[deliverable/linux.git] / include / linux / audit.h

/* audit.h -- Auditing support
 *
 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina.
 * All Rights Reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 * Written by Rickard E. (Rik) Faith <faith@redhat.com>
 *
 */
#ifndef _LINUX_AUDIT_H_
#define _LINUX_AUDIT_H_

#include <linux/sched.h>
#include <linux/ptrace.h>
#include <uapi/linux/audit.h>
#include <linux/tty.h>

#define AUDIT_INO_UNSET ((unsigned long)-1)
#define AUDIT_DEV_UNSET ((dev_t)-1)

struct audit_sig_info {
	uid_t		uid;
	pid_t		pid;
	char		ctx[0];
};

struct audit_buffer;
struct audit_context;
struct inode;
struct netlink_skb_parms;
struct path;
struct linux_binprm;
struct mq_attr;
struct mqstat;
struct audit_watch;
struct audit_tree;
struct sk_buff;

struct audit_krule {
	u32			pflags;
	u32			flags;
	u32			listnr;
	u32			action;
	u32			mask[AUDIT_BITMASK_SIZE];
	u32			buflen; /* for data alloc on list rules */
	u32			field_count;
	char			*filterkey; /* ties events to rules */
	struct audit_field	*fields;
	struct audit_field	*arch_f; /* quick access to arch field */
	struct audit_field	*inode_f; /* quick access to an inode field */
	struct audit_watch	*watch;	/* associated watch */
	struct audit_tree	*tree;	/* associated watched tree */
	struct audit_fsnotify_mark	*exe;
	struct list_head	rlist;	/* entry in audit_{watch,tree}.rules list */
	struct list_head	list;	/* for AUDIT_LIST* purposes only */
	u64			prio;
};

/* Flag to indicate legacy AUDIT_LOGINUID unset usage */
#define AUDIT_LOGINUID_LEGACY		0x1

struct audit_field {
	u32				type;
	union {
		u32			val;
		kuid_t			uid;
		kgid_t			gid;
		struct {
			char		*lsm_str;
			void		*lsm_rule;
		};
	};
	u32				op;
};

extern int is_audit_feature_set(int which);

extern int __init audit_register_class(int class, unsigned *list);
extern int audit_classify_syscall(int abi, unsigned syscall);
extern int audit_classify_arch(int arch);
/* only for compat system calls */
extern unsigned compat_write_class[];
extern unsigned compat_read_class[];
extern unsigned compat_dir_class[];
extern unsigned compat_chattr_class[];
extern unsigned compat_signal_class[];

extern int audit_classify_compat_syscall(int abi, unsigned syscall);

/* audit_names->type values */
#define	AUDIT_TYPE_UNKNOWN	0	/* we don't know yet */
#define	AUDIT_TYPE_NORMAL	1	/* a "normal" audit record */
#define	AUDIT_TYPE_PARENT	2	/* a parent audit record */
#define	AUDIT_TYPE_CHILD_DELETE 3	/* a child being deleted */
#define	AUDIT_TYPE_CHILD_CREATE 4	/* a child being created */

/* maximized args number that audit_socketcall can process */
#define AUDITSC_ARGS		6

/* bit values for ->signal->audit_tty */
#define AUDIT_TTY_ENABLE	BIT(0)
#define AUDIT_TTY_LOG_PASSWD	BIT(1)

struct filename;

extern void audit_log_session_info(struct audit_buffer *ab);

#ifdef CONFIG_AUDIT
/* These are defined in audit.c */
				/* Public API */
extern __printf(4, 5)
void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
	       const char *fmt, ...);

extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
extern __printf(2, 3)
void audit_log_format(struct audit_buffer *ab, const char *fmt, ...);
extern void		    audit_log_end(struct audit_buffer *ab);
extern bool		    audit_string_contains_control(const char *string,
							  size_t len);
extern void		    audit_log_n_hex(struct audit_buffer *ab,
					  const unsigned char *buf,
					  size_t len);
extern void		    audit_log_n_string(struct audit_buffer *ab,
					       const char *buf,
					       size_t n);
extern void		    audit_log_n_untrustedstring(struct audit_buffer *ab,
							const char *string,
							size_t n);
extern void		    audit_log_untrustedstring(struct audit_buffer *ab,
						      const char *string);
extern void		    audit_log_d_path(struct audit_buffer *ab,
					     const char *prefix,
					     const struct path *path);
extern void		    audit_log_key(struct audit_buffer *ab,
					  char *key);
extern void		    audit_log_link_denied(const char *operation,
						  struct path *link);
extern void		    audit_log_lost(const char *message);
#ifdef CONFIG_SECURITY
extern void 		    audit_log_secctx(struct audit_buffer *ab, u32 secid);
#else
static inline void	    audit_log_secctx(struct audit_buffer *ab, u32 secid)
{ }
#endif

extern int audit_log_task_context(struct audit_buffer *ab);
extern void audit_log_task_info(struct audit_buffer *ab,
				struct task_struct *tsk);

extern int		    audit_update_lsm_rules(void);

				/* Private API (for audit.c only) */
extern int audit_filter_user(int type);
extern int audit_filter_type(int type);
extern int audit_rule_change(int type, __u32 portid, int seq,
				void *data, size_t datasz);
extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);

extern u32 audit_enabled;
#else /* CONFIG_AUDIT */
static inline __printf(4, 5)
void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
	       const char *fmt, ...)
{ }
static inline struct audit_buffer *audit_log_start(struct audit_context *ctx,
						   gfp_t gfp_mask, int type)
{
	return NULL;
}
static inline __printf(2, 3)
void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
{ }
static inline void audit_log_end(struct audit_buffer *ab)
{ }
static inline void audit_log_n_hex(struct audit_buffer *ab,
				   const unsigned char *buf, size_t len)
{ }
static inline void audit_log_n_string(struct audit_buffer *ab,
				      const char *buf, size_t n)
{ }
static inline void  audit_log_n_untrustedstring(struct audit_buffer *ab,
						const char *string, size_t n)
{ }
static inline void audit_log_untrustedstring(struct audit_buffer *ab,
					     const char *string)
{ }
static inline void audit_log_d_path(struct audit_buffer *ab,
				    const char *prefix,
				    const struct path *path)
{ }
static inline void audit_log_key(struct audit_buffer *ab, char *key)
{ }
static inline void audit_log_link_denied(const char *string,
					 const struct path *link)
{ }
static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)
{ }
static inline int audit_log_task_context(struct audit_buffer *ab)
{
	return 0;
}
static inline void audit_log_task_info(struct audit_buffer *ab,
				       struct task_struct *tsk)
{ }
#define audit_enabled 0
#endif /* CONFIG_AUDIT */

#ifdef CONFIG_AUDIT_COMPAT_GENERIC
#define audit_is_compat(arch)  (!((arch) & __AUDIT_ARCH_64BIT))
#else
#define audit_is_compat(arch)  false
#endif

#ifdef CONFIG_AUDITSYSCALL
#include <asm/syscall.h> /* for syscall_get_arch() */

/* These are defined in auditsc.c */
				/* Public API */
extern int  audit_alloc(struct task_struct *task);
extern void __audit_free(struct task_struct *task);
extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1,
				  unsigned long a2, unsigned long a3);
extern void __audit_syscall_exit(int ret_success, long ret_value);
extern struct filename *__audit_reusename(const __user char *uptr);
extern void __audit_getname(struct filename *name);

#define AUDIT_INODE_PARENT	1	/* dentry represents the parent */
#define AUDIT_INODE_HIDDEN	2	/* audit record should be hidden */
extern void __audit_inode(struct filename *name, const struct dentry *dentry,
				unsigned int flags);
extern void __audit_file(const struct file *);
extern void __audit_inode_child(struct inode *parent,
				const struct dentry *dentry,
				const unsigned char type);
extern void __audit_seccomp(unsigned long syscall, long signr, int code);
extern void __audit_ptrace(struct task_struct *t);

static inline bool audit_dummy_context(void)
{
	void *p = current->audit_context;
	return !p || *(int *)p;
}
static inline void audit_free(struct task_struct *task)
{
	if (unlikely(task->audit_context))
		__audit_free(task);
}
static inline void audit_syscall_entry(int major, unsigned long a0,
				       unsigned long a1, unsigned long a2,
				       unsigned long a3)
{
	if (unlikely(current->audit_context))
		__audit_syscall_entry(major, a0, a1, a2, a3);
}
static inline void audit_syscall_exit(void *pt_regs)
{
	if (unlikely(current->audit_context)) {
		int success = is_syscall_success(pt_regs);
		long return_code = regs_return_value(pt_regs);

		__audit_syscall_exit(success, return_code);
	}
}
static inline struct filename *audit_reusename(const __user char *name)
{
	if (unlikely(!audit_dummy_context()))
		return __audit_reusename(name);
	return NULL;
}
static inline void audit_getname(struct filename *name)
{
	if (unlikely(!audit_dummy_context()))
		__audit_getname(name);
}
static inline void audit_inode(struct filename *name,
				const struct dentry *dentry,
				unsigned int parent) {
	if (unlikely(!audit_dummy_context())) {
		unsigned int flags = 0;
		if (parent)
			flags |= AUDIT_INODE_PARENT;
		__audit_inode(name, dentry, flags);
	}
}
static inline void audit_file(struct file *file)
{
	if (unlikely(!audit_dummy_context()))
		__audit_file(file);
}
static inline void audit_inode_parent_hidden(struct filename *name,
						const struct dentry *dentry)
{
	if (unlikely(!audit_dummy_context()))
		__audit_inode(name, dentry,
				AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN);
}
static inline void audit_inode_child(struct inode *parent,
				     const struct dentry *dentry,
				     const unsigned char type) {
	if (unlikely(!audit_dummy_context()))
		__audit_inode_child(parent, dentry, type);
}
void audit_core_dumps(long signr);

static inline void audit_seccomp(unsigned long syscall, long signr, int code)
{
	if (!audit_enabled)
		return;

	/* Force a record to be reported if a signal was delivered. */
	if (signr || unlikely(!audit_dummy_context()))
		__audit_seccomp(syscall, signr, code);
}

static inline void audit_ptrace(struct task_struct *t)
{
	if (unlikely(!audit_dummy_context()))
		__audit_ptrace(t);
}

				/* Private API (for audit.c only) */
extern unsigned int audit_serial(void);
extern int auditsc_get_stamp(struct audit_context *ctx,
			      struct timespec *t, unsigned int *serial);
extern int audit_set_loginuid(kuid_t loginuid);

static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
{
	return tsk->loginuid;
}

static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
{
	return tsk->sessionid;
}

static inline struct tty_struct *audit_get_tty(struct task_struct *tsk)
{
	struct tty_struct *tty = NULL;
	unsigned long flags;

	spin_lock_irqsave(&tsk->sighand->siglock, flags);
	if (tsk->signal)
		tty = tty_kref_get(tsk->signal->tty);
	spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
	return tty;
}

static inline void audit_put_tty(struct tty_struct *tty)
{
	tty_kref_put(tty);
}

extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
extern void __audit_bprm(struct linux_binprm *bprm);
extern int __audit_socketcall(int nargs, unsigned long *args);
extern int __audit_sockaddr(int len, void *addr);
extern void __audit_fd_pair(int fd1, int fd2);
extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr);
extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout);
extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification);
extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
				  const struct cred *new,
				  const struct cred *old);
extern void __audit_log_capset(const struct cred *new, const struct cred *old);
extern void __audit_mmap_fd(int fd, int flags);

static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
{
	if (unlikely(!audit_dummy_context()))
		__audit_ipc_obj(ipcp);
}
static inline void audit_fd_pair(int fd1, int fd2)
{
	if (unlikely(!audit_dummy_context()))
		__audit_fd_pair(fd1, fd2);
}
static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode)
{
	if (unlikely(!audit_dummy_context()))
		__audit_ipc_set_perm(qbytes, uid, gid, mode);
}
static inline void audit_bprm(struct linux_binprm *bprm)
{
	if (unlikely(!audit_dummy_context()))
		__audit_bprm(bprm);
}
static inline int audit_socketcall(int nargs, unsigned long *args)
{
	if (unlikely(!audit_dummy_context()))
		return __audit_socketcall(nargs, args);
	return 0;
}
static inline int audit_sockaddr(int len, void *addr)
{
	if (unlikely(!audit_dummy_context()))
		return __audit_sockaddr(len, addr);
	return 0;
}
static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
{
	if (unlikely(!audit_dummy_context()))
		__audit_mq_open(oflag, mode, attr);
}
static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout)
{
	if (unlikely(!audit_dummy_context()))
		__audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout);
}
static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification)
{
	if (unlikely(!audit_dummy_context()))
		__audit_mq_notify(mqdes, notification);
}
static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
{
	if (unlikely(!audit_dummy_context()))
		__audit_mq_getsetattr(mqdes, mqstat);
}

static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
				       const struct cred *new,
				       const struct cred *old)
{
	if (unlikely(!audit_dummy_context()))
		return __audit_log_bprm_fcaps(bprm, new, old);
	return 0;
}

static inline void audit_log_capset(const struct cred *new,
				   const struct cred *old)
{
	if (unlikely(!audit_dummy_context()))
		__audit_log_capset(new, old);
}

static inline void audit_mmap_fd(int fd, int flags)
{
	if (unlikely(!audit_dummy_context()))
		__audit_mmap_fd(fd, flags);
}

extern int audit_n_rules;
extern int audit_signals;
#else /* CONFIG_AUDITSYSCALL */
static inline int audit_alloc(struct task_struct *task)
{
	return 0;
}
static inline void audit_free(struct task_struct *task)
{ }
static inline void audit_syscall_entry(int major, unsigned long a0,
				       unsigned long a1, unsigned long a2,
				       unsigned long a3)
{ }
static inline void audit_syscall_exit(void *pt_regs)
{ }
static inline bool audit_dummy_context(void)
{
	return true;
}
static inline struct filename *audit_reusename(const __user char *name)
{
	return NULL;
}
static inline void audit_getname(struct filename *name)
{ }
static inline void __audit_inode(struct filename *name,
					const struct dentry *dentry,
					unsigned int flags)
{ }
static inline void __audit_inode_child(struct inode *parent,
					const struct dentry *dentry,
					const unsigned char type)
{ }
static inline void audit_inode(struct filename *name,
				const struct dentry *dentry,
				unsigned int parent)
{ }
static inline void audit_file(struct file *file)
{
}
static inline void audit_inode_parent_hidden(struct filename *name,
				const struct dentry *dentry)
{ }
static inline void audit_inode_child(struct inode *parent,
				     const struct dentry *dentry,
				     const unsigned char type)
{ }
static inline void audit_core_dumps(long signr)
{ }
static inline void __audit_seccomp(unsigned long syscall, long signr, int code)
{ }
static inline void audit_seccomp(unsigned long syscall, long signr, int code)
{ }
static inline int auditsc_get_stamp(struct audit_context *ctx,
			      struct timespec *t, unsigned int *serial)
{
	return 0;
}
static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
{
	return INVALID_UID;
}
static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
{
	return -1;
}
static inline struct tty_struct *audit_get_tty(struct task_struct *tsk)
{
	return NULL;
}
static inline void audit_put_tty(struct tty_struct *tty)
{ }
static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
{ }
static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
					gid_t gid, umode_t mode)
{ }
static inline void audit_bprm(struct linux_binprm *bprm)
{ }
static inline int audit_socketcall(int nargs, unsigned long *args)
{
	return 0;
}
static inline void audit_fd_pair(int fd1, int fd2)
{ }
static inline int audit_sockaddr(int len, void *addr)
{
	return 0;
}
static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
{ }
static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len,
				     unsigned int msg_prio,
				     const struct timespec *abs_timeout)
{ }
static inline void audit_mq_notify(mqd_t mqdes,
				   const struct sigevent *notification)
{ }
static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
{ }
static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
				       const struct cred *new,
				       const struct cred *old)
{
	return 0;
}
static inline void audit_log_capset(const struct cred *new,
				    const struct cred *old)
{ }
static inline void audit_mmap_fd(int fd, int flags)
{ }
static inline void audit_ptrace(struct task_struct *t)
{ }
#define audit_n_rules 0
#define audit_signals 0
#endif /* CONFIG_AUDITSYSCALL */

static inline bool audit_loginuid_set(struct task_struct *tsk)
{
	return uid_valid(audit_get_loginuid(tsk));
}

static inline void audit_log_string(struct audit_buffer *ab, const char *buf)
{
	audit_log_n_string(ab, buf, strlen(buf));
}

#endif
Commit	Line	Data
	1	/* audit.h -- Auditing support
	2	*
	3	* Copyright 2003-2004 Red Hat Inc., Durham, North Carolina.
	4	* All Rights Reserved.
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License
	17	* along with this program; if not, write to the Free Software
	18	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	19	*
	20	* Written by Rickard E. (Rik) Faith <faith@redhat.com>
	21	*
	22	*/
	23	#ifndef _LINUX_AUDIT_H_
	24	#define _LINUX_AUDIT_H_
	25
	26	#include <linux/sched.h>
	27	#include <linux/ptrace.h>
	28	#include <uapi/linux/audit.h>
	29	#include <linux/tty.h>
	30
	31	#define AUDIT_INO_UNSET ((unsigned long)-1)
	32	#define AUDIT_DEV_UNSET ((dev_t)-1)
	33
	34	struct audit_sig_info {
	35	uid_t uid;
	36	pid_t pid;
	37	char ctx[0];
	38	};
	39
	40	struct audit_buffer;
	41	struct audit_context;
	42	struct inode;
	43	struct netlink_skb_parms;
	44	struct path;
	45	struct linux_binprm;
	46	struct mq_attr;
	47	struct mqstat;
	48	struct audit_watch;
	49	struct audit_tree;
	50	struct sk_buff;
	51
	52	struct audit_krule {
	53	u32 pflags;
	54	u32 flags;
	55	u32 listnr;
	56	u32 action;
	57	u32 mask[AUDIT_BITMASK_SIZE];
	58	u32 buflen; /* for data alloc on list rules */
	59	u32 field_count;
	60	char filterkey; / ties events to rules */
	61	struct audit_field *fields;
	62	struct audit_field arch_f; / quick access to arch field */
	63	struct audit_field inode_f; / quick access to an inode field */
	64	struct audit_watch watch; / associated watch */
	65	struct audit_tree tree; / associated watched tree */
	66	struct audit_fsnotify_mark *exe;
	67	struct list_head rlist; /* entry in audit_{watch,tree}.rules list */
	68	struct list_head list; /* for AUDIT_LIST* purposes only */
	69	u64 prio;
	70	};
	71
	72	/* Flag to indicate legacy AUDIT_LOGINUID unset usage */
	73	#define AUDIT_LOGINUID_LEGACY 0x1
	74
	75	struct audit_field {
	76	u32 type;
	77	union {
	78	u32 val;
	79	kuid_t uid;
	80	kgid_t gid;
	81	struct {
	82	char *lsm_str;
	83	void *lsm_rule;
	84	};
	85	};
	86	u32 op;
	87	};
	88
	89	extern int is_audit_feature_set(int which);
	90
	91	extern int __init audit_register_class(int class, unsigned *list);
	92	extern int audit_classify_syscall(int abi, unsigned syscall);
	93	extern int audit_classify_arch(int arch);
	94	/* only for compat system calls */
	95	extern unsigned compat_write_class[];
	96	extern unsigned compat_read_class[];
	97	extern unsigned compat_dir_class[];
	98	extern unsigned compat_chattr_class[];
	99	extern unsigned compat_signal_class[];
	100
	101	extern int audit_classify_compat_syscall(int abi, unsigned syscall);
	102
	103	/* audit_names->type values */
	104	#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */
	105	#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */
	106	#define AUDIT_TYPE_PARENT 2 /* a parent audit record */
	107	#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */
	108	#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */
	109
	110	/* maximized args number that audit_socketcall can process */
	111	#define AUDITSC_ARGS 6
	112
	113	/* bit values for ->signal->audit_tty */
	114	#define AUDIT_TTY_ENABLE BIT(0)
	115	#define AUDIT_TTY_LOG_PASSWD BIT(1)
	116
	117	struct filename;
	118
	119	extern void audit_log_session_info(struct audit_buffer *ab);
	120
	121	#ifdef CONFIG_AUDIT
	122	/* These are defined in audit.c */
	123	/* Public API */
	124	extern __printf(4, 5)
	125	void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
	126	const char *fmt, ...);
	127
	128	extern struct audit_buffer audit_log_start(struct audit_context ctx, gfp_t gfp_mask, int type);
	129	extern __printf(2, 3)
	130	void audit_log_format(struct audit_buffer ab, const char fmt, ...);
	131	extern void audit_log_end(struct audit_buffer *ab);
	132	extern bool audit_string_contains_control(const char *string,
	133	size_t len);
	134	extern void audit_log_n_hex(struct audit_buffer *ab,
	135	const unsigned char *buf,
	136	size_t len);
	137	extern void audit_log_n_string(struct audit_buffer *ab,
	138	const char *buf,
	139	size_t n);
	140	extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
	141	const char *string,
	142	size_t n);
	143	extern void audit_log_untrustedstring(struct audit_buffer *ab,
	144	const char *string);
	145	extern void audit_log_d_path(struct audit_buffer *ab,
	146	const char *prefix,
	147	const struct path *path);
	148	extern void audit_log_key(struct audit_buffer *ab,
	149	char *key);
	150	extern void audit_log_link_denied(const char *operation,
	151	struct path *link);
	152	extern void audit_log_lost(const char *message);
	153	#ifdef CONFIG_SECURITY
	154	extern void audit_log_secctx(struct audit_buffer *ab, u32 secid);
	155	#else
