1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
2 | /* audit.h -- Auditing support |
3 | * |
4 | * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. |
5 | * All Rights Reserved. |
6 | * |
7 | * Written by Rickard E. (Rik) Faith <faith@redhat.com> |
8 | */ |
9 | #ifndef _LINUX_AUDIT_H_ |
10 | #define _LINUX_AUDIT_H_ |
11 | |
12 | #include <linux/sched.h> |
13 | #include <linux/ptrace.h> |
14 | #include <linux/audit_arch.h> |
15 | #include <uapi/linux/audit.h> |
16 | #include <uapi/linux/netfilter/nf_tables.h> |
17 | #include <uapi/linux/fanotify.h> |
18 | |
19 | #define AUDIT_INO_UNSET ((unsigned long)-1) |
20 | #define AUDIT_DEV_UNSET ((dev_t)-1) |
21 | |
22 | struct audit_sig_info { |
23 | uid_t uid; |
24 | pid_t pid; |
25 | char ctx[]; |
26 | }; |
27 | |
28 | struct audit_buffer; |
29 | struct audit_context; |
30 | struct inode; |
31 | struct netlink_skb_parms; |
32 | struct path; |
33 | struct linux_binprm; |
34 | struct mq_attr; |
35 | struct mqstat; |
36 | struct audit_watch; |
37 | struct audit_tree; |
38 | struct sk_buff; |
39 | struct kern_ipc_perm; |
40 | |
41 | struct audit_krule { |
42 | u32 pflags; |
43 | u32 flags; |
44 | u32 listnr; |
45 | u32 action; |
46 | u32 mask[AUDIT_BITMASK_SIZE]; |
47 | u32 buflen; /* for data alloc on list rules */ |
48 | u32 field_count; |
49 | char *filterkey; /* ties events to rules */ |
50 | struct audit_field *fields; |
51 | struct audit_field *arch_f; /* quick access to arch field */ |
52 | struct audit_field *inode_f; /* quick access to an inode field */ |
53 | struct audit_watch *watch; /* associated watch */ |
54 | struct audit_tree *tree; /* associated watched tree */ |
55 | struct audit_fsnotify_mark *exe; |
56 | struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ |
57 | struct list_head list; /* for AUDIT_LIST* purposes only */ |
58 | u64 prio; |
59 | }; |
60 | |
61 | /* Flag to indicate legacy AUDIT_LOGINUID unset usage */ |
62 | #define AUDIT_LOGINUID_LEGACY 0x1 |
63 | |
64 | struct audit_field { |
65 | u32 type; |
66 | union { |
67 | u32 val; |
68 | kuid_t uid; |
69 | kgid_t gid; |
70 | struct { |
71 | char *lsm_str; |
72 | void *lsm_rule; |
73 | }; |
74 | }; |
75 | u32 op; |
76 | }; |
77 | |
78 | enum audit_ntp_type { |
79 | AUDIT_NTP_OFFSET, |
80 | AUDIT_NTP_FREQ, |
81 | AUDIT_NTP_STATUS, |
82 | AUDIT_NTP_TAI, |
83 | AUDIT_NTP_TICK, |
84 | AUDIT_NTP_ADJUST, |
85 | |
86 | AUDIT_NTP_NVALS /* count */ |
87 | }; |
88 | |
89 | #ifdef CONFIG_AUDITSYSCALL |
90 | struct audit_ntp_val { |
91 | long long oldval, newval; |
92 | }; |
93 | |
94 | struct audit_ntp_data { |
95 | struct audit_ntp_val vals[AUDIT_NTP_NVALS]; |
96 | }; |
97 | #else |
98 | struct audit_ntp_data {}; |
99 | #endif |
100 | |
101 | enum audit_nfcfgop { |
102 | AUDIT_XT_OP_REGISTER, |
103 | AUDIT_XT_OP_REPLACE, |
104 | AUDIT_XT_OP_UNREGISTER, |
105 | AUDIT_NFT_OP_TABLE_REGISTER, |
106 | AUDIT_NFT_OP_TABLE_UNREGISTER, |
107 | AUDIT_NFT_OP_CHAIN_REGISTER, |
108 | AUDIT_NFT_OP_CHAIN_UNREGISTER, |
109 | AUDIT_NFT_OP_RULE_REGISTER, |
110 | AUDIT_NFT_OP_RULE_UNREGISTER, |
111 | AUDIT_NFT_OP_SET_REGISTER, |
112 | AUDIT_NFT_OP_SET_UNREGISTER, |
113 | AUDIT_NFT_OP_SETELEM_REGISTER, |
114 | AUDIT_NFT_OP_SETELEM_UNREGISTER, |
115 | AUDIT_NFT_OP_GEN_REGISTER, |
116 | AUDIT_NFT_OP_OBJ_REGISTER, |
117 | AUDIT_NFT_OP_OBJ_UNREGISTER, |
118 | AUDIT_NFT_OP_OBJ_RESET, |
119 | AUDIT_NFT_OP_FLOWTABLE_REGISTER, |
120 | AUDIT_NFT_OP_FLOWTABLE_UNREGISTER, |
121 | AUDIT_NFT_OP_SETELEM_RESET, |
122 | AUDIT_NFT_OP_RULE_RESET, |
123 | AUDIT_NFT_OP_INVALID, |
124 | }; |
125 | |
126 | extern int __init audit_register_class(int class, unsigned *list); |
127 | extern int audit_classify_syscall(int abi, unsigned syscall); |
128 | extern int audit_classify_arch(int arch); |
129 | /* only for compat system calls */ |
130 | extern unsigned compat_write_class[]; |
131 | extern unsigned compat_read_class[]; |
132 | extern unsigned compat_dir_class[]; |
133 | extern unsigned compat_chattr_class[]; |
134 | extern unsigned compat_signal_class[]; |
135 | |
136 | /* audit_names->type values */ |
137 | #define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ |
138 | #define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ |
139 | #define AUDIT_TYPE_PARENT 2 /* a parent audit record */ |
140 | #define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ |
141 | #define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ |
142 | |
143 | /* maximized args number that audit_socketcall can process */ |
144 | #define AUDITSC_ARGS 6 |
145 | |
146 | /* bit values for ->signal->audit_tty */ |
147 | #define AUDIT_TTY_ENABLE BIT(0) |
148 | #define AUDIT_TTY_LOG_PASSWD BIT(1) |
149 | |
150 | struct filename; |
151 | |
152 | #define AUDIT_OFF 0 |
153 | #define AUDIT_ON 1 |
154 | #define AUDIT_LOCKED 2 |
155 | #ifdef CONFIG_AUDIT |
156 | /* These are defined in audit.c */ |
157 | /* Public API */ |
158 | extern __printf(4, 5) |
159 | void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, |
160 | const char *fmt, ...); |
161 | |
162 | extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); |
163 | extern __printf(2, 3) |
164 | void audit_log_format(struct audit_buffer *ab, const char *fmt, ...); |
165 | extern void audit_log_end(struct audit_buffer *ab); |
166 | extern bool audit_string_contains_control(const char *string, |
167 | size_t len); |
168 | extern void audit_log_n_hex(struct audit_buffer *ab, |
169 | const unsigned char *buf, |
170 | size_t len); |
171 | extern void audit_log_n_string(struct audit_buffer *ab, |
172 | const char *buf, |
173 | size_t n); |
174 | extern void audit_log_n_untrustedstring(struct audit_buffer *ab, |
175 | const char *string, |
176 | size_t n); |
177 | extern void audit_log_untrustedstring(struct audit_buffer *ab, |
178 | const char *string); |
179 | extern void audit_log_d_path(struct audit_buffer *ab, |
180 | const char *prefix, |
181 | const struct path *path); |
182 | extern void audit_log_key(struct audit_buffer *ab, |
183 | char *key); |
184 | extern void audit_log_path_denied(int type, |
185 | const char *operation); |
186 | extern void audit_log_lost(const char *message); |
187 | |
188 | extern int audit_log_task_context(struct audit_buffer *ab); |
189 | extern void audit_log_task_info(struct audit_buffer *ab); |
190 | |
191 | extern int audit_update_lsm_rules(void); |
192 | |
193 | /* Private API (for audit.c only) */ |
194 | extern int audit_rule_change(int type, int seq, void *data, size_t datasz); |
195 | extern int audit_list_rules_send(struct sk_buff *request_skb, int seq); |
196 | |
197 | extern int audit_set_loginuid(kuid_t loginuid); |
198 | |
199 | static inline kuid_t audit_get_loginuid(struct task_struct *tsk) |
200 | { |
201 | return tsk->loginuid; |
202 | } |
203 | |
204 | static inline unsigned int audit_get_sessionid(struct task_struct *tsk) |
205 | { |
206 | return tsk->sessionid; |
207 | } |
208 | |
209 | extern u32 audit_enabled; |
210 | |
211 | extern int audit_signal_info(int sig, struct task_struct *t); |
212 | |
213 | #else /* CONFIG_AUDIT */ |
214 | static inline __printf(4, 5) |
215 | void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, |
216 | const char *fmt, ...) |
217 | { } |
218 | static inline struct audit_buffer *audit_log_start(struct audit_context *ctx, |
219 | gfp_t gfp_mask, int type) |
220 | { |
221 | return NULL; |
222 | } |
223 | static inline __printf(2, 3) |
224 | void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) |
225 | { } |
226 | static inline void audit_log_end(struct audit_buffer *ab) |
227 | { } |
228 | static inline void audit_log_n_hex(struct audit_buffer *ab, |
229 | const unsigned char *buf, size_t len) |
230 | { } |
231 | static inline void audit_log_n_string(struct audit_buffer *ab, |
232 | const char *buf, size_t n) |
233 | { } |
234 | static inline void audit_log_n_untrustedstring(struct audit_buffer *ab, |
235 | const char *string, size_t n) |
236 | { } |
237 | static inline void audit_log_untrustedstring(struct audit_buffer *ab, |
238 | const char *string) |
239 | { } |
240 | static inline void audit_log_d_path(struct audit_buffer *ab, |
241 | const char *prefix, |
242 | const struct path *path) |
243 | { } |
244 | static inline void audit_log_key(struct audit_buffer *ab, char *key) |
245 | { } |
246 | static inline void audit_log_path_denied(int type, const char *operation) |
247 | { } |
248 | static inline int audit_log_task_context(struct audit_buffer *ab) |
249 | { |
250 | return 0; |
251 | } |
252 | static inline void audit_log_task_info(struct audit_buffer *ab) |
253 | { } |
254 | |
255 | static inline kuid_t audit_get_loginuid(struct task_struct *tsk) |
256 | { |
257 | return INVALID_UID; |
258 | } |
259 | |
260 | static inline unsigned int audit_get_sessionid(struct task_struct *tsk) |
261 | { |
262 | return AUDIT_SID_UNSET; |
263 | } |
264 | |
265 | #define audit_enabled AUDIT_OFF |
266 | |
267 | static inline int audit_signal_info(int sig, struct task_struct *t) |
268 | { |
269 | return 0; |
270 | } |
271 | |
272 | #endif /* CONFIG_AUDIT */ |
273 | |
274 | #ifdef CONFIG_AUDIT_COMPAT_GENERIC |
275 | #define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT)) |
276 | #else |
277 | #define audit_is_compat(arch) false |
278 | #endif |
279 | |
280 | #define AUDIT_INODE_PARENT 1 /* dentry represents the parent */ |
281 | #define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */ |
282 | #define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */ |
283 | |
284 | #ifdef CONFIG_AUDITSYSCALL |
285 | #include <asm/syscall.h> /* for syscall_get_arch() */ |
286 | |
287 | /* These are defined in auditsc.c */ |
288 | /* Public API */ |
289 | extern int audit_alloc(struct task_struct *task); |
290 | extern void __audit_free(struct task_struct *task); |
291 | extern void __audit_uring_entry(u8 op); |
292 | extern void __audit_uring_exit(int success, long code); |
293 | extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, |
294 | unsigned long a2, unsigned long a3); |
295 | extern void __audit_syscall_exit(int ret_success, long ret_value); |
296 | extern struct filename *__audit_reusename(const __user char *uptr); |
297 | extern void __audit_getname(struct filename *name); |
298 | extern void __audit_inode(struct filename *name, const struct dentry *dentry, |
299 | unsigned int flags); |
300 | extern void __audit_file(const struct file *); |
301 | extern void __audit_inode_child(struct inode *parent, |
302 | const struct dentry *dentry, |
303 | const unsigned char type); |
304 | extern void audit_seccomp(unsigned long syscall, long signr, int code); |
305 | extern void audit_seccomp_actions_logged(const char *names, |
306 | const char *old_names, int res); |
307 | extern void __audit_ptrace(struct task_struct *t); |
308 | |
309 | static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) |
310 | { |
311 | task->audit_context = ctx; |
312 | } |
313 | |
314 | static inline struct audit_context *audit_context(void) |
315 | { |
316 | return current->audit_context; |
317 | } |
318 | |
319 | static inline bool audit_dummy_context(void) |
320 | { |
321 | void *p = audit_context(); |
322 | return !p || *(int *)p; |
323 | } |
324 | static inline void audit_free(struct task_struct *task) |
325 | { |
326 | if (unlikely(task->audit_context)) |
327 | __audit_free(task); |
328 | } |
329 | static inline void audit_uring_entry(u8 op) |
330 | { |
331 | /* |
332 | * We intentionally check audit_context() before audit_enabled as most |
333 | * Linux systems (as of ~2021) rely on systemd which forces audit to |
334 | * be enabled regardless of the user's audit configuration. |
335 | */ |
336 | if (unlikely(audit_context() && audit_enabled)) |
337 | __audit_uring_entry(op); |
338 | } |
339 | static inline void audit_uring_exit(int success, long code) |
340 | { |
341 | if (unlikely(audit_context())) |
342 | __audit_uring_exit(success, code); |
343 | } |
344 | static inline void audit_syscall_entry(int major, unsigned long a0, |
345 | unsigned long a1, unsigned long a2, |
346 | unsigned long a3) |
347 | { |
348 | if (unlikely(audit_context())) |
349 | __audit_syscall_entry(major, a0, a1, a2, a3); |
350 | } |
351 | static inline void audit_syscall_exit(void *pt_regs) |
352 | { |
353 | if (unlikely(audit_context())) { |
354 | int success = is_syscall_success(pt_regs); |
355 | long return_code = regs_return_value(regs: pt_regs); |
356 | |
357 | __audit_syscall_exit(ret_success: success, ret_value: return_code); |
358 | } |
359 | } |
360 | static inline struct filename *audit_reusename(const __user char *name) |
361 | { |
362 | if (unlikely(!audit_dummy_context())) |
363 | return __audit_reusename(uptr: name); |
364 | return NULL; |
365 | } |
366 | static inline void audit_getname(struct filename *name) |
367 | { |
368 | if (unlikely(!audit_dummy_context())) |
369 | __audit_getname(name); |
370 | } |
371 | static inline void audit_inode(struct filename *name, |
372 | const struct dentry *dentry, |
373 | unsigned int aflags) { |
374 | if (unlikely(!audit_dummy_context())) |
375 | __audit_inode(name, dentry, flags: aflags); |
376 | } |
377 | static inline void audit_file(struct file *file) |
378 | { |
379 | if (unlikely(!audit_dummy_context())) |
380 | __audit_file(file); |
381 | } |
382 | static inline void audit_inode_parent_hidden(struct filename *name, |
383 | const struct dentry *dentry) |
384 | { |
385 | if (unlikely(!audit_dummy_context())) |
386 | __audit_inode(name, dentry, |
387 | AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN); |
388 | } |
389 | static inline void audit_inode_child(struct inode *parent, |
390 | const struct dentry *dentry, |
391 | const unsigned char type) { |
392 | if (unlikely(!audit_dummy_context())) |
393 | __audit_inode_child(parent, dentry, type); |
394 | } |
395 | void audit_core_dumps(long signr); |
396 | |
397 | static inline void audit_ptrace(struct task_struct *t) |
398 | { |
399 | if (unlikely(!audit_dummy_context())) |
400 | __audit_ptrace(t); |
401 | } |
402 | |
403 | /* Private API (for audit.c only) */ |
404 | extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); |
405 | extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); |
406 | extern void __audit_bprm(struct linux_binprm *bprm); |
407 | extern int __audit_socketcall(int nargs, unsigned long *args); |
408 | extern int __audit_sockaddr(int len, void *addr); |
409 | extern void __audit_fd_pair(int fd1, int fd2); |
410 | extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr); |
411 | extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout); |
412 | extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); |
413 | extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); |
414 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, |
415 | const struct cred *new, |
416 | const struct cred *old); |
417 | extern void __audit_log_capset(const struct cred *new, const struct cred *old); |
418 | extern void __audit_mmap_fd(int fd, int flags); |
419 | extern void __audit_openat2_how(struct open_how *how); |
420 | extern void __audit_log_kern_module(char *name); |
421 | extern void __audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar); |
422 | extern void __audit_tk_injoffset(struct timespec64 offset); |
423 | extern void __audit_ntp_log(const struct audit_ntp_data *ad); |
424 | extern void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, |
425 | enum audit_nfcfgop op, gfp_t gfp); |
426 | |
427 | static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) |
428 | { |
429 | if (unlikely(!audit_dummy_context())) |
430 | __audit_ipc_obj(ipcp); |
431 | } |
432 | static inline void audit_fd_pair(int fd1, int fd2) |
433 | { |
434 | if (unlikely(!audit_dummy_context())) |
435 | __audit_fd_pair(fd1, fd2); |
436 | } |
437 | static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode) |
438 | { |
439 | if (unlikely(!audit_dummy_context())) |
440 | __audit_ipc_set_perm(qbytes, uid, gid, mode); |
441 | } |
442 | static inline void audit_bprm(struct linux_binprm *bprm) |
443 | { |
444 | if (unlikely(!audit_dummy_context())) |
445 | __audit_bprm(bprm); |
446 | } |
447 | static inline int audit_socketcall(int nargs, unsigned long *args) |
448 | { |
449 | if (unlikely(!audit_dummy_context())) |
450 | return __audit_socketcall(nargs, args); |
451 | return 0; |
452 | } |
453 | |
454 | static inline int audit_socketcall_compat(int nargs, u32 *args) |
455 | { |
456 | unsigned long a[AUDITSC_ARGS]; |
457 | int i; |
458 | |
459 | if (audit_dummy_context()) |
460 | return 0; |
461 | |
462 | for (i = 0; i < nargs; i++) |
463 | a[i] = (unsigned long)args[i]; |
464 | return __audit_socketcall(nargs, args: a); |
465 | } |
466 | |
467 | static inline int audit_sockaddr(int len, void *addr) |
468 | { |
469 | if (unlikely(!audit_dummy_context())) |
470 | return __audit_sockaddr(len, addr); |
471 | return 0; |
472 | } |
473 | static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) |
474 | { |
475 | if (unlikely(!audit_dummy_context())) |
476 | __audit_mq_open(oflag, mode, attr); |
477 | } |
478 | static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout) |
479 | { |
480 | if (unlikely(!audit_dummy_context())) |
481 | __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout); |
482 | } |
483 | static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) |
484 | { |
485 | if (unlikely(!audit_dummy_context())) |
486 | __audit_mq_notify(mqdes, notification); |
487 | } |
488 | static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) |
489 | { |
490 | if (unlikely(!audit_dummy_context())) |
491 | __audit_mq_getsetattr(mqdes, mqstat); |
492 | } |
493 | |
494 | static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, |
495 | const struct cred *new, |
496 | const struct cred *old) |
497 | { |
498 | if (unlikely(!audit_dummy_context())) |
499 | return __audit_log_bprm_fcaps(bprm, new, old); |
500 | return 0; |
501 | } |
502 | |
503 | static inline void audit_log_capset(const struct cred *new, |
504 | const struct cred *old) |
505 | { |
506 | if (unlikely(!audit_dummy_context())) |
507 | __audit_log_capset(new, old); |
508 | } |
509 | |
510 | static inline void audit_mmap_fd(int fd, int flags) |
511 | { |
512 | if (unlikely(!audit_dummy_context())) |
513 | __audit_mmap_fd(fd, flags); |
514 | } |
515 | |
516 | static inline void audit_openat2_how(struct open_how *how) |
517 | { |
518 | if (unlikely(!audit_dummy_context())) |
519 | __audit_openat2_how(how); |
520 | } |
521 | |
522 | static inline void audit_log_kern_module(char *name) |
523 | { |
524 | if (!audit_dummy_context()) |
525 | __audit_log_kern_module(name); |
526 | } |
527 | |
528 | static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) |
529 | { |
530 | if (!audit_dummy_context()) |
531 | __audit_fanotify(response, friar); |
532 | } |
533 | |
534 | static inline void audit_tk_injoffset(struct timespec64 offset) |
535 | { |
536 | /* ignore no-op events */ |
537 | if (offset.tv_sec == 0 && offset.tv_nsec == 0) |
538 | return; |
539 | |
540 | if (!audit_dummy_context()) |
541 | __audit_tk_injoffset(offset); |
542 | } |
543 | |
544 | static inline void audit_ntp_init(struct audit_ntp_data *ad) |
545 | { |
546 | memset(ad, 0, sizeof(*ad)); |
547 | } |
548 | |
549 | static inline void audit_ntp_set_old(struct audit_ntp_data *ad, |
550 | enum audit_ntp_type type, long long val) |
551 | { |
552 | ad->vals[type].oldval = val; |
553 | } |
554 | |
555 | static inline void audit_ntp_set_new(struct audit_ntp_data *ad, |
556 | enum audit_ntp_type type, long long val) |
557 | { |
558 | ad->vals[type].newval = val; |
559 | } |
560 | |
561 | static inline void audit_ntp_log(const struct audit_ntp_data *ad) |
562 | { |
563 | if (!audit_dummy_context()) |
564 | __audit_ntp_log(ad); |
565 | } |
566 | |
567 | static inline void audit_log_nfcfg(const char *name, u8 af, |
568 | unsigned int nentries, |
569 | enum audit_nfcfgop op, gfp_t gfp) |
570 | { |
571 | if (audit_enabled) |
572 | __audit_log_nfcfg(name, af, nentries, op, gfp); |
573 | } |
574 | |
575 | extern int audit_n_rules; |
576 | extern int audit_signals; |
577 | #else /* CONFIG_AUDITSYSCALL */ |
578 | static inline int audit_alloc(struct task_struct *task) |
579 | { |
580 | return 0; |
581 | } |
582 | static inline void audit_free(struct task_struct *task) |
583 | { } |
584 | static inline void audit_uring_entry(u8 op) |
585 | { } |
586 | static inline void audit_uring_exit(int success, long code) |
587 | { } |
588 | static inline void audit_syscall_entry(int major, unsigned long a0, |
589 | unsigned long a1, unsigned long a2, |
590 | unsigned long a3) |
591 | { } |
592 | static inline void audit_syscall_exit(void *pt_regs) |
593 | { } |
594 | static inline bool audit_dummy_context(void) |
595 | { |
596 | return true; |
597 | } |
598 | static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) |
599 | { } |
600 | static inline struct audit_context *audit_context(void) |
601 | { |
602 | return NULL; |
603 | } |
604 | static inline struct filename *audit_reusename(const __user char *name) |
605 | { |
606 | return NULL; |
607 | } |
608 | static inline void audit_getname(struct filename *name) |
609 | { } |
610 | static inline void audit_inode(struct filename *name, |
611 | const struct dentry *dentry, |
612 | unsigned int aflags) |
613 | { } |
614 | static inline void audit_file(struct file *file) |
615 | { |
616 | } |
617 | static inline void audit_inode_parent_hidden(struct filename *name, |
618 | const struct dentry *dentry) |
619 | { } |
620 | static inline void audit_inode_child(struct inode *parent, |
621 | const struct dentry *dentry, |
622 | const unsigned char type) |
623 | { } |
624 | static inline void audit_core_dumps(long signr) |
625 | { } |
626 | static inline void audit_seccomp(unsigned long syscall, long signr, int code) |
627 | { } |
628 | static inline void audit_seccomp_actions_logged(const char *names, |
629 | const char *old_names, int res) |
630 | { } |
631 | static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) |
632 | { } |
633 | static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, |
634 | gid_t gid, umode_t mode) |
635 | { } |
636 | static inline void audit_bprm(struct linux_binprm *bprm) |
637 | { } |
638 | static inline int audit_socketcall(int nargs, unsigned long *args) |
639 | { |
640 | return 0; |
641 | } |
642 | |
643 | static inline int audit_socketcall_compat(int nargs, u32 *args) |
644 | { |
645 | return 0; |
646 | } |
647 | |
648 | static inline void audit_fd_pair(int fd1, int fd2) |
649 | { } |
650 | static inline int audit_sockaddr(int len, void *addr) |
651 | { |
652 | return 0; |
653 | } |
654 | static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) |
655 | { } |
656 | static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, |
657 | unsigned int msg_prio, |
658 | const struct timespec64 *abs_timeout) |
659 | { } |
660 | static inline void audit_mq_notify(mqd_t mqdes, |
661 | const struct sigevent *notification) |
662 | { } |
663 | static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) |
664 | { } |
665 | static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, |
666 | const struct cred *new, |
667 | const struct cred *old) |
668 | { |
669 | return 0; |
670 | } |
671 | static inline void audit_log_capset(const struct cred *new, |
672 | const struct cred *old) |
673 | { } |
674 | static inline void audit_mmap_fd(int fd, int flags) |
675 | { } |
676 | |
677 | static inline void audit_openat2_how(struct open_how *how) |
678 | { } |
679 | |
680 | static inline void audit_log_kern_module(char *name) |
681 | { |
682 | } |
683 | |
684 | static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) |
685 | { } |
686 | |
687 | static inline void audit_tk_injoffset(struct timespec64 offset) |
688 | { } |
689 | |
690 | static inline void audit_ntp_init(struct audit_ntp_data *ad) |
691 | { } |
692 | |
693 | static inline void audit_ntp_set_old(struct audit_ntp_data *ad, |
694 | enum audit_ntp_type type, long long val) |
695 | { } |
696 | |
697 | static inline void audit_ntp_set_new(struct audit_ntp_data *ad, |
698 | enum audit_ntp_type type, long long val) |
699 | { } |
700 | |
701 | static inline void audit_ntp_log(const struct audit_ntp_data *ad) |
702 | { } |
703 | |
704 | static inline void audit_ptrace(struct task_struct *t) |
705 | { } |
706 | |
707 | static inline void audit_log_nfcfg(const char *name, u8 af, |
708 | unsigned int nentries, |
709 | enum audit_nfcfgop op, gfp_t gfp) |
710 | { } |
711 | |
712 | #define audit_n_rules 0 |
713 | #define audit_signals 0 |
714 | #endif /* CONFIG_AUDITSYSCALL */ |
715 | |
716 | static inline bool audit_loginuid_set(struct task_struct *tsk) |
717 | { |
718 | return uid_valid(uid: audit_get_loginuid(tsk)); |
719 | } |
720 | |
721 | #endif |
722 | |