Function report |
Source Code:kernel\auditfilter.c |
Create Date:2022-07-28 11:25:37 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
home page | Tree |
Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:audit_filter
Proto:int audit_filter(int msgtype, unsigned int listtype)
Type:int
Parameter:
Type | Parameter | Name |
---|---|---|
int | msgtype | |
unsigned int | listtype |
1325 | ret = 1 |
1329 | result = 0 |
1331 | When i < field_count cycle |
1342 | result = audit_uid_comparator(current_uid(), op, uid) |
1343 | Break |
1345 | result = audit_gid_comparator(current_gid(), op, gid) |
1346 | Break |
1347 | Case type == AUDIT_LOGINUID |
1348 | result = audit_uid_comparator(audit_get_loginuid(current process), op, uid) |
1350 | Break |
1351 | Case type == AUDIT_LOGINUID_SET |
1352 | result = audit_comparator(audit_loginuid_set(current process), op, val) |
1354 | Break |
1355 | Case type == AUDIT_MSGTYPE |
1356 | result = audit_comparator(msgtype, op, val) |
1357 | Break |
1358 | Case type == security label user |
1359 | Case type == security label role |
1360 | Case type == security label type |
1361 | Case type == security label sensitivity label |
1362 | Case type == security label clearance label |
1370 | result = audit_exe_compare(current process, exe) |
1371 | If op == Audit_not_equal Then result = Not result |
1373 | Break |
1374 | Default |
1375 | Go to unlock_and_return |
1377 | If result < 0 Then Go to unlock_and_return |
1379 | If Not result Then Break |
1382 | If result > 0 Then |
1383 | If action == Do not build context if rule matches || listtype == Apply rule before record creation Then ret = 0 |
1385 | Break |
1388 | unlock_and_return : |
1390 | Return ret |
Name | Describe |
---|---|
audit_log_start | audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error |
Source code conversion tool public plug-in interface | X |
---|---|
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |