tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / audit.h
at v6.5 20 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* audit.h -- Auditing support 3 * 4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 5 * All Rights Reserved. 6 * 7 * Written by Rickard E. (Rik) Faith <faith@redhat.com> 8 */ 9#ifndef _LINUX_AUDIT_H_ 10#define _LINUX_AUDIT_H_ 11 12#include <linux/sched.h> 13#include <linux/ptrace.h> 14#include <linux/audit_arch.h> 15#include <uapi/linux/audit.h> 16#include <uapi/linux/netfilter/nf_tables.h> 17#include <uapi/linux/fanotify.h> 18 19#define AUDIT_INO_UNSET ((unsigned long)-1) 20#define AUDIT_DEV_UNSET ((dev_t)-1) 21 22struct audit_sig_info { 23 uid_t uid; 24 pid_t pid; 25 char ctx[]; 26}; 27 28struct audit_buffer; 29struct audit_context; 30struct inode; 31struct netlink_skb_parms; 32struct path; 33struct linux_binprm; 34struct mq_attr; 35struct mqstat; 36struct audit_watch; 37struct audit_tree; 38struct sk_buff; 39 40struct audit_krule { 41 u32 pflags; 42 u32 flags; 43 u32 listnr; 44 u32 action; 45 u32 mask[AUDIT_BITMASK_SIZE]; 46 u32 buflen; /* for data alloc on list rules */ 47 u32 field_count; 48 char *filterkey; /* ties events to rules */ 49 struct audit_field *fields; 50 struct audit_field *arch_f; /* quick access to arch field */ 51 struct audit_field *inode_f; /* quick access to an inode field */ 52 struct audit_watch *watch; /* associated watch */ 53 struct audit_tree *tree; /* associated watched tree */ 54 struct audit_fsnotify_mark *exe; 55 struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ 56 struct list_head list; /* for AUDIT_LIST* purposes only */ 57 u64 prio; 58}; 59 60/* Flag to indicate legacy AUDIT_LOGINUID unset usage */ 61#define AUDIT_LOGINUID_LEGACY 0x1 62 63struct audit_field { 64 u32 type; 65 union { 66 u32 val; 67 kuid_t uid; 68 kgid_t gid; 69 struct { 70 char *lsm_str; 71 void *lsm_rule; 72 }; 73 }; 74 u32 op; 75}; 76 77enum audit_ntp_type { 78 AUDIT_NTP_OFFSET, 79 AUDIT_NTP_FREQ, 80 AUDIT_NTP_STATUS, 81 AUDIT_NTP_TAI, 82 AUDIT_NTP_TICK, 83 AUDIT_NTP_ADJUST, 84 85 AUDIT_NTP_NVALS /* count */ 86}; 87 88#ifdef CONFIG_AUDITSYSCALL 89struct audit_ntp_val { 90 long long oldval, newval; 91}; 92 93struct audit_ntp_data { 94 struct audit_ntp_val vals[AUDIT_NTP_NVALS]; 95}; 96#else 97struct audit_ntp_data {}; 98#endif 99 100enum audit_nfcfgop { 101 AUDIT_XT_OP_REGISTER, 102 AUDIT_XT_OP_REPLACE, 103 AUDIT_XT_OP_UNREGISTER, 104 AUDIT_NFT_OP_TABLE_REGISTER, 105 AUDIT_NFT_OP_TABLE_UNREGISTER, 106 AUDIT_NFT_OP_CHAIN_REGISTER, 107 AUDIT_NFT_OP_CHAIN_UNREGISTER, 108 AUDIT_NFT_OP_RULE_REGISTER, 109 AUDIT_NFT_OP_RULE_UNREGISTER, 110 AUDIT_NFT_OP_SET_REGISTER, 111 AUDIT_NFT_OP_SET_UNREGISTER, 112 AUDIT_NFT_OP_SETELEM_REGISTER, 113 AUDIT_NFT_OP_SETELEM_UNREGISTER, 114 AUDIT_NFT_OP_GEN_REGISTER, 115 AUDIT_NFT_OP_OBJ_REGISTER, 116 AUDIT_NFT_OP_OBJ_UNREGISTER, 117 AUDIT_NFT_OP_OBJ_RESET, 118 AUDIT_NFT_OP_FLOWTABLE_REGISTER, 119 AUDIT_NFT_OP_FLOWTABLE_UNREGISTER, 120 AUDIT_NFT_OP_INVALID, 121}; 122 123extern int __init audit_register_class(int class, unsigned *list); 124extern int audit_classify_syscall(int abi, unsigned syscall); 125extern int audit_classify_arch(int arch); 126/* only for compat system calls */ 127extern unsigned compat_write_class[]; 128extern unsigned compat_read_class[]; 129extern unsigned compat_dir_class[]; 130extern unsigned compat_chattr_class[]; 131extern unsigned compat_signal_class[]; 132 133/* audit_names->type values */ 134#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ 135#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ 136#define AUDIT_TYPE_PARENT 2 /* a parent audit record */ 137#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ 138#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ 139 140/* maximized args number that audit_socketcall can process */ 141#define AUDITSC_ARGS 6 142 143/* bit values for ->signal->audit_tty */ 144#define AUDIT_TTY_ENABLE BIT(0) 145#define AUDIT_TTY_LOG_PASSWD BIT(1) 146 147struct filename; 148 149#define AUDIT_OFF 0 150#define AUDIT_ON 1 151#define AUDIT_LOCKED 2 152#ifdef CONFIG_AUDIT 153/* These are defined in audit.c */ 154 /* Public API */ 155extern __printf(4, 5) 156void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 157 const char *fmt, ...); 158 159extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); 160extern __printf(2, 3) 161void audit_log_format(struct audit_buffer *ab, const char *fmt, ...); 162extern void audit_log_end(struct audit_buffer *ab); 163extern bool audit_string_contains_control(const char *string, 164 size_t len); 165extern void audit_log_n_hex(struct audit_buffer *ab, 166 const unsigned char *buf, 167 size_t len); 168extern void audit_log_n_string(struct audit_buffer *ab, 169 const char *buf, 170 size_t n); 171extern void audit_log_n_untrustedstring(struct audit_buffer *ab, 172 const char *string, 173 size_t n); 174extern void audit_log_untrustedstring(struct audit_buffer *ab, 175 const char *string); 176extern void audit_log_d_path(struct audit_buffer *ab, 177 const char *prefix, 178 const struct path *path); 179extern void audit_log_key(struct audit_buffer *ab, 180 char *key); 181extern void audit_log_path_denied(int type, 182 const char *operation); 183extern void audit_log_lost(const char *message); 184 185extern int audit_log_task_context(struct audit_buffer *ab); 186extern void audit_log_task_info(struct audit_buffer *ab); 187 188extern int audit_update_lsm_rules(void); 189 190 /* Private API (for audit.c only) */ 191extern int audit_rule_change(int type, int seq, void *data, size_t datasz); 192extern int audit_list_rules_send(struct sk_buff *request_skb, int seq); 193 194extern int audit_set_loginuid(kuid_t loginuid); 195 196static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 197{ 198 return tsk->loginuid; 199} 200 201static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 202{ 203 return tsk->sessionid; 204} 205 206extern u32 audit_enabled; 207 208extern int audit_signal_info(int sig, struct task_struct *t); 209 210#else /* CONFIG_AUDIT */ 211static inline __printf(4, 5) 212void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 213 const char *fmt, ...) 214{ } 215static inline struct audit_buffer *audit_log_start(struct audit_context *ctx, 216 gfp_t gfp_mask, int type) 217{ 218 return NULL; 219} 220static inline __printf(2, 3) 221void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) 222{ } 223static inline void audit_log_end(struct audit_buffer *ab) 224{ } 225static inline void audit_log_n_hex(struct audit_buffer *ab, 226 const unsigned char *buf, size_t len) 227{ } 228static inline void audit_log_n_string(struct audit_buffer *ab, 229 const char *buf, size_t n) 230{ } 231static inline void audit_log_n_untrustedstring(struct audit_buffer *ab, 232 const char *string, size_t n) 233{ } 234static inline void audit_log_untrustedstring(struct audit_buffer *ab, 235 const char *string) 236{ } 237static inline void audit_log_d_path(struct audit_buffer *ab, 238 const char *prefix, 239 const struct path *path) 240{ } 241static inline void audit_log_key(struct audit_buffer *ab, char *key) 242{ } 243static inline void audit_log_path_denied(int type, const char *operation) 244{ } 245static inline int audit_log_task_context(struct audit_buffer *ab) 246{ 247 return 0; 248} 249static inline void audit_log_task_info(struct audit_buffer *ab) 250{ } 251 252static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 253{ 254 return INVALID_UID; 255} 256 257static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 258{ 259 return AUDIT_SID_UNSET; 260} 261 262#define audit_enabled AUDIT_OFF 263 264static inline int audit_signal_info(int sig, struct task_struct *t) 265{ 266 return 0; 267} 268 269#endif /* CONFIG_AUDIT */ 270 271#ifdef CONFIG_AUDIT_COMPAT_GENERIC 272#define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT)) 273#else 274#define audit_is_compat(arch) false 275#endif 276 277#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */ 278#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */ 279#define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */ 280 281#ifdef CONFIG_AUDITSYSCALL 282#include <asm/syscall.h> /* for syscall_get_arch() */ 283 284/* These are defined in auditsc.c */ 285 /* Public API */ 286extern int audit_alloc(struct task_struct *task); 287extern void __audit_free(struct task_struct *task); 288extern void __audit_uring_entry(u8 op); 289extern void __audit_uring_exit(int success, long code); 290extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, 291 unsigned long a2, unsigned long a3); 292extern void __audit_syscall_exit(int ret_success, long ret_value); 293extern struct filename *__audit_reusename(const __user char *uptr); 294extern void __audit_getname(struct filename *name); 295extern void __audit_inode(struct filename *name, const struct dentry *dentry, 296 unsigned int flags); 297extern void __audit_file(const struct file *); 298extern void __audit_inode_child(struct inode *parent, 299 const struct dentry *dentry, 300 const unsigned char type); 301extern void audit_seccomp(unsigned long syscall, long signr, int code); 302extern void audit_seccomp_actions_logged(const char *names, 303 const char *old_names, int res); 304extern void __audit_ptrace(struct task_struct *t); 305 306static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 307{ 308 task->audit_context = ctx; 309} 310 311static inline struct audit_context *audit_context(void) 312{ 313 return current->audit_context; 314} 315 316static inline bool audit_dummy_context(void) 317{ 318 void *p = audit_context(); 319 return !p || *(int *)p; 320} 321static inline void audit_free(struct task_struct *task) 322{ 323 if (unlikely(task->audit_context)) 324 __audit_free(task); 325} 326static inline void audit_uring_entry(u8 op) 327{ 328 /* 329 * We intentionally check audit_context() before audit_enabled as most 330 * Linux systems (as of ~2021) rely on systemd which forces audit to 331 * be enabled regardless of the user's audit configuration. 332 */ 333 if (unlikely(audit_context() && audit_enabled)) 334 __audit_uring_entry(op); 335} 336static inline void audit_uring_exit(int success, long code) 337{ 338 if (unlikely(audit_context())) 339 __audit_uring_exit(success, code); 340} 341static inline void audit_syscall_entry(int major, unsigned long a0, 342 unsigned long a1, unsigned long a2, 343 unsigned long a3) 344{ 345 if (unlikely(audit_context())) 346 __audit_syscall_entry(major, a0, a1, a2, a3); 347} 348static inline void audit_syscall_exit(void *pt_regs) 349{ 350 if (unlikely(audit_context())) { 351 int success = is_syscall_success(pt_regs); 352 long return_code = regs_return_value(pt_regs); 353 354 __audit_syscall_exit(success, return_code); 355 } 356} 357static inline struct filename *audit_reusename(const __user char *name) 358{ 359 if (unlikely(!audit_dummy_context())) 360 return __audit_reusename(name); 361 return NULL; 362} 363static inline void audit_getname(struct filename *name) 364{ 365 if (unlikely(!audit_dummy_context())) 366 __audit_getname(name); 367} 368static inline void audit_inode(struct filename *name, 369 const struct dentry *dentry, 370 unsigned int aflags) { 371 if (unlikely(!audit_dummy_context())) 372 __audit_inode(name, dentry, aflags); 373} 374static inline void audit_file(struct file *file) 375{ 376 if (unlikely(!audit_dummy_context())) 377 __audit_file(file); 378} 379static inline void audit_inode_parent_hidden(struct filename *name, 380 const struct dentry *dentry) 381{ 382 if (unlikely(!audit_dummy_context())) 383 __audit_inode(name, dentry, 384 AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN); 385} 386static inline void audit_inode_child(struct inode *parent, 387 const struct dentry *dentry, 388 const unsigned char type) { 389 if (unlikely(!audit_dummy_context())) 390 __audit_inode_child(parent, dentry, type); 391} 392void audit_core_dumps(long signr); 393 394static inline void audit_ptrace(struct task_struct *t) 395{ 396 if (unlikely(!audit_dummy_context())) 397 __audit_ptrace(t); 398} 399 400 /* Private API (for audit.c only) */ 401extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); 402extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); 403extern void __audit_bprm(struct linux_binprm *bprm); 404extern int __audit_socketcall(int nargs, unsigned long *args); 405extern int __audit_sockaddr(int len, void *addr); 406extern void __audit_fd_pair(int fd1, int fd2); 407extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr); 408extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout); 409extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); 410extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); 411extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, 412 const struct cred *new, 413 const struct