blob: 9865d4304f1beafa4675a25aabd4b23d2f962d90 [file] [log] [blame]
/*
* Copyright 2012, Samsung Telecommunications of America
* Copyright (C) 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Written by William Roberts <w.roberts@sta.samsung.com>
*/
#ifndef _LIBAUDIT_H_
#define _LIBAUDIT_H_
#include <stdint.h>
#include <sys/cdefs.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/netlink.h>
#include <linux/audit.h>
__BEGIN_DECLS
#define MAX_AUDIT_MESSAGE_LENGTH 8970
typedef enum {
GET_REPLY_BLOCKING = 0,
GET_REPLY_NONBLOCKING
} reply_t;
/* type == AUDIT_SIGNAL_INFO */
struct audit_sig_info {
uid_t uid;
pid_t pid;
char ctx[0];
};
struct audit_message {
struct nlmsghdr nlh;
char data[MAX_AUDIT_MESSAGE_LENGTH];
};
/**
* Opens a connection to the Audit netlink socket
* @return
* A valid fd on success or < 0 on error with errno set.
* Returns the same errors as man 2 socket.
*/
extern int audit_open(void);
/**
* Closes the fd returned from audit_open()
* @param fd
* The fd to close
*/
extern void audit_close(int fd);
/**
*
* @param fd
* The fd returned by a call to audit_open()
* @param rep
* The response struct to store the response in.
* @param block
* Whether or not to block on IO
* @param peek
* Whether or not we are to remove the message from
* the queue when we do a read on the netlink socket.
* @return
* This function returns 0 on success, else -errno.
*/
extern int audit_get_reply(int fd, struct audit_message *rep, reply_t block,
int peek);
/**
* Sets a pid to receive audit netlink events from the kernel
* @param fd
* The fd returned by a call to audit_open()
* @param pid
* The pid whom to set as the receiver of audit messages
* @return
* This function returns 0 on success, -errno on error.
*/
extern int audit_setup(int fd, pid_t pid);
/**
* Sets the rate limit to receive audit netlink events from the kernel
* @param fd
* The fd returned by a call to audit_open()
* @param max_rate
* The cap of the maximum number of audit messages a second
* @return
* This function returns 0 on success, -errno on error.
*/
/* Guidelines to follow for dynamic rate_limit */
#define AUDIT_RATE_LIMIT_DEFAULT 20 /* acceptable burst rate */
#define AUDIT_RATE_LIMIT_BURST_DURATION 10 /* number of seconds of burst */
#define AUDIT_RATE_LIMIT_MAX 5 /* acceptable sustained rate */
extern int audit_rate_limit(int fd, unsigned rate_limit);
__END_DECLS
#endif