函数逻辑报告 |
Source Code:kernel\audit.c |
Create Date:2022-07-27 12:26:32 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
首页 | 函数Tree |
注解内核,赢得工具 | 下载SCCT | English |
函数名称:申请审计缓冲区
函数原型:struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type)
返回类型:struct audit_buffer
参数:
类型 | 参数 | 名称 |
---|---|---|
struct audit_context * | ctx | |
gfp_t | gfp_mask | |
int | type |
1753 | 如果audit_initialized不等于AUDIT_INITIALIZED则返回:NULL |
1756 | 如果此条件成立可能性小(为编译器优化)(!audit_filter(type, Apply rule before record creation ))则返回:NULL |
1767 | stime等于audit_backlog_wait_time |
1772 | wake_up_interruptible( & kauditd_wait) |
1776 | 如果gfpflags_allow_blocking(gfp_mask)且stime大于0则 |
1777 | DECLARE_WAITQUEUE(wait, 当前进程) |
1779 | add_wait_queue_exclusive( & waitqueue for callers who are blocked on the audit backlog , & wait) |
1781 | set_current_state(深度睡眠态) |
1784 | 否则 |
1785 | 如果audit_rate_check()且printk_ratelimit()则打印警告信息("audit_backlog=%d > audit_backlog_limit=%d\n", 取队列长度, Number of outstanding audit_buffers allowed.* When set to zero, this means unlimited. ) |
1790 | 返回:NULL |
1795 | ab等于audit_buffer_alloc(ctx, gfp_mask, type) |
1796 | 如果非ab则 |
1801 | audit_get_stamp(NULL or associated context , & t, & serial) |
1802 | 写入审计信息 |
1805 | 返回:ab |
名称 | 描述 |
---|---|
audit_log_config_change | |
audit_log_common_recv_msg | |
audit_log_feature_change | |
audit_log_path_denied | audit_log_path_denied - report a path restriction denial*@type: audit message type (AUDIT_ANOM_LINK, AUDIT_ANOM_CREAT, etc)*@operation: specific operation name |
audit_log_set_loginuid | |
audit_log | audit_log - Log an audit record*@ctx: audit context*@gfp_mask: type of allocation*@type: audit message type*@fmt: format string to use*@...: variable parameters matching the format string* This is a convenience function that calls audit_log_start, |
audit_log_rule_change | Log rule additions and removals |
audit_log_pid_context | |
audit_log_execve_info | |
show_special | |
audit_log_name | audit_log_name - produce AUDIT_PATH record from struct audit_names*@context: audit_context for the task*@n: audit_names structure with reportable details*@path: optional path to report instead of audit_names->name*@record_num: record number to report when |
audit_log_proctitle | |
audit_log_exit | |
audit_core_dumps | audit_core_dumps - record information about processes that end abnormally*@signr: signal value* If a process ends with a core dump, something fishy is going on and we* should record the event for investigation. |
audit_seccomp | audit_seccomp - record information about a seccomp action*@syscall: syscall number*@signr: signal value*@code: the seccomp action* Record the information associated with a seccomp action. Event filtering for |
audit_seccomp_actions_logged | |
audit_watch_log_rule_change | |
audit_mark_log_rule_change | |
audit_tree_log_remove_rule | |
selinux_setprocattr | |
common_lsm_audit | mmon_lsm_audit - generic LSM auditing function*@a: auxiliary audit data*@pre_audit: lsm-specific pre-audit callback*@post_audit: lsm-specific post-audit callback* setup the audit buffer for common security information* uses callback to print LSM specific |
integrity_audit_msg | |
ima_audit_measurement | |
selinux_inode_setxattr | |
integrity_audit_log_start |
源代码转换工具 开放的插件接口 | X |
---|---|
支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |