master
1/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2#ifndef _LINUX_FANOTIFY_H
3#define _LINUX_FANOTIFY_H
4
5#include <linux/types.h>
6
7/* the following events that user-space can register for */
8#define FAN_ACCESS 0x00000001 /* File was accessed */
9#define FAN_MODIFY 0x00000002 /* File was modified */
10#define FAN_ATTRIB 0x00000004 /* Metadata changed */
11#define FAN_CLOSE_WRITE 0x00000008 /* Writable file closed */
12#define FAN_CLOSE_NOWRITE 0x00000010 /* Unwritable file closed */
13#define FAN_OPEN 0x00000020 /* File was opened */
14#define FAN_MOVED_FROM 0x00000040 /* File was moved from X */
15#define FAN_MOVED_TO 0x00000080 /* File was moved to Y */
16#define FAN_CREATE 0x00000100 /* Subfile was created */
17#define FAN_DELETE 0x00000200 /* Subfile was deleted */
18#define FAN_DELETE_SELF 0x00000400 /* Self was deleted */
19#define FAN_MOVE_SELF 0x00000800 /* Self was moved */
20#define FAN_OPEN_EXEC 0x00001000 /* File was opened for exec */
21
22#define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */
23#define FAN_FS_ERROR 0x00008000 /* Filesystem error */
24
25#define FAN_OPEN_PERM 0x00010000 /* File open in perm check */
26#define FAN_ACCESS_PERM 0x00020000 /* File accessed in perm check */
27#define FAN_OPEN_EXEC_PERM 0x00040000 /* File open/exec in perm check */
28/* #define FAN_DIR_MODIFY 0x00080000 */ /* Deprecated (reserved) */
29
30#define FAN_PRE_ACCESS 0x00100000 /* Pre-content access hook */
31#define FAN_MNT_ATTACH 0x01000000 /* Mount was attached */
32#define FAN_MNT_DETACH 0x02000000 /* Mount was detached */
33
34#define FAN_EVENT_ON_CHILD 0x08000000 /* Interested in child events */
35
36#define FAN_RENAME 0x10000000 /* File was renamed */
37
38#define FAN_ONDIR 0x40000000 /* Event occurred against dir */
39
40/* helper events */
41#define FAN_CLOSE (FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE) /* close */
42#define FAN_MOVE (FAN_MOVED_FROM | FAN_MOVED_TO) /* moves */
43
44/* flags used for fanotify_init() */
45#define FAN_CLOEXEC 0x00000001
46#define FAN_NONBLOCK 0x00000002
47
48/* These are NOT bitwise flags. Both bits are used together. */
49#define FAN_CLASS_NOTIF 0x00000000
50#define FAN_CLASS_CONTENT 0x00000004
51#define FAN_CLASS_PRE_CONTENT 0x00000008
52
53/* Deprecated - do not use this in programs and do not add new flags here! */
54#define FAN_ALL_CLASS_BITS (FAN_CLASS_NOTIF | FAN_CLASS_CONTENT | \
55 FAN_CLASS_PRE_CONTENT)
56
57#define FAN_UNLIMITED_QUEUE 0x00000010
58#define FAN_UNLIMITED_MARKS 0x00000020
59#define FAN_ENABLE_AUDIT 0x00000040
60
61/* Flags to determine fanotify event format */
62#define FAN_REPORT_PIDFD 0x00000080 /* Report pidfd for event->pid */
63#define FAN_REPORT_TID 0x00000100 /* event->pid is thread id */
64#define FAN_REPORT_FID 0x00000200 /* Report unique file id */
65#define FAN_REPORT_DIR_FID 0x00000400 /* Report unique directory id */
66#define FAN_REPORT_NAME 0x00000800 /* Report events with name */
67#define FAN_REPORT_TARGET_FID 0x00001000 /* Report dirent target id */
68#define FAN_REPORT_FD_ERROR 0x00002000 /* event->fd can report error */
69#define FAN_REPORT_MNT 0x00004000 /* Report mount events */
70
71/* Convenience macro - FAN_REPORT_NAME requires FAN_REPORT_DIR_FID */
72#define FAN_REPORT_DFID_NAME (FAN_REPORT_DIR_FID | FAN_REPORT_NAME)
