函数逻辑报告 |
Source Code:kernel\audit.c |
Create Date:2022-07-27 12:26:14 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
首页 | 函数Tree |
注解内核,赢得工具 | 下载SCCT | English |
函数名称:audit_receive_msg
函数原型:static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
返回类型:int
参数:
类型 | 参数 | 名称 |
---|---|---|
struct sk_buff * | skb | |
struct nlmsghdr * | nlh |
1178 | msg_type等于 Message content |
1180 | char * ctx = NULL |
1187 | seq等于 Sequence number |
1192 | 当:msg_type恒等于Get status |
1199 | pid of auditd process 等于auditd_pid_vnr - Return the auditd PID relative to the namespace* Description:* Returns the PID in relation to the namespace, 0 on failure. |
1201 | waiting messages limit 等于Number of outstanding audit_buffers allowed.* When set to zero, this means unlimited. |
1203 | messages waiting in queue 等于取队列长度 |
1207 | 退出 |
1213 | 内存复制( & s, data, min_t - return minimum of two values, using the specified type*@type: data type to use*@x: first value*@y: second value(size_t, s的长度, data_len)) |
1214 | 如果 Bit mask for valid entries 按位与Mask values 则 |
1219 | 如果 Bit mask for valid entries 按位与AUDIT_STATUS_FAILURE则 |
1220 | err等于audit_set_failure( Failure-to-log action ) |
1224 | 如果 Bit mask for valid entries 按位与AUDIT_STATUS_PID则 |
1231 | new_pid等于 pid of auditd process |
1241 | audit_replace(req_pid) |
1243 | auditd_pid等于auditd_pid_vnr - Return the auditd PID relative to the namespace* Description:* Returns the PID in relation to the namespace, 0 on failure. |
1244 | 如果auditd_pid则 |
1246 | 如果new_pid则 |
1247 | audit_log_config_change("audit_pid", new_pid, auditd_pid, 0) |
1249 | 返回:负EEXIST |
1252 | 如果pid_vnr(req_pid)不等于auditd_pid则 |
1253 | audit_log_config_change("audit_pid", new_pid, auditd_pid, 0) |
1255 | 返回:负EACCES |
1259 | 如果new_pid则 |
1264 | 如果audit_enabled不等于AUDIT_OFF则audit_log_config_change("audit_pid", new_pid, auditd_pid, err ? 0 : 1) |
1273 | wake_up_interruptible( & kauditd_wait) |
1274 | 否则 |
1275 | 如果audit_enabled不等于AUDIT_OFF则audit_log_config_change("audit_pid", new_pid, auditd_pid, 1) |
1284 | 如果 Bit mask for valid entries 按位与AUDIT_STATUS_RATE_LIMIT则 |
1289 | 如果 Bit mask for valid entries 按位与AUDIT_STATUS_BACKLOG_LIMIT则 |
1295 | 如果s的长度大于 Length of message including header 则返回:负EINVAL |
1297 | 如果 message queue wait timeout 大于10乘AUDIT_BACKLOG_WAIT_TIME则返回:负EINVAL |
1303 | 如果 Bit mask for valid entries 恒等于AUDIT_STATUS_LOST则 |
1306 | audit_log_config_change("lost", 0, lost, 1) |
1307 | 返回:lost |
1309 | 退出 |
1325 | 当:msg_type == More user space messages ...AUDIT_LAST_USER_MSG2 |
1326 | 如果非audit_enabled且msg_type不等于We filter this differently 则返回:0 |
1330 | 如果err恒等于1则 |
1333 | err等于0 |
1334 | 如果msg_type恒等于Non-ICANON TTY input meaning 则 |
1335 | err等于tty_audit_push() |
1339 | audit_log_user_recv_msg( & ab, msg_type) |
1340 | 如果msg_type不等于Non-ICANON TTY input meaning 则 |
1346 | 否则 |
1347 | 写入审计信息 |
1352 | 发送审计信息,并释放缓冲区 |
1354 | 退出 |
1355 | 当:msg_type恒等于Add syscall filtering rule |
1357 | 如果data_len小于sizeof(structaudit_rule_data)则返回:负EINVAL |
1359 | 如果audit_enabled恒等于AUDIT_LOCKED则 |
1370 | 退出 |
1372 | err等于audit_list_rules_send - list the audit rules*@request_skb: skb of request we are replying to (used to target the reply)*@seq: netlink audit message sequence (serial) number |
1373 | 退出 |
1374 | 当:msg_type恒等于Trim junk from watched tree |
1381 | 当:msg_type恒等于Append to watched tree |
1393 | old等于audit_unpack_string( & bufp, & msglen, sizes[0]) |
1394 | 如果是错误则 |
1398 | new等于audit_unpack_string( & bufp, & msglen, sizes[1]) |
1399 | 如果是错误则 |
1405 | err等于audit_tag_tree(old, new) |
1409 | 写入审计信息 |
1411 | 写入审计信息 |
1413 | 写入审计信息 |
1414 | 发送审计信息,并释放缓冲区 |
1417 | 退出 |
1420 | len等于0 |
1421 | 如果audit_sig_sid则 |
1422 | err等于security_secid_to_secctx(audit_sig_sid, & ctx, & len) |
1427 | 如果非sig_data则 |
1428 | 如果audit_sig_sid则security_release_secctx(ctx, len) |
1430 | 返回:负ENOMEM |
1433 | pid等于audit_sig_pid |
1434 | 如果audit_sig_sid则 |
1441 | 退出 |
1442 | 当:msg_type恒等于Get TTY auditing status |
1448 | 1 = enabled, 0 = disabled 等于非非t按位与AUDIT_TTY_LOG_PASSWD的值 |
1451 | 退出 |
1453 | 当:msg_type恒等于Set TTY auditing status |
1460 | 内存复制( & s, data, min_t - return minimum of two values, using the specified type*@type: data type to use*@x: first value*@y: second value(size_t, s的长度, data_len)) |
1462 | 如果 1 = enabled, 0 = disabled 不等于0且 1 = enabled, 0 = disabled 不等于1或 1 = enabled, 0 = disabled 不等于0且 1 = enabled, 0 = disabled 不等于1则err等于负EINVAL |
1468 | 否则 |
1469 | t等于 1 = enabled, 0 = disabled 按位或负 1 = enabled, 0 = disabled 按位与AUDIT_TTY_LOG_PASSWD |
1473 | 1 = enabled, 0 = disabled 等于非非t按位与AUDIT_TTY_LOG_PASSWD的值 |
1477 | 写入审计信息 |
1481 | 发送审计信息,并释放缓冲区 |
1482 | 退出 |
1484 | 默认 |
名称 | 描述 |
---|---|
audit_receive | audit_receive - receive messages from a netlink control socket*@skb: the message buffer* Parse the provided skb and deal with any messages that may be present,* malformed skbs are discarded. |
源代码转换工具 开放的插件接口 | X |
---|---|
支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |