,2013-14 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ -#ifndef _PRIVATE_H_ -#define _PRIVATE_H_ - -#include "dso.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum { REAL_ERR, HIDE_IT } hide_t; - -/* Internal syslog messaging */ -void audit_msg(int priority, const char *fmt, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 2, 3))); -#else - ; -#endif - -/* This structure is for protocol reference only. All fields are - packed and in network order (LSB first). */ -struct auditd_remote_message_wrapper { - /* The magic number shall never have LF (0x0a) as one of its bytes. */ - uint32_t magic; - /* Bumped when the layout of this structure changes. */ - uint8_t header_version; - /* The minimum support needed to understand this message type. - * Normally zero. */ - uint8_t message_version; - /* Upper 8 bits are generic type, see below. */ - uint32_t type; - /* Number of bytes that follow this header Must be 0..MAX_AUDIT_MESSAGE_LENGTH. */ - uint16_t length; - /* Copied from message to its reply. */ - uint32_t sequence_id; - /* The message follows for LENGTH bytes. */ -}; - -#define AUDIT_RMW_HEADER_SIZE 16 -/* The magic number shall never have LF (0x0a) as one of its bytes. */ -#define AUDIT_RMW_MAGIC 0xff0000feUL - -#define AUDIT_RMW_HEADER_VERSION 0 - -/* If set, this is a reply. */ -#define AUDIT_RMW_TYPE_REPLYMASK 0x40000000 -/* If set, this reply indicates a fatal error of some sort. */ -#define AUDIT_RMW_TYPE_FATALMASK 0x20000000 -/* If set, this reply indicates success but with some warnings. */ -#define AUDIT_RMW_TYPE_WARNMASK 0x10000000 -/* This part of the message type is the details for the above. */ -#define AUDIT_RMW_TYPE_DETAILMASK 0x0fffffff - -/* Version 0 messages. */ -#define AUDIT_RMW_TYPE_MESSAGE 0x00000000 -#define AUDIT_RMW_TYPE_HEARTBEAT 0x00000001 -#define AUDIT_RMW_TYPE_ACK 0x40000000 -#define AUDIT_RMW_TYPE_ENDING 0x40000001 -#define AUDIT_RMW_TYPE_DISKLOW 0x50000001 -#define AUDIT_RMW_TYPE_DISKFULL 0x60000001 -#define AUDIT_RMW_TYPE_DISKERROR 0x60000002 - -/* These next four should not be called directly. */ -#define _AUDIT_RMW_PUTN32(header,i,v) \ - header[i] = v & 0xff; \ - header[i+1] = (v>>8) & 0xff; \ - header[i+2] = (v>>16) & 0xff; \ - header[i+3] = (v>>24) & 0xff; -#define _AUDIT_RMW_PUTN16(header,i,v) \ - header[i] = v & 0xff; \ - header[i+1] = (v>>8) & 0xff; -#define _AUDIT_RMW_GETN32(header,i) \ - (((uint32_t)(header[i] & 0xFF)) | \ - (((uint32_t)(header[i+1] & 0xFF))<<8) | \ - (((uint32_t)(header[i+2] & 0xFF ))<<16) | \ - (((uint32_t)(header[i+3] & 0xFF))<<24)) -#define _AUDIT_RMW_GETN16(header,i) \ - ((uint32_t)(header[i] & 0xFF) | ((uint32_t)(header[i+1] & 0xFF)<<8)) - -/* For these, HEADER must by of type "unsigned char *" or "unsigned - char []" */ - -#define AUDIT_RMW_PACK_HEADER(header,mver,type,len,seq) \ - _AUDIT_RMW_PUTN32 (header,0, AUDIT_RMW_MAGIC); \ - header[4] = AUDIT_RMW_HEADER_VERSION; \ - header[5] = mver; \ - _AUDIT_RMW_PUTN32 (header,6, type); \ - _AUDIT_RMW_PUTN16 (header,10, len); \ - _AUDIT_RMW_PUTN32 (header,12, seq); - -#define AUDIT_RMW_IS_MAGIC(header,length) \ - (length >= 4 && _AUDIT_RMW_GETN32 (header,0) == AUDIT_RMW_MAGIC) - -#define AUDIT_RMW_UNPACK_HEADER(header,hver,mver,type,len,seq) \ - hver = header[4]; \ - mver = header[5]; \ - type = _AUDIT_RMW_GETN32 (header,6); \ - len = _AUDIT_RMW_GETN16 (header,10); \ - seq = _AUDIT_RMW_GETN32 (header,12); - -/* General */ -extern int audit_send(int fd, int type, const void *data, unsigned int size); - -// This is the main messaging function used internally -// Don't hide it, it used to be a part of the public API! -extern int audit_send_user_message(int fd, int type, hide_t hide_err, - const char *message); - -// libaudit.c -extern int _audit_permadded; -extern int _audit_archadded; -extern int _audit_syscalladded; -extern unsigned int _audit_elf; - -hidden_proto(audit_send_user_message); -hidden_proto(audit_add_watch_dir); -hidden_proto(audit_detect_machine); -hidden_proto(audit_request_status); -hidden_proto(audit_rule_syscall_data); -hidden_proto(audit_rule_syscallbyname_data); -hidden_proto(audit_set_feature); -hidden_proto(audit_request_features); - -// lookup_table.c -hidden_proto(audit_elf_to_machine); -hidden_proto(audit_machine_to_elf); -hidden_proto(audit_msg_type_to_name); -hidden_proto(audit_name_to_errno); -hidden_proto(audit_name_to_field); -hidden_proto(audit_name_to_machine); -hidden_proto(audit_name_to_msg_type); -hidden_proto(audit_name_to_syscall); -hidden_proto(audit_operator_to_symbol); -hidden_proto(audit_name_to_ftype); - -// netlink.c -hidden_proto(audit_get_reply); -hidden_proto(audit_send) - -// message.c -hidden_proto(audit_msg) - -// strsplit.c -char *audit_strsplit_r(char *s, char **savedpp); -char *audit_strsplit(char *s); -hidden_proto(audit_strsplit_r) -hidden_proto(audit_strsplit) - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/framework/src/audit/lib/s390_table.h b/framework/src/audit/lib/s390_table.h deleted file mode 100644 index d3cec4fb..00000000 --- a/framework/src/audit/lib/s390_table.h +++ /dev/null @@ -1,354 +0,0 @@ -/* s390_table.h -- - * Copyright 2005-15 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(1, "exit") -_S(2, "fork") -_S(3, "read") -_S(4, "write") -_S(5, "open") -_S(6, "close") -_S(8, "creat") -_S(9, "link") -_S(10, "unlink") -_S(11, "execve") -_S(12, "chdir") -_S(13, "time") -_S(14, "mknod") -_S(15, "chmod") -_S(16, "lchown") -_S(19, "lseek") -_S(20, "getpid") -_S(21, "mount") -_S(22, "umount") -_S(23, "setuid") -_S(24, "getuid") -_S(25, "stime") -_S(26, "ptrace") -_S(27, "alarm") -_S(29, "pause") -_S(30, "utime") -_S(33, "access") -_S(34, "nice") -_S(36, "sync") -_S(37, "kill") -_S(38, "rename") -_S(39, "mkdir") -_S(40, "rmdir") -_S(41, "dup") -_S(42, "pipe") -_S(43, "times") -_S(45, "brk") -_S(46, "setgid") -_S(47, "getgid") -_S(48, "signal") -_S(49, "geteuid") -_S(50, "getegid") -_S(51, "acct") -_S(52, "umount2") -_S(54, "ioctl") -_S(55, "fcntl") -_S(57, "setpgid") -_S(60, "umask") -_S(61, "chroot") -_S(62, "ustat") -_S(63, "dup2") -_S(64, "getppid") -_S(65, "getpgrp") -_S(66, "setsid") -_S(67, "sigaction") -_S(70, "setreuid") -_S(71, "setregid") -_S(72, "sigsuspend") -_S(73, "sigpending") -_S(74, "sethostname") -_S(75, "setrlimit") -_S(76, "getrlimit") -_S(77, "getrusage") -_S(78, "gettimeofday") -_S(79, "settimeofday") -_S(80, "getgroups") -_S(81, "setgroups") -_S(83, "symlink") -_S(85, "readlink") -_S(86, "uselib") -_S(87, "swapon") -_S(88, "reboot") -_S(89, "readdir") -_S(90, "mmap") -_S(91, "munmap") -_S(92, "truncate") -_S(93, "ftruncate") -_S(94, "fchmod") -_S(95, "fchown") -_S(96, "getpriority") -_S(97, "setpriority") -_S(99, "statfs") -_S(100, "fstatfs") -_S(101, "ioperm") -_S(102, "socketcall") -_S(103, "syslog") -_S(104, "setitimer") -_S(105, "getitimer") -_S(106, "stat") -_S(107, "lstat") -_S(108, "fstat") -_S(111, "vhangup") -_S(112, "idle") -_S(114, "wait4") -_S(115, "swapoff") -_S(116, "sysinfo") -_S(117, "ipc") -_S(118, "fsync") -_S(119, "sigreturn") -_S(120, "clone") -_S(121, "setdomainname") -_S(122, "uname") -_S(124, "adjtimex") -_S(125, "mprotect") -_S(126, "sigprocmask") -_S(127, "create_module") -_S(128, "init_module") -_S(129, "delete_module") -_S(130, "get_kernel_syms") -_S(131, "quotactl") -_S(132, "getpgid") -_S(133, "fchdir") -_S(134, "bdflush") -_S(135, "sysfs") -_S(136, "personality") -_S(137, "afs_syscall") -_S(138, "setfsuid") -_S(139, "setfsgid") -_S(140, "_llseek") -_S(141, "getdents") -_S(142, "_newselect") -_S(143, "flock") -_S(144, "msync") -_S(145, "readv") -_S(146, "writev") -_S(147, "getsid") -_S(148, "fdatasync") -_S(149, "_sysctl") -_S(150, "mlock") -_S(151, "munlock") -_S(152, "mlockall") -_S(153, "munlockall") -_S(154, "sched_setparam") -_S(155, "sched_getparam") -_S(156, "sched_setscheduler") -_S(157, "sched_getscheduler") -_S(158, "sched_yield") -_S(159, "sched_get_priority_max") -_S(160, "sched_get_priority_min") -_S(161, "sched_rr_get_interval") -_S(162, "nanosleep") -_S(163, "mremap") -_S(164, "setresuid") -_S(165, "getresuid") -_S(167, "query_module") -_S(168, "poll") -_S(169, "nfsservctl") -_S(170, "setresgid") -_S(171, "getresgid") -_S(172, "prctl") -_S(173, "rt_sigreturn") -_S(174, "rt_sigaction") -_S(175, "rt_sigprocmask") -_S(176, "rt_sigpending") -_S(177, "rt_sigtimedwait") -_S(178, "rt_sigqueueinfo") -_S(179, "rt_sigsuspend") -_S(180, "pread") -_S(181, "pwrite") -_S(182, "chown") -_S(183, "getcwd") -_S(184, "capget") -_S(185, "capset") -_S(186, "sigaltstack") -_S(187, "sendfile") -_S(188, "getpmsg") -_S(189, "putpmsg") -_S(190, "vfork") -_S(191, "ugetrlimit") -_S(192, "mmap2") -_S(193, "truncate64") -_S(194, "ftruncate64") -_S(195, "stat64") -_S(196, "lstat64") -_S(197, "fstat64") -_S(198, "lchown32") -_S(199, "getuid32") -_S(200, "getgid32") -_S(201, "geteuid32") -_S(202, "getegid32") -_S(203, "setreuid32") -_S(204, "setregid32") -_S(205, "getgroups32") -_S(206, "setgroups32") -_S(207, "fchown32") -_S(208, "setresuid32") -_S(209, "getresuid32") -_S(210, "setresgid32") -_S(211, "getresgid32") -_S(212, "chown32") -_S(213, "setuid32") -_S(214, "setgid32") -_S(215, "setfsuid32") -_S(216, "setfsgid32") -_S(217, "pivot_root") -_S(218, "mincore") -_S(219, "madvise") -_S(220, "getdents64") -_S(221, "fcntl64") -_S(222, "readahead") -_S(223, "sendfile64") -_S(224, "setxattr") -_S(225, "lsetxattr") -_S(226, "fsetxattr") -_S(227, "getxattr") -_S(228, "lgetxattr") -_S(229, "fgetxattr") -_S(230, "listxattr") -_S(231, "llistxattr") -_S(232, "flistxattr") -_S(233, "removexattr") -_S(234, "lremovexattr") -_S(235, "fremovexattr") -_S(236, "gettid") -_S(237, "tkill") -_S(238, "futex") -_S(239, "sched_setaffinity") -_S(240, "sched_getaffinity") -_S(241, "tgkill") -//_S(242, "") -_S(243, "io_setup") -_S(244, "io_destroy") -_S(245, "io_getevents") -_S(246, "io_submit") -_S(247, "io_cancel") -_S(248, "exit_group") -_S(249, "epoll_create") -_S(250, "epoll_ctl") -_S(251, "epoll_wait") -_S(252, "set_tid_address") -_S(253, "fadvise64") -_S(254, "timer_create") -_S(255, "timer_settime") -_S(256, "timer_gettime") -_S(257, "timer_getoverrun") -_S(258, "timer_delete") -_S(259, "clock_settime") -_S(260, "clock_gettime") -_S(261, "clock_getres") -_S(262, "clock_nanosleep") -//_S(263, "") -_S(264, "fadvise64_64") -_S(265, "statfs64") -_S(266, "fstatfs64") -_S(267, "remap_file_pages") -//_S(268, "") -//_S(269, "") -//_S(270, "") -_S(271, "mq_open") -_S(272, "mq_unlink") -_S(273, "mq_timedsend") -_S(274, "mq_timedreceive") -_S(275, "mq_notify") -_S(276, "mq_getsetattr") -_S(277, "kexec_load") -_S(278, "add_key") -_S(279, "request_key") -_S(280, "keyctl") -_S(281, "waitid") -_S(282, "ioprio_set") -_S(283, "ioprio_get") -_S(284, "inotify_init") -_S(285, "inotify_add_watch") -_S(286, "inotify_rm_watch") -//_S(287, "") -_S(288, "openat") -_S(289, "mkdirat") -_S(290, "mknodat") -_S(291, "fchownat") -_S(292, "futimesat") -_S(293, "fstatat64") -_S(294, "unlinkat") -_S(295, "renameat") -_S(296, "linkat") -_S(297, "symlinkat") -_S(298, "readlinkat") -_S(299, "fchmodat") -_S(300, "faccessat") -_S(301, "pselect6") -_S(302, "ppoll") -_S(303, "unshare") -_S(304, "set_robust_list") -_S(305, "get_robust_list") -_S(306, "splice") -_S(307, "sync_file_range") -_S(308, "tee") -_S(309, "vmsplice") -//_S(310, "") -_S(311, "getcpu") -_S(312, "epoll_pwait") -_S(313, "utimes") -_S(314, "fallocate") -_S(315, "utimensat") -_S(316, "signalfd") -_S(317, "timerfd") -_S(318, "eventfd") -_S(319, "timerfd_create") -_S(320, "timerfd_settime") -_S(321, "timerfd_gettime") -_S(322, "signalfd4") -_S(323, "eventfd2") -_S(324, "inotify_init1") -_S(325, "pipe2") -_S(326, "dup3") -_S(327, "epoll_create1") -_S(328, "preadv") -_S(329, "pwritev") -_S(330, "rt_tgsigqueueinfo") -_S(331, "perf_event_open") -_S(332, "fanotify_init") -_S(333, "fanotify_mark") -_S(334, "prlimit64") -_S(335, "name_to_handle_at") -_S(336, "open_by_handle_at") -_S(337, "clock_adjtime") -_S(338, "syncfs") -_S(339, "setns") -_S(340, "process_vm_readv") -_S(341, "process_vm_writev") -_S(342, "s390_runtime_instr") -_S(343, "kcmp") -_S(344, "finit_module") -_S(345, "sched_setattr") -_S(346, "sched_getattr") -_S(347, "renameat2") -_S(348, "seccomp") -_S(349, "getrandom") -_S(350, "memfd_create") -_S(351, "bpf") -_S(352, "s390_pci_mmio_write") -_S(353, "s390_pci_mmio_read") -_S(354, "execveat") diff --git a/framework/src/audit/lib/s390x_table.h b/framework/src/audit/lib/s390x_table.h deleted file mode 100644 index 73ba0ec0..00000000 --- a/framework/src/audit/lib/s390x_table.h +++ /dev/null @@ -1,319 +0,0 @@ -/* s390x_table.h -- - * Copyright 2005-06,2008-15 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(1, "exit") -_S(2, "fork") -_S(3, "read") -_S(4, "write") -_S(5, "open") -_S(6, "close") -_S(8, "creat") -_S(9, "link") -_S(10, "unlink") -_S(11, "execve") -_S(12, "chdir") -_S(14, "mknod") -_S(15, "chmod") -_S(19, "lseek") -_S(20, "getpid") -_S(21, "mount") -_S(22, "umount") -_S(26, "ptrace") -_S(27, "alarm") -_S(29, "pause") -_S(30, "utime") -_S(33, "access") -_S(34, "nice") -_S(36, "sync") -_S(37, "kill") -_S(38, "rename") -_S(39, "mkdir") -_S(40, "rmdir") -_S(41, "dup") -_S(42, "pipe") -_S(43, "times") -_S(45, "brk") -_S(48, "signal") -_S(51, "acct") -_S(52, "umount2") -_S(54, "ioctl") -_S(55, "fcntl") -_S(57, "setpgid") -_S(60, "umask") -_S(61, "chroot") -_S(62, "ustat") -_S(63, "dup2") -_S(64, "getppid") -_S(65, "getpgrp") -_S(66, "setsid") -_S(67, "sigaction") -_S(72, "sigsuspend") -_S(73, "sigpending") -_S(74, "sethostname") -_S(75, "setrlimit") -_S(77, "getrusage") -_S(78, "gettimeofday") -_S(79, "settimeofday") -_S(83, "symlink") -_S(85, "readlink") -_S(86, "uselib") -_S(87, "swapon") -_S(88, "reboot") -_S(89, "readdir") -_S(90, "mmap") -_S(91, "munmap") -_S(92, "truncate") -_S(93, "ftruncate") -_S(94, "fchmod") -_S(96, "getpriority") -_S(97, "setpriority") -_S(99, "statfs") -_S(100, "fstatfs") -_S(102, "socketcall") -_S(103, "syslog") -_S(104, "setitimer") -_S(105, "