1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
/**
* @file
* Protected interface for seaudit filters.
*
* @author Jeremy A. Mowery jmowery@tresys.com
* @author Jason Tang jtang@tresys.com
* @author Jeremy Solt jsolt@tresys.com
*
* Copyright (C) 2006-2007 Tresys Technology, LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef SEAUDIT_FILTER_INTERNAL_H
#define SEAUDIT_FILTER_INTERNAL_H
#include "seaudit_internal.h"
struct seaudit_filter
{
seaudit_filter_match_e match;
char *name;
char *desc;
bool strict;
/** model that is watching this filter */
seaudit_model_t *model;
/** vector of strings, for source users */
apol_vector_t *src_users;
/** vector of strings, for source roles */
apol_vector_t *src_roles;
/** vector of strings, for source types */
apol_vector_t *src_types;
/** vector of strings, for source mls levels */
apol_vector_t *src_mls_lvl;
/** vector of strings, for source mls clearance */
apol_vector_t *src_mls_clr;
/** vector of strings, for target users */
apol_vector_t *tgt_users;
/** vector of strings, for target roles */
apol_vector_t *tgt_roles;
/** vector of strings, for target types */
apol_vector_t *tgt_types;
/** vector of strings, for target mls levels */
apol_vector_t *tgt_mls_lvl;
/** vector of strings, for target mls clearance */
apol_vector_t *tgt_mls_clr;
/** vector of strings, for target object classes */
apol_vector_t *tgt_classes;
/** criteria for permissions, glob expression */
char *perm;
/** criteria for executable, glob expression */
char *exe;
/** criteria for host, glob expression */
char *host;
/** criteria for path, glob expression */
char *path;
/** inode criterion, as a literal value */
unsigned long inode;
/** pid criterion, as a literal value */
unsigned int pid;
/** criterion for command, glob expression */
char *comm;
/** criterion for IP address, glob expression */
char *anyaddr;
/** criterion for local address, glob expression */
char *laddr;
/** criterion for foreign address, glob expression */
char *faddr;
/** criterion for source address, glob expression */
char *saddr;
/** criterion for destination address, glob expression */
char *daddr;
/** criterion for any of the ports, exact match */
int anyport;
/** criterion for local port, exact match */
int lport;
/** criterion for foreign port, exact match */
int fport;
/** criterion for source port, exact match */
int sport;
/** criterion for destination port, exact match */
int dport;
/** criterion for just plain port, exact match */
int port;
/** criterion for netif, exact match */
char *netif;
/** criterion for IPC key, exact match */
int key;
/** criterion for capability, exact match */
int cap;
/** criterion for AVC message type */
seaudit_avc_message_type_e avc_msg_type;
struct tm *start, *end;
seaudit_filter_date_match_e date_match;
};
#endif
|
