Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditsc.c Create Date:2022-07-28 11:27:43
Last Modify:2020-03-17 16:31:21 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:audit_log_exit

Proto:static void audit_log_exit(void)

Type:void

Parameter:Nothing

1446  call_panic = 0
1447  context = audit_context()
1452  personality = personality
1454  ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
1455  If Not ab Then Return
1457  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
1459  If personality != PER_LINUX Then audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
1461  If urn code is valid Then audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
1466  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
1474  audit_log_task_info(ab)
1475  audit_log_key(ab, key for rule that triggered record )
1476  audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
1478  When aux cycle
1480  ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
1481  If Not ab Then Continue
1486  Case type == Information about fcaps increasing perms
1487  axs = aux
1488  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
1489  audit_log_cap(ab, "fp", & permitted)
1490  audit_log_cap(ab, "fi", & inheritable)
1491  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
1492  audit_log_cap(ab, "old_pp", & permitted)
1493  audit_log_cap(ab, "old_pi", & inheritable)
1494  audit_log_cap(ab, "old_pe", & effective set of process )
1495  audit_log_cap(ab, "old_pa", & ambient)
1496  audit_log_cap(ab, "pp", & permitted)
1497  audit_log_cap(ab, "pi", & inheritable)
1498  audit_log_cap(ab, "pe", & effective set of process )
1499  audit_log_cap(ab, "pa", & ambient)
1500  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
1503  Break
1506  audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
1509  If type Then show_special(context, & call_panic)
1512  If fds[0] >= 0 Then
1513  ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
1514  If ab Then
1515  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
1517  audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
1521  If sockaddr_len Then
1522  ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
1523  If ab Then
1524  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
1525  audit_log_n_hex - convert a buffer to hex and append it to the audit skb*@ab: the audit_buffer*@buf: buffer to convert to hex*@len: length of @buf to be converted* No return value; failure to expand is silently ignored
1527  audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
1531  When aux cycle
1532  axs = aux
1534  When i < pid_count cycle If audit_log_pid_context(context, target_pid[i], target_auid[i], target_uid[i], target_sessionid[i], target_sid[i], target_comm[i]) Then
1541  call_panic = 1
1544  If target_pid && audit_log_pid_context(context, target_pid, target_auid, target_uid, target_sessionid, target_sid, target_comm) Then call_panic = 1
1551  If dentry && mnt Then
1552  ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
1553  If ab Then
1554  This is a helper-function to print the escaped d_path
1555  audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
1559  i = 0
1561  If don't log this record Then Continue
1563  audit_log_name - produce AUDIT_PATH record from struct audit_names*@context: audit_context for the task*@n: audit_names structure with reportable details*@path: optional path to report instead of audit_names->name*@record_num: record number to report when
1566  audit_log_proctitle()
1569  ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
1570  If ab Then audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
1572  If call_panic Then audit_panic("error converting sid to string")
Caller
NameDescribe
__audit_free__audit_free - free a per-task audit context*@tsk: task whose audit context block to free* Called from copy_process and do_exit
__audit_syscall_exit__audit_syscall_exit - deallocate audit context after a system call*@success: success value of the syscall*@return_code: return value of the syscall* Tear down after system call