getitimer") -_S(106, "stat") -_S(107, "lstat") -_S(108, "fstat") -_S(111, "vhangup") -_S(112, "idle") -_S(114, "wait4") -_S(115, "swapoff") -_S(116, "sysinfo") -_S(117, "ipc") -_S(118, "fsync") -_S(119, "sigreturn") -_S(120, "clone") -_S(121, "setdomainname") -_S(122, "uname") -_S(124, "adjtimex") -_S(125, "mprotect") -_S(126, "sigprocmask") -_S(127, "create_module") -_S(128, "init_module") -_S(129, "delete_module") -_S(130, "get_kernel_syms") -_S(131, "quotactl") -_S(132, "getpgid") -_S(133, "fchdir") -_S(134, "bdflush") -_S(135, "sysfs") -_S(136, "personality") -_S(137, "afs_syscall") -_S(141, "getdents") -_S(142, "select") -_S(143, "flock") -_S(144, "msync") -_S(145, "readv") -_S(146, "writev") -_S(147, "getsid") -_S(148, "fdatasync") -_S(149, "_sysctl") -_S(150, "mlock") -_S(151, "munlock") -_S(152, "mlockall") -_S(153, "munlockall") -_S(154, "sched_setparam") -_S(155, "sched_getparam") -_S(156, "sched_setscheduler") -_S(157, "sched_getscheduler") -_S(158, "sched_yield") -_S(159, "sched_get_priority_max") -_S(160, "sched_get_priority_min") -_S(161, "sched_rr_get_interval") -_S(162, "nanosleep") -_S(163, "mremap") -_S(167, "query_module") -_S(168, "poll") -_S(169, "nfsservctl") -_S(172, "prctl") -_S(173, "rt_sigreturn") -_S(174, "rt_sigaction") -_S(175, "rt_sigprocmask") -_S(176, "rt_sigpending") -_S(177, "rt_sigtimedwait") -_S(178, "rt_sigqueueinfo") -_S(179, "rt_sigsuspend") -_S(180, "pread") -_S(181, "pwrite") -_S(183, "getcwd") -_S(184, "capget") -_S(185, "capset") -_S(186, "sigaltstack") -_S(187, "sendfile") -_S(188, "getpmsg") -_S(189, "putpmsg") -_S(190, "vfork") -_S(191, "getrlimit") -_S(198, "lchown") -_S(199, "getuid") -_S(200, "getgid") -_S(201, "geteuid") -_S(202, "getegid") -_S(203, "setreuid") -_S(204, "setregid") -_S(205, "getgroups") -_S(206, "setgroups") -_S(207, "fchown") -_S(208, "setresuid") -_S(209, "getresuid") -_S(210, "setresgid") -_S(211, "getresgid") -_S(212, "chown") -_S(213, "setuid") -_S(214, "setgid") -_S(215, "setfsuid") -_S(216, "setfsgid") -_S(217, "pivot_root") -_S(218, "mincore") -_S(219, "madvise") -_S(222, "readahead") -_S(224, "setxattr") -_S(225, "lsetxattr") -_S(226, "fsetxattr") -_S(227, "getxattr") -_S(228, "lgetxattr") -_S(229, "fgetxattr") -_S(230, "listxattr") -_S(231, "llistxattr") -_S(232, "flistxattr") -_S(233, "removexattr") -_S(234, "lremovexattr") -_S(235, "fremovexattr") -_S(236, "gettid") -_S(237, "tkill") -_S(238, "futex") -_S(239, "sched_setaffinity") -_S(240, "sched_getaffinity") -_S(241, "tgkill") -_S(243, "io_setup") -_S(244, "io_destroy") -_S(245, "io_getevents") -_S(246, "io_submit") -_S(247, "io_cancel") -_S(248, "exit_group") -_S(249, "epoll_create") -_S(250, "epoll_ctl") -_S(251, "epoll_wait") -_S(252, "set_tid_address") -_S(253, "fadvise64") -_S(254, "timer_create") -_S(255, "timer_settime") -_S(256, "timer_gettime") -_S(257, "timer_getoverrun") -_S(258, "timer_delete") -_S(259, "clock_settime") -_S(260, "clock_gettime") -_S(261, "clock_getres") -_S(262, "clock_nanosleep") -_S(265, "statfs64") -_S(266, "fstatfs64") -_S(267, "remap_file_pages") -//_S(268, "") -//_S(269, "") -//_S(270, "") -_S(271, "mq_open") -_S(272, "mq_unlink") -_S(273, "mq_timedsend") -_S(274, "mq_timedreceive") -_S(275, "mq_notify") -_S(276, "mq_getsetattr") -_S(277, "kexec_load") -_S(278, "add_key") -_S(279, "request_key") -_S(280, "keyctl") -_S(281, "waitid") -_S(282, "ioprio_set") -_S(283, "ioprio_get") -_S(284, "inotify_init") -_S(285, "inotify_add_watch") -_S(286, "inotify_rm_watch") -//_S(287, "") -_S(288, "openat") -_S(289, "mkdirat") -_S(290, "mknodat") -_S(291, "fchownat") -_S(292, "futimesat") -_S(293, "newfstatat") -_S(294, "unlinkat") -_S(295, "renameat") -_S(296, "linkat") -_S(297, "symlinkat") -_S(298, "readlinkat") -_S(299, "fchmodat") -_S(300, "faccessat") -_S(301, "pselect6") -_S(302, "ppoll") -_S(303, "unshare") -_S(304, "set_robust_list") -_S(305, "get_robust_list") -_S(306, "splice") -_S(307, "sync_file_range") -_S(308, "tee") -_S(309, "vmsplice") -//_S(310, "") -_S(311, "getcpu") -_S(312, "epoll_pwait") -_S(313, "utimes") -_S(314, "fallocate") -_S(315, "utimensat") -_S(316, "signalfd") -_S(317, "timerfd") -_S(318, "eventfd") -_S(319, "timerfd_create") -_S(320, "timerfd_settime") -_S(321, "timerfd_gettime") -_S(322, "signalfd4") -_S(323, "eventfd2") -_S(324, "inotify_init1") -_S(325, "pipe2") -_S(326, "dup3") -_S(327, "epoll_create1") -_S(328, "preadv") -_S(329, "pwritev") -_S(330, "rt_tgsigqueueinfo") -_S(331, "perf_event_open") -_S(332, "fanotify_init") -_S(333, "fanotify_mark") -_S(334, "prlimit64") -_S(335, "name_to_handle_at") -_S(336, "open_by_handle_at") -_S(337, "clock_adjtime") -_S(338, "syncfs") -_S(339, "setns") -_S(340, "process_vm_readv") -_S(341, "process_vm_writev") -_S(342, "s390_runtime_instr") -_S(343, "kcmp") -_S(344, "finit_module") -_S(345, "sched_setattr") -_S(346, "sched_getattr") -_S(347, "renameat2") -_S(348, "seccomp") -_S(349, "getrandom") -_S(350, "memfd_create") -_S(351, "bpf") -_S(352, "s390_pci_mmio_write") -_S(353, "s390_pci_mmio_read") -_S(354, "execveat") - diff --git a/framework/src/audit/lib/strsplit.c b/framework/src/audit/lib/strsplit.c deleted file mode 100644 index 8337e6da..00000000 --- a/framework/src/audit/lib/strsplit.c +++ /dev/null @@ -1,91 +0,0 @@ -/* strsplit.c -- - * Copyright 2014 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - * - */ - -#include <string.h> -#include "libaudit.h" -#include "private.h" - -char *audit_strsplit_r(char *s, char **savedpp) -{ - char *ptr; - - if (s) - *savedpp = s; - else { - if (*savedpp == NULL) - return NULL; - *savedpp += 1; - } -retry: - ptr = strchr(*savedpp, ' '); - if (ptr) { - if (ptr == *savedpp) { - *savedpp += 1; - goto retry; - } - s = *savedpp; - *ptr = 0; - *savedpp = ptr; - return s; - } else { - s = *savedpp; - *savedpp = NULL; - if (*s == 0) - return NULL; - return s; - } -} -hidden_def(audit_strsplit_r) - -char *audit_strsplit(char *s) -{ - static char *str = NULL; - char *ptr; - - if (s) - str = s; - else { - if (str == NULL) - return NULL; - str++; - } -retry: - ptr = strchr(str, ' '); - if (ptr) { - if (ptr == str) { - str++; - goto retry; - } - s = str; - *ptr = 0; - str = ptr; - return s; - } else { - s = str; - str = NULL; - if (*s == 0) - return NULL; - return s; - } -} -hidden_def(audit_strsplit) diff --git a/framework/src/audit/lib/syscall-update.txt b/framework/src/audit/lib/syscall-update.txt deleted file mode 100644 index 89d63717..00000000 --- a/framework/src/audit/lib/syscall-update.txt +++ /dev/null @@ -1,20 +0,0 @@ -The place where syscall information is gathered is: - -arch/alpha/include/uapi/asm/unistd.h -arch/arm/include/uapi/asm/unistd.h -arch/ia64/include/uapi/asm/unistd.h -arch/powerpc/include/uapi/asm/unistd.h -arch/s390/include/uapi/asm/unistd.h -arch/x86/syscalls/syscall_32.tbl -arch/x86/syscalls/syscall_64.tbl -include/uapi/asm-generic/unistd.h (aarch64) - -For src/ausearch-lookup.c: -Inspect include/linux/net.h for socketcall updates -Inspect include/linux/ipc.h for ipccall updates - -For adding new arches, the following might be useful to get a first pass file: - -cat unistd.h | grep '^#define __NR_' | tr -d ')' | tr 'NR+' ' ' | awk '{ printf "_S(%s, \"%s\")\n", $6, $3 }; ' - -it will still need hand editing diff --git a/framework/src/audit/lib/test/Makefile.am b/framework/src/audit/lib/test/Makefile.am deleted file mode 100644 index 706fd051..00000000 --- a/framework/src/audit/lib/test/Makefile.am +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2008 Red Hat Inc., Durham, North Carolina. -# All Rights Reserved. -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -# Authors: -# Miloslav Trmač <mitr@redhat.com> -# - -check_PROGRAMS = lookup_test -TESTS = $(check_PROGRAMS) - -lookup_test_LDADD = ${top_builddir}/lib/libaudit.la diff --git a/framework/src/audit/lib/test/lookup_test.c b/framework/src/audit/lib/test/lookup_test.c deleted file mode 100644 index 5cd00429..00000000 --- a/framework/src/audit/lib/test/lookup_test.c +++ /dev/null @@ -1,430 +0,0 @@ -/* lookup_test.c -- A test of table lookups. - * Copyright 2008 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Miloslav Trmač <mitr@redhat.com> - */ - -#include "config.h" -#include <assert.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/stat.h> - -#include "../libaudit.h" - -/* Number of lookups of random strings */ -#define RAND_ITERATIONS 1000 - -/* Maximum size of randomly generated strings, including the terminating NUL. */ -#define S_LEN 8 - -struct entry { - int val; - const char *s; -}; -#define _S(V, S) { (V), (S) }, - -/* Generate a random string into DEST[S_LEN]. */ -static void -gen_id(char *dest) -{ - size_t i, len; - - assert(S_LEN >= 2); - len = 1 + rand() % (S_LEN - 1); - assert('A' == 0x41 && 'a' == 0x61); /* ASCII */ - for (i = 0; i < len; i++) { - /* Don't start with a digit, audit_name_to_msg_type() interprets - those strings specially. */ - do { - dest[i] = 0x21 + rand() % (0x7F - 0x21); - } while (i == 0 && dest[i] >= '0' && dest[i] <= '9'); - } - dest[i] = '\0'; -} - -#define TEST_I2S(EXCL) \ - do { \ - size_t i; \ - \ - for (i = 0; i < sizeof(t) / sizeof(*t); i++) { \ - const char *s; \ - \ - if (EXCL) \ - continue; \ - s = I2S(t[i].val); \ - if (s == NULL) { \ - fprintf(stderr, \ - "%d -> `%s' not found\n", \ - t[i].val, t[i].s); \ - abort(); \ - } \ - if (strcmp(t[i].s, s) != 0) { \ - fprintf(stderr, \ - "%d -> `%s' mismatch `%s'\n", \ - t[i].val, t[i].s, s); \ - abort(); \ - } \ - } \ - for (i = 0; i < RAND_ITERATIONS; i++) { \ - int val; \ - size_t j; \ - val = rand(); \ - for (j = 0; j < sizeof(t) / sizeof(*t); j++) { \ - if (t[j].val == val) \ - goto test_i2s_found; \ - } \ - assert(I2S(val) == NULL); \ - test_i2s_found: \ - ; \ - } \ - } while (0) - -#define TEST_S2I(ERR_VALUE) \ - do { \ - size_t i; \ - char buf[S_LEN]; \ - \ - for (i = 0; i < sizeof(t) / sizeof(*t); i++) \ - assert(S2I(t[i].s) == t[i].val); \ - for (i = 0; i < RAND_ITERATIONS; i++) { \ - /* Blindly assuming this will not generate a \ - meaningful identifier. */ \ - gen_id(buf); \ - if (S2I(buf) != (ERR_VALUE)) { \ - fprintf(stderr, \ - "Unexpected match `%s'\n", \ - buf); \ - abort(); \ - } \ - } \ - } while (0) - -#ifdef WITH_ALPHA -static void -test_alpha_table(void) -{ - static const struct entry t[] = { -#include "../alpha_table.h" - }; - - printf("Testing alpha_table...\n"); -#define I2S(I) audit_syscall_to_name((I), MACH_ALPHA) -#define S2I(S) audit_name_to_syscall((S), MACH_ALPHA) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} -#endif - -#ifdef WITH_ARM -static void -test_arm_table(void) -{ - static const struct entry t[] = { -#include "../arm_table.h" - }; - - printf("Testing arm_table...\n"); -#define I2S(I) audit_syscall_to_name((I), MACH_ARM) -#define S2I(S) audit_name_to_syscall((S), MACH_ARM) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} -#endif - -#ifdef WITH_AARCH64 -static void -test_aarch64_table(void) -{ - static const struct entry t[] = { -#include "../aarch64_table.h" - }; - - printf("Testing aarch64_table...\n"); -#define I2S(I) audit_syscall_to_name((I), MACH_AARCH64) -#define S2I(S) audit_name_to_syscall((S), MACH_AARCH64) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} -#endif - -static void -test_i386_table(void) -{ - static const struct entry t[] = { -#include "../i386_table.h" - }; - - printf("Testing i386_table...\n"); -#define I2S(I) audit_syscall_to_name((I), MACH_X86) -#define S2I(S) audit_name_to_syscall((S), MACH_X86) - TEST_I2S(strcmp(t[i].s, "madvise1") == 0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_ia64_table(void) -{ - static const struct entry t[] = { -#include "../ia64_table.h" - }; - - printf("Testing ia64_table...\n"); -#define I2S(I) audit_syscall_to_name((I), MACH_IA64) -#define S2I(S) audit_name_to_syscall((S), MACH_IA64) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_ppc_table(void) -{ - static const struct entry t[] = { -#include "../ppc_table.h" - }; - - printf("Testing ppc_table...\n"); -#define I2S(I) audit_syscall_to_name((I), MACH_PPC) -#define S2I(S) audit_name_to_syscall((S), MACH_PPC) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_s390_table(void) -{ - static const struct entry t[] = { -#include "../s390_table.h" - }; - - printf("Testing s390_table...\n"); -#define I2S(I) audit_syscall_to_name((I), MACH_S390) -#define S2I(S) audit_name_to_syscall((S), MACH_S390) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_s390x_table(void) -{ - static const struct entry t[] = { -#include "../s390x_table.h" - }; - - printf("Testing s390x_table...\n"); -#define I2S(I) audit_syscall_to_name((I), MACH_S390X) -#define S2I(S) audit_name_to_syscall((S), MACH_S390X) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_x86_64_table(void) -{ - static const struct entry t[] = { -#include "../x86_64_table.h" - }; - - printf("Testing x86_64_table...\n"); -#define I2S(I) audit_syscall_to_name((I), MACH_86_64) -#define S2I(S) audit_name_to_syscall((S), MACH_86_64) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_actiontab(void) -{ - static const struct entry t[] = { -#include "../actiontab.h" - }; - - printf("Testing actiontab...\n"); -#define I2S(I) audit_action_to_name(I) -#define S2I(S) audit_name_to_action(S) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_errtab(void) -{ - static const struct entry t[] = { -#include "../errtab.h" - }; - - printf("Testing errtab...\n"); -#define I2S(I) audit_errno_to_name(I) -#define S2I(S) audit_name_to_errno(S) - TEST_I2S(strcmp(t[i].s, "EWOULDBLOCK") == 0 - || strcmp(t[i].s, "EDEADLOCK") == 0); - TEST_S2I(0); -#undef I2S -#undef S2I -} - -static void -test_fieldtab(void) -{ - static const struct entry t[] = { -#include "../fieldtab.h" - }; - - printf("Testing fieldtab...\n"); -#define I2S(I) audit_field_to_name(I) -#define S2I(S) audit_name_to_field(S) - TEST_I2S(strcmp(t[i].s, "loginuid") == 0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_flagtab(void) -{ - static const struct entry t[] = { -#include "../flagtab.h" - }; - - printf("Testing flagtab...