cred *old); 414extern void __audit_log_capset(const struct cred *new, const struct cred *old); 415extern void __audit_mmap_fd(int fd, int flags); 416extern void __audit_openat2_how(struct open_how *how); 417extern void __audit_log_kern_module(char *name); 418extern void __audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar); 419extern void __audit_tk_injoffset(struct timespec64 offset); 420extern void __audit_ntp_log(const struct audit_ntp_data *ad); 421extern void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, 422 enum audit_nfcfgop op, gfp_t gfp); 423 424static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 425{ 426 if (unlikely(!audit_dummy_context())) 427 __audit_ipc_obj(ipcp); 428} 429static inline void audit_fd_pair(int fd1, int fd2) 430{ 431 if (unlikely(!audit_dummy_context())) 432 __audit_fd_pair(fd1, fd2); 433} 434static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode) 435{ 436 if (unlikely(!audit_dummy_context())) 437 __audit_ipc_set_perm(qbytes, uid, gid, mode); 438} 439static inline void audit_bprm(struct linux_binprm *bprm) 440{ 441 if (unlikely(!audit_dummy_context())) 442 __audit_bprm(bprm); 443} 444static inline int audit_socketcall(int nargs, unsigned long *args) 445{ 446 if (unlikely(!audit_dummy_context())) 447 return __audit_socketcall(nargs, args); 448 return 0; 449} 450 451static inline int audit_socketcall_compat(int nargs, u32 *args) 452{ 453 unsigned long a[AUDITSC_ARGS]; 454 int i; 455 456 if (audit_dummy_context()) 457 return 0; 458 459 for (i = 0; i < nargs; i++) 460 a[i] = (unsigned long)args[i]; 461 return __audit_socketcall(nargs, a); 462} 463 464static inline int audit_sockaddr(int len, void *addr) 465{ 466 if (unlikely(!audit_dummy_context())) 467 return __audit_sockaddr(len, addr); 468 return 0; 469} 470static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 471{ 472 if (unlikely(!audit_dummy_context())) 473 __audit_mq_open(oflag, mode, attr); 474} 475static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout) 476{ 477 if (unlikely(!audit_dummy_context())) 478 __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout); 479} 480static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) 481{ 482 if (unlikely(!audit_dummy_context())) 483 __audit_mq_notify(mqdes, notification); 484} 485static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 486{ 487 if (unlikely(!audit_dummy_context())) 488 __audit_mq_getsetattr(mqdes, mqstat); 489} 490 491static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 492 const struct cred *new, 493 const struct cred *old) 494{ 495 if (unlikely(!audit_dummy_context())) 496 return __audit_log_bprm_fcaps(bprm, new, old); 497 return 0; 498} 499 500static inline void audit_log_capset(const struct cred *new, 501 const struct cred *old) 502{ 503 if (unlikely(!audit_dummy_context())) 504 __audit_log_capset(new, old); 505} 506 507static inline void audit_mmap_fd(int fd, int flags) 508{ 509 if (unlikely(!audit_dummy_context())) 510 __audit_mmap_fd(fd, flags); 511} 512 513static inline void audit_openat2_how(struct open_how *how) 514{ 515 if (unlikely(!audit_dummy_context())) 516 __audit_openat2_how(how); 517} 518 519static inline void audit_log_kern_module(char *name) 520{ 521 if (!audit_dummy_context()) 522 __audit_log_kern_module(name); 523} 524 525static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) 526{ 527 if (!audit_dummy_context()) 528 __audit_fanotify(response, friar); 529} 530 531static inline void audit_tk_injoffset(struct timespec64 offset) 532{ 533 /* ignore no-op events */ 534 if (offset.tv_sec == 0 && offset.tv_nsec == 0) 535 return; 536 537 if (!audit_dummy_context()) 538 __audit_tk_injoffset(offset); 539} 540 541static inline void audit_ntp_init(struct audit_ntp_data *ad) 542{ 543 memset(ad, 0, sizeof(*ad)); 544} 545 546static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 547 enum audit_ntp_type type, long long val) 548{ 549 ad->vals[type].oldval = val; 550} 551 552static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 553 enum audit_ntp_type type, long long val) 554{ 555 ad->vals[type].newval = val; 556} 557 558static inline void audit_ntp_log(const struct audit_ntp_data *ad) 559{ 560 if (!audit_dummy_context()) 561 __audit_ntp_log(ad); 562} 563 564static inline void audit_log_nfcfg(const char *name, u8 af, 565 unsigned int nentries, 566 enum audit_nfcfgop op, gfp_t gfp) 567{ 568 if (audit_enabled) 569 __audit_log_nfcfg(name, af, nentries, op, gfp); 570} 571 572extern int audit_n_rules; 573extern int audit_signals; 574#else /* CONFIG_AUDITSYSCALL */ 575static inline int audit_alloc(struct task_struct *task) 576{ 577 return 0; 578} 579static inline void audit_free(struct task_struct *task) 580{ } 581static inline void audit_uring_entry(u8 op) 582{ } 583static inline void audit_uring_exit(int success, long code) 584{ } 585static inline void audit_syscall_entry(int major, unsigned long a0, 586 unsigned long a1, unsigned long a2, 587 unsigned long a3) 588{ } 589static inline void audit_syscall_exit(void *pt_regs) 590{ } 591static inline bool audit_dummy_context(void) 592{ 593 return true; 594} 595static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 596{ } 597static inline struct audit_context *audit_context(void) 598{ 599 return NULL; 600} 601static inline struct filename *audit_reusename(const __user char *name) 602{ 603 return NULL; 604} 605static inline void audit_getname(struct filename *name) 606{ } 607static inline void audit_inode(struct filename *name, 608 const struct dentry *dentry, 609 unsigned int aflags) 610{ } 611static inline void audit_file(struct file *file) 612{ 613} 614static inline void audit_inode_parent_hidden(struct filename *name, 615 const struct dentry *dentry) 616{ } 617static inline void audit_inode_child(struct inode *parent, 618 const struct dentry *dentry, 619 const unsigned char type) 620{ } 621static inline void audit_core_dumps(long signr) 622{ } 623static inline void audit_seccomp(unsigned long syscall, long signr, int code) 624{ } 625static inline void audit_seccomp_actions_logged(const char *names, 626 const char *old_names, int res) 627{ } 628static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 629{ } 630static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, 631 gid_t gid, umode_t mode) 632{ } 633static inline void audit_bprm(struct linux_binprm *bprm) 634{ } 635static inline int audit_socketcall(int nargs, unsigned long *args) 636{ 637 return 0; 638} 639 640static inline int audit_socketcall_compat(int nargs, u32 *args) 641{ 642 return 0; 643} 644 645static inline void audit_fd_pair(int fd1, int fd2) 646{ } 647static inline int audit_sockaddr(int len, void *addr) 648{ 649 return 0; 650} 651static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 652{ } 653static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, 654 unsigned int msg_prio, 655 const struct timespec64 *abs_timeout) 656{ } 657static inline void audit_mq_notify(mqd_t mqdes, 658 const struct sigevent *notification) 659{ } 660static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 661{ } 662static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 663 const struct cred *new, 664 const struct cred *old) 665{ 666 return 0; 667} 668static inline void audit_log_capset(const struct cred *new, 669 const struct cred *old) 670{ } 671static inline void audit_mmap_fd(int fd, int flags) 672{ } 673 674static inline void audit_openat2_how(struct open_how *how) 675{ } 676 677static inline void audit_log_kern_module(char *name) 678{ 679} 680 681static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) 682{ } 683 684static inline void audit_tk_injoffset(struct timespec64 offset) 685{ } 686 687static inline void audit_ntp_init(struct audit_ntp_data *ad) 688{ } 689 690static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 691 enum audit_ntp_type type, long long val) 692{ } 693 694static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 695 enum audit_ntp_type type, long long val) 696{ } 697 698static inline void audit_ntp_log(const struct audit_ntp_data *ad) 699{ } 700 701static inline void audit_ptrace(struct task_struct *t) 702{ } 703 704static inline void audit_log_nfcfg(const char *name, u8 af, 705 unsigned int nentries, 706 enum audit_nfcfgop op, gfp_t gfp) 707{ } 708 709#define audit_n_rules 0 710#define audit_signals 0 711#endif /* CONFIG_AUDITSYSCALL */ 712 713static inline bool audit_loginuid_set(struct task_struct *tsk) 714{ 715 return uid_valid(audit_get_loginuid(tsk)); 716} 717 718#endif