	156	static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)
	157	{ }
	158	#endif
	159
	160	extern int audit_log_task_context(struct audit_buffer *ab);
	161	extern void audit_log_task_info(struct audit_buffer *ab,
	162	struct task_struct *tsk);
	163
	164	extern int audit_update_lsm_rules(void);
	165
	166	/* Private API (for audit.c only) */
	167	extern int audit_filter_user(int type);
	168	extern int audit_filter_type(int type);
	169	extern int audit_rule_change(int type, __u32 portid, int seq,
	170	void *data, size_t datasz);
	171	extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);
	172
	173	extern u32 audit_enabled;
	174	#else /* CONFIG_AUDIT */
	175	static inline __printf(4, 5)
	176	void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
	177	const char *fmt, ...)
	178	{ }
	179	static inline struct audit_buffer audit_log_start(struct audit_context ctx,
	180	gfp_t gfp_mask, int type)
	181	{
	182	return NULL;
	183	}
	184	static inline __printf(2, 3)
	185	void audit_log_format(struct audit_buffer ab, const char fmt, ...)
	186	{ }
	187	static inline void audit_log_end(struct audit_buffer *ab)
	188	{ }
	189	static inline void audit_log_n_hex(struct audit_buffer *ab,
	190	const unsigned char *buf, size_t len)
	191	{ }
	192	static inline void audit_log_n_string(struct audit_buffer *ab,
	193	const char *buf, size_t n)
	194	{ }
	195	static inline void audit_log_n_untrustedstring(struct audit_buffer *ab,
	196	const char *string, size_t n)
	197	{ }
	198	static inline void audit_log_untrustedstring(struct audit_buffer *ab,
	199	const char *string)
	200	{ }
	201	static inline void audit_log_d_path(struct audit_buffer *ab,
	202	const char *prefix,
	203	const struct path *path)
	204	{ }
	205	static inline void audit_log_key(struct audit_buffer ab, char key)
	206	{ }
	207	static inline void audit_log_link_denied(const char *string,
	208	const struct path *link)
	209	{ }
	210	static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)
	211	{ }
	212	static inline int audit_log_task_context(struct audit_buffer *ab)
	213	{
	214	return 0;
	215	}
	216	static inline void audit_log_task_info(struct audit_buffer *ab,
	217	struct task_struct *tsk)
	218	{ }
	219	#define audit_enabled 0
	220	#endif /* CONFIG_AUDIT */
	221
	222	#ifdef CONFIG_AUDIT_COMPAT_GENERIC
	223	#define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT))
	224	#else
	225	#define audit_is_compat(arch) false
	226	#endif
	227
	228	#ifdef CONFIG_AUDITSYSCALL
	229	#include <asm/syscall.h> /* for syscall_get_arch() */
	230
	231	/* These are defined in auditsc.c */
	232	/* Public API */
	233	extern int audit_alloc(struct task_struct *task);
	234	extern void __audit_free(struct task_struct *task);
	235	extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1,
	236	unsigned long a2, unsigned long a3);
	237	extern void __audit_syscall_exit(int ret_success, long ret_value);
	238	extern struct filename __audit_reusename(const __user char uptr);
	239	extern void __audit_getname(struct filename *name);
	240
	241	#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */
	242	#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
	243	extern void __audit_inode(struct filename name, const struct dentry dentry,
	244	unsigned int flags);
	245	extern void __audit_file(const struct file *);
	246	extern void __audit_inode_child(struct inode *parent,
	247	const struct dentry *dentry,
	248	const unsigned char type);
	249	extern void __audit_seccomp(unsigned long syscall, long signr, int code);
	250	extern void __audit_ptrace(struct task_struct *t);
	251
	252	static inline bool audit_dummy_context(void)
	253	{
	254	void *p = current->audit_context;
	255	return !p \|\| (int )p;
	256	}
	257	static inline void audit_free(struct task_struct *task)
	258	{
	259	if (unlikely(task->audit_context))
	260	__audit_free(task);
	261	}
	262	static inline void audit_syscall_entry(int major, unsigned long a0,
	263	unsigned long a1, unsigned long a2,
	264	unsigned long a3)
	265	{
	266	if (unlikely(current->audit_context))
	267	__audit_syscall_entry(major, a0, a1, a2, a3);
	268	}
	269	static inline void audit_syscall_exit(void *pt_regs)
	270	{
	271	if (unlikely(current->audit_context)) {
	272	int success = is_syscall_success(pt_regs);
	273	long return_code = regs_return_value(pt_regs);
	274
	275	__audit_syscall_exit(success, return_code);
	276	}
	277	}
	278	static inline struct filename audit_reusename(const __user char name)
	279	{
	280	if (unlikely(!audit_dummy_context()))
	281	return __audit_reusename(name);
	282	return NULL;
	283	}
	284	static inline void audit_getname(struct filename *name)
	285	{
	286	if (unlikely(!audit_dummy_context()))
	287	__audit_getname(name);
	288	}
