1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
2 | /* audit.h -- Auditing support |
3 | * |
4 | * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. |
5 | * All Rights Reserved. |
6 | * |
7 | * Written by Rickard E. (Rik) Faith <faith@redhat.com> |
8 | */ |
9 | #ifndef _LINUX_AUDIT_H_ |
10 | #define _LINUX_AUDIT_H_ |
11 | |
12 | #include <linux/sched.h> |
13 | #include <linux/ptrace.h> |
14 | #include <linux/audit_arch.h> |
15 | #include <uapi/linux/audit.h> |
16 | #include <uapi/linux/netfilter/nf_tables.h> |
17 | #include <uapi/linux/fanotify.h> |
18 | |
19 | #define AUDIT_INO_UNSET ((unsigned long)-1) |
20 | #define AUDIT_DEV_UNSET ((dev_t)-1) |
21 | |
22 | struct audit_sig_info { |
23 | uid_t uid; |
24 | pid_t pid; |
25 | char ctx[]; |
26 | }; |
27 | |
28 | struct audit_buffer; |
29 | struct audit_context; |
30 | struct inode; |
31 | struct netlink_skb_parms; |
32 | struct path; |
33 | struct linux_binprm; |
34 | struct mq_attr; |
35 | struct mqstat; |
36 | struct audit_watch; |
37 | struct audit_tree; |
38 | struct sk_buff; |
39 | |
40 | struct audit_krule { |
41 | u32 pflags; |
42 | u32 flags; |
43 | u32 listnr; |
44 | u32 action; |
45 | u32 mask[AUDIT_BITMASK_SIZE]; |
46 | u32 buflen; /* for data alloc on list rules */ |
47 | u32 field_count; |
48 | char *filterkey; /* ties events to rules */ |
49 | struct audit_field *fields; |
50 | struct audit_field *arch_f; /* quick access to arch field */ |
51 | struct audit_field *inode_f; /* quick access to an inode field */ |
52 | struct audit_watch *watch; /* associated watch */ |
53 | struct audit_tree *tree; /* associated watched tree */ |
54 | struct audit_fsnotify_mark *exe; |
55 | struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ |
56 | struct list_head list; /* for AUDIT_LIST* purposes only */ |
57 | u64 prio; |
58 | }; |
59 | |
60 | /* Flag to indicate legacy AUDIT_LOGINUID unset usage */ |
61 | #define AUDIT_LOGINUID_LEGACY 0x1 |
62 | |
63 | struct audit_field { |
64 | u32 type; |
65 | union { |
66 | u32 val; |
67 | kuid_t uid; |
68 | kgid_t gid; |
69 | struct { |
70 | char *lsm_str; |
71 | void *lsm_rule; |
72 | }; |
73 | }; |
74 | u32 op; |
75 | }; |
76 | |
77 | enum audit_ntp_type { |
78 | AUDIT_NTP_OFFSET, |
79 | AUDIT_NTP_FREQ, |
80 | AUDIT_NTP_STATUS, |
81 | AUDIT_NTP_TAI, |
82 | AUDIT_NTP_TICK, |
83 | AUDIT_NTP_ADJUST, |
84 | |
85 | AUDIT_NTP_NVALS /* count */ |
86 | }; |
87 | |
88 | #ifdef CONFIG_AUDITSYSCALL |
89 | struct audit_ntp_val { |
90 | long long oldval, newval; |
91 | }; |
92 | |
93 | struct audit_ntp_data { |
94 | struct audit_ntp_val vals[AUDIT_NTP_NVALS]; |
95 | }; |
96 | #else |
97 | struct audit_ntp_data {}; |
98 | #endif |
99 | |
100 | enum audit_nfcfgop { |
101 | AUDIT_XT_OP_REGISTER, |
102 | AUDIT_XT_OP_REPLACE, |
103 | AUDIT_XT_OP_UNREGISTER, |
104 | AUDIT_NFT_OP_TABLE_REGISTER, |
105 | AUDIT_NFT_OP_TABLE_UNREGISTER, |
106 | AUDIT_NFT_OP_CHAIN_REGISTER, |
107 | AUDIT_NFT_OP_CHAIN_UNREGISTER, |
108 | AUDIT_NFT_OP_RULE_REGISTER, |
109 | AUDIT_NFT_OP_RULE_UNREGISTER, |
110 | AUDIT_NFT_OP_SET_REGISTER, |
111 | AUDIT_NFT_OP_SET_UNREGISTER, |
112 | AUDIT_NFT_OP_SETELEM_REGISTER, |
113 | AUDIT_NFT_OP_SETELEM_UNREGISTER, |
114 | AUDIT_NFT_OP_GEN_REGISTER, |
115 | AUDIT_NFT_OP_OBJ_REGISTER, |
116 | AUDIT_NFT_OP_OBJ_UNREGISTER, |
117 | AUDIT_NFT_OP_OBJ_RESET, |
118 | AUDIT_NFT_OP_FLOWTABLE_REGISTER, |
119 | AUDIT_NFT_OP_FLOWTABLE_UNREGISTER, |
120 | AUDIT_NFT_OP_SETELEM_RESET, |
121 | AUDIT_NFT_OP_RULE_RESET, |
122 | AUDIT_NFT_OP_INVALID, |
123 | }; |
124 | |
