tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

kernel / include / linux / audit.h
at f1a5e78a55ebf2b05777fd5eb738038ddae609d6 742 lines 21 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* audit.h -- Auditing support 3 * 4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 5 * All Rights Reserved. 6 * 7 * Written by Rickard E. (Rik) Faith <faith@redhat.com> 8 */ 9#ifndef _LINUX_AUDIT_H_ 10#define _LINUX_AUDIT_H_ 11 12#include <linux/sched.h> 13#include <linux/ptrace.h> 14#include <linux/audit_arch.h> 15#include <uapi/linux/audit.h> 16#include <uapi/linux/fanotify.h> 17 18#define AUDIT_STATUS_ALL (AUDIT_STATUS_ENABLED | \ 19 AUDIT_STATUS_FAILURE | \ 20 AUDIT_STATUS_PID | \ 21 AUDIT_STATUS_RATE_LIMIT | \ 22 AUDIT_STATUS_BACKLOG_LIMIT | \ 23 AUDIT_STATUS_BACKLOG_WAIT_TIME | \ 24 AUDIT_STATUS_LOST | \ 25 AUDIT_STATUS_BACKLOG_WAIT_TIME_ACTUAL) 26 27#define AUDIT_INO_UNSET ((u64)-1) 28#define AUDIT_DEV_UNSET ((dev_t)-1) 29 30struct audit_sig_info { 31 uid_t uid; 32 pid_t pid; 33 char ctx[]; 34}; 35 36struct audit_buffer; 37struct audit_context; 38struct inode; 39struct netlink_skb_parms; 40struct path; 41struct linux_binprm; 42struct mq_attr; 43struct mqstat; 44struct audit_watch; 45struct audit_tree; 46struct sk_buff; 47struct kern_ipc_perm; 48struct lsm_id; 49struct lsm_prop; 50 51struct audit_krule { 52 u32 pflags; 53 u32 flags; 54 u32 listnr; 55 u32 action; 56 u32 mask[AUDIT_BITMASK_SIZE]; 57 u32 buflen; /* for data alloc on list rules */ 58 u32 field_count; 59 char *filterkey; /* ties events to rules */ 60 struct audit_field *fields; 61 struct audit_field *arch_f; /* quick access to arch field */ 62 struct audit_field *inode_f; /* quick access to an inode field */ 63 struct audit_watch *watch; /* associated watch */ 64 struct audit_tree *tree; /* associated watched tree */ 65 struct audit_fsnotify_mark *exe; 66 struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ 67 struct list_head list; /* for AUDIT_LIST* purposes only */ 68 u64 prio; 69}; 70 71/* Flag to indicate legacy AUDIT_LOGINUID unset usage */ 72#define AUDIT_LOGINUID_LEGACY 0x1 73 74struct audit_field { 75 u32 type; 76 union { 77 u32 val; 78 kuid_t uid; 79 kgid_t gid; 80 struct { 81 char *lsm_str; 82 void *lsm_rule; 83 }; 84 }; 85 u32 op; 86}; 87 88enum audit_ntp_type { 89 AUDIT_NTP_OFFSET, 90 AUDIT_NTP_FREQ, 91 AUDIT_NTP_STATUS, 92 AUDIT_NTP_TAI, 93 AUDIT_NTP_TICK, 94 AUDIT_NTP_ADJUST, 95 96 AUDIT_NTP_NVALS /* count */ 97}; 98 99#ifdef CONFIG_AUDITSYSCALL 100struct audit_ntp_val { 101 long long oldval, newval; 102}; 103 104struct audit_ntp_data { 105 struct audit_ntp_val vals[AUDIT_NTP_NVALS]; 106}; 107#else 108struct audit_ntp_data {}; 109#endif 110 111enum audit_nfcfgop { 112 AUDIT_XT_OP_REGISTER, 113 AUDIT_XT_OP_REPLACE, 114 AUDIT_XT_OP_UNREGISTER, 115 AUDIT_NFT_OP_TABLE_REGISTER, 116 AUDIT_NFT_OP_TABLE_UNREGISTER, 117 AUDIT_NFT_OP_CHAIN_REGISTER, 118 AUDIT_NFT_OP_CHAIN_UNREGISTER, 119 AUDIT_NFT_OP_RULE_REGISTER, 120 AUDIT_NFT_OP_RULE_UNREGISTER, 121 AUDIT_NFT_OP_SET_REGISTER, 122 AUDIT_NFT_OP_SET_UNREGISTER, 123 AUDIT_NFT_OP_SETELEM_REGISTER, 124 AUDIT_NFT_OP_SETELEM_UNREGISTER, 125 AUDIT_NFT_OP_GEN_REGISTER, 126 AUDIT_NFT_OP_OBJ_REGISTER, 127 AUDIT_NFT_OP_OBJ_UNREGISTER, 128 AUDIT_NFT_OP_OBJ_RESET, 129 AUDIT_NFT_OP_FLOWTABLE_REGISTER, 130 AUDIT_NFT_OP_FLOWTABLE_UNREGISTER, 131 AUDIT_NFT_OP_SETELEM_RESET, 132 AUDIT_NFT_OP_RULE_RESET, 133 AUDIT_NFT_OP_INVALID, 134}; 135 136extern int __init audit_register_class(int class, unsigned *list); 137extern int audit_classify_syscall(int abi, unsigned syscall); 138extern int audit_classify_arch(int arch); 139 140/* audit_names->type values */ 141#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ 142#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ 143#define AUDIT_TYPE_PARENT 2 /* a parent audit record */ 144#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ 145#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ 146 147/* maximized args number that audit_socketcall can process */ 148#define AUDITSC_ARGS 6 149 150/* bit values for ->signal->audit_tty */ 151#define AUDIT_TTY_ENABLE BIT(0) 152#define AUDIT_TTY_LOG_PASSWD BIT(1) 153 154/* bit values for audit_cfg_lsm */ 155#define AUDIT_CFG_LSM_SECCTX_SUBJECT BIT(0) 156#define AUDIT_CFG_LSM_SECCTX_OBJECT BIT(1) 157 158struct filename; 159 160#define AUDIT_OFF 0 161#define AUDIT_ON 1 162#define AUDIT_LOCKED 2 163#ifdef CONFIG_AUDIT 164/* These are defined in audit.c */ 165 /* Public API */ 166extern __printf(4, 5) 167void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 168 const char *fmt, ...); 169 170extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); 171extern __printf(2, 3) 172void audit_log_format(struct audit_buffer *ab, const char *fmt, ...); 173extern void audit_log_end(struct audit_buffer *ab); 174extern bool audit_string_contains_control(const char *string, 175 size_t len); 176extern void audit_log_n_hex(struct audit_buffer *ab, 177 const unsigned char *buf, 178 size_t len); 179extern void audit_log_n_string(struct audit_buffer *ab, 180 const char *buf, 181 size_t n); 182extern void audit_log_n_untrustedstring(struct audit_buffer *ab, 183 const char *string, 184 size_t n); 185extern void audit_log_untrustedstring(struct audit_buffer *ab, 186 const char *string); 187extern void audit_log_d_path(struct audit_buffer *ab, 188 const char *prefix, 189 const struct path *path); 190extern void audit_log_key(struct audit_buffer *ab, 191 char *key); 192extern void audit_log_path_denied(int type, 193 const char *operation); 194extern void audit_log_lost(const char *message); 195 196extern int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *prop); 197extern int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *prop); 198extern int audit_log_task_context(struct audit_buffer *ab); 199extern void audit_log_task_info(struct audit_buffer *ab); 200extern int audit_log_nf_skb(struct audit_buffer *ab, 201 const struct sk_buff *skb, u8 nfproto); 202 203extern int audit_update_lsm_rules(void); 204 205 /* Private API (for audit.c only) */ 206extern int audit_rule_change(int type, int seq, void *data, size_t datasz); 207extern int audit_list_rules_send(struct sk_buff *request_skb, int seq); 208 209extern int audit_set_loginuid(kuid_t loginuid); 210 211static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 212{ 213 return tsk->loginuid; 214} 215 216static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 217{ 218 return tsk->sessionid; 219} 220 221extern u32 audit_enabled; 222 223extern int audit_signal_info(int sig, struct task_struct *t); 224 225extern void audit_cfg_lsm(const struct lsm_id *lsmid, int flags); 226 227#else /* CONFIG_AUDIT */ 228static inline __printf(4, 5) 229void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 230 const char *fmt, ...) 231{ } 232static inline struct audit_buffer *audit_log_start(struct audit_context *ctx, 233 gfp_t gfp_mask, int type) 234{ 235 return NULL; 236} 237static inline __printf(2, 3) 238void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) 239{ } 240static inline void audit_log_end(struct audit_buffer *ab) 241{ } 242static inline void audit_log_n_hex(struct audit_buffer *ab, 243 const unsigned char *buf, size_t len) 244{ } 245static inline void audit_log_n_string(struct audit_buffer *ab, 246 const char *buf, size_t n) 247{ } 248static inline void audit_log_n_untrustedstring(struct audit_buffer *ab, 249 const char *string, size_t n) 250{ } 251static inline void audit_log_untrustedstring(struct audit_buffer *ab, 252 const char *string) 253{ } 254static inline void audit_log_d_path(struct audit_buffer *ab, 255 const char *prefix, 256 const struct path *path) 257{ } 258static inline void audit_log_key(struct audit_buffer *ab, char *key) 259{ } 260static inline void audit_log_path_denied(int type, const char *operation) 261{ } 262static inline int audit_log_subj_ctx(struct audit_buffer *ab, 263 struct lsm_prop *prop) 264{ 265 return 0; 266} 267static inline int audit_log_obj_ctx(struct audit_buffer *ab, 268 struct lsm_prop *prop) 269{ 270 return 0; 271} 272static inline int audit_log_task_context(struct audit_buffer *ab) 273{ 274 return 0; 275} 276static inline void audit_log_task_info(struct audit_buffer *ab) 277{ } 278 279static inline int audit_log_nf_skb(struct audit_buffer *ab, 280 const struct sk_buff *skb, u8 nfproto) 281{ 282 return 0; 283} 284 285static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 286{ 287 return INVALID_UID; 288} 289 290static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 291{ 292 return AUDIT_SID_UNSET; 293} 294 295#define audit_enabled AUDIT_OFF 296 297static inline int audit_signal_info(int sig, struct task_struct *t) 298{ 299 return 0; 300} 301 302static inline void audit_cfg_lsm(const struct lsm_id *lsmid, int flags) 303{ } 304 305#endif /* CONFIG_AUDIT */ 306 307#ifdef CONFIG_AUDIT_COMPAT_GENERIC 308#define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT)) 309#else 310#define audit_is_compat(arch) false 311#endif 312 313#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */ 314#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */ 315#define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */ 316 317#ifdef CONFIG_AUDITSYSCALL 318#include <asm/syscall.h> /* for syscall_get_arch() */ 319 320/* These are defined in auditsc.c */ 321 /* Public API */ 322extern int audit_alloc(struct task_struct *task); 323extern void __audit_free(struct task_struct *task); 324extern void __audit_uring_entry(u8 op); 325extern void __audit_uring_exit(int success, long code); 326extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, 327 unsigned long a2, unsigned long a3); 328extern void __audit_syscall_exit(int ret_success, long ret_value); 329extern void __audit_getname(struct filename *name); 330extern void __audit_inode(struct filename *name, const struct dentry *dentry, 331 unsigned int flags); 332extern void __audit_file(const struct file *); 333extern void __audit_inode_child(struct inode *parent, 334 const struct dentry *dentry, 335 const unsigned char type); 336extern void audit_seccomp(unsigned long syscall, long signr, int code); 337extern void audit_seccomp_actions_logged(const char *names, 338 const char *old_names, int res); 339extern void __audit_ptrace(struct task_struct *t); 340 341static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 342{ 343 task->audit_context = ctx; 344} 345 346static inline struct audit_context *audit_context(void) 347{ 348 return current->audit_context; 349} 350 351static inline bool audit_dummy_context(void) 352{ 353 void *p = audit_context(); 354 return !p || *(int *)p; 355} 356static inline void audit_free(struct task_struct *task) 357{ 358 if (unlikely(task->audit_context)) 359 __audit_free(task); 360} 361static inline void audit_uring_entry(u8 op) 362{ 363 /* 364 * We intentionally check audit_context() before audit_enabled as most 365 * Linux systems (as of ~2021) rely on systemd which forces audit to 366 * be enabled regardless of the user's audit configuration. 367 */ 368 if (unlikely(audit_context() && audit_enabled)) 369 __audit_uring_entry(op); 370} 371static inline void audit_uring_exit(int success, long code) 372{ 373 if (unlikely(audit_context())) 374 __audit_uring_exit(success, code); 375} 376static inline void audit_syscall_entry(int major, unsigned long a0, 377 unsigned long a1, unsigned long a2, 378 unsigned long a3) 379{ 380 if (unlikely(audit_context())) 381 __audit_syscall_entry(major, a0, a1, a2, a3); 382} 383static inline void audit_syscall_exit(void *pt_regs) 384{ 385 if (unlikely(audit_context())) { 386 int success = is_syscall_success(pt_regs); 387 long return_code = regs_return_value(pt_regs); 388 389 __audit_syscall_exit(success, return_code); 390 } 391} 392static inline void audit_getname(struct filename *name) 393{ 394 if (unlikely(!audit_dummy_context())) 395 __audit_getname(name); 396} 397static inline void audit_inode(struct filename *name, 398 const struct dentry *dentry, 399 unsigned int aflags) { 400 if (unlikely(!audit_dummy_context())) 401 __audit_inode(name, dentry, aflags); 402} 403static inline void audit_file(struct file *file) 404{ 405 if (unlikely(!audit_dummy_context())) 406 __audit_file(file); 407} 408static inline void audit_inode_parent_hidden(struct filename *name, 409 const struct dentry *dentry) 410{ 411 if (unlikely(!audit_dummy_context())) 412 __audit_inode(name, dentry, 413 AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN); 414} 415static inline void audit_inode_child(struct inode *parent, 416 const struct dentry *dentry, 417 const unsigned char type) { 418 if (unlikely(!audit_dummy_context())) 419 __audit_inode_child(parent, dentry, type); 420} 421void audit_core_dumps(long signr); 422 423static inline void audit_ptrace(struct task_struct *t) 424{ 425 if (unlikely(!audit_dummy_context())) 426 __audit_ptrace(t); 427} 428 429 /* Private API (for audit.c only) */ 430extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); 431extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); 432extern void __audit_bprm(struct linux_binprm *bprm); 433extern int __audit_socketcall(int nargs, unsigned long *args); 434extern int __audit_sockaddr(int len, void *addr); 435extern void __audit_fd_pair(int fd1, int fd2); 436extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr); 437extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout); 438extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); 439extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); 440extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, 441 const struct cred *new, 442 const struct cred *old); 443extern void __audit_log_capset(const struct cred *new, const struct cred *old); 444extern void __audit_mmap_fd(int fd, int flags); 445extern void __audit_openat2_how(struct open_how *how); 446extern void __audit_log_kern_module(const char *name); 447extern void __audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar); 448extern void __audit_tk_injoffset(struct timespec64 offset); 449extern void __audit_ntp_log(const struct audit_ntp_data *ad); 450extern void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, 451 enum audit_nfcfgop op, gfp_t gfp); 452 453static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 454{ 455 if (unlikely(!audit_dummy_context())) 456 __audit_ipc_obj(ipcp); 457} 458static inline void audit_fd_pair(int fd1, int fd2) 459{ 460 if (unlikely(!audit_dummy_context())) 461 __audit_fd_pair(fd1, fd2); 462} 463static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode) 464{ 465 if (unlikely(!audit_dummy_context())) 466 __audit_ipc_set_perm(qbytes, uid, gid, mode); 467} 468static inline void audit_bprm(struct linux_binprm *bprm) 469{ 470 if (unlikely(!audit_dummy_context())) 471 __audit_bprm(bprm); 472} 473static inline int audit_socketcall(int nargs, unsigned long *args) 474{ 475 if (unlikely(!audit_dummy_context())) 476 return __audit_socketcall(nargs, args); 477 return 0; 478} 479 480static inline int audit_socketcall_compat(int nargs, u32 *args) 481{ 482 unsigned long a[AUDITSC_ARGS]; 483 int i; 484 485 if (audit_dummy_context()) 486 return 0; 487 488 for (i = 0; i < nargs; i++) 489 a[i] = (unsigned long)args[i]; 490 return __audit_socketcall(nargs, a); 491} 492 493static inline int audit_sockaddr(int len, void *addr) 494{ 495 if (unlikely(!audit_dummy_context())) 496 return __audit_sockaddr(len, addr); 497 return 0; 498} 499static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 500{ 501 if (unlikely(!audit_dummy_context())) 502 __audit_mq_open(oflag, mode, attr); 503} 504static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout) 505{ 506 if (unlikely(!audit_dummy_context())) 507 __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout); 508} 509static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) 510{ 511 if (unlikely(!audit_dummy_context())) 512 __audit_mq_notify(mqdes, notification); 513} 514static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 515{ 516 if (unlikely(!audit_dummy_context())) 517 __audit_mq_getsetattr(mqdes, mqstat); 518} 519 520static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 521 const struct cred *new, 522 const struct cred *old) 523{ 524 if (unlikely(!audit_dummy_context())) 525 return __audit_log_bprm_fcaps(bprm, new, old); 526 return 0; 527} 528 529static inline void audit_log_capset(const struct cred *new, 530 const struct cred *old) 531{ 532 if (unlikely(!audit_dummy_context())) 533 __audit_log_capset(new, old); 534} 535 536static inline void audit_mmap_fd(int fd, int flags) 537{ 538 if (unlikely(!audit_dummy_context())) 539 __audit_mmap_fd(fd, flags); 540} 541 542static inline void audit_openat2_how(struct open_how *how) 543{ 544 if (unlikely(!audit_dummy_context())) 545 __audit_openat2_how(how); 546} 547 548static inline void audit_log_kern_module(const char *name) 549{ 550 if (!audit_dummy_context()) 551 __audit_log_kern_module(name); 552} 553 554static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) 555{ 556 if (audit_enabled) 557 __audit_fanotify(response, friar); 558} 559 560static inline void audit_tk_injoffset(struct timespec64 offset) 561{ 562 /* ignore no-op events */ 563 if (offset.tv_sec == 0 && offset.tv_nsec == 0) 564 return; 565 566 if (!audit_dummy_context()) 567 __audit_tk_injoffset(offset); 568} 569 570static inline void audit_ntp_init(struct audit_ntp_data *ad) 571{ 572 memset(ad, 0, sizeof(*ad)); 573} 574 575static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 576 enum audit_ntp_type type, long long val) 577{ 578 ad->vals[type].oldval = val; 579} 580 581static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 582 enum audit_ntp_type type, long long val) 583{ 584 ad->vals[type].newval = val; 585} 586 587static inline void audit_ntp_log(const struct audit_ntp_data *ad) 588{ 589 if (!audit_dummy_context()) 590 __audit_ntp_log(ad); 591} 592 593static inline void audit_log_nfcfg(const char *name, u8 af, 594 unsigned int nentries, 595 enum audit_nfcfgop op, gfp_t gfp) 596{ 597 if (audit_enabled) 598 __audit_log_nfcfg(name, af, nentries, op, gfp); 599} 600 601extern int audit_n_rules; 602extern int audit_signals; 603#else /* CONFIG_AUDITSYSCALL */ 604static inline int audit_alloc(struct task_struct *task) 605{ 606 return 0; 607} 608static inline void audit_free(struct task_struct *task) 609{ } 610static inline void audit_uring_entry(u8 op) 611{ } 612static inline void audit_uring_exit(int success, long code) 613{ } 614static inline void audit_syscall_entry(int major, unsigned long a0, 615 unsigned long a1, unsigned long a2, 616 unsigned long a3) 617{ } 618static inline void audit_syscall_exit(void *pt_regs) 619{ } 620static inline bool audit_dummy_context(void) 621{ 622 return true; 623} 624static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 625{ } 626static inline struct audit_context *audit_context(void) 627{ 628 return NULL; 629} 630static inline void audit_getname(struct filename *name) 631{ } 632static inline void audit_inode(struct filename *name, 633 const struct dentry *dentry, 634 unsigned int aflags) 635{ } 636static inline void audit_file(struct file *file) 637{ 638} 639static inline void audit_inode_parent_hidden(struct filename *name, 640 const struct dentry *dentry) 641{ } 642static inline void audit_inode_child(struct inode *parent, 643 const struct dentry *dentry, 644 const unsigned char type) 645{ } 646static inline void audit_core_dumps(long signr) 647{ } 648static inline void audit_seccomp(unsigned long syscall, long signr, int code) 649{ } 650static inline void audit_seccomp_actions_logged(const char *names, 651 const char *old_names, int res) 652{ } 653static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 654{ } 655static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, 656 gid_t gid, umode_t mode) 657{ } 658static inline void audit_bprm(struct linux_binprm *bprm) 659{ } 660static inline int audit_socketcall(int nargs, unsigned long *args) 661{ 662 return 0; 663} 664 665static inline int audit_socketcall_compat(int nargs, u32 *args) 666{ 667 return 0; 668} 669 670static inline void audit_fd_pair(int fd1, int fd2) 671{ } 672static inline int audit_sockaddr(int len, void *addr) 673{ 674 return 0; 675} 676static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 677{ } 678static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, 679 unsigned int msg_prio, 680 const struct timespec64 *abs_timeout) 681{ } 682static inline void audit_mq_notify(mqd_t mqdes, 683 const struct sigevent *notification) 684{ } 685static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 686{ } 687static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 688 const struct cred *new, 689 const struct cred *old) 690{ 691 return 0; 692} 693static inline void audit_log_capset(const struct cred *new, 694 const struct cred *old) 695{ } 696static inline void audit_mmap_fd(int fd, int flags) 697{ } 698 699static inline void audit_openat2_how(struct open_how *how) 700{ } 701 702static inline void audit_log_kern_module(const char *name) 703{ } 704 705static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) 706{ } 707 708static inline void audit_tk_injoffset(struct timespec64 offset) 709{ } 710 711static inline void audit_ntp_init(struct audit_ntp_data *ad) 712{ } 713 714static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 715 enum audit_ntp_type type, long long val) 716{ } 717 718static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 719 enum audit_ntp_type type, long long val) 720{ } 721 722static inline void audit_ntp_log(const struct audit_ntp_data *ad) 723{ } 724 725static inline void audit_ptrace(struct task_struct *t) 726{ } 727 728static inline void audit_log_nfcfg(const char *name, u8 af, 729 unsigned int nentries, 730 enum audit_nfcfgop op, gfp_t gfp) 731{ } 732 733#define audit_n_rules 0 734#define audit_signals 0 735#endif /* CONFIG_AUDITSYSCALL */ 736 737static inline bool audit_loginuid_set(struct task_struct *tsk) 738{ 739 return uid_valid(audit_get_loginuid(tsk)); 740} 741 742#endif