函数逻辑报告 |
Source Code:kernel\auditsc.c |
Create Date:2022-07-27 12:31:00 |
Last Modify:2020-03-17 16:31:21 | Copyright©Brick |
首页 | 函数Tree |
注解内核,赢得工具 | 下载SCCT | English |
函数名称:audit_log_exit
函数原型:static void audit_log_exit(void)
返回类型:void
参数:无
1446 | call_panic等于0 |
1447 | context等于audit_context() |
1452 | personality等于personality |
1455 | 如果非ab则返回 |
1457 | 写入审计信息 |
1459 | 如果personality不等于PER_LINUX则写入审计信息 |
1466 | 写入审计信息 |
1474 | audit_log_task_info(ab) |
1475 | audit_log_key(ab, 过滤规则) |
1476 | 发送审计信息,并释放缓冲区 |
1481 | 如果非ab则继续下一循环 |
1488 | 写入审计信息 |
1489 | audit_log_cap(ab, "fp", & permitted) |
1490 | audit_log_cap(ab, "fi", & inheritable) |
1491 | 写入审计信息 |
1492 | audit_log_cap(ab, "old_pp", & permitted) |
1493 | audit_log_cap(ab, "old_pi", & inheritable) |
1494 | audit_log_cap(ab, "old_pe", & effective set of process ) |
1495 | audit_log_cap(ab, "old_pa", & ambient) |
1496 | audit_log_cap(ab, "pp", & permitted) |
1497 | audit_log_cap(ab, "pi", & inheritable) |
1498 | audit_log_cap(ab, "pe", & effective set of process ) |
1499 | audit_log_cap(ab, "pa", & ambient) |
1500 | 写入审计信息 |
1503 | 退出 |
1506 | 发送审计信息,并释放缓冲区 |
1509 | 如果type则show_special(context, & call_panic) |
1512 | 如果fds[0]大于等于0则 |
1521 | 如果sockaddr_len则 |
1523 | 如果ab则 |
1534 | 以i小于pid_count循环如果audit_log_pid_context(context, target_pid[i], target_auid[i], target_uid[i], target_sessionid[i], target_sid[i], target_comm[i])则 |
1541 | call_panic等于1 |
1544 | 如果target_pid且audit_log_pid_context(context, target_pid, target_auid, target_uid, target_sessionid, target_sid, target_comm)则call_panic等于1 |
1553 | 如果ab则 |
1559 | i等于0 |
1561 | 如果don't log this record 则继续下一循环 |
1566 | audit_log_proctitle() |
1570 | 如果ab则发送审计信息,并释放缓冲区 |
1572 | 如果call_panic则audit_panic("error converting sid to string") |
名称 | 描述 |
---|---|
__audit_free | __audit_free - free a per-task audit context*@tsk: task whose audit context block to free* Called from copy_process and do_exit |
__audit_syscall_exit | __audit_syscall_exit - deallocate audit context after a system call*@success: success value of the syscall*@return_code: return value of the syscall* Tear down after system call |
源代码转换工具 开放的插件接口 | X |
---|---|
支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |