github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/socket_netlink_audit.txt (about) 1 # Copyright 2020 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 include <linux/net.h> 5 include <uapi/linux/netlink.h> 6 include <uapi/linux/audit.h> 7 8 resource sock_nl_audit[sock_netlink] 9 10 socket$nl_audit(domain const[AF_NETLINK], type const[SOCK_RAW], proto const[NETLINK_AUDIT]) sock_nl_audit 11 12 type nl_audit_msg[CMD, DATA] ptr[in, msghdr_netlink[netlink_msg[CMD, DATA, void]]] 13 14 sendmsg$AUDIT_GET(fd sock_nl_audit, msg nl_audit_msg[AUDIT_GET, void], f flags[send_flags]) 15 sendmsg$AUDIT_SET(fd sock_nl_audit, msg nl_audit_msg[AUDIT_SET, audit_status], f flags[send_flags]) 16 sendmsg$AUDIT_USER(fd sock_nl_audit, msg nl_audit_msg[AUDIT_USER, array[int8]], f flags[send_flags]) 17 sendmsg$AUDIT_USER_AVC(fd sock_nl_audit, msg nl_audit_msg[AUDIT_USER_AVC, array[int8]], f flags[send_flags]) 18 sendmsg$AUDIT_USER_TTY(fd sock_nl_audit, msg nl_audit_msg[AUDIT_USER_TTY, array[int8]], f flags[send_flags]) 19 sendmsg$AUDIT_SET_FEATURE(fd sock_nl_audit, msg nl_audit_msg[AUDIT_SET_FEATURE, audit_features], f flags[send_flags]) 20 sendmsg$AUDIT_GET_FEATURE(fd sock_nl_audit, msg nl_audit_msg[AUDIT_GET_FEATURE, void], f flags[send_flags]) 21 sendmsg$AUDIT_ADD_RULE(fd sock_nl_audit, msg nl_audit_msg[AUDIT_ADD_RULE, audit_rule_data], f flags[send_flags]) 22 sendmsg$AUDIT_DEL_RULE(fd sock_nl_audit, msg nl_audit_msg[AUDIT_DEL_RULE, audit_rule_data], f flags[send_flags]) 23 sendmsg$AUDIT_LIST_RULES(fd sock_nl_audit, msg nl_audit_msg[AUDIT_LIST_RULES, void], f flags[send_flags]) 24 sendmsg$AUDIT_TRIM(fd sock_nl_audit, msg nl_audit_msg[AUDIT_TRIM, void], f flags[send_flags]) 25 sendmsg$AUDIT_MAKE_EQUIV(fd sock_nl_audit, msg nl_audit_msg[AUDIT_MAKE_EQUIV, audit_make_equiv], f flags[send_flags]) 26 sendmsg$AUDIT_SIGNAL_INFO(fd sock_nl_audit, msg nl_audit_msg[AUDIT_SIGNAL_INFO, void], f flags[send_flags]) 27 sendmsg$AUDIT_TTY_GET(fd sock_nl_audit, msg nl_audit_msg[AUDIT_TTY_GET, void], f flags[send_flags]) 28 sendmsg$AUDIT_TTY_SET(fd sock_nl_audit, msg nl_audit_msg[AUDIT_TTY_SET, audit_tty_status], f flags[send_flags]) 29 30 audit_status { 31 mask flags[audit_status_mask, int32] 32 enabled bool32 33 failure flags[audit_fail_action, int32] 34 pid pid 35 rate_limit int32 36 backlog_limit int32 37 lost int32 38 backlog int32 39 feature_bitmap const[0, int32] 40 backlog_wait_time int32 41 backlog_wait_time_actual int32 42 } 43 44 audit_status_mask = AUDIT_STATUS_ENABLED, AUDIT_STATUS_FAILURE, AUDIT_STATUS_PID, AUDIT_STATUS_RATE_LIMIT, AUDIT_STATUS_BACKLOG_LIMIT, AUDIT_STATUS_BACKLOG_WAIT_TIME, AUDIT_STATUS_LOST 45 audit_fail_action = AUDIT_FAIL_SILENT, AUDIT_FAIL_PRINTK, AUDIT_FAIL_PANIC 46 47 audit_features { 48 vers const[AUDIT_FEATURE_VERSION, int32] 49 mask flags[audit_features, int32] 50 features flags[audit_features, int32] 51 lock flags[audit_features, int32] 52 } 53 54 audit_features = AUDIT_FEATURE_ONLY_UNSET_LOGINUID, AUDIT_FEATURE_LOGINUID_IMMUTABLE 55 56 audit_rule_data { 57 flags flags[audit_rule_flags, int32] 58 action flags[audit_rule_action, int32] 59 field_count int32[0:AUDIT_MAX_FIELDS] 60 mask array[int32, AUDIT_BITMASK_SIZE] 61 fields array[int32, AUDIT_MAX_FIELDS] 62 values array[int32, AUDIT_MAX_FIELDS] 63 fieldflags array[int32, AUDIT_MAX_FIELDS] 64 buflen bytesize[buf, int32] 65 buf array[string] 66 } 67 68 audit_rule_flags = AUDIT_FILTER_USER, AUDIT_FILTER_TASK, AUDIT_FILTER_ENTRY, AUDIT_FILTER_WATCH, AUDIT_FILTER_EXIT, AUDIT_FILTER_EXCLUDE, AUDIT_FILTER_FS, AUDIT_FILTER_PREPEND 69 audit_rule_action = AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS 70 71 audit_make_equiv { 72 oldlen bytesize[old, int32] 73 newlen bytesize[new, int32] 74 old stringnoz[filename] 75 new stringnoz[filename] 76 } [packed] 77 78 audit_tty_status { 79 enabled bool32 80 log_passwd bool32 81 }