audit.h 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495
  1. /* audit.h -- Auditing support
  2. *
  3. * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina.
  4. * All Rights Reserved.
  5. *
  6. * This program is free software; you can redistribute it and/or modify
  7. * it under the terms of the GNU General Public License as published by
  8. * the Free Software Foundation; either version 2 of the License, or
  9. * (at your option) any later version.
  10. *
  11. * This program is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with this program; if not, write to the Free Software
  18. * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  19. *
  20. * Written by Rickard E. (Rik) Faith <faith@redhat.com>
  21. *
  22. */
  23. #ifndef _LINUX_AUDIT_H_
  24. #define _LINUX_AUDIT_H_
  25. #include <linux/elf-em.h>
  26. /* The netlink messages for the audit system is divided into blocks:
  27. * 1000 - 1099 are for commanding the audit system
  28. * 1100 - 1199 user space trusted application messages
  29. * 1200 - 1299 messages internal to the audit daemon
  30. * 1300 - 1399 audit event messages
  31. * 1400 - 1499 SE Linux use
  32. * 1500 - 1599 kernel LSPP events
  33. * 1600 - 1699 kernel crypto events
  34. * 1700 - 1799 kernel anomaly records
  35. * 1800 - 1999 future kernel use (maybe integrity labels and related events)
  36. * 2000 is for otherwise unclassified kernel audit messages (legacy)
  37. * 2001 - 2099 unused (kernel)
  38. * 2100 - 2199 user space anomaly records
  39. * 2200 - 2299 user space actions taken in response to anomalies
  40. * 2300 - 2399 user space generated LSPP events
  41. * 2400 - 2499 user space crypto events
  42. * 2500 - 2999 future user space (maybe integrity labels and related events)
  43. *
  44. * Messages from 1000-1199 are bi-directional. 1200-1299 & 2100 - 2999 are
  45. * exclusively user space. 1300-2099 is kernel --> user space
  46. * communication.
  47. */
  48. #define AUDIT_GET 1000 /* Get status */
  49. #define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */
  50. #define AUDIT_LIST 1002 /* List syscall rules -- deprecated */
  51. #define AUDIT_ADD 1003 /* Add syscall rule -- deprecated */
  52. #define AUDIT_DEL 1004 /* Delete syscall rule -- deprecated */
  53. #define AUDIT_USER 1005 /* Message from userspace -- deprecated */
  54. #define AUDIT_LOGIN 1006 /* Define the login id and information */
  55. #define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */
  56. #define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */
  57. #define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
  58. #define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
  59. #define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */
  60. #define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */
  61. #define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */
  62. #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
  63. #define AUDIT_USER_AVC 1107 /* We filter this differently */
  64. #define AUDIT_LAST_USER_MSG 1199
  65. #define AUDIT_FIRST_USER_MSG2 2100 /* More user space messages */
  66. #define AUDIT_LAST_USER_MSG2 2999
  67. #define AUDIT_DAEMON_START 1200 /* Daemon startup record */
  68. #define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */
  69. #define AUDIT_DAEMON_ABORT 1202 /* Daemon error stop record */
  70. #define AUDIT_DAEMON_CONFIG 1203 /* Daemon config change */
  71. #define AUDIT_SYSCALL 1300 /* Syscall event */
  72. #define AUDIT_FS_WATCH 1301 /* Filesystem watch event */
  73. #define AUDIT_PATH 1302 /* Filename path information */
  74. #define AUDIT_IPC 1303 /* IPC record */
  75. #define AUDIT_SOCKETCALL 1304 /* sys_socketcall arguments */
  76. #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */
  77. #define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */
  78. #define AUDIT_CWD 1307 /* Current working directory */
  79. #define AUDIT_EXECVE 1309 /* execve arguments */
  80. #define AUDIT_IPC_SET_PERM 1311 /* IPC new permissions record type */
  81. #define AUDIT_MQ_OPEN 1312 /* POSIX MQ open record type */
  82. #define AUDIT_MQ_SENDRECV 1313 /* POSIX MQ send/receive record type */
  83. #define AUDIT_MQ_NOTIFY 1314 /* POSIX MQ notify record type */
  84. #define AUDIT_MQ_GETSETATTR 1315 /* POSIX MQ get/set attribute record type */
  85. #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
  86. #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
  87. #define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */
  88. #define AUDIT_MAC_POLICY_LOAD 1403 /* Policy file load */
  89. #define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */
  90. #define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */
  91. #define AUDIT_FIRST_KERN_ANOM_MSG 1700
  92. #define AUDIT_LAST_KERN_ANOM_MSG 1799
  93. #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
  94. #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
  95. /* Rule flags */
  96. #define AUDIT_FILTER_USER 0x00 /* Apply rule to user-generated messages */
  97. #define AUDIT_FILTER_TASK 0x01 /* Apply rule at task creation (not syscall) */
  98. #define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */
  99. #define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */
  100. #define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */
  101. #define AUDIT_FILTER_TYPE 0x05 /* Apply rule at audit_log_start */
  102. #define AUDIT_NR_FILTERS 6
  103. #define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */
  104. /* Rule actions */
  105. #define AUDIT_NEVER 0 /* Do not build context if rule matches */
  106. #define AUDIT_POSSIBLE 1 /* Build context if rule matches */
  107. #define AUDIT_ALWAYS 2 /* Generate audit record if rule matches */
  108. /* Rule structure sizes -- if these change, different AUDIT_ADD and
  109. * AUDIT_LIST commands must be implemented. */
  110. #define AUDIT_MAX_FIELDS 64
  111. #define AUDIT_MAX_KEY_LEN 32
  112. #define AUDIT_BITMASK_SIZE 64
  113. #define AUDIT_WORD(nr) ((__u32)((nr)/32))
  114. #define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
  115. #define AUDIT_SYSCALL_CLASSES 16
  116. #define AUDIT_CLASS_DIR_WRITE 0
  117. #define AUDIT_CLASS_DIR_WRITE_32 1
  118. #define AUDIT_CLASS_CHATTR 2
  119. #define AUDIT_CLASS_CHATTR_32 3
  120. #define AUDIT_CLASS_READ 4
  121. #define AUDIT_CLASS_READ_32 5
  122. #define AUDIT_CLASS_WRITE 6
  123. #define AUDIT_CLASS_WRITE_32 7
  124. /* This bitmask is used to validate user input. It represents all bits that
  125. * are currently used in an audit field constant understood by the kernel.
  126. * If you are adding a new #define AUDIT_<whatever>, please ensure that
  127. * AUDIT_UNUSED_BITS is updated if need be. */
  128. #define AUDIT_UNUSED_BITS 0x0FFFFC00
  129. /* Rule fields */
  130. /* These are useful when checking the
  131. * task structure at task creation time
  132. * (AUDIT_PER_TASK). */
  133. #define AUDIT_PID 0
  134. #define AUDIT_UID 1
  135. #define AUDIT_EUID 2
  136. #define AUDIT_SUID 3
  137. #define AUDIT_FSUID 4
  138. #define AUDIT_GID 5
  139. #define AUDIT_EGID 6
  140. #define AUDIT_SGID 7
  141. #define AUDIT_FSGID 8
  142. #define AUDIT_LOGINUID 9
  143. #define AUDIT_PERS 10
  144. #define AUDIT_ARCH 11
  145. #define AUDIT_MSGTYPE 12
  146. #define AUDIT_SUBJ_USER 13 /* security label user */
  147. #define AUDIT_SUBJ_ROLE 14 /* security label role */
  148. #define AUDIT_SUBJ_TYPE 15 /* security label type */
  149. #define AUDIT_SUBJ_SEN 16 /* security label sensitivity label */
  150. #define AUDIT_SUBJ_CLR 17 /* security label clearance label */
  151. #define AUDIT_PPID 18
  152. #define AUDIT_OBJ_USER 19
  153. #define AUDIT_OBJ_ROLE 20
  154. #define AUDIT_OBJ_TYPE 21
  155. #define AUDIT_OBJ_LEV_LOW 22
  156. #define AUDIT_OBJ_LEV_HIGH 23
  157. /* These are ONLY useful when checking
  158. * at syscall exit time (AUDIT_AT_EXIT). */
  159. #define AUDIT_DEVMAJOR 100
  160. #define AUDIT_DEVMINOR 101
  161. #define AUDIT_INODE 102
  162. #define AUDIT_EXIT 103
  163. #define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */
  164. #define AUDIT_WATCH 105
  165. #define AUDIT_ARG0 200
  166. #define AUDIT_ARG1 (AUDIT_ARG0+1)
  167. #define AUDIT_ARG2 (AUDIT_ARG0+2)
  168. #define AUDIT_ARG3 (AUDIT_ARG0+3)
  169. #define AUDIT_FILTERKEY 210
  170. #define AUDIT_NEGATE 0x80000000
  171. /* These are the supported operators.
  172. * 4 2 1
  173. * = > <
  174. * -------
  175. * 0 0 0 0 nonsense
  176. * 0 0 1 1 <
  177. * 0 1 0 2 >
  178. * 0 1 1 3 !=
  179. * 1 0 0 4 =
  180. * 1 0 1 5 <=
  181. * 1 1 0 6 >=
  182. * 1 1 1 7 all operators
  183. */
  184. #define AUDIT_LESS_THAN 0x10000000
  185. #define AUDIT_GREATER_THAN 0x20000000
  186. #define AUDIT_NOT_EQUAL 0x30000000
  187. #define AUDIT_EQUAL 0x40000000
  188. #define AUDIT_LESS_THAN_OR_EQUAL (AUDIT_LESS_THAN|AUDIT_EQUAL)
  189. #define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL)
  190. #define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL)
  191. /* Status symbols */
  192. /* Mask values */
  193. #define AUDIT_STATUS_ENABLED 0x0001
  194. #define AUDIT_STATUS_FAILURE 0x0002
  195. #define AUDIT_STATUS_PID 0x0004
  196. #define AUDIT_STATUS_RATE_LIMIT 0x0008
  197. #define AUDIT_STATUS_BACKLOG_LIMIT 0x0010
  198. /* Failure-to-log actions */
  199. #define AUDIT_FAIL_SILENT 0
  200. #define AUDIT_FAIL_PRINTK 1
  201. #define AUDIT_FAIL_PANIC 2
  202. /* distinguish syscall tables */
  203. #define __AUDIT_ARCH_64BIT 0x80000000
  204. #define __AUDIT_ARCH_LE 0x40000000
  205. #define AUDIT_ARCH_ALPHA (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
  206. #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE)
  207. #define AUDIT_ARCH_ARMEB (EM_ARM)
  208. #define AUDIT_ARCH_CRIS (EM_CRIS|__AUDIT_ARCH_LE)
  209. #define AUDIT_ARCH_FRV (EM_FRV)
  210. #define AUDIT_ARCH_H8300 (EM_H8_300)
  211. #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE)
  212. #define AUDIT_ARCH_IA64 (EM_IA_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
  213. #define AUDIT_ARCH_M32R (EM_M32R)
  214. #define AUDIT_ARCH_M68K (EM_68K)
  215. #define AUDIT_ARCH_MIPS (EM_MIPS)
  216. #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE)
  217. #define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT)
  218. #define AUDIT_ARCH_MIPSEL64 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
  219. #define AUDIT_ARCH_PARISC (EM_PARISC)
  220. #define AUDIT_ARCH_PARISC64 (EM_PARISC|__AUDIT_ARCH_64BIT)
  221. #define AUDIT_ARCH_PPC (EM_PPC)
  222. #define AUDIT_ARCH_PPC64 (EM_PPC64|__AUDIT_ARCH_64BIT)
  223. #define AUDIT_ARCH_S390 (EM_S390)
  224. #define AUDIT_ARCH_S390X (EM_S390|__AUDIT_ARCH_64BIT)
  225. #define AUDIT_ARCH_SH (EM_SH)
  226. #define AUDIT_ARCH_SHEL (EM_SH|__AUDIT_ARCH_LE)
  227. #define AUDIT_ARCH_SH64 (EM_SH|__AUDIT_ARCH_64BIT)
  228. #define AUDIT_ARCH_SHEL64 (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
  229. #define AUDIT_ARCH_SPARC (EM_SPARC)
  230. #define AUDIT_ARCH_SPARC64 (EM_SPARCV9|__AUDIT_ARCH_64BIT)
  231. #define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE)
  232. #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
  233. struct audit_status {
  234. __u32 mask; /* Bit mask for valid entries */
  235. __u32 enabled; /* 1 = enabled, 0 = disabled */
  236. __u32 failure; /* Failure-to-log action */
  237. __u32 pid; /* pid of auditd process */
  238. __u32 rate_limit; /* messages rate limit (per second) */
  239. __u32 backlog_limit; /* waiting messages limit */
  240. __u32 lost; /* messages lost */
  241. __u32 backlog; /* messages waiting in queue */
  242. };
  243. /* audit_rule_data supports filter rules with both integer and string
  244. * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
  245. * AUDIT_LIST_RULES requests.
  246. */
  247. struct audit_rule_data {
  248. __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
  249. __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
  250. __u32 field_count;
  251. __u32 mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
  252. __u32 fields[AUDIT_MAX_FIELDS];
  253. __u32 values[AUDIT_MAX_FIELDS];
  254. __u32 fieldflags[AUDIT_MAX_FIELDS];
  255. __u32 buflen; /* total length of string fields */
  256. char buf[0]; /* string fields buffer */
  257. };
  258. /* audit_rule is supported to maintain backward compatibility with
  259. * userspace. It supports integer fields only and corresponds to
  260. * AUDIT_ADD, AUDIT_DEL and AUDIT_LIST requests.
  261. */
  262. struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */
  263. __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
  264. __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
  265. __u32 field_count;
  266. __u32 mask[AUDIT_BITMASK_SIZE];
  267. __u32 fields[AUDIT_MAX_FIELDS];
  268. __u32 values[AUDIT_MAX_FIELDS];
  269. };
  270. #ifdef __KERNEL__
  271. #include <linux/sched.h>
  272. struct audit_sig_info {
  273. uid_t uid;
  274. pid_t pid;
  275. char ctx[0];
  276. };
  277. struct audit_buffer;
  278. struct audit_context;
  279. struct inode;
  280. struct netlink_skb_parms;
  281. struct linux_binprm;
  282. struct mq_attr;
  283. struct mqstat;
  284. #define AUDITSC_INVALID 0
  285. #define AUDITSC_SUCCESS 1
  286. #define AUDITSC_FAILURE 2
  287. #define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )
  288. extern int __init audit_register_class(int class, unsigned *list);
  289. #ifdef CONFIG_AUDITSYSCALL
  290. /* These are defined in auditsc.c */
  291. /* Public API */
  292. extern int audit_alloc(struct task_struct *task);
  293. extern void audit_free(struct task_struct *task);
  294. extern void audit_syscall_entry(int arch,
  295. int major, unsigned long a0, unsigned long a1,
  296. unsigned long a2, unsigned long a3);
  297. extern void audit_syscall_exit(int failed, long return_code);
  298. extern void __audit_getname(const char *name);
  299. extern void audit_putname(const char *name);
  300. extern void __audit_inode(const char *name, const struct inode *inode);
  301. extern void __audit_inode_child(const char *dname, const struct inode *inode,
  302. const struct inode *parent);
  303. extern void __audit_inode_update(const struct inode *inode);
  304. static inline int audit_dummy_context(void)
  305. {
  306. void *p = current->audit_context;
  307. return !p || *(int *)p;
  308. }
  309. static inline void audit_getname(const char *name)
  310. {
  311. if (unlikely(!audit_dummy_context()))
  312. __audit_getname(name);
  313. }
  314. static inline void audit_inode(const char *name, const struct inode *inode) {
  315. if (unlikely(!audit_dummy_context()))
  316. __audit_inode(name, inode);
  317. }
  318. static inline void audit_inode_child(const char *dname,
  319. const struct inode *inode,
  320. const struct inode *parent) {
  321. if (unlikely(!audit_dummy_context()))
  322. __audit_inode_child(dname, inode, parent);
  323. }
  324. static inline void audit_inode_update(const struct inode *inode) {
  325. if (unlikely(!audit_dummy_context()))
  326. __audit_inode_update(inode);
  327. }
  328. /* Private API (for audit.c only) */
  329. extern unsigned int audit_serial(void);
  330. extern void auditsc_get_stamp(struct audit_context *ctx,
  331. struct timespec *t, unsigned int *serial);
  332. extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
  333. extern uid_t audit_get_loginuid(struct audit_context *ctx);
  334. extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp);
  335. extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
  336. extern int audit_bprm(struct linux_binprm *bprm);
  337. extern int audit_socketcall(int nargs, unsigned long *args);
  338. extern int audit_sockaddr(int len, void *addr);
  339. extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
  340. extern int audit_set_macxattr(const char *name);
  341. extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr);
  342. extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout);
  343. extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout);
  344. extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification);
  345. extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
  346. static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp)
  347. {
  348. if (unlikely(!audit_dummy_context()))
  349. return __audit_ipc_obj(ipcp);
  350. return 0;
  351. }
  352. static inline int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
  353. {
  354. if (unlikely(!audit_dummy_context()))
  355. return __audit_ipc_set_perm(qbytes, uid, gid, mode);
  356. return 0;
  357. }
  358. static inline int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr)
  359. {
  360. if (unlikely(!audit_dummy_context()))
  361. return __audit_mq_open(oflag, mode, u_attr);
  362. return 0;
  363. }
  364. static inline int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout)
  365. {
  366. if (unlikely(!audit_dummy_context()))
  367. return __audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout);
  368. return 0;
  369. }
  370. static inline int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout)
  371. {
  372. if (unlikely(!audit_dummy_context()))
  373. return __audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout);
  374. return 0;
  375. }
  376. static inline int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification)
  377. {
  378. if (unlikely(!audit_dummy_context()))
  379. return __audit_mq_notify(mqdes, u_notification);
  380. return 0;
  381. }
  382. static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
  383. {
  384. if (unlikely(!audit_dummy_context()))
  385. return __audit_mq_getsetattr(mqdes, mqstat);
  386. return 0;
  387. }
  388. extern int audit_n_rules;
  389. #else
  390. #define audit_alloc(t) ({ 0; })
  391. #define audit_free(t) do { ; } while (0)
  392. #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
  393. #define audit_syscall_exit(f,r) do { ; } while (0)
  394. #define audit_dummy_context() 1
  395. #define audit_getname(n) do { ; } while (0)
  396. #define audit_putname(n) do { ; } while (0)
  397. #define __audit_inode(n,i) do { ; } while (0)
  398. #define __audit_inode_child(d,i,p) do { ; } while (0)
  399. #define __audit_inode_update(i) do { ; } while (0)
  400. #define audit_inode(n,i) do { ; } while (0)
  401. #define audit_inode_child(d,i,p) do { ; } while (0)
  402. #define audit_inode_update(i) do { ; } while (0)
  403. #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
  404. #define audit_get_loginuid(c) ({ -1; })
  405. #define audit_ipc_obj(i) ({ 0; })
  406. #define audit_ipc_set_perm(q,u,g,m) ({ 0; })
  407. #define audit_bprm(p) ({ 0; })
  408. #define audit_socketcall(n,a) ({ 0; })
  409. #define audit_sockaddr(len, addr) ({ 0; })
  410. #define audit_avc_path(dentry, mnt) ({ 0; })
  411. #define audit_set_macxattr(n) do { ; } while (0)
  412. #define audit_mq_open(o,m,a) ({ 0; })
  413. #define audit_mq_timedsend(d,l,p,t) ({ 0; })
  414. #define audit_mq_timedreceive(d,l,p,t) ({ 0; })
  415. #define audit_mq_notify(d,n) ({ 0; })
  416. #define audit_mq_getsetattr(d,s) ({ 0; })
  417. #define audit_n_rules 0
  418. #endif
  419. #ifdef CONFIG_AUDIT
  420. /* These are defined in audit.c */
  421. /* Public API */
  422. extern void audit_log(struct audit_context *ctx, gfp_t gfp_mask,
  423. int type, const char *fmt, ...)
  424. __attribute__((format(printf,4,5)));
  425. extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
  426. extern void audit_log_format(struct audit_buffer *ab,
  427. const char *fmt, ...)
  428. __attribute__((format(printf,2,3)));
  429. extern void audit_log_end(struct audit_buffer *ab);
  430. extern void audit_log_hex(struct audit_buffer *ab,
  431. const unsigned char *buf,
  432. size_t len);
  433. extern const char * audit_log_untrustedstring(struct audit_buffer *ab,
  434. const char *string);
  435. extern const char * audit_log_n_untrustedstring(struct audit_buffer *ab,
  436. size_t n,
  437. const char *string);
  438. extern void audit_log_d_path(struct audit_buffer *ab,
  439. const char *prefix,
  440. struct dentry *dentry,
  441. struct vfsmount *vfsmnt);
  442. /* Private API (for audit.c only) */
  443. extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
  444. extern int audit_filter_type(int type);
  445. extern int audit_receive_filter(int type, int pid, int uid, int seq,
  446. void *data, size_t datasz, uid_t loginuid, u32 sid);
  447. #else
  448. #define audit_log(c,g,t,f,...) do { ; } while (0)
  449. #define audit_log_start(c,g,t) ({ NULL; })
  450. #define audit_log_vformat(b,f,a) do { ; } while (0)
  451. #define audit_log_format(b,f,...) do { ; } while (0)
  452. #define audit_log_end(b) do { ; } while (0)
  453. #define audit_log_hex(a,b,l) do { ; } while (0)
  454. #define audit_log_untrustedstring(a,s) do { ; } while (0)
  455. #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
  456. #define audit_log_d_path(b,p,d,v) do { ; } while (0)
  457. #endif
  458. #endif
  459. #endif