函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit.c Create Date:2022-07-27 12:26:32
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:申请审计缓冲区

函数原型:struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type)

返回类型:struct audit_buffer

参数:

类型参数名称
struct audit_context *ctx
gfp_tgfp_mask
inttype
1751  serial等于serial
1753  如果audit_initialized不等于AUDIT_INITIALIZED则返回:NULL
1756  如果此条件成立可能性小(为编译器优化)(!audit_filter(type, Apply rule before record creation ))则返回:NULL
1766  如果非auditd_test_task - Check to see if a given task is an audit daemon*@task: the task to check* Description:* Return 1 if the task is a registered audit daemon, 0 otherwise.audit_ctl_owner_current - Test to see if the current task owns the lock* Description:* Return true if the current task owns the audit control lock, false if it* doesn't own the lock.的值则
1767  stime等于audit_backlog_wait_time
1769 Number of outstanding audit_buffers allowed.* When set to zero, this means unlimited. 取队列长度大于Number of outstanding audit_buffers allowed.* When set to zero, this means unlimited. 循环
1772  wake_up_interruptible( & kauditd_wait)
1776  如果gfpflags_allow_blocking(gfp_mask)且stime大于0则
1784  否则
1795  ab等于audit_buffer_alloc(ctx, gfp_mask, type)
1796  如果非ab
1797  audit_log_lost - conditionally log lost audit message event*@message: the message stating reason for lost audit message* Emit at least 1 message per second, even if audit_rate_check is* throttling.* Always increment the lost messages counter.
1798  返回:NULL
1801  audit_get_stamp(NULL or associated context , & t, & serial)
1802  写入审计信息
1805  返回:ab
调用者
名称描述
audit_log_config_change
audit_log_common_recv_msg
audit_log_feature_change
audit_log_path_deniedaudit_log_path_denied - report a path restriction denial*@type: audit message type (AUDIT_ANOM_LINK, AUDIT_ANOM_CREAT, etc)*@operation: specific operation name
audit_log_set_loginuid
audit_logaudit_log - Log an audit record*@ctx: audit context*@gfp_mask: type of allocation*@type: audit message type*@fmt: format string to use*@...: variable parameters matching the format string* This is a convenience function that calls audit_log_start,
audit_log_rule_changeLog rule additions and removals
audit_log_pid_context
audit_log_execve_info
show_special
audit_log_nameaudit_log_name - produce AUDIT_PATH record from struct audit_names*@context: audit_context for the task*@n: audit_names structure with reportable details*@path: optional path to report instead of audit_names->name*@record_num: record number to report when
audit_log_proctitle
audit_log_exit
audit_core_dumpsaudit_core_dumps - record information about processes that end abnormally*@signr: signal value* If a process ends with a core dump, something fishy is going on and we* should record the event for investigation.
audit_seccompaudit_seccomp - record information about a seccomp action*@syscall: syscall number*@signr: signal value*@code: the seccomp action* Record the information associated with a seccomp action. Event filtering for
audit_seccomp_actions_logged
audit_watch_log_rule_change
audit_mark_log_rule_change
audit_tree_log_remove_rule
selinux_setprocattr
common_lsm_auditmmon_lsm_audit - generic LSM auditing function*@a: auxiliary audit data*@pre_audit: lsm-specific pre-audit callback*@post_audit: lsm-specific post-audit callback* setup the audit buffer for common security information* uses callback to print LSM specific
integrity_audit_msg
ima_audit_measurement
selinux_inode_setxattr
integrity_audit_log_start