mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/libraries/libapparmor/include/aalogparse.h
Ryan Lee 79670745d6 Remove remnants of comments regarding old apparmor log format 
The entry AA_RECORD_SYNTAX_V1 is only there for API compatibility reasons.
If we wanted to remove it, we could just renumber the other two entries
to preserve ABI compatibility. However, it seems easier to just delete the
entry if we ever break backcompat with a libapparmor2.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-09-10 11:33:24 -07:00

127 lines
3.3 KiB
C
Raw Blame History

/*
* Copyright (c) 1999-2008 NOVELL (All rights reserved)
* Copyright 2009-2010 Canonical Ltd.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2.1 of the GNU Lesser General
* Public License published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __LIBAALOGPARSE_H_
#define __LIBAALOGPARSE_H_
#define AA_RECORD_EXEC_MMAP 1
#define AA_RECORD_READ 2
#define AA_RECORD_WRITE 4
#define AA_RECORD_EXEC 8
#define AA_RECORD_LINK 16
/**
* Enum representing which syntax version the log entry used.
* Support for V1 parsing was completely removed in 2011 and that enum entry
* is only still there for API compatibility reasons.
*/
typedef enum
{
AA_RECORD_SYNTAX_V1,
AA_RECORD_SYNTAX_V2,
AA_RECORD_SYNTAX_UNKNOWN
} aa_record_syntax_version;
typedef enum
{
AA_RECORD_INVALID, /* Default event type */
AA_RECORD_ERROR, /* Internal AA error */
AA_RECORD_AUDIT, /* Audited event */
AA_RECORD_ALLOWED, /* Complain mode event */
AA_RECORD_DENIED, /* Denied access event */
AA_RECORD_HINT, /* Process tracking info */
AA_RECORD_STATUS /* Configuration change */
} aa_record_event_type;
typedef struct
{
aa_record_syntax_version version;
aa_record_event_type event; /* Event type */
unsigned long pid; /* PID of the program logging the message */
unsigned long peer_pid;
unsigned long task;
unsigned long magic_token;
long epoch; /* example: 12345679 */
unsigned int audit_sub_id; /* example: 12 */
int bitmask; /* Bitmask containing "r" "w" "x" etc */
char *audit_id; /* example: 12345679.1234:12 */
char *operation; /* "Exec" "Ptrace", etc. */
char *denied_mask; /* "r", "w", etc. */
char *requested_mask;
unsigned long fsuid; /* fsuid of task - if logged */
unsigned long ouid; /* ouid of task - if logged */
char *profile; /* The name of the profile */
char *peer_profile;
char *comm; /* Command that triggered msg */
char *name;
char *name2;
char *namespace;
char *attribute;
unsigned long parent;
char *info;
char *peer_info;
int error_code; /* error_code returned if logged */
char *active_hat;
char *net_family;
char *net_protocol;
char *net_sock_type;
char *net_local_addr;
unsigned long net_local_port;
char *net_foreign_addr;
unsigned long net_foreign_port;
char *execpath;
char *dbus_bus;
char *dbus_path;
char *dbus_interface;
char *dbus_member;
char *signal; /* signal name */
char *peer;
/* mount et al specific bits */
char *fs_type;
char *flags;
char *src_name;
char *class;
char *net_addr;
char *peer_addr;
} aa_log_record;
/**
* Parses a single log record string and returns a pointer to the parsed
* data. It is the calling program's responsibility to free that struct
* with free_record();
* @param[in] Record to parse.
* @return Parsed data.
*/
aa_log_record *
parse_record(const char *str);
/**
* Frees all struct data.
* @param[in] Data to free.
*/
void
free_record(aa_log_record *record);
#endif
Reference in a new issue View git blame Copy permalink