3 files changed, 23 insertions, 0 deletions

diff --git a/src/core/condition.c b/src/core/condition.c
index ec78169fc3..8e2e3118d7 100644
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -38,6 +38,7 @@
 #include "apparmor-util.h"
 #include "ima-util.h"
 #include "selinux-util.h"
+#include "audit.h"
 
 static bool condition_test_security(Condition *c) {
         assert(c);
@@ -50,6 +51,8 @@ static bool condition_test_security(Condition *c) {
                 return mac_smack_use() == !c->negate;
         if (streq(c->parameter, "apparmor"))
                 return mac_apparmor_use() == !c->negate;
+        if (streq(c->parameter, "audit"))
+                return use_audit() == !c->negate;
         if (streq(c->parameter, "ima"))
                 return use_ima() == !c->negate;
 
diff --git a/src/shared/audit.c b/src/shared/audit.c
index f101050825..4701c0a8de 100644
--- a/src/shared/audit.c
+++ b/src/shared/audit.c
@@ -80,3 +80,21 @@ int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
         *uid = (uid_t) u;
         return 0;
 }
+
+bool use_audit(void) {
+        static int cached_use = -1;
+
+        if (cached_use < 0) {
+                int fd;
+
+                fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
+                if (fd < 0)
+                        cached_use = errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT;
+                else {
+                        cached_use = true;
+                        safe_close(fd);
+                }
+        }
+
+        return cached_use;
+}
diff --git a/src/shared/audit.h b/src/shared/audit.h
index 0effc0baa0..b4aecffb30 100644
--- a/src/shared/audit.h
+++ b/src/shared/audit.h
@@ -27,3 +27,5 @@
 
 int audit_session_from_pid(pid_t pid, uint32_t *id);
 int audit_loginuid_from_pid(pid_t pid, uid_t *uid);
+
+bool use_audit(void);