tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / audit.h
at v6.6 20 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* audit.h -- Auditing support 3 * 4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 5 * All Rights Reserved. 6 * 7 * Written by Rickard E. (Rik) Faith <faith@redhat.com> 8 */ 9#ifndef _LINUX_AUDIT_H_ 10#define _LINUX_AUDIT_H_ 11 12#include <linux/sched.h> 13#include <linux/ptrace.h> 14#include <linux/audit_arch.h> 15#include <uapi/linux/audit.h> 16#include <uapi/linux/netfilter/nf_tables.h> 17#include <uapi/linux/fanotify.h> 18 19#define AUDIT_INO_UNSET ((unsigned long)-1) 20#define AUDIT_DEV_UNSET ((dev_t)-1) 21 22struct audit_sig_info { 23 uid_t uid; 24 pid_t pid; 25 char ctx[]; 26}; 27 28struct audit_buffer; 29struct audit_context; 30struct inode; 31struct netlink_skb_parms; 32struct path; 33struct linux_binprm; 34struct mq_attr; 35struct mqstat; 36struct audit_watch; 37struct audit_tree; 38struct sk_buff; 39 40struct audit_krule { 41 u32 pflags; 42 u32 flags; 43 u32 listnr; 44 u32 action; 45 u32 mask[AUDIT_BITMASK_SIZE]; 46 u32 buflen; /* for data alloc on list rules */ 47 u32 field_count; 48 char *filterkey; /* ties events to rules */ 49 struct audit_field *fields; 50 struct audit_field *arch_f; /* quick access to arch field */ 51 struct audit_field *inode_f; /* quick access to an inode field */ 52 struct audit_watch *watch; /* associated watch */ 53 struct audit_tree *tree; /* associated watched tree */ 54 struct audit_fsnotify_mark *exe; 55 struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ 56 struct list_head list; /* for AUDIT_LIST* purposes only */ 57 u64 prio; 58}; 59 60/* Flag to indicate legacy AUDIT_LOGINUID unset usage */ 61#define AUDIT_LOGINUID_LEGACY 0x1 62 63struct audit_field { 64 u32 type; 65 union { 66 u32 val; 67 kuid_t uid; 68 kgid_t gid; 69 struct { 70 char *lsm_str; 71 void *lsm_rule; 72 }; 73 }; 74 u32 op; 75}; 76 77enum audit_ntp_type { 78 AUDIT_NTP_OFFSET, 79 AUDIT_NTP_FREQ, 80 AUDIT_NTP_STATUS, 81 AUDIT_NTP_TAI, 82 AUDIT_NTP_TICK, 83 AUDIT_NTP_ADJUST, 84 85 AUDIT_NTP_NVALS /* count */ 86}; 87 88#ifdef CONFIG_AUDITSYSCALL 89struct audit_ntp_val { 90 long long oldval, newval; 91}; 92 93struct audit_ntp_data { 94 struct audit_ntp_val vals[AUDIT_NTP_NVALS]; 95}; 96#else 97struct audit_ntp_data {}; 98#endif 99 100enum audit_nfcfgop { 101 AUDIT_XT_OP_REGISTER, 102 AUDIT_XT_OP_REPLACE, 103 AUDIT_XT_OP_UNREGISTER, 104 AUDIT_NFT_OP_TABLE_REGISTER, 105 AUDIT_NFT_OP_TABLE_UNREGISTER, 106 AUDIT_NFT_OP_CHAIN_REGISTER, 107 AUDIT_NFT_OP_CHAIN_UNREGISTER, 108 AUDIT_NFT_OP_RULE_REGISTER, 109 AUDIT_NFT_OP_RULE_UNREGISTER, 110 AUDIT_NFT_OP_SET_REGISTER, 111 AUDIT_NFT_OP_SET_UNREGISTER, 112 AUDIT_NFT_OP_SETELEM_REGISTER, 113 AUDIT_NFT_OP_SETELEM_UNREGISTER, 114 AUDIT_NFT_OP_GEN_REGISTER, 115 AUDIT_NFT_OP_OBJ_REGISTER, 116 AUDIT_NFT_OP_OBJ_UNREGISTER, 117 AUDIT_NFT_OP_OBJ_RESET, 118 AUDIT_NFT_OP_FLOWTABLE_REGISTER, 119 AUDIT_NFT_OP_FLOWTABLE_UNREGISTER, 120 AUDIT_NFT_OP_SETELEM_RESET, 121 AUDIT_NFT_OP_RULE_RESET, 122 AUDIT_NFT_OP_INVALID, 123}; 124 125extern int __init audit_register_class(int class, unsigned *list); 126extern int audit_classify_syscall(int abi, unsigned syscall); 127extern int audit_classify_arch(int arch); 128/* only for compat system calls */ 129extern unsigned compat_write_class[]; 130extern unsigned compat_read_class[]; 131extern unsigned compat_dir_class[]; 132extern unsigned compat_chattr_class[]; 133extern unsigned compat_signal_class[]; 134 135/* audit_names->type values */ 136#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ 137#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ 138#define AUDIT_TYPE_PARENT 2 /* a parent audit record */ 139#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ 140#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ 141 142/* maximized args number that audit_socketcall can process */ 143#define AUDITSC_ARGS 6 144 145/* bit values for ->signal->audit_tty */ 146#define AUDIT_TTY_ENABLE BIT(0) 147#define AUDIT_TTY_LOG_PASSWD BIT(1) 148 149struct filename; 150 151#define AUDIT_OFF 0 152#define AUDIT_ON 1 153#define AUDIT_LOCKED 2 154#ifdef CONFIG_AUDIT 155/* These are defined in audit.c */ 156 /* Public API */ 157extern __printf(4, 5) 158void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 159 const char *fmt, ...); 160 161extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); 162extern __printf(2, 3) 163void audit_log_format(struct audit_buffer *ab, const char *fmt, ...); 164extern void audit_log_end(struct audit_buffer *ab); 165extern bool audit_string_contains_control(const char *string, 166 size_t len); 167extern void audit_log_n_hex(struct audit_buffer *ab, 168 const unsigned char *buf, 169 size_t len); 170extern void audit_log_n_string(struct audit_buffer *ab, 171 const char *buf, 172 size_t n); 173extern void audit_log_n_untrustedstring(struct audit_buffer *ab, 174 const char *string, 175 size_t n); 176extern void audit_log_untrustedstring(struct audit_buffer *ab, 177 const char *string); 178extern void audit_log_d_path(struct audit_buffer *ab, 179 const char *prefix, 180 const struct path *path); 181extern void audit_log_key(struct audit_buffer *ab, 182 char *key); 183extern void audit_log_path_denied(int type, 184 const char *operation); 185extern void audit_log_lost(const char *message); 186 187extern int audit_log_task_context(struct audit_buffer *ab); 188extern void audit_log_task_info(struct audit_buffer *ab); 189 190extern int audit_update_lsm_rules(void); 191 192 /* Private API (for audit.c only) */ 193extern int audit_rule_change(int type, int seq, void *data, size_t datasz); 194extern int audit_list_rules_send(struct sk_buff *request_skb, int seq); 195 196extern int audit_set_loginuid(kuid_t loginuid); 197 198static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 199{ 200 return tsk->loginuid; 201} 202 203static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 204{ 205 return tsk->sessionid; 206} 207 208extern u32 audit_enabled; 209 210extern int audit_signal_info(int sig, struct task_struct *t); 211 212#else /* CONFIG_AUDIT */ 213static inline __printf(4, 5) 214void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 215 const char *fmt, ...) 216{ } 217static inline struct audit_buffer *audit_log_start(struct audit_context *ctx, 218 gfp_t gfp_mask, int type) 219{ 220 return NULL; 221} 222static inline __printf(2, 3) 223void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) 224{ } 225static inline void audit_log_end(struct audit_buffer *ab) 226{ } 227static inline void audit_log_n_hex(struct audit_buffer *ab, 228 const unsigned char *buf, size_t len) 229{ } 230static inline void audit_log_n_string(struct audit_buffer *ab, 231 const char *buf, size_t n) 232{ } 233static inline void audit_log_n_untrustedstring(struct audit_buffer *ab, 234 const char *string, size_t n) 235{ } 236static inline void audit_log_untrustedstring(struct audit_buffer *ab, 237 const char *string) 238{ } 239static inline void audit_log_d_path(struct audit_buffer *ab, 240 const char *prefix, 241 const struct path *path) 242{ } 243static inline void audit_log_key(struct audit_buffer *ab, char *key) 244{ } 245static inline void audit_log_path_denied(int type, const char *operation) 246{ } 247static inline int audit_log_task_context(struct audit_buffer *ab) 248{ 249 return 0; 250} 251static inline void audit_log_task_info(struct audit_buffer *ab) 252{ } 253 254static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 255{ 256 return INVALID_UID; 257} 258 259static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 260{ 261 return AUDIT_SID_UNSET; 262} 263 264#define audit_enabled AUDIT_OFF 265 266static inline int audit_signal_info(int sig, struct task_struct *t) 267{ 268 return 0; 269} 270 271#endif /* CONFIG_AUDIT */ 272 273#ifdef CONFIG_AUDIT_COMPAT_GENERIC 274#define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT)) 275#else 276#define audit_is_compat(arch) false 277#endif 278 279#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */ 280#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */ 281#define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */ 282 283#ifdef CONFIG_AUDITSYSCALL 284#include <asm/syscall.h> /* for syscall_get_arch() */ 285 286/* These are defined in auditsc.c */ 287 /* Public API */ 288extern int audit_alloc(struct task_struct *task); 289extern void __audit_free(struct task_struct *task); 290extern void __audit_uring_entry(u8 op); 291extern void __audit_uring_exit(int success, long code); 292extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, 293 unsigned long a2, unsigned long a3); 294extern void __audit_syscall_exit(int ret_success, long ret_value); 295extern struct filename *__audit_reusename(const __user char *uptr); 296extern void __audit_getname(struct filename *name); 297extern void __audit_inode(struct filename *name, const struct dentry *dentry, 298 unsigned int flags); 299extern void __audit_file(const struct file *); 300extern void __audit_inode_child(struct inode *parent, 301 const struct dentry *dentry, 302 const unsigned char type); 303extern void audit_seccomp(unsigned long syscall, long signr, int code); 304extern void audit_seccomp_actions_logged(const char *names, 305 const char *old_names, int res); 306extern void __audit_ptrace(struct task_struct *t); 307 308static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 309{ 310 task->audit_context = ctx; 311} 312 313static inline struct audit_context *audit_context(void) 314{ 315 return current->audit_context; 316} 317 318static inline bool audit_dummy_context(void) 319{ 320 void *p = audit_context(); 321 return !p || *(int *)p; 322} 323static inline void audit_free(struct task_struct *task) 324{ 325 if (unlikely(task->audit_context)) 326 __audit_free(task); 327} 328static inline void audit_uring_entry(u8 op) 329{ 330 /* 331 * We intentionally check audit_context() before audit_enabled as most 332 * Linux systems (as of ~2021) rely on systemd which forces audit to 333 * be enabled regardless of the user's audit configuration. 334 */ 335 if (unlikely(audit_context() && audit_enabled)) 336 __audit_uring_entry(op); 337} 338static inline void audit_uring_exit(int success, long code) 339{ 340 if (unlikely(audit_context())) 341 __audit_uring_exit(success, code); 342} 343static inline void audit_syscall_entry(int major, unsigned long a0, 344 unsigned long a1, unsigned long a2, 345 unsigned long a3) 346{ 347 if (unlikely(audit_context())) 348 __audit_syscall_entry(major, a0, a1, a2, a3); 349} 350static inline void audit_syscall_exit(void *pt_regs) 351{ 352 if (unlikely(audit_context())) { 353 int success = is_syscall_success(pt_regs); 354 long return_code = regs_return_value(pt_regs); 355 356 __audit_syscall_exit(success, return_code); 357 } 358} 359static inline struct filename *audit_reusename(const __user char *name) 360{ 361 if (unlikely(!audit_dummy_context())) 362 return __audit_reusename(name); 363 return NULL; 364} 365static inline void audit_getname(struct filename *name) 366{ 367 if (unlikely(!audit_dummy_context())) 368 __audit_getname(name); 369} 370static inline void audit_inode(struct filename *name, 371 const struct dentry *dentry, 372 unsigned int aflags) { 373 if (unlikely(!audit_dummy_context())) 374 __audit_inode(name, dentry, aflags); 375} 376static inline void audit_file(struct file *file) 377{ 378 if (unlikely(!audit_dummy_context())) 379 __audit_file(file); 380} 381static inline void audit_inode_parent_hidden(struct filename *name, 382 const struct dentry *dentry) 383{ 384 if (unlikely(!audit_dummy_context())) 385 __audit_inode(name, dentry, 386 AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN); 387} 388static inline void audit_inode_child(struct inode *parent, 389 const struct dentry *dentry, 390 const unsigned char type) { 391 if (unlikely(!audit_dummy_context())) 392 __audit_inode_child(parent, dentry, type); 393} 394void audit_core_dumps(long signr); 395 396static inline void audit_ptrace(struct task_struct *t) 397{ 398 if (unlikely(!audit_dummy_context())) 399 __audit_ptrace(t); 400} 401 402 /* Private API (for audit.c only) */ 403extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); 404extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); 405extern void __audit_bprm(struct linux_binprm *bprm); 406extern int __audit_socketcall(int nargs, unsigned long *args); 407extern int __audit_sockaddr(int len, void *addr); 408extern void __audit_fd_pair(int fd1, int fd2); 409extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr); 410extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout); 411extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); 412extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); 413extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, 414 const struct cred *new, 415 const struct cred *old); 416extern void __audit_log_capset(const struct cred *new, const struct cred *old); 417extern void __audit_mmap_fd(int fd, int flags); 418extern void __audit_openat2_how(struct open_how *how); 419extern void __audit_log_kern_module(char *name); 420extern void __audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar); 421extern void __audit_tk_injoffset(struct timespec64 offset); 422extern void __audit_ntp_log(const struct audit_ntp_data *ad); 423extern void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, 424 enum audit_nfcfgop op, gfp_t gfp); 425 426static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 427{ 428 if (unlikely(!audit_dummy_context())) 429 __audit_ipc_obj(ipcp); 430} 431static inline void audit_fd_pair(int fd1, int fd2) 432{ 433 if (unlikely(!audit_dummy_context())) 434 __audit_fd_pair(fd1, fd2); 435} 436static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode) 437{ 438 if (unlikely(!audit_dummy_context())) 439 __audit_ipc_set_perm(qbytes, uid, gid, mode); 440} 441static inline void audit_bprm(struct linux_binprm *bprm) 442{ 443 if (unlikely(!audit_dummy_context())) 444 __audit_bprm(bprm); 445} 446static inline int audit_socketcall(int nargs, unsigned long *args) 447{ 448 if (unlikely(!audit_dummy_context())) 449 return __audit_socketcall(nargs, args); 450 return 0; 451} 452 453static inline int audit_socketcall_compat(int nargs, u32 *args) 454{ 455 unsigned long a[AUDITSC_ARGS]; 456 int i; 457 458 if (audit_dummy_context()) 459 return 0; 460 461 for (i = 0; i < nargs; i++) 462 a[i] = (unsigned long)args[i]; 463 return __audit_socketcall(nargs, a); 464} 465 466static inline int audit_sockaddr(int len, void *addr) 467{ 468 if (unlikely(!audit_dummy_context())) 469 return __audit_sockaddr(len, addr); 470 return 0; 471} 472static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 473{ 474 if (unlikely(!audit_dummy_context())) 475 __audit_mq_open(oflag, mode, attr); 476} 477static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout) 478{ 479 if (unlikely(!audit_dummy_context())) 480 __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout); 481} 482static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) 483{ 484 if (unlikely(!audit_dummy_context())) 485 __audit_mq_notify(mqdes, notification); 486} 487static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 488{ 489 if (unlikely(!audit_dummy_context())) 490 __audit_mq_getsetattr(mqdes, mqstat); 491} 492 493static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 494 const struct cred *new, 495 const struct cred *old) 496{ 497 if (unlikely(!audit_dummy_context())) 498 return __audit_log_bprm_fcaps(bprm, new, old); 499 return 0; 500} 501 502static inline void audit_log_capset(const struct cred *new, 503 const struct cred *old) 504{ 505 if (unlikely(!audit_dummy_context())) 506 __audit_log_capset(new, old); 507} 508 509static inline void audit_mmap_fd(int fd, int flags) 510{ 511 if (unlikely(!audit_dummy_context())) 512 __audit_mmap_fd(fd, flags); 513} 514 515static inline void audit_openat2_how(struct open_how *how) 516{ 517 if (unlikely(!audit_dummy_context())) 518 __audit_openat2_how(how); 519} 520 521static inline void audit_log_kern_module(char *name) 522{ 523 if (!audit_dummy_context()) 524 __audit_log_kern_module(name); 525} 526 527static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) 528{ 529 if (!audit_dummy_context()) 530 __audit_fanotify(response, friar); 531} 532 533static inline void audit_tk_injoffset(struct timespec64 offset) 534{ 535 /* ignore no-op events */ 536 if (offset.tv_sec == 0 && offset.tv_nsec == 0) 537 return; 538 539 if (!audit_dummy_context()) 540 __audit_tk_injoffset(offset); 541} 542 543static inline void audit_ntp_init(struct audit_ntp_data *ad) 544{ 545 memset(ad, 0, sizeof(*ad)); 546} 547 548static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 549 enum audit_ntp_type type, long long val) 550{ 551 ad->vals[type].oldval = val; 552} 553 554static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 555 enum audit_ntp_type type, long long val) 556{ 557 ad->vals[type].newval = val; 558} 559 560static inline void audit_ntp_log(const struct audit_ntp_data *ad) 561{ 562 if (!audit_dummy_context()) 563 __audit_ntp_log(ad); 