1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * SELinux support for the Audit LSM hooks 4 * 5 * Author: James Morris <jmorris@redhat.com> 6 * 7 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com> 8 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com> 10 */ 11 12 #ifndef _SELINUX_AUDIT_H 13 #define _SELINUX_AUDIT_H 14 15 /** 16 * selinux_audit_rule_init - alloc/init an selinux audit rule structure. 17 * @field: the field this rule refers to 18 * @op: the operater the rule uses 19 * @rulestr: the text "target" of the rule 20 * @rule: pointer to the new rule structure returned via this 21 * 22 * Returns 0 if successful, -errno if not. On success, the rule structure 23 * will be allocated internally. The caller must free this structure with 24 * selinux_audit_rule_free() after use. 25 */ 26 int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule); 27 28 /** 29 * selinux_audit_rule_free - free an selinux audit rule structure. 30 * @rule: pointer to the audit rule to be freed 31 * 32 * This will free all memory associated with the given rule. 33 * If @rule is NULL, no operation is performed. 34 */ 35 void selinux_audit_rule_free(void *rule); 36 37 /** 38 * selinux_audit_rule_match - determine if a context ID matches a rule. 39 * @sid: the context ID to check 40 * @field: the field this rule refers to 41 * @op: the operater the rule uses 42 * @rule: pointer to the audit rule to check against 43 * 44 * Returns 1 if the context id matches the rule, 0 if it does not, and 45 * -errno on failure. 46 */ 47 int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule); 48 49 /** 50 * selinux_audit_rule_known - check to see if rule contains selinux fields. 51 * @rule: rule to be checked 52 * Returns 1 if there are selinux fields specified in the rule, 0 otherwise. 53 */ 54 int selinux_audit_rule_known(struct audit_krule *krule); 55 56 #endif /* _SELINUX_AUDIT_H */ 57 58