73/* Convenience macro - FAN_REPORT_TARGET_FID requires all other FID flags */
74#define FAN_REPORT_DFID_NAME_TARGET (FAN_REPORT_DFID_NAME | \
75 FAN_REPORT_FID | FAN_REPORT_TARGET_FID)
76
77/* Deprecated - do not use this in programs and do not add new flags here! */
78#define FAN_ALL_INIT_FLAGS (FAN_CLOEXEC | FAN_NONBLOCK | \
79 FAN_ALL_CLASS_BITS | FAN_UNLIMITED_QUEUE |\
80 FAN_UNLIMITED_MARKS)
81
82/* flags used for fanotify_modify_mark() */
83#define FAN_MARK_ADD 0x00000001
84#define FAN_MARK_REMOVE 0x00000002
85#define FAN_MARK_DONT_FOLLOW 0x00000004
86#define FAN_MARK_ONLYDIR 0x00000008
87/* FAN_MARK_MOUNT is 0x00000010 */
88#define FAN_MARK_IGNORED_MASK 0x00000020
89#define FAN_MARK_IGNORED_SURV_MODIFY 0x00000040
90#define FAN_MARK_FLUSH 0x00000080
91/* FAN_MARK_FILESYSTEM is 0x00000100 */
92#define FAN_MARK_EVICTABLE 0x00000200
93/* This bit is mutually exclusive with FAN_MARK_IGNORED_MASK bit */
94#define FAN_MARK_IGNORE 0x00000400
95
96/* These are NOT bitwise flags. Both bits can be used togther. */
97#define FAN_MARK_INODE 0x00000000
98#define FAN_MARK_MOUNT 0x00000010
99#define FAN_MARK_FILESYSTEM 0x00000100
100#define FAN_MARK_MNTNS 0x00000110
101
102/*
103 * Convenience macro - FAN_MARK_IGNORE requires FAN_MARK_IGNORED_SURV_MODIFY
104 * for non-inode mark types.
105 */
106#define FAN_MARK_IGNORE_SURV (FAN_MARK_IGNORE | FAN_MARK_IGNORED_SURV_MODIFY)
107
108/* Deprecated - do not use this in programs and do not add new flags here! */
109#define FAN_ALL_MARK_FLAGS (FAN_MARK_ADD |\
110 FAN_MARK_REMOVE |\
111 FAN_MARK_DONT_FOLLOW |\
112 FAN_MARK_ONLYDIR |\
113 FAN_MARK_MOUNT |\
114 FAN_MARK_IGNORED_MASK |\
115 FAN_MARK_IGNORED_SURV_MODIFY |\
116 FAN_MARK_FLUSH)
117
118/* Deprecated - do not use this in programs and do not add new flags here! */
119#define FAN_ALL_EVENTS (FAN_ACCESS |\
120 FAN_MODIFY |\
121 FAN_CLOSE |\
122 FAN_OPEN)
123
124/*
125 * All events which require a permission response from userspace
126 */
127/* Deprecated - do not use this in programs and do not add new flags here! */
128#define FAN_ALL_PERM_EVENTS (FAN_OPEN_PERM |\
129 FAN_ACCESS_PERM)
130
131/* Deprecated - do not use this in programs and do not add new flags here! */
132#define FAN_ALL_OUTGOING_EVENTS (FAN_ALL_EVENTS |\
133 FAN_ALL_PERM_EVENTS |\
134 FAN_Q_OVERFLOW)
135
136#define FANOTIFY_METADATA_VERSION 3
137
138struct fanotify_event_metadata {
139 __u32 event_len;
140 __u8 vers;
141 __u8 reserved;
142 __u16 metadata_len;
143 __aligned_u64 mask;
144 __s32 fd;
145 __s32 pid;
146};
147
148#define FAN_EVENT_INFO_TYPE_FID 1
149#define FAN_EVENT_INFO_TYPE_DFID_NAME 2
150#define FAN_EVENT_INFO_TYPE_DFID 3
151#define FAN_EVENT_INFO_TYPE_PIDFD 4
152#define FAN_EVENT_INFO_TYPE_ERROR 5
153#define FAN_EVENT_INFO_TYPE_RANGE 6
154#define FAN_EVENT_INFO_TYPE_MNT 7
155
156/* Special info types for FAN_RENAME */
157#define FAN_EVENT_INFO_TYPE_OLD_DFID_NAME 10
158/* Reserved for FAN_EVENT_INFO_TYPE_OLD_DFID 11 */
159#define FAN_EVENT_INFO_TYPE_NEW_DFID_NAME 12
160/* Reserved for FAN_EVENT_INFO_TYPE_NEW_DFID 13 */
161
162/* Variable length info record following event metadata */
163struct fanotify_event_info_header {
164 __u8 info_type;
165 __u8 pad;
166 __u16 len;
167};
168
169/*
170 * Unique file identifier info record.