	289	static inline void audit_inode(struct filename *name,
	290	const struct dentry *dentry,
	291	unsigned int parent) {
	292	if (unlikely(!audit_dummy_context())) {
	293	unsigned int flags = 0;
	294	if (parent)
	295	flags \|= AUDIT_INODE_PARENT;
	296	__audit_inode(name, dentry, flags);
	297	}
	298	}
	299	static inline void audit_file(struct file *file)
	300	{
	301	if (unlikely(!audit_dummy_context()))
	302	__audit_file(file);
	303	}
	304	static inline void audit_inode_parent_hidden(struct filename *name,
	305	const struct dentry *dentry)
	306	{
	307	if (unlikely(!audit_dummy_context()))
	308	__audit_inode(name, dentry,
	309	AUDIT_INODE_PARENT \| AUDIT_INODE_HIDDEN);
	310	}
	311	static inline void audit_inode_child(struct inode *parent,
	312	const struct dentry *dentry,
	313	const unsigned char type) {
	314	if (unlikely(!audit_dummy_context()))
	315	__audit_inode_child(parent, dentry, type);
	316	}
	317	void audit_core_dumps(long signr);
	318
	319	static inline void audit_seccomp(unsigned long syscall, long signr, int code)
	320	{
	321	if (!audit_enabled)
	322	return;
	323
	324	/* Force a record to be reported if a signal was delivered. */
	325	if (signr \|\| unlikely(!audit_dummy_context()))
	326	__audit_seccomp(syscall, signr, code);
	327	}
	328
	329	static inline void audit_ptrace(struct task_struct *t)
	330	{
	331	if (unlikely(!audit_dummy_context()))
	332	__audit_ptrace(t);
	333	}
	334
	335	/* Private API (for audit.c only) */
	336	extern unsigned int audit_serial(void);
	337	extern int auditsc_get_stamp(struct audit_context *ctx,
	338	struct timespec t, unsigned int serial);
	339	extern int audit_set_loginuid(kuid_t loginuid);
	340
	341	static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
	342	{
	343	return tsk->loginuid;
	344	}
	345
	346	static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
	347	{
	348	return tsk->sessionid;
	349	}
	350
	351	static inline struct tty_struct audit_get_tty(struct task_struct tsk)
	352	{
	353	struct tty_struct *tty = NULL;
	354	unsigned long flags;
	355
	356	spin_lock_irqsave(&tsk->sighand->siglock, flags);
	357	if (tsk->signal)
	358	tty = tty_kref_get(tsk->signal->tty);
	359	spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
	360	return tty;
	361	}
	362
	363	static inline void audit_put_tty(struct tty_struct *tty)
	364	{
	365	tty_kref_put(tty);
	366	}
	367
	368	extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
	369	extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
	370	extern void __audit_bprm(struct linux_binprm *bprm);
	371	extern int __audit_socketcall(int nargs, unsigned long *args);
	372	extern int __audit_sockaddr(int len, void *addr);
	373	extern void __audit_fd_pair(int fd1, int fd2);
	374	extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr);
	375	extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout);
	376	extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification);
	377	extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
	378	extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
	379	const struct cred *new,
	380	const struct cred *old);
	381	extern void __audit_log_capset(const struct cred new, const struct cred old);
	382	extern void __audit_mmap_fd(int fd, int flags);
	383
	384	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
	385	{
	386	if (unlikely(!audit_dummy_context()))
	387	__audit_ipc_obj(ipcp);
	388	}
	389	static inline void audit_fd_pair(int fd1, int fd2)
	390	{
	391	if (unlikely(!audit_dummy_context()))
	392	__audit_fd_pair(fd1, fd2);
	393	}
	394	static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode)
	395	{
	396	if (unlikely(!audit_dummy_context()))
	397	__audit_ipc_set_perm(qbytes, uid, gid, mode);
	398	}
	399	static inline void audit_bprm(struct linux_binprm *bprm)
	400	{
	401	if (unlikely(!audit_dummy_context()))
	402	__audit_bprm(bprm);
	403	}
	404	static inline int audit_socketcall(int nargs, unsigned long *args)
	405	{
	406	if (unlikely(!audit_dummy_context()))
	407	return __audit_socketcall(nargs, args);
	408	return 0;
	409	}
	410	static inline int audit_sockaddr(int len, void *addr)
	411	{
	412	if (unlikely(!audit_dummy_context()))
	413	return __audit_sockaddr(len, addr);
	414	return 0;
	415	}
	416	static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
	417	{
	418	if (unlikely(!audit_dummy_context()))
	419	__audit_mq_open(oflag, mode, attr);
	420	}
	421	static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout)
	422	{
	423	if (unlikely(!audit_dummy_context()))
	424	__audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout);
	425	}
	426	static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification)
	427	{
	428	if (unlikely(!audit_dummy_context()))
	429	__audit_mq_notify(mqdes, notification);
	430	}
	431	static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
	432	{
	433	if (unlikely(!audit_dummy_context()))
	434	__audit_mq_getsetattr(mqdes, mqstat);
	435	}
	436
	437	static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
	438	const struct cred *new,
	439	const struct cred *old)
	440	{
	441	if (unlikely(!audit_dummy_context()))
	442	return __audit_log_bprm_fcaps(bprm, new, old);
	443	return 0;
	444	}
	445
	446	static inline void audit_log_capset(const struct cred *new,
	447	const struct cred *old)
	448	{
	449	if (unlikely(!audit_dummy_context()))
	450	__audit_log_capset(new, old);
	451	}
	452
	453	static inline void audit_mmap_fd(int fd, int flags)
	454	{
	455	if (unlikely(!audit_dummy_context()))
	456	__audit_mmap_fd(fd, flags);
	457	}
	458
	459	extern int audit_n_rules;
	460	extern int audit_signals;
	461	#else /* CONFIG_AUDITSYSCALL */
	462	static inline int audit_alloc(struct task_struct *task)
	463	{
	464	return 0;
	465	}
	466	static inline void audit_free(struct task_struct *task)
	467	{ }
	468	static inline void audit_syscall_entry(int major, unsigned long a0,
	469	unsigned long a1, unsigned long a2,
	470	unsigned long a3)
	471	{ }
	472	static inline void audit_syscall_exit(void *pt_regs)
	473	{ }
	474	static inline bool audit_dummy_context(void)
	475	{
	476	return true;
	477	}
	478	static inline struct filename audit_reusename(const __user char name)
	479	{
	480	return NULL;
	481	}
	482	static inline void audit_getname(struct filename *name)
	483	{ }
	484	static inline void __audit_inode(struct filename *name,
	485	const struct dentry *dentry,
	486	unsigned int flags)
	487	{ }
	488	static inline void __audit_inode_child(struct inode *parent,
	489	const struct dentry *dentry,
	490	const unsigned char type)
	491	{ }
	492	static inline void audit_inode(struct filename *name,
	493	const struct dentry *dentry,
	494	unsigned int parent)
	495	{ }
	496	static inline void audit_file(struct file *file)
	497	{
	498	}
	499	static inline void audit_inode_parent_hidden(struct filename *name,
	500	const struct dentry *dentry)
	501	{ }
	502	static inline void audit_inode_child(struct inode *parent,
	503	const struct dentry *dentry,
	504	const unsigned char type)
	505	{ }
	506	static inline void audit_core_dumps(long signr)
	507	{ }
	508	static inline void __audit_seccomp(unsigned long syscall, long signr, int code)
	509	{ }
	510	static inline void audit_seccomp(unsigned long syscall, long signr, int code)
	511	{ }
	512	static inline int auditsc_get_stamp(struct audit_context *ctx,
	513	struct timespec t, unsigned int serial)
	514	{
	515	return 0;
	516	}
	517	static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
	518	{
	519	return INVALID_UID;
	520	}
	521	static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
	522	{
	523	return -1;
	524	}
	525	static inline struct tty_struct audit_get_tty(struct task_struct tsk)
	526	{
	527	return NULL;
	528	}
	529	static inline void audit_put_tty(struct tty_struct *tty)
	530	{ }
	531	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
	532	{ }
	533	static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
	534	gid_t gid, umode_t mode)
	535	{ }
	536	static inline void audit_bprm(struct linux_binprm *bprm)
	537	{ }
	538	static inline int audit_socketcall(int nargs, unsigned long *args)
	539	{
	540	return 0;
	541	}
	542	static inline void audit_fd_pair(int fd1, int fd2)
	543	{ }
	544	static inline int audit_sockaddr(int len, void *addr)
	545	{
	546	return 0;
	547	}
	548	static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
	549	{ }
	550	static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len,
	551	unsigned int msg_prio,
	552	const struct timespec *abs_timeout)
	553	{ }
	554	static inline void audit_mq_notify(mqd_t mqdes,
	555	const struct sigevent *notification)
	556	{ }
	557	static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
	558	{ }
	559	static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
	560	const struct cred *new,
	561	const struct cred *old)
	562	{
	563	return 0;
	564	}
	565	static inline void audit_log_capset(const struct cred *new,
	566	const struct cred *old)
	567	{ }
	568	static inline void audit_mmap_fd(int fd, int flags)
	569	{ }
	570	static inline void audit_ptrace(struct task_struct *t)
	571	{ }
	572	#define audit_n_rules 0
	573	#define audit_signals 0
	574	#endif /* CONFIG_AUDITSYSCALL */
	575
	576	static inline bool audit_loginuid_set(struct task_struct *tsk)
	577	{
	578	return uid_valid(audit_get_loginuid(tsk));
	579	}
	580
	581	static inline void audit_log_string(struct audit_buffer ab, const char buf)
	582	{
	583	audit_log_n_string(ab, buf, strlen(buf));
	584	}
	585
	586	#endif