Function report |
Source Code:kernel\audit.c |
Create Date:2022-07-28 11:23:33 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| home page | Tree |
| Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
Proto:struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type)
Type:struct audit_buffer
Parameter:
| Type | Parameter | Name |
|---|---|---|
| struct audit_context * | ctx | |
| gfp_t | gfp_mask | |
| int | type |
| 1753 | If audit_initialized != AUDIT_INITIALIZED Then Return NULL |
| 1756 | If Value for the false possibility is greater at compile time(!audit_filter(type, Apply rule before record creation )) Then Return NULL |
| 1767 | stime = audit_backlog_wait_time |
| 1772 | wake_up_interruptible( & kauditd_wait) |
| 1776 | If gfpflags_allow_blocking(gfp_mask) && stime > 0 Then |
| 1777 | DECLARE_WAITQUEUE(wait, current process) |
| 1779 | add_wait_queue_exclusive( & waitqueue for callers who are blocked on the audit backlog , & wait) |
| 1784 | Else |
| 1785 | If audit_rate_check() && printk_ratelimit() Then pr_warn("audit_backlog=%d > audit_backlog_limit=%d\n", skb_queue_len - get queue length*@list_: list to measure* Return the length of an &sk_buff queue., Number of outstanding audit_buffers allowed.* When set to zero, this means unlimited. ) |
| 1790 | Return NULL |
| 1795 | ab = audit_buffer_alloc(ctx, gfp_mask, type) |
| 1796 | If Not ab Then |
| 1801 | audit_get_stamp(NULL or associated context , & t, & serial) |
| 1805 | Return ab |
| Name | Describe |
|---|---|
| audit_log_config_change | |
| audit_log_common_recv_msg | |
| audit_log_feature_change | |
| audit_log_path_denied | audit_log_path_denied - report a path restriction denial*@type: audit message type (AUDIT_ANOM_LINK, AUDIT_ANOM_CREAT, etc)*@operation: specific operation name |
| audit_log_set_loginuid | |
| audit_log | audit_log - Log an audit record*@ctx: audit context*@gfp_mask: type of allocation*@type: audit message type*@fmt: format string to use*@...: variable parameters matching the format string* This is a convenience function that calls audit_log_start, |
| audit_log_rule_change | Log rule additions and removals |
| audit_log_pid_context | |
| audit_log_execve_info | |
| show_special | |
| audit_log_name | audit_log_name - produce AUDIT_PATH record from struct audit_names*@context: audit_context for the task*@n: audit_names structure with reportable details*@path: optional path to report instead of audit_names->name*@record_num: record number to report when |
| audit_log_proctitle | |
| audit_log_exit | |
| audit_core_dumps | audit_core_dumps - record information about processes that end abnormally*@signr: signal value* If a process ends with a core dump, something fishy is going on and we* should record the event for investigation. |
| audit_seccomp | audit_seccomp - record information about a seccomp action*@syscall: syscall number*@signr: signal value*@code: the seccomp action* Record the information associated with a seccomp action. Event filtering for |
| audit_seccomp_actions_logged | |
| audit_watch_log_rule_change | |
| audit_mark_log_rule_change | |
| audit_tree_log_remove_rule | |
| selinux_setprocattr | |
| common_lsm_audit | mmon_lsm_audit - generic LSM auditing function*@a: auxiliary audit data*@pre_audit: lsm-specific pre-audit callback*@post_audit: lsm-specific post-audit callback* setup the audit buffer for common security information* uses callback to print LSM specific |
| integrity_audit_msg | |
| ima_audit_measurement |
| Source code conversion tool public plug-in interface | X |
|---|---|
| Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |