diff options
Diffstat (limited to 'libseaudit/include/seaudit/avc_message.h')
-rw-r--r-- | libseaudit/include/seaudit/avc_message.h | 374 |
1 files changed, 374 insertions, 0 deletions
diff --git a/libseaudit/include/seaudit/avc_message.h b/libseaudit/include/seaudit/avc_message.h new file mode 100644 index 0000000..b7263ea --- /dev/null +++ b/libseaudit/include/seaudit/avc_message.h @@ -0,0 +1,374 @@ +/** + * @file + * Public interface for a single AVC log message. This is a subclass + * of seaudit_message. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * @author Jeremy Solt jsolt@tresys.com + * + * Copyright (C) 2006-2007 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef SEAUDIT_AVC_MESSAGE_H +#define SEAUDIT_AVC_MESSAGE_H + +#include <apol/vector.h> + +#ifdef __cplusplus +extern "C" +{ +#endif + + typedef struct seaudit_avc_message seaudit_avc_message_t; + +/** + * AVC messages may be either a granted (i.e., an allow) or a denied. + */ + typedef enum seaudit_avc_message_type + { + SEAUDIT_AVC_UNKNOWN = 0, + SEAUDIT_AVC_DENIED, + SEAUDIT_AVC_GRANTED + } seaudit_avc_message_type_e; + +/** + * Return the type of avc message this is, either a granted (i.e., an + * allow) or a denied. + * + * @param avc AVC message to check. + * + * @return One of SEAUDIT_AVC_DENIED or SEAUDIT_AVC_GRANTED, or + * SEAUDIT_AVC_UNKNOWN upon error or if unknown. + */ + extern seaudit_avc_message_type_e seaudit_avc_message_get_message_type(const seaudit_avc_message_t * avc); + +/** + * Return the avc message's timestamp, measured in nanoseconds. + * + * @param avc AVC message to check. + * + * @return Timestamp, in nanoseconds, or 0 upon error or if unknown. + */ + extern long seaudit_avc_message_get_timestamp_nano(const seaudit_avc_message_t * avc); + +/** + * Return the source context's user of an avc message. + * + * @param avc AVC message to check. + * + * @return Source user, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_source_user(const seaudit_avc_message_t * avc); + +/** + * Return the source context's role of an avc message. + * + * @param avc AVC message to check. + * + * @return Source role, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_source_role(const seaudit_avc_message_t * avc); + +/** + * Return the source context's type of an avc message. + * + * @param avc AVC message to check. + * + * @return Source target, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_source_type(const seaudit_avc_message_t * avc); + +/** + * Return the source context's mls level of an avc message. + * + * @param avc AVC message to check. + * + * @return Source target, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_source_mls_lvl(const seaudit_avc_message_t * avc); + +/** + * Return the source context's mls clearance of an avc message. + * + * @param avc AVC message to check. + * + * @return Source target, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_source_mls_clr(const seaudit_avc_message_t * avc); + +/** + * Return the target context's user of an avc message. + * + * @param avc AVC message to check. + * + * @return Target user, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_target_user(const seaudit_avc_message_t * avc); + +/** + * Return the target context's role of an avc message. + * + * @param avc AVC message to check. + * + * @return Target role, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_target_role(const seaudit_avc_message_t * avc); + +/** + * Return the target context's type of an avc message. + * + * @param avc AVC message to check. + * + * @return Target type, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_target_type(const seaudit_avc_message_t * avc); + +/** + * Return the target context's mls level of an avc message. + * + * @param avc AVC message to check. + * + * @return Target type, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_target_mls_lvl(const seaudit_avc_message_t * avc); + +/** + * Return the target context's mls clearance of an avc message. + * + * @param avc AVC message to check. + * + * @return Target type, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_target_mls_clr(const seaudit_avc_message_t * avc); + +/** + * Return the object class from an avc message. + * + * @param avc AVC message to check. + * + * @return Object class, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_object_class(const seaudit_avc_message_t * avc); + +/** + * Return a vector of permissions (type char *) from an avc message. + * + * @param avc AVC message to check. + * + * @return Vector of permission strings, or NULL upon error or if + * unknown. Do not modify the vector in any way. + */ + extern const apol_vector_t *seaudit_avc_message_get_perm(const seaudit_avc_message_t * avc); + +/** + * Return the executable and path from an avc message. + * + * @param avc AVC message to check. + * + * @return Executable string, or NULL upon error or if unknown. Do + * not free() this string. + */ + extern const char *seaudit_avc_message_get_exe(const seaudit_avc_message_t * avc); + +/** + * Return the command from an avc message. + * + * @param avc AVC message to check. + * + * @return Command, or NULL upon error or if unknown. Do not free() + * this string. + */ + extern const char *seaudit_avc_message_get_comm(const seaudit_avc_message_t * avc); + +/** + * Return the name from an avc message. + * + * @param avc AVC message to check. + * + * @return Name, or NULL upon error or if unknown. Do not free() this + * string. + */ + extern const char *seaudit_avc_message_get_name(const seaudit_avc_message_t * avc); + +/** + * Return the process ID from an avc message. + * + * @param avc AVC message to check. + * + * @return Process's PID, or 0 upon error or if unknown. + */ + extern unsigned int seaudit_avc_message_get_pid(const seaudit_avc_message_t * avc); + +/** + * Return the inode from an avc message. + * + * @param avc AVC message to check. + * + * @return Process's PID, or 0 upon error or if unknown. + */ + extern unsigned long seaudit_avc_message_get_inode(const seaudit_avc_message_t * avc); + +/** + * Return the path of the object from an avc message. + * + * @param avc AVC message to check. + * + * @return Object's path, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_path(const seaudit_avc_message_t * avc); + +/** + * Return the device for the object from an avc message. + * + * @param avc AVC message to check. + * + * @return Object's device, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_dev(const seaudit_avc_message_t * avc); + +/** + * Return the network interface for the object from an avc message. + * + * @param avc AVC message to check. + * + * @return Network interface, or NULL upon error or if unknown. Do + * not free() this string. + */ + extern const char *seaudit_avc_message_get_netif(const seaudit_avc_message_t * avc); + +/** + * Return the port number from an avc message. + * + * @param avc AVC message to check. + * + * @return Port, or 0 upon error or if unknown. + */ + extern int seaudit_avc_message_get_port(const seaudit_avc_message_t * avc); + +/** + * Return the local address from an avc message. + * + * @param avc AVC message to check. + * + * @return Local address, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_laddr(const seaudit_avc_message_t * avc); + +/** + * Return the local port from an avc message. + * + * @param avc AVC message to check. + * + * @return Local port, or 0 upon error or if unknown. + */ + extern int seaudit_avc_message_get_lport(const seaudit_avc_message_t * avc); + +/** + * Return the foreign address from an avc message. + * + * @param avc AVC message to check. + * + * @return Foreign address, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_faddr(const seaudit_avc_message_t * avc); + +/** + * Return the foreign port from an avc message. + * + * @param avc AVC message to check. + * + * @return Foreign port, or 0 upon error or if unknown. + */ + extern int seaudit_avc_message_get_fport(const seaudit_avc_message_t * avc); + +/** + * Return the source address from an avc message. + * + * @param avc AVC message to check. + * + * @return Source address, or NULL upon error or if unknown. Do not + * free() this string. + */ + extern const char *seaudit_avc_message_get_saddr(const seaudit_avc_message_t * avc); + +/** + * Return the source port from an avc message. + * + * @param avc AVC message to check. + * + * @return Source port, or 0 upon error or if unknown. + */ + extern int seaudit_avc_message_get_sport(const seaudit_avc_message_t * avc); + +/** + * Return the destination address from an avc message. + * + * @param avc AVC message to check. + * + * @return Destination address, or NULL upon error or if unknown. Do + * not free() this string. + */ + extern const char *seaudit_avc_message_get_daddr(const seaudit_avc_message_t * avc); + +/** + * Return the destination port from an avc message. + * + * @param avc AVC message to check. + * + * @return Destination port, or 0 upon error or if unknown. + */ + extern int seaudit_avc_message_get_dport(const seaudit_avc_message_t * avc); + +/** + * Return the IPC key from an avc message. + * + * @param avc AVC message to check. + * + * @return Key, or -1 upon error or if unknown. + */ + extern int seaudit_avc_message_get_key(const seaudit_avc_message_t * avc); + +/** + * Return the process capability from an avc message. + * + * @param avc AVC message to check. + * + * @return Capability, or -1 upon error or if unknown. + */ + extern int seaudit_avc_message_get_cap(const seaudit_avc_message_t * avc); + +#ifdef __cplusplus +} +#endif + +#endif |