summaryrefslogtreecommitdiffstats
path: root/libseaudit/include/seaudit/avc_message.h
diff options
context:
space:
mode:
Diffstat (limited to 'libseaudit/include/seaudit/avc_message.h')
-rw-r--r--libseaudit/include/seaudit/avc_message.h374
1 files changed, 374 insertions, 0 deletions
diff --git a/libseaudit/include/seaudit/avc_message.h b/libseaudit/include/seaudit/avc_message.h
new file mode 100644
index 0000000..b7263ea
--- /dev/null
+++ b/libseaudit/include/seaudit/avc_message.h
@@ -0,0 +1,374 @@
+/**
+ * @file
+ * Public interface for a single AVC log message. This is a subclass
+ * of seaudit_message.
+ *
+ * @author Jeremy A. Mowery jmowery@tresys.com
+ * @author Jason Tang jtang@tresys.com
+ * @author Jeremy Solt jsolt@tresys.com
+ *
+ * Copyright (C) 2006-2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef SEAUDIT_AVC_MESSAGE_H
+#define SEAUDIT_AVC_MESSAGE_H
+
+#include <apol/vector.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ typedef struct seaudit_avc_message seaudit_avc_message_t;
+
+/**
+ * AVC messages may be either a granted (i.e., an allow) or a denied.
+ */
+ typedef enum seaudit_avc_message_type
+ {
+ SEAUDIT_AVC_UNKNOWN = 0,
+ SEAUDIT_AVC_DENIED,
+ SEAUDIT_AVC_GRANTED
+ } seaudit_avc_message_type_e;
+
+/**
+ * Return the type of avc message this is, either a granted (i.e., an
+ * allow) or a denied.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return One of SEAUDIT_AVC_DENIED or SEAUDIT_AVC_GRANTED, or
+ * SEAUDIT_AVC_UNKNOWN upon error or if unknown.
+ */
+ extern seaudit_avc_message_type_e seaudit_avc_message_get_message_type(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the avc message's timestamp, measured in nanoseconds.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Timestamp, in nanoseconds, or 0 upon error or if unknown.
+ */
+ extern long seaudit_avc_message_get_timestamp_nano(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the source context's user of an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Source user, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_source_user(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the source context's role of an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Source role, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_source_role(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the source context's type of an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Source target, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_source_type(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the source context's mls level of an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Source target, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_source_mls_lvl(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the source context's mls clearance of an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Source target, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_source_mls_clr(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the target context's user of an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Target user, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_target_user(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the target context's role of an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Target role, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_target_role(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the target context's type of an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Target type, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_target_type(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the target context's mls level of an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Target type, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_target_mls_lvl(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the target context's mls clearance of an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Target type, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_target_mls_clr(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the object class from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Object class, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_object_class(const seaudit_avc_message_t * avc);
+
+/**
+ * Return a vector of permissions (type char *) from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Vector of permission strings, or NULL upon error or if
+ * unknown. Do not modify the vector in any way.
+ */
+ extern const apol_vector_t *seaudit_avc_message_get_perm(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the executable and path from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Executable string, or NULL upon error or if unknown. Do
+ * not free() this string.
+ */
+ extern const char *seaudit_avc_message_get_exe(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the command from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Command, or NULL upon error or if unknown. Do not free()
+ * this string.
+ */
+ extern const char *seaudit_avc_message_get_comm(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the name from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Name, or NULL upon error or if unknown. Do not free() this
+ * string.
+ */
+ extern const char *seaudit_avc_message_get_name(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the process ID from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Process's PID, or 0 upon error or if unknown.
+ */
+ extern unsigned int seaudit_avc_message_get_pid(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the inode from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Process's PID, or 0 upon error or if unknown.
+ */
+ extern unsigned long seaudit_avc_message_get_inode(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the path of the object from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Object's path, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_path(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the device for the object from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Object's device, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_dev(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the network interface for the object from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Network interface, or NULL upon error or if unknown. Do
+ * not free() this string.
+ */
+ extern const char *seaudit_avc_message_get_netif(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the port number from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Port, or 0 upon error or if unknown.
+ */
+ extern int seaudit_avc_message_get_port(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the local address from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Local address, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_laddr(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the local port from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Local port, or 0 upon error or if unknown.
+ */
+ extern int seaudit_avc_message_get_lport(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the foreign address from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Foreign address, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_faddr(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the foreign port from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Foreign port, or 0 upon error or if unknown.
+ */
+ extern int seaudit_avc_message_get_fport(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the source address from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Source address, or NULL upon error or if unknown. Do not
+ * free() this string.
+ */
+ extern const char *seaudit_avc_message_get_saddr(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the source port from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Source port, or 0 upon error or if unknown.
+ */
+ extern int seaudit_avc_message_get_sport(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the destination address from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Destination address, or NULL upon error or if unknown. Do
+ * not free() this string.
+ */
+ extern const char *seaudit_avc_message_get_daddr(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the destination port from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Destination port, or 0 upon error or if unknown.
+ */
+ extern int seaudit_avc_message_get_dport(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the IPC key from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Key, or -1 upon error or if unknown.
+ */
+ extern int seaudit_avc_message_get_key(const seaudit_avc_message_t * avc);
+
+/**
+ * Return the process capability from an avc message.
+ *
+ * @param avc AVC message to check.
+ *
+ * @return Capability, or -1 upon error or if unknown.
+ */
+ extern int seaudit_avc_message_get_cap(const seaudit_avc_message_t * avc);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
generated by cgit (git 2.34.1) at 2024-04-26 21:49:43 +0000