函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditsc.c Create Date:2022-07-27 12:31:00
Last Modify:2020-03-17 16:31:21 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:audit_log_exit

函数原型:static void audit_log_exit(void)

返回类型:void

参数:

1446  call_panic等于0
1447  context等于audit_context()
1452  personality等于personality
1454  ab等于申请审计缓冲区
1455  如果非ab则返回
1457  写入审计信息
1459  如果personality不等于PER_LINUX写入审计信息
1461  如果返回值写入审计信息
1466  写入审计信息
1474  audit_log_task_info(ab)
1475  audit_log_key(ab, 过滤规则)
1476  发送审计信息,并释放缓冲区
1478 aux循环
1480  ab等于申请审计缓冲区
1481  如果非ab则继续下一循环
1486  :type恒等于Information about fcaps increasing perms
1487  axs等于aux
1488  写入审计信息
1489  audit_log_cap(ab, "fp", & permitted)
1490  audit_log_cap(ab, "fi", & inheritable)
1491  写入审计信息
1492  audit_log_cap(ab, "old_pp", & permitted)
1493  audit_log_cap(ab, "old_pi", & inheritable)
1494  audit_log_cap(ab, "old_pe", & effective set of process )
1495  audit_log_cap(ab, "old_pa", & ambient)
1496  audit_log_cap(ab, "pp", & permitted)
1497  audit_log_cap(ab, "pi", & inheritable)
1498  audit_log_cap(ab, "pe", & effective set of process )
1499  audit_log_cap(ab, "pa", & ambient)
1500  写入审计信息
1503  退出
1506  发送审计信息,并释放缓冲区
1509  如果typeshow_special(context, & call_panic)
1512  如果fds[0]大于等于0则
1513  ab等于申请审计缓冲区
1514  如果ab
1515  写入审计信息
1517  发送审计信息,并释放缓冲区
1521  如果sockaddr_len
1522  ab等于申请审计缓冲区
1523  如果ab
1524  写入审计信息
1525  audit_log_n_hex - convert a buffer to hex and append it to the audit skb*@ab: the audit_buffer*@buf: buffer to convert to hex*@len: length of @buf to be converted* No return value; failure to expand is silently ignored
1527  发送审计信息,并释放缓冲区
1531 aux循环
1532  axs等于aux
1534 i小于pid_count循环如果audit_log_pid_context(context, target_pid[i], target_auid[i], target_uid[i], target_sessionid[i], target_sid[i], target_comm[i])则
1541  call_panic等于1
1544  如果target_pidaudit_log_pid_context(context, target_pid, target_auid, target_uid, target_sessionid, target_sid, target_comm)则call_panic等于1
1551  如果dentrymnt
1552  ab等于申请审计缓冲区
1553  如果ab
1554  This is a helper-function to print the escaped d_path
1555  发送审计信息,并释放缓冲区
1559  i等于0
1561  如果don't log this record 则继续下一循环
1563  audit_log_name - produce AUDIT_PATH record from struct audit_names*@context: audit_context for the task*@n: audit_names structure with reportable details*@path: optional path to report instead of audit_names->name*@record_num: record number to report when
1566  audit_log_proctitle()
1569  ab等于申请审计缓冲区
1570  如果ab发送审计信息,并释放缓冲区
1572  如果call_panicaudit_panic("error converting sid to string")
调用者
名称描述
__audit_free__audit_free - free a per-task audit context*@tsk: task whose audit context block to free* Called from copy_process and do_exit
__audit_syscall_exit__audit_syscall_exit - deallocate audit context after a system call*@success: success value of the syscall*@return_code: return value of the syscall* Tear down after system call