\n"); -#define I2S(I) audit_flag_to_name(I) -#define S2I(S) audit_name_to_flag(S) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_ftypetab(void) -{ - static const struct entry t[] = { -#include "../ftypetab.h" - }; - - printf("Testing ftypetab...\n"); -#define I2S(I) audit_ftype_to_name(I) -#define S2I(S) audit_name_to_ftype(S) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_machinetab(void) -{ - static const struct entry t[] = { -#include "../machinetab.h" - }; - - printf("Testing machinetab...\n"); -#define I2S(I) audit_machine_to_name(I) -#define S2I(S) audit_name_to_machine(S) - TEST_I2S((t[i].s[0] == 'i' && t[i].s[1] >= '4' && t[i].s[1] <= '6' - && strcmp(t[i].s + 2, "86") == 0) || - (strncmp(t[i].s, "arm", 3) == 0)); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_msg_typetab(void) -{ - static const struct entry t[] = { -#include "../msg_typetab.h" - }; - - printf("Testing msg_typetab...\n"); -#define I2S(I) audit_msg_type_to_name(I) -#define S2I(S) audit_name_to_msg_type(S) - TEST_I2S(0); - TEST_S2I(-1); -#undef I2S -#undef S2I -} - -static void -test_optab(void) -{ - static const struct entry t[] = { -#include "../optab.h" - }; - - printf("Testing optab...\n"); -#define I2S(I) audit_operator_to_symbol(I) - TEST_I2S(0); -#undef I2S -} - -int -main(void) -{ - // This is only for preventing collisions in s2i tests. - // If collisions are found in future, change the number. - srand(3); -#ifdef WITH_ALPHA - test_alpha_table(); -#endif -#ifdef WITH_ARM - test_arm_table(); -#endif -#ifdef WITH_AARCH64 - test_aarch64_table(); -#endif - test_i386_table(); - test_ia64_table(); - test_ppc_table(); - test_s390_table(); - test_s390x_table(); - test_x86_64_table(); - test_actiontab(); - test_errtab(); - test_fieldtab(); - test_flagtab(); - test_ftypetab(); - test_machinetab(); - test_msg_typetab(); - test_optab(); - return EXIT_SUCCESS; -} - diff --git a/framework/src/audit/lib/x86_64_table.h b/framework/src/audit/lib/x86_64_table.h deleted file mode 100644 index 0c8d41ad..00000000 --- a/framework/src/audit/lib/x86_64_table.h +++ /dev/null @@ -1,345 +0,0 @@ -/* x86_64_table.h -- - * Copyright 2005-15 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Authors: - * Steve Grubb <sgrubb@redhat.com> - */ - -_S(0, "read") -_S(1, "write") -_S(2, "open") -_S(3, "close") -_S(4, "stat") -_S(5, "fstat") -_S(6, "lstat") -_S(7, "poll") -_S(8, "lseek") -_S(9, "mmap") -_S(10, "mprotect") -_S(11, "munmap") -_S(12, "brk") -_S(13, "rt_sigaction") -_S(14, "rt_sigprocmask") -_S(15, "rt_sigreturn") -_S(16, "ioctl") -_S(17, "pread") -_S(18, "pwrite") -_S(19, "readv") -_S(20, "writev") -_S(21, "access") -_S(22, "pipe") -_S(23, "select") -_S(24, "sched_yield") -_S(25, "mremap") -_S(26, "msync") -_S(27, "mincore") -_S(28, "madvise") -_S(29, "shmget") -_S(30, "shmat") -_S(31, "shmctl") -_S(32, "dup") -_S(33, "dup2") -_S(34, "pause") -_S(35, "nanosleep") -_S(36, "getitimer") -_S(37, "alarm") -_S(38, "setitimer") -_S(39, "getpid") -_S(40, "sendfile") -_S(41, "socket") -_S(42, "connect") -_S(43, "accept") -_S(44, "sendto") -_S(45, "recvfrom") -_S(46, "sendmsg") -_S(47, "recvmsg") -_S(48, "shutdown") -_S(49, "bind") -_S(50, "listen") -_S(51, "getsockname") -_S(52, "getpeername") -_S(53, "socketpair") -_S(54, "setsockopt") -_S(55, "getsockopt") -_S(56, "clone") -_S(57, "fork") -_S(58, "vfork") -_S(59, "execve") -_S(60, "exit") -_S(61, "wait4") -_S(62, "kill") -_S(63, "uname") -_S(64, "semget") -_S(65, "semop") -_S(66, "semctl") -_S(67, "shmdt") -_S(68, "msgget") -_S(69, "msgsnd") -_S(70, "msgrcv") -_S(71, "msgctl") -_S(72, "fcntl") -_S(73, "flock") -_S(74, "fsync") -_S(75, "fdatasync") -_S(76, "truncate") -_S(77, "ftruncate") -_S(78, "getdents") -_S(79, "getcwd") -_S(80, "chdir") -_S(81, "fchdir") -_S(82, "rename") -_S(83, "mkdir") -_S(84, "rmdir") -_S(85, "creat") -_S(86, "link") -_S(87, "unlink") -_S(88, "symlink") -_S(89, "readlink") -_S(90, "chmod") -_S(91, "fchmod") -_S(92, "chown") -_S(93, "fchown") -_S(94, "lchown") -_S(95, "umask") -_S(96, "gettimeofday") -_S(97, "getrlimit") -_S(98, "getrusage") -_S(99, "sysinfo") -_S(100, "times") -_S(101, "ptrace") -_S(102, "getuid") -_S(103, "syslog") -_S(104, "getgid") -_S(105, "setuid") -_S(106, "setgid") -_S(107, "geteuid") -_S(108, "getegid") -_S(109, "setpgid") -_S(110, "getppid") -_S(111, "getpgrp") -_S(112, "setsid") -_S(113, "setreuid") -_S(114, "setregid") -_S(115, "getgroups") -_S(116, "setgroups") -_S(117, "setresuid") -_S(118, "getresuid") -_S(119, "setresgid") -_S(120, "getresgid") -_S(121, "getpgid