/usr/include/seaudit/model.h is in libseaudit-dev 3.3.6.ds-7.2ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 | /**
* @file
*
* Public interface to a seaudit_model. This represents a subset of
* log messages from one or more seaudit_log, where the subset is
* defined by a finite set of seaudit_filter and sorted by some
* criterion or criteria.
*
* @author Jeremy A. Mowery jmowery@tresys.com
* @author Jason Tang jtang@tresys.com
*
* Copyright (C) 2004-2007 Tresys Technology, LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef SEAUDIT_MODEL_H
#define SEAUDIT_MODEL_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "filter.h"
#include "log.h"
#include "message.h"
#include "sort.h"
#include <stdlib.h>
typedef struct seaudit_model seaudit_model_t;
/**
* Create a seaudit_model based upon the messages from some particular
* seaudit_log. The model will be initialized with the default filter
* (i.e., accept all of the messages from the log).
*
* @param name Name for the model; the string will be duplicated. If
* NULL then the model will be assigned a non-unique default name.
* @param log Initial log for this model to watch. If NULL then do
* not watch any log files.
*
* @return An initialized model, or NULL upon error. The caller must
* call seaudit_model_destroy() afterwards.
*/
extern seaudit_model_t *seaudit_model_create(const char *name, seaudit_log_t * log);
/**
* Create a new seaudit_model object, initialized with the data from
* an existing model. This will do a deep copy of the original model.
* The new model will be watch the same logs that the original model
* was watching.
*
* @param model Model to clone.
*
* @return A cloned model, or NULL upon error. The caller must call
* seaudit_model_destroy() afterwards.
*/
extern seaudit_model_t *seaudit_model_create_from_model(const seaudit_model_t * model);
/**
* Create and return a model initialized from the contents of a XML
* configuration file. This will also load filters into the model.
* The model will not be associated with any logs; for that call
* seaudit_model_append_log().
*
* @param filename File containing model data.
*
* @return An initialized model, or NULL upon error. The caller must
* call seaudit_model_destroy() afterwards.
*
* @see seaudit_model_save_to_file()
*/
extern seaudit_model_t *seaudit_model_create_from_file(const char *filename);
/**
* Destroy the referenced seadit_model object.
*
* @param model Model to destroy. The pointer will be set to NULL
* afterwards. (If pointer is already NULL then do nothing.)
*/
extern void seaudit_model_destroy(seaudit_model_t ** model);
/**
* Save to disk, in XML format, the given model's values. This
* includes the filters contained within the model as well. Note that
* this does not save the messages within the model nor the associated
* logs.
*
* @param model Model to save.
* @param filename Name of the file to write. If the file already
* exists it will be overwritten.
*
* @return 0 on success, < 0 on error.
*
* @see seaudit_model_create_from_file()
*/
extern int seaudit_model_save_to_file(const seaudit_model_t * model, const char *filename);
/**
* Get the name of this model.
*
* @param model Model whose name to get.
*
* @return Name of the model, or NULL upon error. Do not modify this
* string.
*/
extern const char *seaudit_model_get_name(const seaudit_model_t * model);
/**
* Set the name of this model, overwriting any previous name.
*
* @param model Model whose name to set.
* @param name New name for the model; the string will be duplicated.
* If NULL then the model will be assigned a non-unique default name.
*
* @return 0 on success, < 0 on error.
*/
extern int seaudit_model_set_name(seaudit_model_t * model, const char *name);
/**
* Have the given model start watching the given log file, in addition
* to any other log files the model was watching.
*
* @param model Model to modify.
* @param log Additional log file to watch.
*
* @return 0 on success, < 0 on error.
*/
extern int seaudit_model_append_log(seaudit_model_t * model, seaudit_log_t * log);
/**
* Append a filter to a model. The next time the model's messages are
* retrieved only those messages that match this filter will be
* returned. Multiple filters may be applied to a model. Upon
* success, the model takes ownership of the filter.
*
* @param model Model to modify.
* @param filter Additional filter to be applied.
*
* @return 0 on success, < 0 on error.
*/
extern int seaudit_model_append_filter(seaudit_model_t * model, seaudit_filter_t * filter);
/**
* Get the list of filters for a model. Whenever a filter is modified
* the model will be recomputed. Note: to remove a filter from the
* model use seaudit_model_remove_filter().
*
* @param model Model containing filters.
*
* @return Vector of seaudit_filter objects, or NULL upon error. Note
* that the vector my be empty. Do not destroy or otherwise modify
* this vector. (It is safe to manipulate the elements within the
* vector.)
*/
extern const apol_vector_t *seaudit_model_get_filters(const seaudit_model_t * model);
/**
* Remove a filter from a model. The given parameter must match one
* of the filters stored within the model; call
* seaudit_model_get_filters() to get a list of the model's filters.
*
* @param model Model to modify.
* @param filter Filter to remove. Upon success the pointer becomes
* invalid.
*
* @return 0 on success, < 0 on error.
*/
extern int seaudit_model_remove_filter(seaudit_model_t * model, seaudit_filter_t * filter);
/**
* Set a model to accept a message if all filters are met (default
* behavior) or if any filter is met. Note that is independent from
* the setting given to seaudit_model_set_filter_visible().
*
* @param model Model to modify.
* @param match Matching behavior if model has multiple filters.
*
* @return 0 on success, < 0 on error.
*/
extern int seaudit_model_set_filter_match(seaudit_model_t * model, seaudit_filter_match_e match);
/**
* Get the current filter match value for a model.
*
* @param model Model containing filter match value.
*
* @return One of SEAUDIT_FILTER_MATCH_ALL or SEAUDIT_FILTER_MATCH_ANY.
*/
extern seaudit_filter_match_e seaudit_model_get_filter_match(const seaudit_model_t * model);
/**
* Set a model to either show (default behavior) or hide messages
* accepted by the filters. Note that is independent from the setting
* given to seaudit_model_set_filter_match().
*
* @param model Model to modify.
* @param visible Messages to show if model has any filters.
*
* @return 0 on success, < 0 on error.
*/
extern int seaudit_model_set_filter_visible(seaudit_model_t * model, seaudit_filter_visible_e visible);
/**
* Get the current filter visibility value for a model.
*
* @param model Model containing filter visibility value.
*
* @return One of SEAUDIT_FILTER_VISIBLE_SHOW or
* SEAUDIT_FILTER_VISIBLE_HIDE.
*/
extern seaudit_filter_visible_e seaudit_model_get_filter_visible(const seaudit_model_t * model);
/**
* Append a sort criterion to a model. The next time the model's
* messages are retrieved they will be sorted by this criterion. If
* the model already has sort criteria, they will have a higher
* priority than this new criterion. Upon success, the model takes
* ownership of the sort object
*
* @param model Model to modify.
* @param sort Additional sort criterion.
*
* @return 0 on success, < 0 on error.
*/
extern int seaudit_model_append_sort(seaudit_model_t * model, seaudit_sort_t * sort);
/**
* Remove all sort criteria from this model. The next time the
* model's messages are retrieved they will be in the same order as
* provided by the model's log(s).
*
* @param model Model to modify.
*
* @return 0 on success, < 0 on error.
*/
extern int seaudit_model_clear_sorts(seaudit_model_t * model);
/**
* Return a value indicating if this model has changed since the last
* time seaudit_model_get_messages() was called. Note that upon a
* non-zero return value, the vector returned by
* seaudit_model_get_messages() might contain the same messages. For
* example, the user could have removed all sorts but then re-inserted
* them in the same order.
*
* @param model Model to check.
*
* @return 0 if the model is unchanged, non-zero if it may have
* changed.
*/
extern int seaudit_model_is_changed(const seaudit_model_t * model);
/**
* Return a sorted list of messages associated with this model. This
* will cause the model to recalculate, as necessary, all messages
* according to its filters and then sort them.
*
* @param log Log to which report error messages.
* @param model Model containing messages.
*
* @return A newly allocated vector of seaudit_message_t, pre-filtered
* and pre-sorted, or NULL upon error. The caller is responsible for
* calling apol_vector_destroy() upon this value.
*/
extern apol_vector_t *seaudit_model_get_messages(const seaudit_log_t * log, seaudit_model_t * model);
/**
* Return a sorted list of malformed messages associated with this
* model. This is the union of all malformed messages from the
* model's logs. This will cause the model to recalculate, as
* necessary, all messages according to its filters.
*
* @param log Log to which report error messages.
* @param model Model containing malformed messages.
*
* @return A newly allocated vector of strings, or NULL upon error.
* Treat the contents of the vector as const char *. The caller is
* responsible for calling apol_vector_destroy() upon this value.
*/
extern apol_vector_t *seaudit_model_get_malformed_messages(const seaudit_log_t * log, seaudit_model_t * model);
/**
* Hide a message from a model such that the next time
* seaudit_model_get_messages() is called, the given message will not
* be returned within the vector.
*
* @param model Model containing message to hide.
* @param message Message to be marked hidden. If NULL, then do
* nothing. It is safe to make duplicate calls to this function with
* the same message.
*/
extern void seaudit_model_hide_message(seaudit_model_t * model, const seaudit_message_t * message);
/**
* Return the number of avc allow messages currently within the model.
* This will cause the model to recalculate, as necessary, all
* messages according to its filters.
*
* @param log Log to which report error messages.
* @param model Model to get statistics.
*
* @return Number of allow messages in the model. This could be zero.
*/
extern size_t seaudit_model_get_num_allows(const seaudit_log_t * log, seaudit_model_t * model);
/**
* Return the number of avc deny messages currently within the model.
* This will cause the model to recalculate, as necessary, all
* messages according to its filters.
*
* @param log Log to which report error messages.
* @param model Model to get statistics.
*
* @return Number of deny messages in the model. This could be zero.
*/
extern size_t seaudit_model_get_num_denies(const seaudit_log_t * log, seaudit_model_t * model);
/**
* Return the number of boolean change messages currently within the
* model. This will cause the model to recalculate, as necessary, all
* messages according to its filters.
*
* @param log Log to which report error messages.
* @param model Model to get statistics.
*
* @return Number of boolean messages in the model. This could be
* zero.
*/
extern size_t seaudit_model_get_num_bools(const seaudit_log_t * log, seaudit_model_t * model);
/**
* Return the number of load messages currently within the model.
* This will cause the model to recalculate, as necessary, all
* messages according to its filters.
*
* @param log Log to which report error messages.
* @param model Model to get statistics.
*
* @return Number of load messages in the model. This could be zero.
*/
extern size_t seaudit_model_get_num_loads(const seaudit_log_t * log, seaudit_model_t * model);
#ifdef __cplusplus
}
#endif
#endif
|