171 * This structure is used for records of types FAN_EVENT_INFO_TYPE_FID,
172 * FAN_EVENT_INFO_TYPE_DFID and FAN_EVENT_INFO_TYPE_DFID_NAME.
173 * For FAN_EVENT_INFO_TYPE_DFID_NAME there is additionally a null terminated
174 * name immediately after the file handle.
175 */
176struct fanotify_event_info_fid {
177 struct fanotify_event_info_header hdr;
178 __kernel_fsid_t fsid;
179 /*
180 * Following is an opaque struct file_handle that can be passed as
181 * an argument to open_by_handle_at(2).
182 */
183 unsigned char handle[];
184};
185
186/*
187 * This structure is used for info records of type FAN_EVENT_INFO_TYPE_PIDFD.
188 * It holds a pidfd for the pid that was responsible for generating an event.
189 */
190struct fanotify_event_info_pidfd {
191 struct fanotify_event_info_header hdr;
192 __s32 pidfd;
193};
194
195struct fanotify_event_info_error {
196 struct fanotify_event_info_header hdr;
197 __s32 error;
198 __u32 error_count;
199};
200
201struct fanotify_event_info_range {
202 struct fanotify_event_info_header hdr;
203 __u32 pad;
204 __u64 offset;
205 __u64 count;
206};
207
208struct fanotify_event_info_mnt {
209 struct fanotify_event_info_header hdr;
210 __u64 mnt_id;
211};
212
213/*
214 * User space may need to record additional information about its decision.
215 * The extra information type records what kind of information is included.
216 * The default is none. We also define an extra information buffer whose
217 * size is determined by the extra information type.
218 *
219 * If the information type is Audit Rule, then the information following
220 * is the rule number that triggered the user space decision that
221 * requires auditing.
222 */
223
224#define FAN_RESPONSE_INFO_NONE 0
225#define FAN_RESPONSE_INFO_AUDIT_RULE 1
226
227struct fanotify_response {
228 __s32 fd;
229 __u32 response;
230};
231
232struct fanotify_response_info_header {
233 __u8 type;
234 __u8 pad;
235 __u16 len;
236};
237
238struct fanotify_response_info_audit_rule {
239 struct fanotify_response_info_header hdr;
240 __u32 rule_number;
241 __u32 subj_trust;
242 __u32 obj_trust;
243};
244
245/* Legit userspace responses to a _PERM event */
246#define FAN_ALLOW 0x01
247#define FAN_DENY 0x02
248/* errno other than EPERM can specified in upper byte of deny response */
249#define FAN_ERRNO_BITS 8
250#define FAN_ERRNO_SHIFT (32 - FAN_ERRNO_BITS)
251#define FAN_ERRNO_MASK ((1 << FAN_ERRNO_BITS) - 1)
252#define FAN_DENY_ERRNO(err) \
253 (FAN_DENY | ((((__u32)(err)) & FAN_ERRNO_MASK) << FAN_ERRNO_SHIFT))
254
255#define FAN_AUDIT 0x10 /* Bitmask to create audit record for result */
256#define FAN_INFO 0x20 /* Bitmask to indicate additional information */
257
258/* No fd set in event */
259#define FAN_NOFD -1
260#define FAN_NOPIDFD FAN_NOFD
261#define FAN_EPIDFD -2
262
263/* Helper functions to deal with fanotify_event_metadata buffers */
264#define FAN_EVENT_METADATA_LEN (sizeof(struct fanotify_event_metadata))
265
266#define FAN_EVENT_NEXT(meta, len) ((len) -= (meta)->event_len, \
267 (struct fanotify_event_metadata*)(((char *)(meta)) + \
268 (meta)->event_len))
269
270#define FAN_EVENT_OK(meta, len) ((long)(len) >= (long)FAN_EVENT_METADATA_LEN && \
271 (long)(meta)->event_len >= (long)FAN_EVENT_METADATA_LEN && \
272 (long)(meta)->event_len <= (long)(len))
273
274#endif /* _LINUX_FANOTIFY_H */