125 | extern int __init audit_register_class(int class, unsigned *list); |
126 | extern int audit_classify_syscall(int abi, unsigned syscall); |
127 | extern int audit_classify_arch(int arch); |
128 | /* only for compat system calls */ |
129 | extern unsigned compat_write_class[]; |
130 | extern unsigned compat_read_class[]; |
131 | extern unsigned compat_dir_class[]; |
132 | extern unsigned compat_chattr_class[]; |
133 | extern unsigned compat_signal_class[]; |
134 | |
135 | /* audit_names->type values */ |
136 | #define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ |
137 | #define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ |
138 | #define AUDIT_TYPE_PARENT 2 /* a parent audit record */ |
139 | #define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ |
140 | #define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ |
141 | |
142 | /* maximized args number that audit_socketcall can process */ |
143 | #define AUDITSC_ARGS 6 |
144 | |
145 | /* bit values for ->signal->audit_tty */ |
146 | #define AUDIT_TTY_ENABLE BIT(0) |
147 | #define AUDIT_TTY_LOG_PASSWD BIT(1) |
148 | |
149 | struct filename; |
150 | |
151 | #define AUDIT_OFF 0 |
152 | #define AUDIT_ON 1 |
153 | #define AUDIT_LOCKED 2 |
154 | #ifdef CONFIG_AUDIT |
155 | /* These are defined in audit.c */ |
156 | /* Public API */ |
157 | extern __printf(4, 5) |
158 | void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, |
159 | const char *fmt, ...); |
160 | |
161 | extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); |
162 | extern __printf(2, 3) |
163 | void audit_log_format(struct audit_buffer *ab, const char *fmt, ...); |
164 | extern void audit_log_end(struct audit_buffer *ab); |
165 | extern bool audit_string_contains_control(const char *string, |
166 | size_t len); |
167 | extern void audit_log_n_hex(struct audit_buffer *ab, |
168 | const unsigned char *buf, |
169 | size_t len); |
170 | extern void audit_log_n_string(struct audit_buffer *ab, |
171 | const char *buf, |
172 | size_t n); |
173 | extern void audit_log_n_untrustedstring(struct audit_buffer *ab, |
174 | const char *string, |
175 | size_t n); |
176 | extern void audit_log_untrustedstring(struct audit_buffer *ab, |
177 | const char *string); |
178 | extern void audit_log_d_path(struct audit_buffer *ab, |
179 | const char *prefix, |
180 | const struct path *path); |
181 | extern void audit_log_key(struct audit_buffer *ab, |
182 | char *key); |
183 | extern void audit_log_path_denied(int type, |
184 | const char *operation); |
185 | extern void audit_log_lost(const char *message); |
186 | |
187 | extern int audit_log_task_context(struct audit_buffer *ab); |
188 | extern void audit_log_task_info(struct audit_buffer *ab); |
189 | |
190 | extern int audit_update_lsm_rules(void); |
191 | |
192 | /* Private API (for audit.c only) */ |
193 | extern int audit_rule_change(int type, int seq, void *data, size_t datasz); |
194 | extern int audit_list_rules_send(struct sk_buff *request_skb, int seq); |
195 | |
196 | extern int audit_set_loginuid(kuid_t loginuid); |
197 | |
198 | static inline kuid_t audit_get_loginuid(struct task_struct *tsk) |
199 | { |
200 | return tsk->loginuid; |
201 | } |
202 | |
203 | static inline unsigned int audit_get_sessionid(struct task_struct *tsk) |
204 | { |
205 | return tsk->sessionid; |
206 | } |
207 | |
208 | extern u32 audit_enabled; |
209 | |
210 | extern int audit_signal_info(int sig, struct task_struct *t); |
211 | |
212 | #else /* CONFIG_AUDIT */ |
213 | static inline __printf(4, 5) |
214 | void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, |
215 | const char *fmt, ...) |
216 | { } |
217 | static inline struct audit_buffer *audit_log_start(struct audit_context *ctx, |
218 | gfp_t gfp_mask, int type) |
219 | { |
220 | return NULL; |
221 | } |
222 | static inline __printf(2, 3) |
223 | void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) |
224 | { } |
225 | static inline void audit_log_end(struct audit_buffer *ab) |
226 | { } |
227 | static inline void audit_log_n_hex(struct audit_buffer *ab, |
228 | const unsigned char *buf, size_t len) |
229 | { } |
230 | static inline void audit_log_n_string(struct audit_buffer *ab, |
231 | const char *buf, size_t n) |
232 | { } |
233 | static inline void audit_log_n_untrustedstring(struct audit_buffer *ab, |
234 | const char *string, size_t n) |
235 | { } |
236 | static inline void audit_log_untrustedstring(struct audit_buffer *ab, |
237 | const char *string) |
238 | { } |
239 | static inline void audit_log_d_path(struct audit_buffer *ab, |
240 | const char *prefix, |
241 | const struct path *path) |
242 | { } |
243 | static inline void audit_log_key(struct audit_buffer *ab, char *key) |
244 | { } |
245 | static inline void audit_log_path_denied(int type, const char *operation) |
246 | { } |
247 | static inline int audit_log_task_context(struct audit_buffer *ab) |
248 | { |
249 | return 0; |
250 | } |
251 | static inline void audit_log_task_info(struct audit_buffer *ab) |
252 | { } |
253 | |
254 | static inline kuid_t audit_get_loginuid(struct task_struct *tsk) |
255 | { |
256 | return INVALID_UID; |
257 | } |
258 | |
259 | static inline unsigned int audit_get_sessionid(struct task_struct *tsk) |
260 | { |
261 | return AUDIT_SID_UNSET; |
262 | } |
263 | |
264 | #define audit_enabled AUDIT_OFF |
265 | |
266 | static inline int audit_signal_info(int sig, struct task_struct *t) |
267 | { |
268 | return 0; |
269 | } |
270 | |
271 | #endif /* CONFIG_AUDIT */ |
272 | |
273 | #ifdef CONFIG_AUDIT_COMPAT_GENERIC |
274 | #define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT)) |
275 | #else |
276 | #define audit_is_compat(arch) false |
277 | #endif |
278 | |
279 | #define AUDIT_INODE_PARENT 1 /* dentry represents the parent */ |
280 | #define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */ |
281 | #define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */ |
282 | |
283 | #ifdef CONFIG_AUDITSYSCALL |
284 | #include <asm/syscall.h> /* for syscall_get_arch() */ |
285 | |
286 | /* These are defined in auditsc.c */ |
287 | /* Public API */ |
288 | extern int audit_alloc(struct task_struct *task); |
289 | extern void __audit_free(struct task_struct *task); |
290 | extern void __audit_uring_entry(u8 op); |
291 | extern void __audit_uring_exit(int success, long code); |
292 | extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, |
293 | unsigned long a2, unsigned long a3); |
294 | extern void __audit_syscall_exit(int ret_success, long ret_value); |
295 | extern struct filename *__audit_reusename(const __user char *uptr); |
296 | extern void __audit_getname(struct filename *name); |
297 | extern void __audit_inode(struct filename *name, const struct dentry *dentry, |
298 | unsigned int flags); |
299 | extern void __audit_file(const struct file *); |
300 | extern void __audit_inode_child(struct inode *parent, |
301 | const struct dentry *dentry, |
302 | const unsigned char type); |
303 | extern void audit_seccomp(unsigned long syscall, long signr, int code); |
304 | extern void audit_seccomp_actions_logged(const char *names, |
305 | const char *old_names, int res); |
306 | extern void __audit_ptrace(struct task_struct *t); |
307 | |
308 | static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) |
309 | { |
310 | task->audit_context = ctx; |
311 | } |
312 | |
313 | static inline struct audit_context *audit_context(void) |
314 | { |
315 | return current->audit_context; |
316 | } |
317 | |
318 | static inline bool audit_dummy_context(void) |
319 | { |
320 | void *p = audit_context(); |
321 | return !p || *(int *)p; |
322 | } |
323 | static inline void audit_free(struct task_struct *task) |
324 | { |
325 | if (unlikely(task->audit_context)) |
326 | __audit_free(task); |
327 | } |
328 | static inline void audit_uring_entry(u8 op) |
329 | { |
330 | /* |
331 | * We intentionally check audit_context() before audit_enabled as most |
332 | * Linux systems (as of ~2021) rely on systemd which forces audit to |
333 | * be enabled regardless of the user's audit configuration. |
334 | */ |
335 | if (unlikely(audit_context() && audit_enabled)) |
336 | __audit_uring_entry(op); |
337 | } |
338 | static inline void audit_uring_exit(int success, long code) |
339 | { |
340 | if (unlikely(audit_context())) |
341 | __audit_uring_exit(success, code); |
342 | } |
343 | static inline void audit_syscall_entry(int major, unsigned long a0, |
344 | unsigned long a1, unsigned long a2, |
345 | unsigned long a3) |
346 | { |
347 | if (unlikely(audit_context())) |
348 | __audit_syscall_entry(major, a0, a1, a2, a3); |
349 | } |
350 | static inline void audit_syscall_exit(void *pt_regs) |
351 | { |
352 | if (unlikely(audit_context())) { |
353 | int success = is_syscall_success(pt_regs); |
354 | long return_code = regs_return_value(regs: pt_regs); |
355 | |
356 | __audit_syscall_exit(ret_success: success, ret_value: return_code); |
357 | } |
358 | } |
359 | static inline struct filename *audit_reusename(const __user char *name) |
360 | { |
361 | if (unlikely(!audit_dummy_context())) |
362 | return __audit_reusename(uptr: name); |
363 | return NULL; |
364 | } |
365 | static inline void audit_getname(struct filename *name) |
366 | { |
367 | if (unlikely(!audit_dummy_context())) |
368 | __audit_getname(name); |
369 | } |
370 | static inline void audit_inode(struct filename *name, |
371 | const struct dentry *dentry, |
372 | unsigned int aflags) { |
373 | if (unlikely(!audit_dummy_context())) |
374 | __audit_inode(name, dentry, flags: aflags); |
375 | } |
376 | static inline void audit_file(struct file *file) |
377 | { |
378 | if (unlikely(!audit_dummy_context())) |
379 | __audit_file(file); |
380 | } |
381 | static inline void audit_inode_parent_hidden(struct filename *name, |
382 | const struct dentry *dentry) |
383 | { |
384 | if (unlikely(!audit_dummy_context())) |
385 | __audit_inode(name, dentry, |
386 | AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN); |
387 | } |
388 | static inline void audit_inode_child(struct inode *parent, |
389 | const struct dentry *dentry, |
390 | const unsigned char type) { |
391 | if (unlikely(!audit_dummy_context())) |
392 | __audit_inode_child(parent, dentry, type); |
393 | } |
394 | void audit_core_dumps(long signr); |
395 | |
396 | static inline void audit_ptrace(struct task_struct *t) |
397 | { |
398 | if (unlikely(!audit_dummy_context())) |
399 | __audit_ptrace(t); |
400 | } |
401 | |
402 | /* Private API (for audit.c only) */ |
403 | extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); |
404 | extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); |
405 | extern void __audit_bprm(struct linux_binprm *bprm); |
406 | extern int __audit_socketcall(int nargs, unsigned long *args); |
407 | extern int __audit_sockaddr(int len, void *addr); |
408 | extern void __audit_fd_pair(int fd1, int fd2); |
409 | extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr); |
410 | extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout); |
411 | extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); |
412 | extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); |
413 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, |
414 | const struct cred *new, |
415 | const struct cred *old); |
416 | extern void __audit_log_capset(const struct cred *new, const struct cred *old); |
417 | extern void __audit_mmap_fd(int fd, int flags); |
418 | extern void __audit_openat2_how(struct open_how *how); |
419 | extern void __audit_log_kern_module(char *name); |
420 | extern void __audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar); |
421 | extern void __audit_tk_injoffset(struct timespec64 offset); |
422 | extern void __audit_ntp_log(const struct audit_ntp_data *ad); |
423 | extern void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, |
424 | enum audit_nfcfgop op, gfp_t gfp); |
425 | |
426 | static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) |
427 | { |
428 | if (unlikely(!audit_dummy_context())) |
429 | __audit_ipc_obj(ipcp); |
430 | } |
431 | static inline void audit_fd_pair(int fd1, int fd2) |
432 | { |
433 | if (unlikely(!audit_dummy_context())) |
434 | __audit_fd_pair(fd1, fd2); |
435 | } |
436 | static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode) |
437 | { |
438 | if (unlikely(!audit_dummy_context())) |
439 | __audit_ipc_set_perm(qbytes, uid, gid, mode); |
440 | } |
441 | static inline void audit_bprm(struct linux_binprm *bprm) |
442 | { |
443 | if (unlikely(!audit_dummy_context())) |
444 | __audit_bprm(bprm); |
445 | } |
446 | static inline int audit_socketcall(int nargs, unsigned long *args) |
447 | { |
448 | if (unlikely(!audit_dummy_context())) |
449 | return __audit_socketcall(nargs, args); |
450 | return 0; |
451 | } |
452 | |
453 | static inline int audit_socketcall_compat(int nargs, u32 *args) |
454 | { |
455 | unsigned long a[AUDITSC_ARGS]; |
456 | int i; |
457 | |
458 | if (audit_dummy_context()) |
459 | return 0; |
460 | |
461 | for (i = 0; i < nargs; i++) |
462 | a[i] = (unsigned long)args[i]; |
463 | return __audit_socketcall(nargs, args: a); |
464 | } |
465 | |
466 | static inline int audit_sockaddr(int len, void *addr) |
467 | { |
468 | if (unlikely(!audit_dummy_context())) |
469 | return __audit_sockaddr(len, addr); |
470 | return 0; |
471 | } |
472 | static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) |
473 | { |
474 | if (unlikely(!audit_dummy_context())) |
475 | __audit_mq_open(oflag, mode, attr); |
476 | } |
477 | static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout) |
478 | { |
479 | if (unlikely(!audit_dummy_context())) |
480 | __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout); |
481 | } |
482 | static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) |
483 | { |
484 | if (unlikely(!audit_dummy_context())) |
485 | __audit_mq_notify(mqdes, notification); |
486 | } |
487 | static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) |
488 | { |
489 | if (unlikely(!audit_dummy_context())) |
490 | __audit_mq_getsetattr(mqdes, mqstat); |
491 | } |
492 | |
493 | static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, |
494 | const struct cred *new, |
495 | const struct cred *old) |
496 | { |
497 | if (unlikely(!audit_dummy_context())) |
498 | return __audit_log_bprm_fcaps(bprm, new, old); |
499 | return 0; |
500 | } |
501 | |
502 | static inline void audit_log_capset(const struct cred *new, |
503 | const struct cred *old) |
504 | { |
505 | if (unlikely(!audit_dummy_context())) |
506 | __audit_log_capset(new, old); |
507 | } |
508 | |
509 | static inline void audit_mmap_fd(int fd, int flags) |
510 | { |
511 | if (unlikely(!audit_dummy_context())) |
512 | __audit_mmap_fd(fd, flags); |
513 | } |
514 | |
515 | static inline void audit_openat2_how(struct open_how *how) |
516 | { |
517 | if (unlikely(!audit_dummy_context())) |
518 | __audit_openat2_how(how); |
519 | } |
520 | |
521 | static inline void audit_log_kern_module(char *name) |
522 | { |
523 | if (!audit_dummy_context()) |
524 | __audit_log_kern_module(name); |
525 | } |
526 | |
527 | static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) |
528 | { |
529 | if (!audit_dummy_context()) |
530 | __audit_fanotify(response, friar); |
531 | } |
532 | |
533 | static inline void audit_tk_injoffset(struct timespec64 offset) |
534 | { |
535 | /* ignore no-op events */ |
536 | if (offset.tv_sec == 0 && offset.tv_nsec == 0) |
537 | return; |
538 | |
539 | if (!audit_dummy_context()) |
540 | __audit_tk_injoffset(offset); |
541 | } |
542 | |
543 | static inline void audit_ntp_init(struct audit_ntp_data *ad) |
544 | { |
545 | memset(ad, 0, sizeof(*ad)); |
546 | } |
547 | |
548 | static inline void audit_ntp_set_old(struct audit_ntp_data *ad, |
549 | enum audit_ntp_type type, long long val) |
550 | { |
551 | ad->vals[type].oldval = val; |
552 | } |
553 | |
554 | static inline void audit_ntp_set_new(struct audit_ntp_data *ad, |
555 | enum audit_ntp_type type, long long val) |
556 | { |
557 | ad->vals[type].newval = val; |
558 | } |
559 | |
560 | static inline void audit_ntp_log(const struct audit_ntp_data *ad) |
561 | { |
562 | if (!audit_dummy_context()) |
563 | __audit_ntp_log(ad); |
564 | } |
565 | |
566 | static inline void audit_log_nfcfg(const char *name, u8 af, |
567 | unsigned int nentries, |
568 | enum audit_nfcfgop op, gfp_t gfp) |
569 | { |
570 | if (audit_enabled) |
571 | __audit_log_nfcfg(name, af, nentries, op, gfp); |
572 | } |
573 | |
574 | extern int audit_n_rules; |
575 | extern int audit_signals; |
576 | #else /* CONFIG_AUDITSYSCALL */ |
577 | static inline int audit_alloc(struct task_struct *task) |
578 | { |
579 | return 0; |
580 | } |
581 | static inline void audit_free(struct task_struct *task) |
582 | { } |
583 | static inline void audit_uring_entry(u8 op) |
584 | { } |
585 | static inline void audit_uring_exit(int success, long code) |
586 | { } |
587 | static inline void audit_syscall_entry(int major, unsigned long a0, |
588 | unsigned long a1, unsigned long a2, |
589 | unsigned long a3) |
590 | { } |
591 | static inline void audit_syscall_exit(void *pt_regs) |
592 | { } |
593 | static inline bool audit_dummy_context(void) |
594 | { |
595 | return true; |
596 | } |
597 | static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) |
598 | { } |
599 | static inline struct audit_context *audit_context(void) |
600 | { |
601 | return NULL; |
602 | } |
603 | static inline struct filename *audit_reusename(const __user char *name) |
604 | { |
605 | return NULL; |
606 | } |
607 | static inline void audit_getname(struct filename *name) |
608 | { } |
609 | static inline void audit_inode(struct filename *name, |
610 | const struct dentry *dentry, |
611 | unsigned int aflags) |
612 | { } |
613 | static inline void audit_file(struct file *file) |
614 | { |
615 | } |
616 | static inline void audit_inode_parent_hidden(struct filename *name, |
617 | const struct dentry *dentry) |
618 | { } |
619 | static inline void audit_inode_child(struct inode *parent, |
620 | const struct dentry *dentry, |
621 | const unsigned char type) |
622 | { } |
623 | static inline void audit_core_dumps(long signr) |
624 | { } |
625 | static inline void audit_seccomp(unsigned long syscall, long signr, int code) |
626 | { } |
627 | static inline void audit_seccomp_actions_logged(const char *names, |
628 | const char *old_names, int res) |
629 | { } |
630 | static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) |
631 | { } |
632 | static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, |
633 | gid_t gid, umode_t mode) |
634 | { } |
635 | static inline void audit_bprm(struct linux_binprm *bprm) |
636 | { } |
637 | static inline int audit_socketcall(int nargs, unsigned long *args) |
638 | { |
639 | return 0; |
640 | } |
641 | |
642 | static inline int audit_socketcall_compat(int nargs, u32 *args) |
643 | { |
644 | return 0; |
645 | } |
646 | |
647 | static inline void audit_fd_pair(int fd1, int fd2) |
648 | { } |
649 | static inline int audit_sockaddr(int len, void *addr) |
650 | { |
651 | return 0; |
652 | } |
653 | static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) |
654 | { } |
655 | static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, |
656 | unsigned int msg_prio, |
657 | const struct timespec64 *abs_timeout) |
658 | { } |
659 | static inline void audit_mq_notify(mqd_t mqdes, |
660 | const struct sigevent *notification) |
661 | { } |
662 | static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) |
663 | { } |
664 | static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, |
665 | const struct cred *new, |
666 | const struct cred *old) |
667 | { |
668 | return 0; |
669 | } |
670 | static inline void audit_log_capset(const struct cred *new, |
671 | const struct cred *old) |
672 | { } |
673 | static inline void audit_mmap_fd(int fd, int flags) |
674 | { } |
675 | |
676 | static inline void audit_openat2_how(struct open_how *how) |
677 | { } |
678 | |
679 | static inline void audit_log_kern_module(char *name) |
680 | { |
681 | } |
682 | |
683 | static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) |
684 | { } |
685 | |
686 | static inline void audit_tk_injoffset(struct timespec64 offset) |
687 | { } |
688 | |
689 | static inline void audit_ntp_init(struct audit_ntp_data *ad) |
690 | { } |
691 | |
692 | static inline void audit_ntp_set_old(struct audit_ntp_data *ad, |
693 | enum audit_ntp_type type, long long val) |
694 | { } |
695 | |
696 | static inline void audit_ntp_set_new(struct audit_ntp_data *ad, |
697 | enum audit_ntp_type type, long long val) |
698 | { } |
699 | |
700 | static inline void audit_ntp_log(const struct audit_ntp_data *ad) |
701 | { } |
702 | |
703 | static inline void audit_ptrace(struct task_struct *t) |
704 | { } |
705 | |
706 | static inline void audit_log_nfcfg(const char *name, u8 af, |
707 | unsigned int nentries, |
708 | enum audit_nfcfgop op, gfp_t gfp) |
709 | { } |
710 | |
711 | #define audit_n_rules 0 |
712 | #define audit_signals 0 |
713 | #endif /* CONFIG_AUDITSYSCALL */ |
714 | |
715 | static inline bool audit_loginuid_set(struct task_struct *tsk) |
716 | { |
717 | return uid_valid(uid: audit_get_loginuid(tsk)); |
718 | } |
719 | |
720 | #endif |
721 | |