Function report |
Source Code:kernel\auditfilter.c |
Create Date:2022-07-28 11:24:41 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| home page | Tree |
| Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:heck if an audit field is valid
Proto:static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)
Type:int
Parameter:
| Type | Parameter | Name |
|---|---|---|
| struct audit_entry * | entry | |
| struct audit_field * | f |
| 326 | Case type == AUDIT_MSGTYPE |
| 327 | If listnr != Apply rule before record creation && listnr != Apply rule to user-generated messages Then Return -EINVAL |
| 330 | Break |
| 331 | Case type == FileSystem Type |
| 332 | If listnr != Apply rule at __audit_inode_child Then Return -EINVAL |
| 334 | Break |
| 338 | Case listnr == Apply rule at __audit_inode_child |
| 340 | Case type == FileSystem Type |
| 341 | Case type == AUDIT_FILTERKEY |
| 342 | Break |
| 343 | Default |
| 344 | Return -EINVAL |
| 350 | Case type == AUDIT_ARG0 |
| 351 | Case type == AUDIT_ARG1 |
| 352 | Case type == AUDIT_ARG2 |
| 353 | Case type == AUDIT_ARG3 |
| 354 | Case type == AUDIT_PERS |
| 355 | Case type == AUDIT_DEVMINOR |
| 357 | Break |
| 359 | Case type == AUDIT_EUID |
| 360 | Case type == AUDIT_SUID |
| 361 | Case type == AUDIT_FSUID |
| 362 | Case type == AUDIT_LOGINUID |
| 363 | Case type == AUDIT_OBJ_UID |
| 365 | Case type == AUDIT_EGID |
| 366 | Case type == AUDIT_SGID |
| 367 | Case type == AUDIT_FSGID |
| 368 | Case type == AUDIT_OBJ_GID |
| 369 | Case type == These are useful when checking the* task structure at task creation time* (AUDIT_PER_TASK). |
| 370 | Case type == AUDIT_MSGTYPE |
| 371 | Case type == AUDIT_PPID |
| 373 | Case type == AUDIT_EXIT |
| 374 | Case type == xit >= 0; value ignored |
| 375 | Case type == AUDIT_INODE |
| 376 | Case type == Session ID |
| 377 | Case type == security label sensitivity label |
| 378 | Case type == security label clearance label |
| 379 | Case type == AUDIT_OBJ_LEV_LOW |
| 380 | Case type == AUDIT_OBJ_LEV_HIGH |
| 381 | Case type == AUDIT_SADDR_FAM |
| 383 | If op == Audit_bitmask || op == Audit_bittest Then Return -EINVAL |
| 385 | Break |
| 386 | Case type == security label user |
| 387 | Case type == security label role |
| 388 | Case type == security label type |
| 389 | Case type == AUDIT_OBJ_USER |
| 390 | Case type == AUDIT_OBJ_ROLE |
| 391 | Case type == AUDIT_OBJ_TYPE |
| 392 | Case type == AUDIT_WATCH |
| 394 | Case type == AUDIT_FILTERKEY |
| 395 | Case type == AUDIT_LOGINUID_SET |
| 396 | Case type == AUDIT_ARCH |
| 397 | Case type == FileSystem Type |
| 398 | Case type == AUDIT_PERM |
| 399 | Case type == AUDIT_FILETYPE |
| 400 | Case type == AUDIT_FIELD_COMPARE |
| 403 | If op != Audit_not_equal && op != Audit_equal Then Return -EINVAL |
| 405 | Break |
| 406 | Default |
| 408 | Return -EINVAL |
| 413 | Case type == AUDIT_LOGINUID_SET |
| 417 | Case type == AUDIT_PERM |
| 421 | Case type == AUDIT_FILETYPE |
| 425 | Case type == AUDIT_FIELD_COMPARE |
| 426 | If val > AUDIT_MAX_FIELD_COMPARE Then Return -EINVAL |
| 428 | Break |
| 429 | Case type == AUDIT_SADDR_FAM |
| 433 | Default |
| 434 | Break |
| 437 | Return 0 |
| Name | Describe |
|---|---|
| audit_data_to_entry | Translate struct audit_rule_data to kernel's rule representation. |
| Source code conversion tool public plug-in interface | X |
|---|---|
| Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |