tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / audit.h
at v6.18 21 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* audit.h -- Auditing support 3 * 4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 5 * All Rights Reserved. 6 * 7 * Written by Rickard E. (Rik) Faith <faith@redhat.com> 8 */ 9#ifndef _LINUX_AUDIT_H_ 10#define _LINUX_AUDIT_H_ 11 12#include <linux/sched.h> 13#include <linux/ptrace.h> 14#include <linux/audit_arch.h> 15#include <uapi/linux/audit.h> 16#include <uapi/linux/netfilter/nf_tables.h> 17#include <uapi/linux/fanotify.h> 18 19#define AUDIT_INO_UNSET ((unsigned long)-1) 20#define AUDIT_DEV_UNSET ((dev_t)-1) 21 22struct audit_sig_info { 23 uid_t uid; 24 pid_t pid; 25 char ctx[]; 26}; 27 28struct audit_buffer; 29struct audit_context; 30struct inode; 31struct netlink_skb_parms; 32struct path; 33struct linux_binprm; 34struct mq_attr; 35struct mqstat; 36struct audit_watch; 37struct audit_tree; 38struct sk_buff; 39struct kern_ipc_perm; 40struct lsm_id; 41struct lsm_prop; 42 43struct audit_krule { 44 u32 pflags; 45 u32 flags; 46 u32 listnr; 47 u32 action; 48 u32 mask[AUDIT_BITMASK_SIZE]; 49 u32 buflen; /* for data alloc on list rules */ 50 u32 field_count; 51 char *filterkey; /* ties events to rules */ 52 struct audit_field *fields; 53 struct audit_field *arch_f; /* quick access to arch field */ 54 struct audit_field *inode_f; /* quick access to an inode field */ 55 struct audit_watch *watch; /* associated watch */ 56 struct audit_tree *tree; /* associated watched tree */ 57 struct audit_fsnotify_mark *exe; 58 struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ 59 struct list_head list; /* for AUDIT_LIST* purposes only */ 60 u64 prio; 61}; 62 63/* Flag to indicate legacy AUDIT_LOGINUID unset usage */ 64#define AUDIT_LOGINUID_LEGACY 0x1 65 66struct audit_field { 67 u32 type; 68 union { 69 u32 val; 70 kuid_t uid; 71 kgid_t gid; 72 struct { 73 char *lsm_str; 74 void *lsm_rule; 75 }; 76 }; 77 u32 op; 78}; 79 80enum audit_ntp_type { 81 AUDIT_NTP_OFFSET, 82 AUDIT_NTP_FREQ, 83 AUDIT_NTP_STATUS, 84 AUDIT_NTP_TAI, 85 AUDIT_NTP_TICK, 86 AUDIT_NTP_ADJUST, 87 88 AUDIT_NTP_NVALS /* count */ 89}; 90 91#ifdef CONFIG_AUDITSYSCALL 92struct audit_ntp_val { 93 long long oldval, newval; 94}; 95 96struct audit_ntp_data { 97 struct audit_ntp_val vals[AUDIT_NTP_NVALS]; 98}; 99#else 100struct audit_ntp_data {}; 101#endif 102 103enum audit_nfcfgop { 104 AUDIT_XT_OP_REGISTER, 105 AUDIT_XT_OP_REPLACE, 106 AUDIT_XT_OP_UNREGISTER, 107 AUDIT_NFT_OP_TABLE_REGISTER, 108 AUDIT_NFT_OP_TABLE_UNREGISTER, 109 AUDIT_NFT_OP_CHAIN_REGISTER, 110 AUDIT_NFT_OP_CHAIN_UNREGISTER, 111 AUDIT_NFT_OP_RULE_REGISTER, 112 AUDIT_NFT_OP_RULE_UNREGISTER, 113 AUDIT_NFT_OP_SET_REGISTER, 114 AUDIT_NFT_OP_SET_UNREGISTER, 115 AUDIT_NFT_OP_SETELEM_REGISTER, 116 AUDIT_NFT_OP_SETELEM_UNREGISTER, 117 AUDIT_NFT_OP_GEN_REGISTER, 118 AUDIT_NFT_OP_OBJ_REGISTER, 119 AUDIT_NFT_OP_OBJ_UNREGISTER, 120 AUDIT_NFT_OP_OBJ_RESET, 121 AUDIT_NFT_OP_FLOWTABLE_REGISTER, 122 AUDIT_NFT_OP_FLOWTABLE_UNREGISTER, 123 AUDIT_NFT_OP_SETELEM_RESET, 124 AUDIT_NFT_OP_RULE_RESET, 125 AUDIT_NFT_OP_INVALID, 126}; 127 128extern int __init audit_register_class(int class, unsigned *list); 129extern int audit_classify_syscall(int abi, unsigned syscall); 130extern int audit_classify_arch(int arch); 131/* only for compat system calls */ 132extern unsigned compat_write_class[]; 133extern unsigned compat_read_class[]; 134extern unsigned compat_dir_class[]; 135extern unsigned compat_chattr_class[]; 136extern unsigned compat_signal_class[]; 137 138/* audit_names->type values */ 139#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ 140#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ 141#define AUDIT_TYPE_PARENT 2 /* a parent audit record */ 142#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ 143#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ 144 145/* maximized args number that audit_socketcall can process */ 146#define AUDITSC_ARGS 6 147 148/* bit values for ->signal->audit_tty */ 149#define AUDIT_TTY_ENABLE BIT(0) 150#define AUDIT_TTY_LOG_PASSWD BIT(1) 151 152/* bit values for audit_cfg_lsm */ 153#define AUDIT_CFG_LSM_SECCTX_SUBJECT BIT(0) 154#define AUDIT_CFG_LSM_SECCTX_OBJECT BIT(1) 155 156struct filename; 157 158#define AUDIT_OFF 0 159#define AUDIT_ON 1 160#define AUDIT_LOCKED 2 161#ifdef CONFIG_AUDIT 162/* These are defined in audit.c */ 163 /* Public API */ 164extern __printf(4, 5) 165void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 166 const char *fmt, ...); 167 168extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); 169extern __printf(2, 3) 170void audit_log_format(struct audit_buffer *ab, const char *fmt, ...); 171extern void audit_log_end(struct audit_buffer *ab); 172extern bool audit_string_contains_control(const char *string, 173 size_t len); 174extern void audit_log_n_hex(struct audit_buffer *ab, 175 const unsigned char *buf, 176 size_t len); 177extern void audit_log_n_string(struct audit_buffer *ab, 178 const char *buf, 179 size_t n); 180extern void audit_log_n_untrustedstring(struct audit_buffer *ab, 181 const char *string, 182 size_t n); 183extern void audit_log_untrustedstring(struct audit_buffer *ab, 184 const char *string); 185extern void audit_log_d_path(struct audit_buffer *ab, 186 const char *prefix, 187 const struct path *path); 188extern void audit_log_key(struct audit_buffer *ab, 189 char *key); 190extern void audit_log_path_denied(int type, 191 const char *operation); 192extern void audit_log_lost(const char *message); 193 194extern int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *prop); 195extern int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *prop); 196extern int audit_log_task_context(struct audit_buffer *ab); 197extern void audit_log_task_info(struct audit_buffer *ab); 198 199extern int audit_update_lsm_rules(void); 200 201 /* Private API (for audit.c only) */ 202extern int audit_rule_change(int type, int seq, void *data, size_t datasz); 203extern int audit_list_rules_send(struct sk_buff *request_skb, int seq); 204 205extern int audit_set_loginuid(kuid_t loginuid); 206 207static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 208{ 209 return tsk->loginuid; 210} 211 212static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 213{ 214 return tsk->sessionid; 215} 216 217extern u32 audit_enabled; 218 219extern int audit_signal_info(int sig, struct task_struct *t); 220 221extern void audit_cfg_lsm(const struct lsm_id *lsmid, int flags); 222 223#else /* CONFIG_AUDIT */ 224static inline __printf(4, 5) 225void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 226 const char *fmt, ...) 227{ } 228static inline struct audit_buffer *audit_log_start(struct audit_context *ctx, 229 gfp_t gfp_mask, int type) 230{ 231 return NULL; 232} 233static inline __printf(2, 3) 234void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) 235{ } 236static inline void audit_log_end(struct audit_buffer *ab) 237{ } 238static inline void audit_log_n_hex(struct audit_buffer *ab, 239 const unsigned char *buf, size_t len) 240{ } 241static inline void audit_log_n_string(struct audit_buffer *ab, 242 const char *buf, size_t n) 243{ } 244static inline void audit_log_n_untrustedstring(struct audit_buffer *ab, 245 const char *string, size_t n) 246{ } 247static inline void audit_log_untrustedstring(struct audit_buffer *ab, 248 const char *string) 249{ } 250static inline void audit_log_d_path(struct audit_buffer *ab, 251 const char *prefix, 252 const struct path *path) 253{ } 254static inline void audit_log_key(struct audit_buffer *ab, char *key) 255{ } 256static inline void audit_log_path_denied(int type, const char *operation) 257{ } 258static inline int audit_log_subj_ctx(struct audit_buffer *ab, 259 struct lsm_prop *prop) 260{ 261 return 0; 262} 263static inline int audit_log_obj_ctx(struct audit_buffer *ab, 264 struct lsm_prop *prop) 265{ 266 return 0; 267} 268static inline int audit_log_task_context(struct audit_buffer *ab) 269{ 270 return 0; 271} 272static inline void audit_log_task_info(struct audit_buffer *ab) 273{ } 274 275static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 276{ 277 return INVALID_UID; 278} 279 280static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 281{ 282 return AUDIT_SID_UNSET; 283} 284 285#define audit_enabled AUDIT_OFF 286 287static inline int audit_signal_info(int sig, struct task_struct *t) 288{ 289 return 0; 290} 291 292static inline void audit_cfg_lsm(const struct lsm_id *lsmid, int flags) 293{ } 294 295#endif /* CONFIG_AUDIT */ 296 297#ifdef CONFIG_AUDIT_COMPAT_GENERIC 298#define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT)) 299#else 300#define audit_is_compat(arch) false 301#endif 302 303#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */ 304#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */ 305#define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */ 306 307#ifdef CONFIG_AUDITSYSCALL 308#include <asm/syscall.h> /* for syscall_get_arch() */ 309 310/* These are defined in auditsc.c */ 311 /* Public API */ 312extern int audit_alloc(struct task_struct *task); 313extern void __audit_free(struct task_struct *task); 314extern void __audit_uring_entry(u8 op); 315extern void __audit_uring_exit(int success, long code); 316extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, 317 unsigned long a2, unsigned long a3); 318extern void __audit_syscall_exit(int ret_success, long ret_value); 319extern struct filename *__audit_reusename(const __user char *uptr); 320extern void __audit_getname(struct filename *name); 321extern void __audit_inode(struct filename *name, const struct dentry *dentry, 322 unsigned int flags); 323extern void __audit_file(const struct file *); 324extern void __audit_inode_child(struct inode *parent, 325 const struct dentry *dentry, 326 const unsigned char type); 327extern void audit_seccomp(unsigned long syscall, long signr, int code); 328extern void audit_seccomp_actions_logged(const char *names, 329 const char *old_names, int res); 330extern void __audit_ptrace(struct task_struct *t); 331 332static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 333{ 334 task->audit_context = ctx; 335} 336 337static inline struct audit_context *audit_context(void) 338{ 339 return current->audit_context; 340} 341 342static inline bool audit_dummy_context(void) 343{ 344 void *p = audit_context(); 345 return !p || *(int *)p; 346} 347static inline void audit_free(struct task_struct *task) 348{ 349 if (unlikely(task->audit_context)) 350 __audit_free(task); 351} 352static inline void audit_uring_entry(u8 op) 353{ 354 /* 355 * We intentionally check audit_context() before audit_enabled as most 356 * Linux systems (as of ~2021) rely on systemd which forces audit to 357 * be enabled regardless of the user's audit configuration. 358 */ 359 if (unlikely(audit_context() && audit_enabled)) 360 __audit_uring_entry(op); 361} 362static inline void audit_uring_exit(int success, long code) 363{ 364 if (unlikely(audit_context())) 365 __audit_uring_exit(success, code); 366} 367static inline void audit_syscall_entry(int major, unsigned long a0, 368 unsigned long a1, unsigned long a2, 369 unsigned long a3) 370{ 371 if (unlikely(audit_context())) 372 __audit_syscall_entry(major, a0, a1, a2, a3); 373} 374static inline void audit_syscall_exit(void *pt_regs) 375{ 376 if (unlikely(audit_context())) { 377 int success = is_syscall_success(pt_regs); 378 long return_code = regs_return_value(pt_regs); 379 380 __audit_syscall_exit(success, return_code); 381 } 382} 383static inline struct filename *audit_reusename(const __user char *name) 384{ 385 if (unlikely(!audit_dummy_context())) 386 return __audit_reusename(name); 387 return NULL; 388} 389static inline void audit_getname(struct filename *name) 390{ 391 if (unlikely(!audit_dummy_context())) 392 __audit_getname(name); 393} 394static inline void audit_inode(struct filename *name, 395 const struct dentry *dentry, 396 unsigned int aflags) { 397 if (unlikely(!audit_dummy_context())) 398 __audit_inode(name, dentry, aflags); 399} 400static inline void audit_file(struct file *file) 401{ 402 if (unlikely(!audit_dummy_context())) 403 __audit_file(file); 404} 405static inline void audit_inode_parent_hidden(struct filename *name, 406 const struct dentry *dentry) 407{ 408 if (unlikely(!audit_dummy_context())) 409 __audit_inode(name, dentry, 410 AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN); 411} 412static inline void audit_inode_child(struct inode *parent, 413 const struct dentry *dentry, 414 const unsigned char type) { 415 if (unlikely(!audit_dummy_context())) 416 __audit_inode_child(parent, dentry, type); 417} 418void audit_core_dumps(long signr); 419 420static inline void audit_ptrace(struct task_struct *t) 421{ 422 if (unlikely(!audit_dummy_context())) 423 __audit_ptrace(t); 424} 425 426 /* Private API (for audit.c only) */ 427extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); 428extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); 429extern void __audit_bprm(struct linux_binprm *bprm); 430extern int __audit_socketcall(int nargs, unsigned long *args); 431extern int __audit_sockaddr(int len, void *addr); 432extern void __audit_fd_pair(int fd1, int fd2); 433extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr); 434extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout); 435extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); 436extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); 437extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, 438 const struct cred *new, 439 const struct cred *old); 440extern void __audit_log_capset(const struct cred *new, const struct cred *old); 441extern void __audit_mmap_fd(int fd, int flags); 442extern void __audit_openat2_how(struct open_how *how); 443extern void __audit_log_kern_module(const char *name); 444extern void __audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar); 445extern void __audit_tk_injoffset(struct timespec64 offset); 446extern void __audit_ntp_log(const struct audit_ntp_data *ad); 447extern void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, 448 enum audit_nfcfgop op, gfp_t gfp); 449 450static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 451{ 452 if (unlikely(!audit_dummy_context())) 453 __audit_ipc_obj(ipcp); 454} 455static inline void audit_fd_pair(int fd1, int fd2) 456{ 457 if (unlikely(!audit_dummy_context())) 458 __audit_fd_pair(fd1, fd2); 459} 460static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode) 461{ 462 if (unlikely(!audit_dummy_context())) 463 __audit_ipc_set_perm(qbytes, uid, gid, mode); 464} 465static inline void audit_bprm(struct linux_binprm *bprm) 466{ 467 if (unlikely(!audit_dummy_context())) 468 __audit_bprm(bprm); 469} 470static inline int audit_socketcall(int nargs, unsigned long *args) 471{ 472 if (unlikely(!audit_dummy_context())) 473 return __audit_socketcall(nargs, args); 474 return 0; 475} 476 477static inline int audit_socketcall_compat(int nargs, u32 *args) 478{ 479 unsigned long a[AUDITSC_ARGS]; 480 int i; 481 482 if (audit_dummy_context()) 483 return 0; 484 485 for (i = 0; i < nargs; i++) 486 a[i] = (unsigned long)args[i]; 487 return __audit_socketcall(nargs, a); 488} 489 490static inline int audit_sockaddr(int len, void *addr) 491{ 492 if (unlikely(!audit_dummy_context())) 493 return __audit_sockaddr(len, addr); 494 return 0; 495} 496static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 497{ 498 if (unlikely(!audit_dummy_context())) 499 __audit_mq_open(oflag, mode, attr); 500} 501static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout) 502{ 503 if (unlikely(!audit_dummy_context())) 504 __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout); 505} 506static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) 507{ 508 if (unlikely(!audit_dummy_context())) 509 __audit_mq_notify(mqdes, notification); 510} 511static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 512{ 513 if (unlikely(!audit_dummy_context())) 514 __audit_mq_getsetattr(mqdes, mqstat); 515} 516 517static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 518 const struct cred *new, 519 const struct cred *old) 520{ 521 if (unlikely(!audit_dummy_context())) 522 return __audit_log_bprm_fcaps(bprm, new, old); 523 return 0; 524} 525 526static inline void audit_log_capset(const struct cred *new, 527 const struct cred *old) 528{ 529 if (unlikely(!audit_dummy_context())) 530 __audit_log_capset(new, old); 531} 532 533static inline void audit_mmap_fd(int fd, int flags) 534{ 535 if (unlikely(!audit_dummy_context())) 536 __audit_mmap_fd(fd, flags); 537} 538 539static inline void audit_openat2_how(struct open_how *how) 540{ 541 if (unlikely(!audit_dummy_context())) 542 __audit_openat2_how(how); 543} 544 545static inline void audit_log_kern_module(const char *name) 546{ 547 if (!audit_dummy_context()) 548 __audit_log_kern_module(name); 549} 550 551static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) 552{ 553 if (audit_enabled) 554 __audit_fanotify(response, friar); 555} 556 557static inline void audit_tk_injoffset(struct timespec64 offset) 558{ 559 /* ignore no-op events */ 560 if (offset.tv_sec == 0 && offset.tv_nsec == 0) 561 return; 562 563 if (!audit_dummy_context()) 564 __audit_tk_injoffset(offset); 565} 566 567static inline void audit_ntp_init(struct audit_ntp_data *ad) 568{ 569 memset(ad, 0, sizeof(*ad)); 570} 571 572static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 573 enum audit_ntp_type type, long long val) 574{ 575 ad->vals[type].oldval = val; 576} 577 578static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 579 enum audit_ntp_type type, long long val) 580{ 581 ad->vals[type].newval = val; 582} 583 584static inline void audit_ntp_log(const struct audit_ntp_data *ad) 585{ 586 if (!audit_dummy_context()) 587 __audit_ntp_log(ad); 588} 589 590static inline void audit_log_nfcfg(const char *name, u8 af, 591 unsigned int nentries, 592 enum audit_nfcfgop op, gfp_t gfp) 593{ 594 if (audit_enabled) 595 __audit_log_nfcfg(name, af, nentries, op, gfp); 596} 597 598extern int audit_n_rules; 599extern int audit_signals; 600#else /* CONFIG_AUDITSYSCALL */ 601static inline int audit_alloc(struct task_struct *task) 602{ 603 return 0; 604} 605static inline void audit_free(struct task_struct *task) 606{ } 607static inline void audit_uring_entry(u8 op) 608{ } 609static inline void audit_uring_exit(int success, long code) 610{ } 611static inline void audit_syscall_entry(int major, unsigned long a0, 612 unsigned long a1, unsigned long a2, 613 unsigned long a3) 614{ } 615static inline void audit_syscall_exit(void *pt_regs) 616{ } 617static inline bool audit_dummy_context(void) 618{ 619 return true; 620} 621static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 622{ } 623static inline struct audit_context *audit_context(void) 624{ 625 return NULL; 626} 627static inline struct filename *audit_reusename(const __user char *name) 628{ 629 return NULL; 630} 631static inline void audit_getname(struct filename *name) 632{ } 633static inline void audit_inode(struct filename *name, 634 const struct dentry *dentry, 635 unsigned int aflags) 636{ } 637static inline void audit_file(struct file *file) 638{ 639} 640static inline void audit_inode_parent_hidden(struct filename *name, 641 const struct dentry *dentry) 642{ } 643static inline void audit_inode_child(struct inode *parent, 644 const struct dentry *dentry, 645 const unsigned char type) 646{ } 647static inline void audit_core_dumps(long signr) 648{ } 649static inline void audit_seccomp(unsigned long syscall, long signr, int code) 650{ } 651static inline void audit_seccomp_actions_logged(const char *names, 652 const char *old_names, int res) 653{ } 654static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 655{ } 656static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, 657 gid_t gid, umode_t mode) 658{ } 659static inline void audit_bprm(struct linux_binprm *bprm) 660{ } 661static inline int audit_socketcall(int nargs, unsigned long *args) 662{ 663 return 0; 664} 665 666static inline int audit_socketcall_compat(int nargs, u32 *args) 667{ 668 return 0; 669} 670 671static inline void audit_fd_pair(int fd1, int fd2) 672{ } 673static inline int audit_sockaddr(int len, void *addr) 674{ 675 return 0; 676} 677static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 678{ } 679static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, 680 unsigned int msg_prio, 681 const struct timespec64 *abs_timeout) 682{ } 683static inline void audit_mq_notify(mqd_t mqdes, 684 const struct sigevent *notification) 685{ } 686static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 687{ } 688static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 689 const struct cred *new, 690 const struct cred *old) 691{ 692 return 0; 693} 694static inline void audit_log_capset(const struct cred *new, 695 const struct cred *old) 696{ } 697static inline void audit_mmap_fd(int fd, int flags) 698{ } 699 700static inline void audit_openat2_how(struct open_how *how) 701{ } 702 703static inline void audit_log_kern_module(const char *name) 704{ } 705 706static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) 707{ } 708 709static inline void audit_tk_injoffset(struct timespec64 offset) 710{ } 711 712static inline void audit_ntp_init(struct audit_ntp_data *ad) 713{ } 714 715static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 716 enum audit_ntp_type type, long long val) 717{ } 718 719static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 720 enum audit_ntp_type type, long long val) 721{ } 722 723static inline void audit_ntp_log(const struct audit_ntp_data *ad) 724{ } 725 726static inline void audit_ptrace(struct task_struct *t) 727{ } 728 729static inline void audit_log_nfcfg(const char *name, u8 af, 730 unsigned int nentries, 731 enum audit_nfcfgop op, gfp_t gfp) 732{ } 733 734#define audit_n_rules 0 735#define audit_signals 0 736#endif /* CONFIG_AUDITSYSCALL */ 737 738static inline bool audit_loginuid_set(struct task_struct *tsk) 739{ 740 return uid_valid(audit_get_loginuid(tsk)); 741} 742 743#endif