Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/* audit.h -- Auditing support
3 *
4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina.
5 * All Rights Reserved.
6 *
7 * Written by Rickard E. (Rik) Faith <faith@redhat.com>
8 */
9#ifndef _LINUX_AUDIT_H_
10#define _LINUX_AUDIT_H_
11
12#include <linux/sched.h>
13#include <linux/ptrace.h>
14#include <linux/audit_arch.h>
15#include <uapi/linux/audit.h>
16#include <uapi/linux/netfilter/nf_tables.h>
17#include <uapi/linux/fanotify.h>
18
19#define AUDIT_INO_UNSET ((unsigned long)-1)
20#define AUDIT_DEV_UNSET ((dev_t)-1)
21
22struct audit_sig_info {
23 uid_t uid;
24 pid_t pid;
25 char ctx[];
26};
27
28struct audit_buffer;
29struct audit_context;
30struct inode;
31struct netlink_skb_parms;
32struct path;
33struct linux_binprm;
34struct mq_attr;
35struct mqstat;
36struct audit_watch;
37struct audit_tree;
38struct sk_buff;
39struct kern_ipc_perm;
40struct lsm_id;
41struct lsm_prop;
42
43struct audit_krule {
44 u32 pflags;
45 u32 flags;
46 u32 listnr;
47 u32 action;
48 u32 mask[AUDIT_BITMASK_SIZE];
49 u32 buflen; /* for data alloc on list rules */
50 u32 field_count;
51 char *filterkey; /* ties events to rules */
52 struct audit_field *fields;
53 struct audit_field *arch_f; /* quick access to arch field */
54 struct audit_field *inode_f; /* quick access to an inode field */
55 struct audit_watch *watch; /* associated watch */
56 struct audit_tree *tree; /* associated watched tree */
57 struct audit_fsnotify_mark *exe;
58 struct list_head rlist; /* entry in audit_{watch,tree}.rules list */
59 struct list_head list; /* for AUDIT_LIST* purposes only */
60 u64 prio;
61};
62
63/* Flag to indicate legacy AUDIT_LOGINUID unset usage */
64#define AUDIT_LOGINUID_LEGACY 0x1
65
66struct audit_field {
67 u32 type;
68 union {
69 u32 val;
70 kuid_t uid;
71 kgid_t gid;
72 struct {
73 char *lsm_str;
74 void *lsm_rule;
75 };
76 };
77 u32 op;
78};
79
80enum audit_ntp_type {
81 AUDIT_NTP_OFFSET,
82 AUDIT_NTP_FREQ,
83 AUDIT_NTP_STATUS,
84 AUDIT_NTP_TAI,
85 AUDIT_NTP_TICK,
86 AUDIT_NTP_ADJUST,
87
88 AUDIT_NTP_NVALS /* count */
89};
90
91#ifdef CONFIG_AUDITSYSCALL
92struct audit_ntp_val {
93 long long oldval, newval;
94};
95
96struct audit_ntp_data {
97 struct audit_ntp_val vals[AUDIT_NTP_NVALS];
98};
99#else
100struct audit_ntp_data {};
101#endif
102
103enum audit_nfcfgop {
104 AUDIT_XT_OP_REGISTER,
105 AUDIT_XT_OP_REPLACE,
106 AUDIT_XT_OP_UNREGISTER,
107 AUDIT_NFT_OP_TABLE_REGISTER,
108 AUDIT_NFT_OP_TABLE_UNREGISTER,
109 AUDIT_NFT_OP_CHAIN_REGISTER,
110 AUDIT_NFT_OP_CHAIN_UNREGISTER,
111 AUDIT_NFT_OP_RULE_REGISTER,
112 AUDIT_NFT_OP_RULE_UNREGISTER,
113 AUDIT_NFT_OP_SET_REGISTER,
114 AUDIT_NFT_OP_SET_UNREGISTER,
115 AUDIT_NFT_OP_SETELEM_REGISTER,
116 AUDIT_NFT_OP_SETELEM_UNREGISTER,
117 AUDIT_NFT_OP_GEN_REGISTER,
118 AUDIT_NFT_OP_OBJ_REGISTER,
119 AUDIT_NFT_OP_OBJ_UNREGISTER,
120 AUDIT_NFT_OP_OBJ_RESET,
121 AUDIT_NFT_OP_FLOWTABLE_REGISTER,
122 AUDIT_NFT_OP_FLOWTABLE_UNREGISTER,
123 AUDIT_NFT_OP_SETELEM_RESET,
124 AUDIT_NFT_OP_RULE_RESET,
125 AUDIT_NFT_OP_INVALID,
126};
127
128extern int __init audit_register_class(int class, unsigned *list);
129extern int audit_classify_syscall(int abi, unsigned syscall);
130extern int audit_classify_arch(int arch);
131
132/* audit_names->type values */
133#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */
134#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */
135#define AUDIT_TYPE_PARENT 2 /* a parent audit record */
136#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */
137#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */
138
139/* maximized args number that audit_socketcall can process */
140#define AUDITSC_ARGS 6
141
142/* bit values for ->signal->audit_tty */
143#define AUDIT_TTY_ENABLE BIT(0)
144#define AUDIT_TTY_LOG_PASSWD BIT(1)
145
146/* bit values for audit_cfg_lsm */
147#define AUDIT_CFG_LSM_SECCTX_SUBJECT BIT(0)
148#define AUDIT_CFG_LSM_SECCTX_OBJECT BIT(1)
149
150struct filename;
151
152#define AUDIT_OFF 0
153#define AUDIT_ON 1
154#define AUDIT_LOCKED 2
155#ifdef CONFIG_AUDIT
156/* These are defined in audit.c */
157 /* Public API */
158extern __printf(4, 5)
159void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
160 const char *fmt, ...);
161
162extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
163extern __printf(2, 3)