564} 565 566static inline void audit_log_nfcfg(const char *name, u8 af, 567 unsigned int nentries, 568 enum audit_nfcfgop op, gfp_t gfp) 569{ 570 if (audit_enabled) 571 __audit_log_nfcfg(name, af, nentries, op, gfp); 572} 573 574extern int audit_n_rules; 575extern int audit_signals; 576#else /* CONFIG_AUDITSYSCALL */ 577static inline int audit_alloc(struct task_struct *task) 578{ 579 return 0; 580} 581static inline void audit_free(struct task_struct *task) 582{ } 583static inline void audit_uring_entry(u8 op) 584{ } 585static inline void audit_uring_exit(int success, long code) 586{ } 587static inline void audit_syscall_entry(int major, unsigned long a0, 588 unsigned long a1, unsigned long a2, 589 unsigned long a3) 590{ } 591static inline void audit_syscall_exit(void *pt_regs) 592{ } 593static inline bool audit_dummy_context(void) 594{ 595 return true; 596} 597static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 598{ } 599static inline struct audit_context *audit_context(void) 600{ 601 return NULL; 602} 603static inline struct filename *audit_reusename(const __user char *name) 604{ 605 return NULL; 606} 607static inline void audit_getname(struct filename *name) 608{ } 609static inline void audit_inode(struct filename *name, 610 const struct dentry *dentry, 611 unsigned int aflags) 612{ } 613static inline void audit_file(struct file *file) 614{ 615} 616static inline void audit_inode_parent_hidden(struct filename *name, 617 const struct dentry *dentry) 618{ } 619static inline void audit_inode_child(struct inode *parent, 620 const struct dentry *dentry, 621 const unsigned char type) 622{ } 623static inline void audit_core_dumps(long signr) 624{ } 625static inline void audit_seccomp(unsigned long syscall, long signr, int code) 626{ } 627static inline void audit_seccomp_actions_logged(const char *names, 628 const char *old_names, int res) 629{ } 630static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 631{ } 632static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, 633 gid_t gid, umode_t mode) 634{ } 635static inline void audit_bprm(struct linux_binprm *bprm) 636{ } 637static inline int audit_socketcall(int nargs, unsigned long *args) 638{ 639 return 0; 640} 641 642static inline int audit_socketcall_compat(int nargs, u32 *args) 643{ 644 return 0; 645} 646 647static inline void audit_fd_pair(int fd1, int fd2) 648{ } 649static inline int audit_sockaddr(int len, void *addr) 650{ 651 return 0; 652} 653static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 654{ } 655static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, 656 unsigned int msg_prio, 657 const struct timespec64 *abs_timeout) 658{ } 659static inline void audit_mq_notify(mqd_t mqdes, 660 const struct sigevent *notification) 661{ } 662static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 663{ } 664static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 665 const struct cred *new, 666 const struct cred *old) 667{ 668 return 0; 669} 670static inline void audit_log_capset(const struct cred *new, 671 const struct cred *old) 672{ } 673static inline void audit_mmap_fd(int fd, int flags) 674{ } 675 676static inline void audit_openat2_how(struct open_how *how) 677{ } 678 679static inline void audit_log_kern_module(char *name) 680{ 681} 682 683static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) 684{ } 685 686static inline void audit_tk_injoffset(struct timespec64 offset) 687{ } 688 689static inline void audit_ntp_init(struct audit_ntp_data *ad) 690{ } 691 692static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 693 enum audit_ntp_type type, long long val) 694{ } 695 696static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 697 enum audit_ntp_type type, long long val) 698{ } 699 700static inline void audit_ntp_log(const struct audit_ntp_data *ad) 701{ } 702 703static inline void audit_ptrace(struct task_struct *t) 704{ } 705 706static inline void audit_log_nfcfg(const char *name, u8 af, 707 unsigned int nentries, 708 enum audit_nfcfgop op, gfp_t gfp) 709{ } 710 711#define audit_n_rules 0 712#define audit_signals 0 713#endif /* CONFIG_AUDITSYSCALL */ 714 715static inline bool audit_loginuid_set(struct task_struct *tsk) 716{ 717 return uid_valid(audit_get_loginuid(tsk)); 718} 719 720#endif