audit.h (20533B)
1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* audit.h -- Auditing support 3 * 4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 5 * All Rights Reserved. 6 * 7 * Written by Rickard E. (Rik) Faith <faith@redhat.com> 8 */ 9#ifndef _LINUX_AUDIT_H_ 10#define _LINUX_AUDIT_H_ 11 12#include <linux/sched.h> 13#include <linux/ptrace.h> 14#include <linux/audit_arch.h> 15#include <uapi/linux/audit.h> 16#include <uapi/linux/netfilter/nf_tables.h> 17 18#define AUDIT_INO_UNSET ((unsigned long)-1) 19#define AUDIT_DEV_UNSET ((dev_t)-1) 20 21struct audit_sig_info { 22 uid_t uid; 23 pid_t pid; 24 char ctx[]; 25}; 26 27struct audit_buffer; 28struct audit_context; 29struct inode; 30struct netlink_skb_parms; 31struct path; 32struct linux_binprm; 33struct mq_attr; 34struct mqstat; 35struct audit_watch; 36struct audit_tree; 37struct sk_buff; 38 39struct audit_krule { 40 u32 pflags; 41 u32 flags; 42 u32 listnr; 43 u32 action; 44 u32 mask[AUDIT_BITMASK_SIZE]; 45 u32 buflen; /* for data alloc on list rules */ 46 u32 field_count; 47 char *filterkey; /* ties events to rules */ 48 struct audit_field *fields; 49 struct audit_field *arch_f; /* quick access to arch field */ 50 struct audit_field *inode_f; /* quick access to an inode field */ 51 struct audit_watch *watch; /* associated watch */ 52 struct audit_tree *tree; /* associated watched tree */ 53 struct audit_fsnotify_mark *exe; 54 struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ 55 struct list_head list; /* for AUDIT_LIST* purposes only */ 56 u64 prio; 57}; 58 59/* Flag to indicate legacy AUDIT_LOGINUID unset usage */ 60#define AUDIT_LOGINUID_LEGACY 0x1 61 62struct audit_field { 63 u32 type; 64 union { 65 u32 val; 66 kuid_t uid; 67 kgid_t gid; 68 struct { 69 char *lsm_str; 70 void *lsm_rule; 71 }; 72 }; 73 u32 op; 74}; 75 76enum audit_ntp_type { 77 AUDIT_NTP_OFFSET, 78 AUDIT_NTP_FREQ, 79 AUDIT_NTP_STATUS, 80 AUDIT_NTP_TAI, 81 AUDIT_NTP_TICK, 82 AUDIT_NTP_ADJUST, 83 84 AUDIT_NTP_NVALS /* count */ 85}; 86 87#ifdef CONFIG_AUDITSYSCALL 88struct audit_ntp_val { 89 long long oldval, newval; 90}; 91 92struct audit_ntp_data { 93 struct audit_ntp_val vals[AUDIT_NTP_NVALS]; 94}; 95#else 96struct audit_ntp_data {}; 97#endif 98 99enum audit_nfcfgop { 100 AUDIT_XT_OP_REGISTER, 101 AUDIT_XT_OP_REPLACE, 102 AUDIT_XT_OP_UNREGISTER, 103 AUDIT_NFT_OP_TABLE_REGISTER, 104 AUDIT_NFT_OP_TABLE_UNREGISTER, 105 AUDIT_NFT_OP_CHAIN_REGISTER, 106 AUDIT_NFT_OP_CHAIN_UNREGISTER, 107 AUDIT_NFT_OP_RULE_REGISTER, 108 AUDIT_NFT_OP_RULE_UNREGISTER, 109 AUDIT_NFT_OP_SET_REGISTER, 110 AUDIT_NFT_OP_SET_UNREGISTER, 111 AUDIT_NFT_OP_SETELEM_REGISTER, 112 AUDIT_NFT_OP_SETELEM_UNREGISTER, 113 AUDIT_NFT_OP_GEN_REGISTER, 114 AUDIT_NFT_OP_OBJ_REGISTER, 115 AUDIT_NFT_OP_OBJ_UNREGISTER, 116 AUDIT_NFT_OP_OBJ_RESET, 117 AUDIT_NFT_OP_FLOWTABLE_REGISTER, 118 AUDIT_NFT_OP_FLOWTABLE_UNREGISTER, 119 AUDIT_NFT_OP_INVALID, 120}; 121 122extern int is_audit_feature_set(int which); 123 124extern int __init audit_register_class(int class, unsigned *list); 125extern int audit_classify_syscall(int abi, unsigned syscall); 126extern int audit_classify_arch(int arch); 127/* only for compat system calls */ 128extern unsigned compat_write_class[]; 129extern unsigned compat_read_class[]; 130extern unsigned compat_dir_class[]; 131extern unsigned compat_chattr_class[]; 132extern unsigned compat_signal_class[]; 133 134extern int audit_classify_compat_syscall(int abi, unsigned syscall); 135 136/* audit_names->type values */ 137#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ 138#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ 139#define AUDIT_TYPE_PARENT 2 /* a parent audit record */ 140#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ 141#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ 142 143/* maximized args number that audit_socketcall can process */ 144#define AUDITSC_ARGS 6 145 146/* bit values for ->signal->audit_tty */ 147#define AUDIT_TTY_ENABLE BIT(0) 148#define AUDIT_TTY_LOG_PASSWD BIT(1) 149 150struct filename; 151 152#define AUDIT_OFF 0 153#define AUDIT_ON 1 154#define AUDIT_LOCKED 2 155#ifdef CONFIG_AUDIT 156/* These are defined in audit.c */ 157 /* Public API */ 158extern __printf(4, 5) 159void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 160 const char *fmt, ...); 161 162extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); 163extern __printf(2, 3) 164void audit_log_format(struct audit_buffer *ab, const char *fmt, ...); 165extern void audit_log_end(struct audit_buffer *ab); 166extern bool audit_string_contains_control(const char *string, 167 size_t len); 168extern void audit_log_n_hex(struct audit_buffer *ab, 169 const unsigned char *buf, 170 size_t len); 171extern void audit_log_n_string(struct audit_buffer *ab, 172 const char *buf, 173 size_t n); 174extern void audit_log_n_untrustedstring(struct audit_buffer *ab, 175 const char *string, 176 size_t n); 177extern void audit_log_untrustedstring(struct audit_buffer *ab, 178 const char *string); 179extern void audit_log_d_path(struct audit_buffer *ab, 180 const char *prefix, 181 const struct path *path); 182extern void audit_log_key(struct audit_buffer *ab, 183 char *key); 184extern void audit_log_path_denied(int type, 185 const char *operation); 186extern void audit_log_lost(const char *message); 187 188extern int audit_log_task_context(struct audit_buffer *ab); 189extern void audit_log_task_info(struct audit_buffer *ab); 190 191extern int audit_update_lsm_rules(void); 192 193 /* Private API (for audit.c only) */ 194extern int audit_rule_change(int type, int seq, void *data, size_t datasz); 195extern int audit_list_rules_send(struct sk_buff *request_skb, int seq); 196 197extern int audit_set_loginuid(kuid_t loginuid); 198 199static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 200{ 201 return tsk->loginuid; 202} 203 204static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 205{ 206 return tsk->sessionid; 207} 208 209extern u32 audit_enabled; 210 211extern int audit_signal_info(int sig, struct task_struct *t); 212 213#else /* CONFIG_AUDIT */ 214static inline __printf(4, 5) 215void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 216 const char *fmt, ...) 217{ } 218static inline struct audit_buffer *audit_log_start(struct audit_context *ctx, 219 gfp_t gfp_mask, int type) 220{ 221 return NULL; 222} 223static inline __printf(2, 3) 224void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) 225{ } 226static inline void audit_log_end(struct audit_buffer *ab) 227{ } 228static inline void audit_log_n_hex(struct audit_buffer *ab, 229 const unsigned char *buf, size_t len) 230{ } 231static inline void audit_log_n_string(struct audit_buffer *ab, 232 const char *buf, size_t n) 233{ } 234static inline void audit_log_n_untrustedstring(struct audit_buffer *ab, 235 const char *string, size_t n) 236{ } 237static inline void audit_log_untrustedstring(struct audit_buffer *ab, 238 const char *string) 239{ } 240static inline void audit_log_d_path(struct audit_buffer *ab, 241 const char *prefix, 242 const struct path *path) 243{ } 244static inline void audit_log_key(struct audit_buffer *ab, char *key) 245{ } 246static inline void audit_log_path_denied(int type, const char *operation) 247{ } 248static inline int audit_log_task_context(struct audit_buffer *ab) 249{ 250 return 0; 251} 252static inline void audit_log_task_info(struct audit_buffer *ab) 253{ } 254 255static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 256{ 257 return INVALID_UID; 258} 259 260static inline unsigned int audit_get_sessionid(struct task_struct *tsk) 261{ 262 return AUDIT_SID_UNSET; 263} 264 265#define audit_enabled AUDIT_OFF 266 267static inline int audit_signal_info(int sig, struct task_struct *t) 268{ 269 return 0; 270} 271 272#endif /* CONFIG_AUDIT */ 273 274#ifdef CONFIG_AUDIT_COMPAT_GENERIC 275#define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT)) 276#else 277#define audit_is_compat(arch) false 278#endif 279 280#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */ 281#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */ 282#define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */ 283 284#ifdef CONFIG_AUDITSYSCALL 285#include <asm/syscall.h> /* for syscall_get_arch() */ 286 287/* These are defined in auditsc.c */ 288 /* Public API */ 289extern int audit_alloc(struct task_struct *task); 290extern int audit_alloc_kernel(struct task_struct *task); 291extern void __audit_free(struct task_struct *task); 292extern void __audit_uring_entry(u8 op); 293extern void __audit_uring_exit(int success, long code); 294extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, 295 unsigned long a2, unsigned long a3); 296extern void __audit_syscall_exit(int ret_success, long ret_value); 297extern struct filename *__audit_reusename(const __user char *uptr); 298extern void __audit_getname(struct filename *name); 299extern void __audit_inode(struct filename *name, const struct dentry *dentry, 300 unsigned int flags); 301extern void __audit_file(const struct file *); 302extern void __audit_inode_child(struct inode *parent, 303 const struct dentry *dentry, 304 const unsigned char type); 305extern void audit_seccomp(unsigned long syscall, long signr, int code); 306extern void audit_seccomp_actions_logged(const char *names, 307 const char *old_names, int res); 308extern void __audit_ptrace(struct task_struct *t); 309 310static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 311{ 312 task->audit_context = ctx; 313} 314 315static inline struct audit_context *audit_context(void) 316{ 317 return current->audit_context; 318} 319 320static inline bool audit_dummy_context(void) 321{ 322 void *p = audit_context(); 323 return !p || *(int *)p; 324} 325static inline void audit_free(struct task_struct *task) 326{ 327 if (unlikely(task->audit_context)) 328 __audit_free(task); 329} 330static inline void audit_uring_entry(u8 op) 331{ 332 /* 333 * We intentionally check audit_context() before audit_enabled as most 334 * Linux systems (as of ~2021) rely on systemd which forces audit to 335 * be enabled regardless of the user's audit configuration. 336 */ 337 if (unlikely(audit_context() && audit_enabled)) 338 __audit_uring_entry(op); 339} 340static inline void audit_uring_exit(int success, long code) 341{ 342 if (unlikely(audit_context())) 343 __audit_uring_exit(success, code); 344} 345static inline void audit_syscall_entry(int major, unsigned long a0, 346 unsigned long a1, unsigned long a2, 347 unsigned long a3) 348{ 349 if (unlikely(audit_context())) 350 __audit_syscall_entry(major, a0, a1, a2, a3); 351} 352static inline void audit_syscall_exit(void *pt_regs) 353{ 354 if (unlikely(audit_context())) { 355 int success = is_syscall_success(pt_regs); 356 long return_code = regs_return_value(pt_regs); 357 358 __audit_syscall_exit(success, return_code); 359 } 360} 361static inline struct filename *audit_reusename(const __user char *name) 362{ 363 if (unlikely(!audit_dummy_context())) 364 return __audit_reusename(name); 365 return NULL; 366} 367static inline void audit_getname(struct filename *name) 368{ 369 if (unlikely(!audit_dummy_context())) 370 __audit_getname(name); 371} 372static inline void audit_inode(struct filename *name, 373 const struct dentry *dentry, 374 unsigned int aflags) { 375 if (unlikely(!audit_dummy_context())) 376 __audit_inode(name, dentry, aflags); 377} 378static inline void audit_file(struct file *file) 379{ 380 if (unlikely(!audit_dummy_context())) 381 __audit_file(file); 382} 383static inline void audit_inode_parent_hidden(struct filename *name, 384 const struct dentry *dentry) 385{ 386 if (unlikely(!audit_dummy_context())) 387 __audit_inode(name, dentry, 388 AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN); 389} 390static inline void audit_inode_child(struct inode *parent, 391 const struct dentry *dentry, 392 const unsigned char type) { 393 if (unlikely(!audit_dummy_context())) 394 __audit_inode_child(parent, dentry, type); 395} 396void audit_core_dumps(long signr); 397 398static inline void audit_ptrace(struct task_struct *t) 399{ 400 if (unlikely(!audit_dummy_context())) 401 __audit_ptrace(t); 402} 403 404 /* Private API (for audit.c only) */ 405extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); 406extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); 407extern void __audit_bprm(struct linux_binprm *bprm); 408extern int __audit_socketcall(int nargs, unsigned long *args); 409extern int __audit_sockaddr(int len, void *addr); 410extern void __audit_fd_pair(int fd1, int fd2); 411extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr); 412extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout); 413extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); 414extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); 415extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, 416 const struct cred *new, 417 const struct cred *old); 418extern void __audit_log_capset(const struct cred *new, const struct cred *old); 419extern void __audit_mmap_fd(int fd, int flags); 420extern void __audit_openat2_how(struct open_how *how); 421extern void __audit_log_kern_module(char *name); 422extern void __audit_fanotify(unsigned int response); 423extern void __audit_tk_injoffset(struct timespec64 offset); 424extern void __audit_ntp_log(const struct audit_ntp_data *ad); 425extern void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, 426 enum audit_nfcfgop op, gfp_t gfp); 427 428static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 429{ 430 if (unlikely(!audit_dummy_context())) 431 __audit_ipc_obj(ipcp); 432} 433static inline void audit_fd_pair(int fd1, int fd2) 434{ 435 if (unlikely(!audit_dummy_context())) 436 __audit_fd_pair(fd1, fd2); 437} 438static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode) 439{ 440 if (unlikely(!audit_dummy_context())) 441 __audit_ipc_set_perm(qbytes, uid, gid, mode); 442} 443static inline void audit_bprm(struct linux_binprm *bprm) 444{ 445 if (unlikely(!audit_dummy_context())) 446 __audit_bprm(bprm); 447} 448static inline int audit_socketcall(int nargs, unsigned long *args) 449{ 450 if (unlikely(!audit_dummy_context())) 451 return __audit_socketcall(nargs, args); 452 return 0; 453} 454 455static inline int audit_socketcall_compat(int nargs, u32 *args) 456{ 457 unsigned long a[AUDITSC_ARGS]; 458 int i; 459 460 if (audit_dummy_context()) 461 return 0; 462 463 for (i = 0; i < nargs; i++) 464 a[i] = (unsigned long)args[i]; 465 return __audit_socketcall(nargs, a); 466} 467 468static inline int audit_sockaddr(int len, void *addr) 469{ 470 if (unlikely(!audit_dummy_context())) 471 return __audit_sockaddr(len, addr); 472 return 0; 473} 474static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 475{ 476 if (unlikely(!audit_dummy_context())) 477 __audit_mq_open(oflag, mode, attr); 478} 479static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec64 *abs_timeout) 480{ 481 if (unlikely(!audit_dummy_context())) 482 __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout); 483} 484static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) 485{ 486 if (unlikely(!audit_dummy_context())) 487 __audit_mq_notify(mqdes, notification); 488} 489static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 490{ 491 if (unlikely(!audit_dummy_context())) 492 __audit_mq_getsetattr(mqdes, mqstat); 493} 494 495static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 496 const struct cred *new, 497 const struct cred *old) 498{ 499 if (unlikely(!audit_dummy_context())) 500 return __audit_log_bprm_fcaps(bprm, new, old); 501 return 0; 502} 503 504static inline void audit_log_capset(const struct cred *new, 505 const struct cred *old) 506{ 507 if (unlikely(!audit_dummy_context())) 508 __audit_log_capset(new, old); 509} 510 511static inline void audit_mmap_fd(int fd, int flags) 512{ 513 if (unlikely(!audit_dummy_context())) 514 __audit_mmap_fd(fd, flags); 515} 516 517static inline void audit_openat2_how(struct open_how *how) 518{ 519 if (unlikely(!audit_dummy_context())) 520 __audit_openat2_how(how); 521} 522 523static inline void audit_log_kern_module(char *name) 524{ 525 if (!audit_dummy_context()) 526 __audit_log_kern_module(name); 527} 528 529static inline void audit_fanotify(unsigned int response) 530{ 531 if (!audit_dummy_context()) 532 __audit_fanotify(response); 533} 534 535static inline void audit_tk_injoffset(struct timespec64 offset) 536{ 537 /* ignore no-op events */ 538 if (offset.tv_sec == 0 && offset.tv_nsec == 0) 539 return; 540 541 if (!audit_dummy_context()) 542 __audit_tk_injoffset(offset); 543} 544 545static inline void audit_ntp_init(struct audit_ntp_data *ad) 546{ 547 memset(ad, 0, sizeof(*ad)); 548} 549 550static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 551 enum audit_ntp_type type, long long val) 552{ 553 ad->vals[type].oldval = val; 554} 555 556static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 557 enum audit_ntp_type type, long long val) 558{ 559 ad->vals[type].newval = val; 560} 561 562static inline void audit_ntp_log(const struct audit_ntp_data *ad) 563{ 564 if (!audit_dummy_context()) 565 __audit_ntp_log(ad); 566} 567 568static inline void audit_log_nfcfg(const char *name, u8 af, 569 unsigned int nentries, 570 enum audit_nfcfgop op, gfp_t gfp) 571{ 572 if (audit_enabled) 573 __audit_log_nfcfg(name, af, nentries, op, gfp); 574} 575 576extern int audit_n_rules; 577extern int audit_signals; 578#else /* CONFIG_AUDITSYSCALL */ 579static inline int audit_alloc(struct task_struct *task) 580{ 581 return 0; 582} 583static inline int audit_alloc_kernel(struct task_struct *task) 584{ 585 return 0; 586} 587static inline void audit_free(struct task_struct *task) 588{ } 589static inline void audit_uring_entry(u8 op) 590{ } 591static inline void audit_uring_exit(int success, long code) 592{ } 593static inline void audit_syscall_entry(int major, unsigned long a0, 594 unsigned long a1, unsigned long a2, 595 unsigned long a3) 596{ } 597static inline void audit_syscall_exit(void *pt_regs) 598{ } 599static inline bool audit_dummy_context(void) 600{ 601 return true; 602} 603static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) 604{ } 605static inline struct audit_context *audit_context(void) 606{ 607 return NULL; 608} 609static inline struct filename *audit_reusename(const __user char *name) 610{ 611 return NULL; 612} 613static inline void audit_getname(struct filename *name) 614{ } 615static inline void audit_inode(struct filename *name, 616 const struct dentry *dentry, 617 unsigned int aflags) 618{ } 619static inline void audit_file(struct file *file) 620{ 621} 622static inline void audit_inode_parent_hidden(struct filename *name, 623 const struct dentry *dentry) 624{ } 625static inline void audit_inode_child(struct inode *parent, 626 const struct dentry *dentry, 627 const unsigned char type) 628{ } 629static inline void audit_core_dumps(long signr) 630{ } 631static inline void audit_seccomp(unsigned long syscall, long signr, int code) 632{ } 633static inline void audit_seccomp_actions_logged(const char *names, 634 const char *old_names, int res) 635{ } 636static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 637{ } 638static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, 639 gid_t gid, umode_t mode) 640{ } 641static inline void audit_bprm(struct linux_binprm *bprm) 642{ } 643static inline int audit_socketcall(int nargs, unsigned long *args) 644{ 645 return 0; 646} 647 648static inline int audit_socketcall_compat(int nargs, u32 *args) 649{ 650 return 0; 651} 652 653static inline void audit_fd_pair(int fd1, int fd2) 654{ } 655static inline int audit_sockaddr(int len, void *addr) 656{ 657 return 0; 658} 659static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr) 660{ } 661static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, 662 unsigned int msg_prio, 663 const struct timespec64 *abs_timeout) 664{ } 665static inline void audit_mq_notify(mqd_t mqdes, 666 const struct sigevent *notification) 667{ } 668static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 669{ } 670static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 671 const struct cred *new, 672 const struct cred *old) 673{ 674 return 0; 675} 676static inline void audit_log_capset(const struct cred *new, 677 const struct cred *old) 678{ } 679static inline void audit_mmap_fd(int fd, int flags) 680{ } 681 682static inline void audit_openat2_how(struct open_how *how) 683{ } 684 685static inline void audit_log_kern_module(char *name) 686{ 687} 688 689static inline void audit_fanotify(unsigned int response) 690{ } 691 692static inline void audit_tk_injoffset(struct timespec64 offset) 693{ } 694 695static inline void audit_ntp_init(struct audit_ntp_data *ad) 696{ } 697 698static inline void audit_ntp_set_old(struct audit_ntp_data *ad, 699 enum audit_ntp_type type, long long val) 700{ } 701 702static inline void audit_ntp_set_new(struct audit_ntp_data *ad, 703 enum audit_ntp_type type, long long val) 704{ } 705 706static inline void audit_ntp_log(const struct audit_ntp_data *ad) 707{ } 708 709static inline void audit_ptrace(struct task_struct *t) 710{ } 711 712static inline void audit_log_nfcfg(const char *name, u8 af, 713 unsigned int nentries, 714 enum audit_nfcfgop op, gfp_t gfp) 715{ } 716 717#define audit_n_rules 0 718#define audit_signals 0 719#endif /* CONFIG_AUDITSYSCALL */ 720 721static inline bool audit_loginuid_set(struct task_struct *tsk) 722{ 723 return uid_valid(audit_get_loginuid(tsk)); 724} 725 726#endif