__audit_syscall_entry

函数名称：__audit_syscall_entry - fill in an audit record at syscall entry*@major: major syscall type (function)*@a1: additional syscall register 1*@a2: additional syscall register 2*@a3: additional syscall register 3*@a4: additional syscall register 4

函数原型：void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, unsigned long a3, unsigned long a4)

返回类型：void

参数：

类型	参数	名称
int	major
unsigned long	a1
unsigned long	a2
unsigned long	a3
unsigned long	a4

1631

context等于audit_context()

1634

如果非audit_enabled或非context则返回

1637

BUG_ON(是系统调用 || 文件数)

1639

state等于状态

1640

如果state恒等于不审计则返回

1643

调用号等于非umber of audit rules

1644

如果非调用号且state恒等于创建时审计则

1645

prio等于0

1646

如果auditd_test_task - Check to see if a given task is an audit daemon*@task: the task to check* Description:* Return 1 if the task is a registered audit daemon, 0 otherwise.则返回

1650

arch等于syscall_get_arch(当前进程)

1651

系统调用进程等于major

1652

调用参数[0]等于a1

1653

调用参数[1]等于a2

1654

调用参数[2]等于a3

1655

调用参数[3]等于a4

1656

序号等于0

1657

是系统调用等于1

1658

当前状态等于state

1659

Save things to print about task_struct 等于0

1660

ktime_get_coarse_real_ts64( & 系统调用时间)

源代码转换工具开放的插件接口	X
支持：c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现：逻辑报告代码生成和批量转换代码