valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8c0c403796
osquery-1/osquery/events/linux/selinux_events.h
George Guliashvili 971bee4441 Move build system to BUCK 
fbshipit-source-id: 8ffef5e6a393ac67ce56dcb74845402e43d964a0
2018-12-07 16:12:35 +00:00

71 lines
2.1 KiB
C++
Raw Blame History

/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under both the Apache 2.0 license (found in the
* LICENSE file in the root directory of this source tree) and the GPLv2 (found
* in the COPYING file in the root directory of this source tree).
* You may select, at your option, one of the above-listed licenses.
*/
#pragma once
#include <linux/audit.h>
#include <set>
#include <map>
// This map must contain exactly the same elements that
// SELinuxEventSubscriber::GetEventSet() returns!
// clang-format off
const std::map<int, std::string> kSELinuxRecordLabels = {
{AUDIT_USER_AVC, "USER_AVC"},
{AUDIT_AVC, "AVC"},
{AUDIT_SELINUX_ERR, "SELINUX_ERR"},
{AUDIT_AVC_PATH, "AVC_PATH"},
{AUDIT_MAC_POLICY_LOAD, "MAC_POLICY_LOAD"},
{AUDIT_MAC_STATUS, "MAC_STATUS"},
{AUDIT_MAC_CONFIG_CHANGE, "MAC_CONFIG_CHANGE"},
{AUDIT_MAC_UNLBL_ALLOW, "MAC_UNLBL_ALLOW"},
{AUDIT_MAC_CIPSOV4_ADD, "MAC_CIPSOV4_ADD"},
{AUDIT_MAC_CIPSOV4_DEL, "MAC_CIPSOV4_DEL"},
{AUDIT_MAC_MAP_ADD, "MAC_MAP_ADD"},
{AUDIT_MAC_MAP_DEL, "MAC_MAP_DEL"},
{AUDIT_MAC_IPSEC_ADDSA, "MAC_IPSEC_ADDSA"},
{AUDIT_MAC_IPSEC_DELSA, "MAC_IPSEC_DELSA"},
{AUDIT_MAC_IPSEC_ADDSPD, "MAC_IPSEC_ADDSPD"},
{AUDIT_MAC_IPSEC_DELSPD, "MAC_IPSEC_DELSPD"},
{AUDIT_MAC_IPSEC_EVENT, "MAC_IPSEC_EVENT"},
{AUDIT_MAC_UNLBL_STCADD, "MAC_UNLBL_STCADD"},
{AUDIT_MAC_UNLBL_STCDEL, "MAC_UNLBL_STCDEL"}
};
// clang-format on
// Documented events that could not be found in the headers:
// - USER_SELINUX_ERR
// - USER_MAC_POLICY_LOAD
// - USER_ROLE_CHANGE
// - USER_LABEL_EXPORT
const std::set<int> kSELinuxEventList = {
// This is outside the documented numeric range (1400-1499)
AUDIT_USER_AVC,
AUDIT_AVC,
AUDIT_SELINUX_ERR,
AUDIT_AVC_PATH,
AUDIT_MAC_POLICY_LOAD,
AUDIT_MAC_STATUS,
AUDIT_MAC_CONFIG_CHANGE,
AUDIT_MAC_UNLBL_ALLOW,
AUDIT_MAC_CIPSOV4_ADD,
AUDIT_MAC_CIPSOV4_DEL,
AUDIT_MAC_MAP_ADD,
AUDIT_MAC_MAP_DEL,
AUDIT_MAC_IPSEC_ADDSA,
AUDIT_MAC_IPSEC_DELSA,
AUDIT_MAC_IPSEC_ADDSPD,
AUDIT_MAC_IPSEC_DELSPD,
AUDIT_MAC_IPSEC_EVENT,
AUDIT_MAC_UNLBL_STCADD,
AUDIT_MAC_UNLBL_STCDEL};
Reference in New Issue View Git Blame Copy Permalink