164void audit_log_format(struct audit_buffer *ab, const char *fmt, ...);
165extern void audit_log_end(struct audit_buffer *ab);
166extern bool audit_string_contains_control(const char *string,
167 size_t len);
168extern void audit_log_n_hex(struct audit_buffer *ab,
169 const unsigned char *buf,
170 size_t len);
171extern void audit_log_n_string(struct audit_buffer *ab,
172 const char *buf,
173 size_t n);
174extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
175 const char *string,
176 size_t n);
177extern void audit_log_untrustedstring(struct audit_buffer *ab,
178 const char *string);
179extern void audit_log_d_path(struct audit_buffer *ab,
180 const char *prefix,
181 const struct path *path);
182extern void audit_log_key(struct audit_buffer *ab,
183 char *key);
184extern void audit_log_path_denied(int type,
185 const char *operation);
186extern void audit_log_lost(const char *message);
187
188extern int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *prop);
189extern int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *prop);
190extern int audit_log_task_context(struct audit_buffer *ab);
191extern void audit_log_task_info(struct audit_buffer *ab);
192extern int audit_log_nf_skb(struct audit_buffer *ab,
193 const struct sk_buff *skb, u8 nfproto);
194
195extern int audit_update_lsm_rules(void);
196
197 /* Private API (for audit.c only) */
198extern int audit_rule_change(int type, int seq, void *data, size_t datasz);
199extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);
200
201extern int audit_set_loginuid(kuid_t loginuid);
202
203static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
204{
205 return tsk->loginuid;
206}
207
208static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
209{
210 return tsk->sessionid;
211}
212
213extern u32 audit_enabled;
214
215extern int audit_signal_info(int sig, struct task_struct *t);
216
217extern void audit_cfg_lsm(const struct lsm_id *lsmid, int flags);
218
219#else /* CONFIG_AUDIT */
220static inline __printf(4, 5)
221void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
222 const char *fmt, ...)
223{ }
224static inline struct audit_buffer *audit_log_start(struct audit_context *ctx,
225 gfp_t gfp_mask, int type)
226{
227 return NULL;
228}
229static inline __printf(2, 3)
230void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
231{ }
232static inline void audit_log_end(struct audit_buffer *ab)
233{ }
234static inline void audit_log_n_hex(struct audit_buffer *ab,
235 const unsigned char *buf, size_t len)
236{ }
237static inline void audit_log_n_string(struct audit_buffer *ab,
238 const char *buf, size_t n)
239{ }
240static inline void audit_log_n_untrustedstring(struct audit_buffer *ab,
241 const char *string, size_t n)
242{ }
243static inline void audit_log_untrustedstring(struct audit_buffer *ab,
244 const char *string)
245{ }
246static inline void audit_log_d_path(struct audit_buffer *ab,
247 const char *prefix,
248 const struct path *path)
249{ }
250static inline void audit_log_key(struct audit_buffer *ab, char *key)
251{ }
252static inline void audit_log_path_denied(int type, const char *operation)
253{ }
254static inline int audit_log_subj_ctx(struct audit_buffer *ab,
255 struct lsm_prop *prop)
256{
257 return 0;
258}
259static inline int audit_log_obj_ctx(struct audit_buffer *ab,
260 struct lsm_prop *prop)
261{
262 return 0;
263}
264static inline int audit_log_task_context(struct audit_buffer *ab)
265{
266 return 0;
267}
268static inline void audit_log_task_info(struct audit_buffer *ab)
269{ }
270
271static inline int audit_log_nf_skb(struct audit_buffer *ab,
272 const struct sk_buff *skb, u8 nfproto)
273{
274 return 0;
275}
276
277static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
278{
279 return INVALID_UID;
280}
281
282static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
283{
284 return AUDIT_SID_UNSET;
285}
286
287#define audit_enabled AUDIT_OFF
288
289static inline int audit_signal_info(int sig, struct task_struct *t)
290{
291 return 0;
292}
293
294static inline void audit_cfg_lsm(const struct lsm_id *lsmid, int flags)
295{ }
296
297#endif /* CONFIG_AUDIT */
298
299#ifdef CONFIG_AUDIT_COMPAT_GENERIC
300#define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT))
301#else
302#define audit_is_compat(arch) false
303#endif
304
305#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */
306#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
307#define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */
308
309#ifdef CONFIG_AUDITSYSCALL
310#include <asm/syscall.h> /* for syscall_get_arch() */
311
312/* These are defined in auditsc.c */
313 /* Public API */
314extern int audit_alloc(struct task_struct *task);
315extern void __audit_free(struct task_struct *task);
316extern void __audit_uring_entry(u8 op);
317extern void __audit_uring_exit(int success, long code);
318extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1,
319 unsigned long a2, unsigned long a3);
320extern void __audit_syscall_exit(int ret_success, long ret_value);
321extern void __audit_getname(struct filename *name);
322extern void __audit_inode(struct filename *name, const struct dentry *dentry,
323 unsigned int flags);
324extern void __audit_file(const struct file *);
325extern void __audit_inode_child(struct inode *parent,
326 const struct dentry *dentry,
327 const unsigned char type);
328extern void audit_seccomp(unsigned long syscall, long signr, int code);
329extern void audit_seccomp_actions_logged(const char *names,
330 const char *old_names, int res);
331extern void __audit_ptrace(struct task_struct *t);
332
333static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx)
334{
335 task->audit_context = ctx;
336}
337
338static inline struct audit_context *audit_context(void)
339{
340 return current->audit_context;
341}
342
343static inline bool audit_dummy_context(void)
344{
345 void *p = audit_context();
346 return !p || *(int *)p;
347}
348static inline void audit_free(struct task_struct *task)
349{
350 if (unlikely(task->audit_context))
351 __audit_free(task);
352}
353static inline void audit_uring_entry(u8 op)
354{
355 /*
356 * We intentionally check audit_context() before audit_enabled as most
357 * Linux systems (as of ~2021) rely on systemd which forces audit to
358 * be enabled regardless of the user's audit configuration.
359 */
360 if (unlikely(audit_context() && audit_enabled))
361 __audit_uring_entry(op);
362}
363static inline void audit_uring_exit(int success, long code)
364{
365 if (unlikely(audit_context()))
366 __audit_uring_exit(success, code);
367}
368static inline void audit_syscall_entry(int major, unsigned long a0,
369 unsigned long a1, unsigned long a2,
370 unsigned long a3)
371{
372 if (unlikely(audit_context()))
373 __audit_syscall_entry(major, a0, a1, a2, a3);
374}
375static inline void audit_syscall_exit(void *pt_regs)
376{
377 if (unlikely(audit_context())) {
378 int success = is_syscall_success(pt_regs);
379 long return_code = regs_return_value(pt_regs);
380
381 __audit_syscall_exit(success, return_code);
382 }
383}
384static inline void audit_getname(struct filename *name)
385{
386 if (unlikely(!audit_dummy_context()))
387 __audit_getname(name);
388}
389static inline void audit_inode(struct filename *name,
390 const struct dentry *dentry,
391 unsigned int aflags) {
392 if (unlikely(!audit_dummy_context()))
393 __audit_inode(name, dentry, aflags);
394}
395static inline void audit_file(struct file *file)
396{
397 if (unlikely(!audit_dummy_context()))
398 __audit_file(file);
399}
400static inline void audit_inode_parent_hidden(struct filename *name,
401 const struct dentry *dentry)
402{
403 if (unlikely(!audit_dummy_context()))
404 __audit_inode(name, dentry,
405 AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN);
406}
407static inline void audit_inode_child(struct inode *parent,
408 const struct dentry *dentry,
409 const unsigned char type) {
410 if (unlikely(!audit_dummy_context()))
411 __audit_inode_child(parent, dentry, type);
412}
413void audit_core_dumps(long signr);
414
415static inline void audit_ptrace(struct task_struct *t)
416{
417 if (unlikely(!audit_dummy_context()))
418 __audit_ptrace(t);
419}
420
421 /* Private API (for audit.c only) */
422extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
423extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
424extern void __audit_bprm(struct linux_binprm *bprm);
425extern int __audit_socketcall(int nargs, unsigned long *args);
426extern int __audit_sockaddr(int len, void *addr);
427extern void __audit_fd_pair(int fd1, int fd2);
428extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr);
429extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout);
430extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification);
431extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
432extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
433 const struct cred *new,
434 const struct cred *old);
435extern void __audit_log_capset(const struct cred *new, const struct cred *old);
436extern void __audit_mmap_fd(int fd, int flags);
437extern void __audit_openat2_how(struct open_how *how);
438extern void __audit_log_kern_module(const char *name);
439extern void __audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar);
440extern void __audit_tk_injoffset(struct timespec64 offset);
441extern void __audit_ntp_log(const struct audit_ntp_data *ad);
442extern void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries,
443 enum audit_nfcfgop op, gfp_t gfp);
444
445static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
446{
447 if (unlikely(!audit_dummy_context()))
448 __audit_ipc_obj(ipcp);
449}
450static inline void audit_fd_pair(int fd1, int fd2)
451{
452 if (unlikely(!audit_dummy_context()))
453 __audit_fd_pair(fd1, fd2);
454}
455static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode)
456{
457 if (unlikely(!audit_dummy_context()))
458 __audit_ipc_set_perm(qbytes, uid, gid, mode);
459}
460static inline void audit_bprm(struct linux_binprm *bprm)
461{
462 if (unlikely(!audit_dummy_context()))
463 __audit_bprm(bprm);
464}
465static inline int audit_socketcall(int nargs, unsigned long *args)
466{
467 if (unlikely(!audit_dummy_context()))
468 return __audit_socketcall(nargs, args);
469 return 0;
470}
471
472static inline int audit_socketcall_compat(int nargs, u32 *args)
473{
474 unsigned long a[AUDITSC_ARGS];
475 int i;
476
477 if (audit_dummy_context())
478 return 0;
479
480 for (i = 0; i < nargs; i++)
481 a[i] = (unsigned long)args[i];
482 return __audit_socketcall(nargs, a);
483}
484
485static inline int audit_sockaddr(int len, void *addr)
486{
487 if (unlikely(!audit_dummy_context()))
488 return __audit_sockaddr(len, addr);
489 return 0;
490}
491static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
492{
493 if (unlikely(!audit_dummy_context()))
494 __audit_mq_open(oflag, mode, attr);
495}
496static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout)
497{
498 if (unlikely(!audit_dummy_context()))
499 __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout);
500}
501static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification)
502{
503 if (unlikely(!audit_dummy_context()))
504 __audit_mq_notify(mqdes, notification);
505}
506static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
507{
508 if (unlikely(!audit_dummy_context()))
509 __audit_mq_getsetattr(mqdes, mqstat);
510}
511
512static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
513 const struct cred *new,
514 const struct cred *old)
515{
516 if (unlikely(!audit_dummy_context()))
517 return __audit_log_bprm_fcaps(bprm, new, old);
518 return 0;
519}
520
521static inline void audit_log_capset(const struct cred *new,
522 const struct cred *old)
523{
524 if (unlikely(!audit_dummy_context()))
525 __audit_log_capset(new, old);
526}
527
528static inline void audit_mmap_fd(int fd, int flags)
529{
530 if (unlikely(!audit_dummy_context()))
531 __audit_mmap_fd(fd, flags);
532}
533
534static inline void audit_openat2_how(struct open_how *how)
535{
536 if (unlikely(!audit_dummy_context()))
537 __audit_openat2_how(how);
538}
539
540static inline void audit_log_kern_module(const char *name)
541{
542 if (!audit_dummy_context())
543 __audit_log_kern_module(name);
544}
545
546static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar)
547{
548 if (audit_enabled)
549 __audit_fanotify(response, friar);
550}
551
552static inline void audit_tk_injoffset(struct timespec64 offset)
553{
554 /* ignore no-op events */
555 if (offset.tv_sec == 0 && offset.tv_nsec == 0)
556 return;
557
558 if (!audit_dummy_context())
559 __audit_tk_injoffset(offset);
560}
561
562static inline void audit_ntp_init(struct audit_ntp_data *ad)
563{
564 memset(ad, 0, sizeof(*ad));
565}
566
567static inline void audit_ntp_set_old(struct audit_ntp_data *ad,
568 enum audit_ntp_type type, long long val)
569{
570 ad->vals[type].oldval = val;
571}
572
573static inline void audit_ntp_set_new(struct audit_ntp_data *ad,
574 enum audit_ntp_type type, long long val)
575{
576 ad->vals[type].newval = val;
577}
578
579static inline void audit_ntp_log(const struct audit_ntp_data *ad)
580{
581 if (!audit_dummy_context())
582 __audit_ntp_log(ad);
583}
584
585static inline void audit_log_nfcfg(const char *name, u8 af,
586 unsigned int nentries,
587 enum audit_nfcfgop op, gfp_t gfp)
588{
589 if (audit_enabled)
590 __audit_log_nfcfg(name, af, nentries, op, gfp);
591}
592
593extern int audit_n_rules;
594extern int audit_signals;
595#else /* CONFIG_AUDITSYSCALL */
596static inline int audit_alloc(struct task_struct *task)
597{
598 return 0;
599}
600static inline void audit_free(struct task_struct *task)
601{ }
602static inline void audit_uring_entry(u8 op)
603{ }
604static inline void audit_uring_exit(int success, long code)
605{ }
606static inline void audit_syscall_entry(int major, unsigned long a0,
607 unsigned long a1, unsigned long a2,
608 unsigned long a3)
609{ }
610static inline void audit_syscall_exit(void *pt_regs)
611{ }
612static inline bool audit_dummy_context(void)
613{
614 return true;
615}
616static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx)
617{ }
618static inline struct audit_context *audit_context(void)
619{
620 return NULL;
621}
622static inline void audit_getname(struct filename *name)
623{ }
624static inline void audit_inode(struct filename *name,
625 const struct dentry *dentry,
626 unsigned int aflags)
627{ }
628static inline void audit_file(struct file *file)
629{
630}
631static inline void audit_inode_parent_hidden(struct filename *name,
632 const struct dentry *dentry)
633{ }
634static inline void audit_inode_child(struct inode *parent,
635 const struct dentry *dentry,
636 const unsigned char type)
637{ }
638static inline void audit_core_dumps(long signr)
639{ }
640static inline void audit_seccomp(unsigned long syscall, long signr, int code)
641{ }
642static inline void audit_seccomp_actions_logged(const char *names,
643 const char *old_names, int res)
644{ }
645static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
646{ }
647static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
648 gid_t gid, umode_t mode)
649{ }
650static inline void audit_bprm(struct linux_binprm *bprm)
651{ }
652static inline int audit_socketcall(int nargs, unsigned long *args)
653{
654 return 0;
655}
656
657static inline int audit_socketcall_compat(int nargs, u32 *args)
658{
659 return 0;
660}
661
662static inline void audit_fd_pair(int fd1, int fd2)
663{ }
664static inline int audit_sockaddr(int len, void *addr)
665{
666 return 0;
667}
668static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
669{ }
670static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len,
671 unsigned int msg_prio,
672 const struct timespec64 *abs_timeout)
673{ }
674static inline void audit_mq_notify(mqd_t mqdes,
675 const struct sigevent *notification)
676{ }
677static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
678{ }
679static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
680 const struct cred *new,
681 const struct cred *old)
682{
683 return 0;
684}
685static inline void audit_log_capset(const struct cred *new,
686 const struct cred *old)
687{ }
688static inline void audit_mmap_fd(int fd, int flags)
689{ }
690
691static inline void audit_openat2_how(struct open_how *how)
692{ }
693
694static inline void audit_log_kern_module(const char *name)
695{ }
696
697static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar)
698{ }
699
700static inline void audit_tk_injoffset(struct timespec64 offset)
701{ }
702
703static inline void audit_ntp_init(struct audit_ntp_data *ad)
704{ }
705
706static inline void audit_ntp_set_old(struct audit_ntp_data *ad,
707 enum audit_ntp_type type, long long val)
708{ }
709
710static inline void audit_ntp_set_new(struct audit_ntp_data *ad,
711 enum audit_ntp_type type, long long val)
712{ }
713
714static inline void audit_ntp_log(const struct audit_ntp_data *ad)
715{ }
716
717static inline void audit_ptrace(struct task_struct *t)
718{ }
719
720static inline void audit_log_nfcfg(const char *name, u8 af,
721 unsigned int nentries,
722 enum audit_nfcfgop op, gfp_t gfp)
723{ }
724
725#define audit_n_rules 0
726#define audit_signals 0
727#endif /* CONFIG_AUDITSYSCALL */
728
729static inline bool audit_loginuid_set(struct task_struct *tsk)
730{
731 return uid_valid(audit_get_loginuid(tsk));
732}
733
734#endif