函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit.c Create Date:2022-07-27 12:26:36
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:写入审计信息

函数原型:void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)

返回类型:void

参数:

类型参数名称
struct audit_buffer *ab
const char *fmt
1888  如果非ab则返回
1890  va_start(args, fmt)
1891  Format an audit message into the audit buffer. If there isn't enough* room in the audit buffer, more room will be allocated and vsnprint* will be called a second time. Currently, we assume that a printk
1892  va_end(args)
调用者
名称描述
audit_log_config_change
audit_log_common_recv_msg
audit_log_feature_change
audit_receive_msg
audit_log_start申请审计缓冲区
audit_log_d_pathThis is a helper-function to print the escaped d_path
audit_log_session_info
audit_log_key
audit_log_task_context
audit_log_d_path_exe
audit_log_task_info
audit_log_path_deniedaudit_log_path_denied - report a path restriction denial*@type: audit message type (AUDIT_ANOM_LINK, AUDIT_ANOM_CREAT, etc)*@operation: specific operation name
audit_log_set_loginuid
audit_log_rule_changeLog rule additions and removals
audit_log_pid_context
audit_log_execve_info
audit_log_cap
audit_log_fcaps
show_special
audit_log_nameaudit_log_name - produce AUDIT_PATH record from struct audit_names*@context: audit_context for the task*@n: audit_names structure with reportable details*@path: optional path to report instead of audit_names->name*@record_num: record number to report when
audit_log_proctitle
audit_log_exit
audit_log_task
audit_core_dumpsaudit_core_dumps - record information about processes that end abnormally*@signr: signal value* If a process ends with a core dump, something fishy is going on and we* should record the event for investigation.
audit_seccompaudit_seccomp - record information about a seccomp action*@syscall: syscall number*@signr: signal value*@code: the seccomp action* Record the information associated with a seccomp action. Event filtering for
audit_seccomp_actions_logged
audit_watch_log_rule_change
audit_mark_log_rule_change
audit_tree_log_remove_rule
avc_audit_pre_callbackavc_audit_pre_callback - SELinux specific information* will be called by generic audit code*@ab: the audit buffer*@a: audit_data
avc_audit_post_callbackavc_audit_post_callback - SELinux specific information* will be called by generic audit code*@ab: the audit buffer*@a: audit_data
selinux_inode_setxattr
selinux_setprocattr
smack_log_callbacksmack_log_callback - SMACK specific information* will be called by generic audit code*@ab : the audit_buffer*@a : audit_data
print_ipv6_addr
print_ipv4_addr
dump_common_audit_datadump_common_audit_data - helper to dump common audit data*@a : common audit data
audit_preaudit_base - core AppArmor function.*@ab: audit buffer to fill (NOT NULL)*@ca: audit structure containing data to audit (NOT NULL)* Record common AppArmor audit data from @sa
audit_cbaudit_cb - call back for capability components of audit struct*@ab - audit buffer (NOT NULL)*@va - audit struct to audit data from (NOT NULL)
audit_ptrace_cball back to audit ptrace fields
audit_signal_cbaudit_cb - call back for signal specific audit fields*@ab: audit_buffer (NOT NULL)*@va: audit struct to audit values of (NOT NULL)
aa_audit_perm_names
aa_audit_perm_mask
aa_audit_perms_cbaa_audit_perms_cb - generic callback fn for auditing perms*@ab: audit buffer (NOT NULL)*@va: audit struct to audit values of (NOT NULL)
audit_cbaudit callback for net specific fields
audit_cbaudit callback for unpack fields
audit_cbaudit callback for resource specific fields
file_audit_cble_audit_cb - call back for file specific audit fields*@ab: audit_buffer (NOT NULL)*@va: audit struct to audit values of (NOT NULL)
audit_mnt_flags
audit_cbaudit_cb - call back for mount specific audit fields*@ab: audit_buffer (NOT NULL)*@va: audit struct to audit values of (NOT NULL)
audit_net_cbaudit callback for net specific fields
integrity_audit_msg
ima_audit_measurement
ima_log_string_op
ima_parse_rule