") -_S(122, "setfsuid") -_S(123, "setfsgid") -_S(124, "getsid") -_S(125, "capget") -_S(126, "capset") -_S(127, "rt_sigpending") -_S(128, "rt_sigtimedwait") -_S(129, "rt_sigqueueinfo") -_S(130, "rt_sigsuspend") -_S(131, "sigaltstack") -_S(132, "utime") -_S(133, "mknod") -_S(134, "uselib") -_S(135, "personality") -_S(136, "ustat") -_S(137, "statfs") -_S(138, "fstatfs") -_S(139, "sysfs") -_S(140, "getpriority") -_S(141, "setpriority") -_S(142, "sched_setparam") -_S(143, "sched_getparam") -_S(144, "sched_setscheduler") -_S(145, "sched_getscheduler") -_S(146, "sched_get_priority_max") -_S(147, "sched_get_priority_min") -_S(148, "sched_rr_get_interval") -_S(149, "mlock") -_S(150, "munlock") -_S(151, "mlockall") -_S(152, "munlockall") -_S(153, "vhangup") -_S(154, "modify_ldt") -_S(155, "pivot_root") -_S(156, "_sysctl") -_S(157, "prctl") -_S(158, "arch_prctl") -_S(159, "adjtimex") -_S(160, "setrlimit") -_S(161, "chroot") -_S(162, "sync") -_S(163, "acct") -_S(164, "settimeofday") -_S(165, "mount") -_S(166, "umount2") -_S(167, "swapon") -_S(168, "swapoff") -_S(169, "reboot") -_S(170, "sethostname") -_S(171, "setdomainname") -_S(172, "iopl") -_S(173, "ioperm") -_S(174, "create_module") -_S(175, "init_module") -_S(176, "delete_module") -_S(177, "get_kernel_syms") -_S(178, "query_module") -_S(179, "quotactl") -_S(180, "nfsservctl") -_S(181, "getpmsg") -_S(182, "putpmsg") -_S(183, "afs_syscall") -_S(184, "tuxcall") -_S(185, "security") -_S(186, "gettid") -_S(187, "readahead") -_S(188, "setxattr") -_S(189, "lsetxattr") -_S(190, "fsetxattr") -_S(191, "getxattr") -_S(192, "lgetxattr") -_S(193, "fgetxattr") -_S(194, "listxattr") -_S(195, "llistxattr") -_S(196, "flistxattr") -_S(197, "removexattr") -_S(198, "lremovexattr") -_S(199, "fremovexattr") -_S(200, "tkill") -_S(201, "time") -_S(202, "futex") -_S(203, "sched_setaffinity") -_S(204, "sched_getaffinity") -_S(205, "set_thread_area") -_S(206, "io_setup") -_S(207, "io_destroy") -_S(208, "io_getevents") -_S(209, "io_submit") -_S(210, "io_cancel") -_S(211, "get_thread_area") -_S(212, "lookup_dcookie") -_S(213, "epoll_create") -_S(214, "epoll_ctl_old") -_S(215, "epoll_wait_old") -_S(216, "remap_file_pages") -_S(217, "getdents64") -_S(218, "set_tid_address") -_S(219, "restart_syscall") -_S(220, "semtimedop") -_S(221, "fadvise64") -_S(222, "timer_create") -_S(223, "timer_settime") -_S(224, "timer_gettime") -_S(225, "timer_getoverrun") -_S(226, "timer_delete") -_S(227, "clock_settime") -_S(228, "clock_gettime") -_S(229, "clock_getres") -_S(230, "clock_nanosleep") -_S(231, "exit_group") -_S(232, "epoll_wait") -_S(233, "epoll_ctl") -_S(234, "tgkill") -_S(235, "utimes") -_S(236, "vserver") -_S(237, "mbind") -_S(238, "set_mempolicy") -_S(239, "get_mempolicy") -_S(240, "mq_open") -_S(241, "mq_unlink") -_S(242, "mq_timedsend") -_S(243, "mq_timedreceive") -_S(244, "mq_notify") -_S(245, "mq_getsetattr") -_S(246, "kexec_load") -_S(247, "waitid") -_S(248, "add_key") -_S(249, "request_key") -_S(250, "keyctl") -_S(251, "ioprio_set") -_S(252, "ioprio_get") -_S(253, "inotify_init") -_S(254, "inotify_add_watch") -_S(255, "inotify_rm_watch") -_S(256, "migrate_pages") -_S(257, "openat") -_S(258, "mkdirat") -_S(259, "mknodat") -_S(260, "fchownat") -_S(261, "futimesat") -_S(262, "newfstatat") -_S(263, "unlinkat") -_S(264, "renameat") -_S(265, "linkat") -_S(266, "symlinkat") -_S(267, "readlinkat") -_S(268, "fchmodat") -_S(269, "faccessat") -_S(270, "pselect6") -_S(271, "ppoll") -_S(272, "unshare") -_S(273, "set_robust_list") -_S(274, "get_robust_list") -_S(275, "splice") -_S(276, "tee") -_S(277, "sync_file_range") -_S(278, "vmsplice") -_S(279, "move_pages") -_S(280, "utimensat") -_S(281, "epoll_pwait") -_S(282, "signalfd") -_S(283, "timerfd") -_S(284, "eventfd") -_S(285, "fallocate") -_S(286, "timerfd_settime") -_S(287, "timerfd_gettime") -_S(288, "accept4") -_S(289, "signalfd4") -_S(290, "eventfd2") -_S(291, "epoll_create1") -_S(292, "dup3") -_S(293, "pipe2") -_S(294, "inotify_init1") -_S(295, "preadv") -_S(296, "pwritev") -_S(297, "rt_tgsigqueueinfo") -_S(298, "perf_event_open") -_S(299, "recvmmsg") -_S(300, "fanotify_init") -_S(301, "fanotify_mark") -_S(302, "prlimit64") -_S(303, "name_to_handle_at") -_S(304, "open_by_handle_at") -_S(305, "clock_adjtime") -_S(306, "syncfs") -_S(307, "sendmmsg") -_S(308, "setns") -_S(309, "getcpu") -_S(310, "process_vm_readv") -_S(311, "process_vm_writev") -_S(312, "kcmp") -_S(313, "finit_module") -_S(314, "sched_setattr") -_S(315, "sched_getattr") -_S(316, "renameat2") -_S(317, "seccomp") -_S(318, "getrandom") -_S(319, "memfd_create") -_S(320, "kexec_file_load") -_S(321, "bpf") -_S(322, "execveat") |