audit_log_execve_info

函数名称：audit_log_execve_info

函数原型：static void audit_log_execve_info(struct audit_context *context, struct audit_buffer **ab)

返回类型：void

参数：

类型	参数	名称
struct audit_context *	context
struct audit_buffer **	ab

994

len_abuf等于0

1002

__user乘p等于arg_start

1013

WARN_ON_ONCE( execve audit message should be longer than this (userspace limits),* see the note near the top of audit_log_execve_info() about this value > 7500)

1014

len_max等于 execve audit message should be longer than this (userspace limits),* see the note near the top of audit_log_execve_info() about this value

1017

buf_head等于开辟内存

1018

如果非buf_head则

1019

audit_panic("out of memory for argv string")

1020

返回

1022

buf等于buf_head

1024

写入审计信息

1026

len_rem等于len_max

1027

len_buf等于0

1028

len_full等于0

1029

require_data = true

1030

encode = false

1031

iter等于0

1032

arg等于0

1033

1041

如果len_full恒等于0则len_full等于用户字符串长度减1

1045

如果require_data则

1047

如果buf不等于buf_head则

1048

memmove(buf_head, buf, len_buf)

1049

buf等于buf_head

1053

len_tmp等于复制用户字符串

1055

如果len_tmp恒等于负EFAULT则

1057

send_sig(SIGKILL, 当前进程, 0)

1058

转到:out

1059

否则如果len_tmp恒等于len_max减len_buf则

1061

require_data = true

1066

encode = true

1067

len_full等于len_full乘2

1068

p加等于len_tmp

1069

否则

1070

require_data = false

1071

如果非encode则encode等于audit_string_contains_control - does a string need to be logged in hex*@string: string to be checked*@len: max length of the string to check

1075

如果len_full小于len_max则len_full等于如果encode则len_tmp乘2否则len_tmp

1078

p加等于len_tmp加1

1080

len_buf加等于len_tmp

1081

buf_head[len_buf]等于'\0'

1084

len_abuf等于如果encode则len_buf乘2否则len_buf加2

1088

如果len_buf大于等于0则

1093

如果abuf的长度加8大于len_rem则

1094

len_rem等于len_max

1095

发送审计信息，并释放缓冲区

1096

ab等于申请审计缓冲区

1098

如果非ab则转到:out

1103

len_tmp等于0

1104

如果require_data或iter大于0或len_abuf加abuf的长度大于len_rem则

1106

如果iter恒等于0则

1107

len_tmp加等于snprintf - Format a string and place it in a buffer*@buf: The buffer to place the result into*@size: The size of the buffer, including the trailing null space*@fmt: The format string to use*@

1112

len_tmp加等于snprintf - Format a string and place it in a buffer*@buf: The buffer to place the result into*@size: The size of the buffer, including the trailing null space*@fmt: The format string to use*@

1115

否则len_tmp加等于snprintf - Format a string and place it in a buffer*@buf: The buffer to place the result into*@size: The size of the buffer, including the trailing null space*@fmt: The format string to use*@

1119

WARN_ON(len_tmp >= abuf的长度)

1120

abuf[abuf的长度 - 1]等于'\0'

1123

写入审计信息

1124

len_rem减等于len_tmp

1125

len_tmp等于len_buf

1126

如果encode则

1127

如果len_abuf大于len_rem则len_tmp等于len_rem除2

1129

audit_log_n_hex - convert a buffer to hex and append it to the audit skb*@ab: the audit_buffer*@buf: buffer to convert to hex*@len: length of @buf to be converted* No return value; failure to expand is silently ignored

1130

len_rem减等于len_tmp乘2

1131

len_abuf减等于len_tmp乘2

1132

否则

1133

如果len_abuf大于len_rem则len_tmp等于len_rem减2

1135

Format a string of no more than slen characters into the audit buffer,* enclosed in quote marks.

1136

len_rem减等于len_tmp加2

1139

len_abuf减等于len_tmp

1141

len_buf减等于len_tmp

1142

buf加等于len_tmp

1146

如果len_buf恒等于0且非require_data则

1147

arg自加

1148

iter等于0

1149

len_full等于0

1150

require_data = true

1151

encode = false

1153

当arg小于argc 循环

1157

out :

1158

kfree(buf_head)

**调用者**
名称	描述
show_special

源代码转换工具开放的插件接口	X
支持：c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现：逻辑报告代码生成和批量转换代码