tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / audit.h
at v5.10 20 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* audit.h -- Auditing support 3 * 4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 5 * All Rights Reserved. 6 * 7 * Written by Rickard E. (Rik) Faith <faith@redhat.com> 8 */ 9#ifndef _LINUX_AUDIT_H_ 10#define _LINUX_AUDIT_H_ 11 12#include <linux/sched.h> 13#include <linux/ptrace.h> 14#include <uapi/linux/audit.h> 15#include <uapi/linux/netfilter/nf_tables.h> 16 17#define AUDIT_INO_UNSET ((unsigned long)-1) 18#define AUDIT_DEV_UNSET ((dev_t)-1) 19 20struct audit_sig_info { 21 uid_t uid; 22 pid_t pid; 23 char ctx[]; 24}; 25 26struct audit_buffer; 27struct audit_context; 28struct inode; 29struct netlink_skb_parms; 30struct path; 31struct linux_binprm; 32struct mq_attr; 33struct mqstat; 34struct audit_watch; 35struct audit_tree; 36struct sk_buff; 37 38struct audit_krule { 39 u32 pflags; 40 u32 flags; 41 u32 listnr; 42 u32 action; 43 u32 mask[AUDIT_BITMASK_SIZE]; 44 u32 buflen; /* for data alloc on list rules */ 45 u32 field_count; 46 char *filterkey; /* ties events to rules */ 47 struct audit_field *fields; 48 struct audit_field *arch_f; /* quick access to arch field */ 49 struct audit_field *inode_f; /* quick access to an inode field */ 50 struct audit_watch *watch; /* associated watch */ 51 struct audit_tree *tree; /* associated watched tree */ 52 struct audit_fsnotify_mark *exe; 53 struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ 54 struct list_head list; /* for AUDIT_LIST* purposes only */ 55 u64 prio; 56}; 57 58/* Flag to indicate legacy AUDIT_LOGINUID unset usage */ 59#define AUDIT_LOGINUID_LEGACY 0x1 60 61struct audit_field { 62 u32 type; 63 union { 64 u32 val; 65 kuid_t uid; 66 kgid_t gid; 67 struct { 68 char *lsm_str; 69 void *lsm_rule; 70 }; 71 }; 72 u32 op; 73}; 74 75enum audit_ntp_type { 76 AUDIT_NTP_OFFSET, 77 AUDIT_NTP_FREQ, 78 AUDIT_NTP_STATUS, 79 AUDIT_NTP_TAI, 80 AUDIT_NTP_TICK, 81 AUDIT_NTP_ADJUST, 82 83 AUDIT_NTP_NVALS /* count */ 84}; 85 86#ifdef CONFIG_AUDITSYSCALL 87struct audit_ntp_val { 88 long long oldval, newval; 89}; 90 91struct audit_ntp_data { 92 struct audit_ntp_val vals[AUDIT_NTP_NVALS]; 93}; 94#else 95struct audit_ntp_data {}; 96#endif 97 98enum audit_nfcfgop { 99 AUDIT_XT_OP_REGISTER, 100 AUDIT_XT_OP_REPLACE, 101 AUDIT_XT_OP_UNREGISTER, 102 AUDIT_NFT_OP_TABLE_REGISTER, 103 AUDIT_NFT_OP_TABLE_UNREGISTER, 104 AUDIT_NFT_OP_CHAIN_REGISTER, 105 AUDIT_NFT_OP_CHAIN_UNREGISTER, 106 AUDIT_NFT_OP_RULE_REGISTER, 107 AUDIT_NFT_OP_RULE_UNREGISTER, 108 AUDIT_NFT_OP_SET_REGISTER, 109 AUDIT_NFT_OP_SET_UNREGISTER, 110 AUDIT_NFT_OP_SETELEM_REGISTER, 111 AUDIT_NFT_OP_SETELEM_UNREGISTER, 112 AUDIT_NFT_OP_GEN_REGISTER, 113 AUDIT_NFT_OP_OBJ_REGISTER, 114 AUDIT_NFT_OP_OBJ_UNREGISTER, 115 AUDIT_NFT_OP_OBJ_RESET, 116 AUDIT_NFT_OP_FLOWTABLE_REGISTER, 117 AUDIT_NFT_OP_FLOWTABLE_UNREGISTER, 118 AUDIT_NFT_OP_INVALID, 119}; 120 121extern int is_audit_feature_set(int which); 122 123extern int __init audit_register_class(int class, unsigned *list); 124extern int audit_classify_syscall(int abi, unsigned syscall); 125extern int audit_classify_arch(int arch); 126/* only for compat system calls */ 127extern unsigned compat_write_class[]; 128extern unsigned compat_read_class[]; 129extern unsigned compat_dir_class[]; 130extern unsigned compat_chattr_class[]; 131extern unsigned compat_signal_class[]; 132 133extern int audit_classify_compat_syscall(int abi, unsigned syscall); 134 135/* audit_names->type values */ 136#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ 137#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ 138#define AUDIT_TYPE_PARENT 2 /* a parent audit record */ 139#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ 140#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ 141 142/* maximized args number that audit_socketcall can process */ 143#define AUDITSC_ARGS 6 144 145/* bit values for ->signal->audit_tty */ 146#define AUDIT_TTY_ENABLE BIT(0) 147#define AUDIT_TTY_LOG_PASSWD BIT(1) 148 149struct filename; 150 151#define AUDIT_OFF 0 152#define AUDIT_ON 1 153#define AUDIT_LOCKED 2 154#ifdef CONFIG_AUDIT 155/* These are defined in audit.c */ 156 /* Public API */ 157extern __printf(4, 5) 158void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 159 const char *fmt, ...); 160 161extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); 162extern __printf(2, 3) 163void audit_log_format(struct audit_buffer *ab, const char *fmt, ...); 164extern void audit_log_end(struct audit_buffer *ab); 165extern bool audit_string_contains_control(const char *string, 166 size_t len); 167extern void audit_log_n_hex(struct audit_buffer *ab, 168 const unsigned char *buf, 169 size_t len); 170extern void audit_log_n_string(struct audit_buffer *ab, 171 const char *buf, 172 size_t n); 173extern void audit_log_n_untrustedstring(struct audit_buffer *ab, 174 const char *string, 175 size_t n); 176extern void audit_log_untrustedstring(struct audit_buffer *ab, 177 const char *string); 178extern void audit_log_d_path(struct audit_buffer *ab, 179 const char *prefix, 180 const struct path *path); 181extern void audit_log_key(struct audit_buffer *ab, 182 char *key); 183extern void audit_log_path_denied(int type, 184 const char *operation); 185extern void audit_log_lost(const char *message); 186 187extern int audit_log_task_context(struct audit_buffer *ab); 188extern void audit_log_task_info(struct audit_buffer *ab); 189 190extern int audit_update_lsm_rules(void); 191 192 /* Private API (for audit.c only) */ 193extern int audit_rule_change(int type, int seq, void *data, size_t datasz); 194extern int audit_list_rules_send(struct sk_buff *request_skb, int seq); 195 196extern int audit_set_loginuid(kuid_t loginuid); 197 198static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 199{ 200 return tsk->loginuid; 201} 202 203static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 204{ 205 return tsk->sessionid; 206} 207 208extern u32 audit_enabled; 209 210extern int audit_signal_info(int sig, struct task_struct *t); 211 212#else /* CONFIG_AUDIT */ 213static inline __printf(4, 5) 214void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 215 const char *fmt, ...) 216{ } 217static inline struct audit_buffer *audit_log_start(struct audit_context *ctx, 218 gfp_t gfp_mask, int type) 219{ 220 return NULL; 221} 222static inline __printf(2, 3) 223void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) 224{ } 225static inline void audit_log_end(struct audit_buffer *ab) 226{ } 227static inline void audit_log_n_hex(struct audit_buffer *ab, 228 const unsigned char *buf, size_t len) 229{ } 230static inline void audit_log_n_string(struct audit_buffer *ab, 231 const char *buf, size_t n) 232{ } 233static inline void audit_log_n_untrustedstring(struct audit_buffer *ab, 234 const char *string, size_t n) 235{ } 236static inline void audit_log_untrustedstring(struct audit_buffer *ab, 237 const char *string) 238{ } 239static inline void audit_log_d_path(struct audit_buffer *ab, 240 const char *prefix, 241 const struct path *path) 242{ } 243static inline void audit_log_key(struct audit_buffer *ab, char *key) 244{ } 245static inline void audit_log_path_denied(int type, const char *operation) 246{ } 247static inline int audit_log_task_context(struct audit_buffer *ab) 248{ 249 return 0; 250} 251static inline void audit_log_task_info(struct audit_buffer *ab) 252{ } 253 254static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 255{ 256 return INVALID_UID; 257} 258 259static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 260{ 261 return AUDIT_SID_UNSET; 262} 263 264#define audit_enabled AUDIT_OFF 265 266static inline int audit_signal_info(int sig, struct task_struct *t) 267{ 268 return 0; 269} 270 271#endif /* CONFIG_AUDIT */ 272 273#ifdef CONFIG_AUDIT_COMPAT_GENERIC 274#define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT)) 275#else 276#define audit_is_compat(arch) false 277#endif 278 279#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */ 280#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */ 281#define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */ 282 283#ifdef CONFIG_AUDITSYSCALL 284#include <asm/syscall.h> /* for syscall_get_arch() */ 285 286/* These are defined in auditsc.c */ 287 /* Public API */ 288extern int audit_alloc(struct task_struct *task); 289extern void __audit_free(struct task_struct *task); 290extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, 291 unsigned long a2, unsigned long a3); 292extern void __audit_syscall_exit(int ret_success, long ret_value); 293extern struct filename *__audit_reusename(const __user char *uptr); 294extern void __audit_getname(struct filename *name); 295extern void __audit_getcwd(void); 296extern void __audit_inode(struct filename *name, const struct dentry *dentry, 297 unsigned int flags); 298extern void __audit_file(const struct file *); 299extern void __audit_inode_child(struct inode *parent, 300 const struct dentry *dentry, 301 const unsigned char type); 302extern void audit_seccomp(unsigned long syscall, long signr, int code); 303extern void audit_seccomp_actions_logged(const char *names, 304 const char *old_names, int res); 305extern void __audit_ptrace(struct task_struct *t); 306 307static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 308{ 309 task->audit_context = ctx; 310} 311 312static inline struct audit_context *audit_context(void) 313{ 314 return current->audit_context; 315} 316 317static inline bool audit_dummy_context(void) 318{ 319 void *p = audit_context(); 320 return !p || *(int *)p; 321} 322static inline void audit_free(struct task_struct *task) 323{ 324 if (unlikely(task->audit_context)) 325 __audit_free(task); 326} 327static inline void audit_syscall_entry(int major, unsigned long a0, 328 unsigned long a1, unsigned long a2, 329 unsigned long a3) 330{ 331 if (unlikely(audit_context())) 332 __audit_syscall_entry(major, a0, a1, a2, a3); 333} 334static inline void audit_syscall_exit(void *pt_regs) 335{ 336 if (unlikely(audit_context())) { 337 int success = is_syscall_success(pt_regs); 338 long return_code = regs_return_value(pt_regs); 339 340 __audit_syscall_exit(success, return_code); 341 } 342} 343static inline struct filename *audit_reusename(const __user char *name) 344{ 345 if (unlikely(!audit_dummy_context())) 346 return __audit_reusename(name); 347 return NULL; 348} 349static inline void audit_getname(struct filename *name) 350{ 351 if (unlikely(!audit_dummy_context())) 352 __audit_getname(name); 353} 354static inline void audit_getcwd(void) 355{ 356 if (unlikely(audit_context())) 357 __audit_getcwd(); 358} 359static inline void audit_inode(struct filename *name, 360 const struct dentry *dentry, 361 unsigned int aflags) { 362 if (unlikely(!audit_dummy_context())) 363 __audit_inode(name, dentry, aflags); 364} 365static inline void audit_file(struct file *file) 366{ 367 if (unlikely(!audit_dummy_context())) 368 __audit_file(file); 369} 370static inline void audit_inode_parent_hidden(struct filename *name, 371 const struct dentry *dentry) 372{ 373 if (unlikely(!audit_dummy_context())) 374 __audit_inode(name, dentry, 375 AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN); 376} 377static inline void audit_inode_child(struct inode *parent, 378 const struct dentry *dentry, 379 const unsigned char type) { 380 if (unlikely(!audit_dummy_context())) 381 __audit_inode_child(parent, dentry, type); 382} 383void audit_core_dumps(long signr); 384 385static inline void audit_ptrace(struct task_struct *t) 386{ 387 if (unlikely(!audit_dummy_context())) 388 __audit_ptrace(t); 389} 390 391 /* Private API (for audit.c only) */ 392extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); 393extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); 394extern void __audit_bprm(struct linux_binprm *bprm); 395extern int __audit_socketcall(int nargs, unsigned long *args); 396extern int __audit_sockaddr(int len, void *addr); 397extern void __audit_fd_pair(int fd1, int fd2); 398extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr); 399extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout); 400extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); 401extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); 402extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, 403 const struct cred *new, 404 const struct cred *old); 405extern void __audit_log_capset(const struct cred *new, const struct cred *old); 406extern void __audit_mmap_fd(int fd, int flags); 407extern void __audit_log_kern_module(char *name); 408extern void __audit_fanotify(unsigned int response); 409extern void __audit_tk_injoffset(struct timespec64 offset); 410extern void __audit_ntp_log(const struct audit_ntp_data *ad); 411extern void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, 412 enum audit_nfcfgop op, gfp_t gfp); 413 414static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 415{ 416 if (unlikely(!audit_dummy_context())) 417 __audit_ipc_obj(ipcp); 418} 419static inline void audit_fd_pair(int fd1, int fd2) 420{ 421 if (unlikely(!audit_dummy_context())) 422 __audit_fd_pair(fd1, fd2); 423} 424static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode) 425{ 426 if (unlikely(!audit_dummy_context())) 427 __audit_ipc_set_perm(qbytes, uid, gid, mode); 428} 429static inline void audit_bprm(struct linux_binprm *bprm) 430{ 431 if (unlikely(!audit_dummy_context())) 432 __audit_bprm(bprm); 433} 434static inline int audit_socketcall(int nargs, unsigned long *args) 435{ 436 if (unlikely(!audit_dummy_context())) 437 return __audit_socketcall(nargs, args); 438 return 0; 439} 440 441static inline int audit_socketcall_compat(int nargs, u32 *args) 442{ 443 unsigned long a[AUDITSC_ARGS]; 444 int i; 445 446 if (audit_dummy_context()) 447 return 0; 448 449 for (i = 0; i < nargs; i++) 450 a[i] = (unsigned long)args[i]; 451 return __audit_socketcall(nargs, a); 452} 453 454static inline int audit_sockaddr(int len, void *addr) 455{ 456 if (unlikely(!audit_dummy_context())) 457 return __audit_sockaddr(len, addr); 458 return 0; 459} 460static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 461{ 462 if (unlikely(!audit_dummy_context())) 463 __audit_mq_open(oflag, mode, attr); 464} 465static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout) 466{ 467 if (unlikely(!audit_dummy_context())) 468 __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout); 469} 470static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) 471{ 472 if (unlikely(!audit_dummy_context())) 473 __audit_mq_notify(mqdes, notification); 474} 475static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 476{ 477 if (unlikely(!audit_dummy_context())) 478 __audit_mq_getsetattr(mqdes, mqstat); 479} 480 481static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 482 const struct cred *new, 483 const struct cred *old) 484{ 485 if (unlikely(!audit_dummy_context())) 486 return __audit_log_bprm_fcaps(bprm, new, old); 487 return 0; 488} 489 490static inline void audit_log_capset(const struct cred *new, 491 const struct cred *old) 492{ 493 if (unlikely(!audit_dummy_context())) 494 __audit_log_capset(new, old); 495} 496 497static inline void audit_mmap_fd(int fd, int flags) 498{ 499 if (unlikely(!audit_dummy_context())) 500 __audit_mmap_fd(fd, flags); 501} 502 503static inline void audit_log_kern_module(char *name) 504{ 505 if (!audit_dummy_context()) 506 __audit_log_kern_module(name); 507} 508 509static inline void audit_fanotify(unsigned int response) 510{ 511 if (!audit_dummy_context()) 512 __audit_fanotify(response); 513} 514 515static inline void audit_tk_injoffset(struct timespec64 offset) 516{ 517 /* ignore no-op events */ 518 if (offset.tv_sec == 0 && offset.tv_nsec == 0) 519 return; 520 521 if (!audit_dummy_context()) 522 __audit_tk_injoffset(offset); 523} 524 525static inline void audit_ntp_init(struct audit_ntp_data *ad) 526{ 527 memset(ad, 0, sizeof(*ad)); 528} 529 530static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 531 enum audit_ntp_type type, long long val) 532{ 533 ad->vals[type].oldval = val; 534} 535 536static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 537 enum audit_ntp_type type, long long val) 538{ 539 ad->vals[type].newval = val; 540} 541 542static inline void audit_ntp_log(const struct audit_ntp_data *ad) 543{ 544 if (!audit_dummy_context()) 545 __audit_ntp_log(ad); 546} 547 548static inline void audit_log_nfcfg(const char *name, u8 af, 549 unsigned int nentries, 550 enum audit_nfcfgop op, gfp_t gfp) 551{ 552 if (audit_enabled) 553 __audit_log_nfcfg(name, af, nentries, op, gfp); 554} 555 556extern int audit_n_rules; 557extern int audit_signals; 558#else /* CONFIG_AUDITSYSCALL */ 559static inline int audit_alloc(struct task_struct *task) 560{ 561 return 0; 562} 563static inline void audit_free(struct task_struct *task) 564{ } 565static inline void audit_syscall_entry(int major, unsigned long a0, 566 unsigned long a1, unsigned long a2, 567 unsigned long a3) 568{ } 569static inline void audit_syscall_exit(void *pt_regs) 570{ } 571static inline bool audit_dummy_context(void) 572{ 573 return true; 574} 575static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 576{ } 577static inline struct audit_context *audit_context(void) 578{ 579 return NULL; 580} 581static inline struct filename *audit_reusename(const __user char *name) 582{ 583 return NULL; 584} 585static inline void audit_getname(struct filename *name) 586{ } 587static inline void audit_getcwd(void) 588{ } 589static inline void audit_inode(struct filename *name, 590 const struct dentry *dentry, 591 unsigned int aflags) 592{ } 593static inline void audit_file(struct file *file) 594{ 595} 596static inline void audit_inode_parent_hidden(struct filename *name, 597 const struct dentry *dentry) 598{ } 599static inline void audit_inode_child(struct inode *parent, 600 const struct dentry *dentry, 601 const unsigned char type) 602{ } 603static inline void audit_core_dumps(long signr) 604{ } 605static inline void audit_seccomp(unsigned long syscall, long signr, int code) 606{ } 607static inline void audit_seccomp_actions_logged(const char *names, 608 const char *old_names, int res) 609{ } 610static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 611{ } 612static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, 613 gid_t gid, umode_t mode) 614{ } 615static inline void audit_bprm(struct linux_binprm *bprm) 616{ } 617static inline int audit_socketcall(int nargs, unsigned long *args) 618{ 619 return 0; 620} 621 622static inline int audit_socketcall_compat(int nargs, u32 *args) 623{ 624 return 0; 625} 626 627static inline void audit_fd_pair(int fd1, int fd2) 628{ } 629static inline int audit_sockaddr(int len, void *addr) 630{ 631 return 0; 632} 633static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 634{ } 635static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, 636 unsigned int msg_prio, 637 const struct timespec64 *abs_timeout) 638{ } 639static inline void audit_mq_notify(mqd_t mqdes, 640 const struct sigevent *notification) 641{ } 642static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 643{ } 644static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 645 const struct cred *new, 646 const struct cred *old) 647{ 648 return 0; 649} 650static inline void audit_log_capset(const struct cred *new, 651 const struct cred *old) 652{ } 653static inline void audit_mmap_fd(int fd, int flags) 654{ } 655 656static inline void audit_log_kern_module(char *name) 657{ 658} 659 660static inline void audit_fanotify(unsigned int response) 661{ } 662 663static inline void audit_tk_injoffset(struct timespec64 offset) 664{ } 665 666static inline void audit_ntp_init(struct audit_ntp_data *ad) 667{ } 668 669static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 670 enum audit_ntp_type type, long long val) 671{ } 672 673static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 674 enum audit_ntp_type type, long long val) 675{ } 676 677static inline void audit_ntp_log(const struct audit_ntp_data *ad) 678{ } 679 680static inline void audit_ptrace(struct task_struct *t) 681{ } 682 683static inline void audit_log_nfcfg(const char *name, u8 af, 684 unsigned int nentries, 685 enum audit_nfcfgop op, gfp_t gfp) 686{ } 687 688#define audit_n_rules 0 689#define audit_signals 0 690#endif /* CONFIG_AUDITSYSCALL */ 691 692static inline bool audit_loginuid_set(struct task_struct *tsk) 693{ 694 return uid_valid(audit_get_loginuid(tsk)); 695} 696 697#endif